Sync wiki from project files

2026-07-08 14:17:23 +02:00
parent ee8613b534
commit 601be84a59

@@ -1,4 +1,4 @@
<!-- codex-wiki-sync:4ca91654d9f8b3b351393bd8 -->
<!-- codex-wiki-sync:481fe8055b18243ca72a351b -->
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/GOVERNMENT_OPERATIONS_VISION.md`.
> Origin: `repository`.
@@ -141,6 +141,25 @@ explanations, two-person approval for destructive changes, versioned
configuration history, rollback paths, audit events, and maintenance-mode
guards.
The initial safety metadata contract lives in
`govoplan_core.core.configuration_safety`. It classifies known configuration
fields as UI-managed or deployment-managed, assigns risk levels, marks secret
handling as reference-only or env-only, and declares dry-run, policy
explanation, audit, approval, rollback-history, maintenance-mode, and RBAC
requirements. Admin UI editors should consume this metadata before exposing
powerful settings.
The initial executable guardrail path is `plan_configuration_change(...)`,
exposed through:
- `GET /api/v1/admin/configuration-safety`
- `POST /api/v1/admin/configuration-safety/plan`
The planner reports missing scopes, dry-run requirements, maintenance-mode
requirements, two-person approval status, secret-reference violations,
rollback-history requirements, policy explanations, and audit event names before
an editor applies a high-impact configuration change.
## Scalability
GovOPlaN should be manually scalable first and automatically scalable where the