From 601be84a59c1a3001f66c73530ed594ff8542157 Mon Sep 17 00:00:00 2001 From: Albrecht Degering Date: Wed, 8 Jul 2026 14:17:23 +0200 Subject: [PATCH] Sync wiki from project files --- Repo-docs-GOVERNMENT-OPERATIONS-VISION.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/Repo-docs-GOVERNMENT-OPERATIONS-VISION.md b/Repo-docs-GOVERNMENT-OPERATIONS-VISION.md index f7d5c73..eb66c86 100644 --- a/Repo-docs-GOVERNMENT-OPERATIONS-VISION.md +++ b/Repo-docs-GOVERNMENT-OPERATIONS-VISION.md @@ -1,4 +1,4 @@ - + > Mirrored from `/mnt/DATA/git/govoplan-core/docs/GOVERNMENT_OPERATIONS_VISION.md`. > Origin: `repository`. @@ -141,6 +141,25 @@ explanations, two-person approval for destructive changes, versioned configuration history, rollback paths, audit events, and maintenance-mode guards. +The initial safety metadata contract lives in +`govoplan_core.core.configuration_safety`. It classifies known configuration +fields as UI-managed or deployment-managed, assigns risk levels, marks secret +handling as reference-only or env-only, and declares dry-run, policy +explanation, audit, approval, rollback-history, maintenance-mode, and RBAC +requirements. Admin UI editors should consume this metadata before exposing +powerful settings. + +The initial executable guardrail path is `plan_configuration_change(...)`, +exposed through: + +- `GET /api/v1/admin/configuration-safety` +- `POST /api/v1/admin/configuration-safety/plan` + +The planner reports missing scopes, dry-run requirements, maintenance-mode +requirements, two-person approval status, secret-reference violations, +rollback-history requirements, policy explanations, and audit event names before +an editor applies a high-impact configuration change. + ## Scalability GovOPlaN should be manually scalable first and automatically scalable where the