003-gpt-identity: live verification notes

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
m2 (AI Agent) 2026-07-02 06:27:51 +02:00
parent dcb97f180f
commit 8d41404b3d

View file

@ -0,0 +1,12 @@
# Verification — 003-gpt-identity (2026-07-02)
- Live: market.machinemachine.ai /api/config → {"auth_mode":"both"}; passcode login 204,
session now identity-shaped ({role: fleet_admin, operator_id: fleet, auth_method: passcode}).
- SC-201/202 covered by tests (13 green): gpt login happy path binds {email, role,
tenant_id, operator_id}; wrong password 401; foreign wallet 403 for non-admin;
fleet_admin picker retained. LIVE gpt-credential login awaits the operator's own
m2-gpt account (orchestrator holds no operator password — by design).
- SC-203: secrets-leak test extended with M2GPT secrets; passcode mode green.
- Introspection revalidation (FR-203) ships dark until m2-gpt PR #12 merges+deploys
(github.com/machine-machine/m2-gpt/pull/12) and M2GPT_INTROSPECTION_KEY is set on
both sides.