1.7 KiB
1.7 KiB
Docs Guild Update — 2025-10-28
Console security posture draft
- Published
docs/security/console-security.mdcovering console OIDC/DPoP flow, scope map, fresh-auth sequence, CSP defaults, evidence handling, and monitoring checklist. - Authority owners (
AUTH-CONSOLE-23-003) to verify/fresh-authtoken semantics (120 s OpTok, 300 s fresh-auth window) and confirm scope bundles before closing the sprint task. - Security Guild requested to execute the compliance checklist in §9 and record sign-off in SPRINT 23 log once alerts/dashboards are wired (metrics references:
ui_request_duration_seconds,ui_dpop_failure_total, Grafana boardconsole-security.json).
Console CLI parity matrix
- Added
/docs/cli-vs-ui-parity.mdwith feature-level status tracking (✅/🟡/🟩). Pending commands reference CLI backlog (CLI-EXPORT-35-001,CLI-POLICY-23-005,CONSOLE-DOC-23-502). - DevEx/CLI Guild to wire parity CI workflow when CLI downloads commands ship; Downloads workspace already links to the forthcoming parity report slot.
Accessibility refresh
- Published
/docs/accessibility.mddescribing keyboard flows, screen-reader behaviour, colour tokens, testing rig (Storybook axe, Playwright a11y), and offline guidance. - Accessibility Guild (CONSOLE-QA-23-402) to log the next Playwright a11y sweep results against the new checklist; design tokens follow-up tracked via CONSOLE-FEAT-23-102.
Artifacts:
- Doc:
/docs/security/console-security.md - Doc:
/docs/cli-vs-ui-parity.md - Doc:
/docs/accessibility.md - Sprint tracker:
../implplan/SPRINTS.md(DOCS-CONSOLE-23-012 now DONE)
cc: @authority-core, @security-guild, @docs-guild