egutierrez
87dbc421cd
Declares the project's target rollout: bus-auth enforce, bus-tls enabled. Flags are declarative; the operator activates them at deploy via membershipd --bus-auth/--tls-cert/--tls-key. CLI defaults stay off so dev and tests run unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
20 lines
751 B
JSON
20 lines
751 B
JSON
{
|
|
"flags": {
|
|
"bus-auth": {
|
|
"enabled": true,
|
|
"state": "enforce",
|
|
"issue": "0001",
|
|
"description": "Signed control-plane auth + NATS nkey auth. Rollout: off -> soft (verify+log, allow) -> enforce (reject). 'enabled' mirrors state!=off. Server opts in via membershipd --bus-auth; clients via client.Connect(caPath).",
|
|
"added": "2026-06-07",
|
|
"enabled_at": "2026-06-07"
|
|
},
|
|
"bus-tls": {
|
|
"enabled": true,
|
|
"issue": "0001",
|
|
"description": "TLS on the NATS data plane using the project's self-signed CA (deploy/tls/). Server opts in via membershipd --tls-cert/--tls-key; clients pin ca.crt via client.Connect(caPath).",
|
|
"added": "2026-06-07",
|
|
"enabled_at": "2026-06-07"
|
|
}
|
|
}
|
|
}
|