fce0c4c781
- Add vault-credential-resolver.js: Async credential resolution with vault:// URI support - Integration with vault-resolver.js (low-level Vault client) - Update doctor-providers.js to detect and report vault URIs - Synchronous doctor checks (no network I/O) with lazy async resolution - Fail-open semantics: vault unavailable -> fall back to plaintext - 28 tests for credential resolver (all passing) - ADR-0078: Architecture and auth chain documentation Features: - vault://secret/path/to/secret#fieldname URI format - Auth chain: VAULT_TOKEN -> ~/.vault-token -> AppRole (reserved) - Helper functions: couldBeVaultUri, hasProviderCredentialEnvVar, resolveProviderCredential, getCredentialValue, formatCredentialInfo - Full backward compatibility with plaintext keys and auth.json Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| 0000-purpose-to-software-compiler.md | ||
| 0001-promote-only-sf-state.md | ||
| 0002-sf-schedule-pull-based.md | ||
| 0075-uok-gate-architecture.md | ||
| 0076-uok-memory-integration.md | ||
| 0077-spec-runtime-evidence-schema-separation.md | ||
| 0078-vault-credential-resolution.md | ||
| README.md | ||
docs/adr/
Accepted architecture decision records (ADRs).
Start with ADR-0000: SF Is a Purpose-to-Software Compiler. It is the foundational product/architecture decision; later ADRs refine pieces of that contract.
What belongs here
- Final, accepted architectural decisions that affect the project.
- Decisions that have been promoted from
.sf/DECISIONS.md.
What does NOT belong here
- Draft decisions still under discussion.
- Implementation plans (use
docs/plans/). - Specifications (use
docs/specs/).
Naming convention
0001-<slug>.md — zero-padded four digits, auto-numbered by sf plan promote --to docs/adr.
0000-* is reserved for foundational doctrine that later ADRs depend on.