003-gpt-identity: live verification notes
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
dcb97f180f
commit
8d41404b3d
1 changed files with 12 additions and 0 deletions
12
specs/003-gpt-identity/VERIFICATION.md
Normal file
12
specs/003-gpt-identity/VERIFICATION.md
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
# Verification — 003-gpt-identity (2026-07-02)
|
||||
|
||||
- Live: market.machinemachine.ai /api/config → {"auth_mode":"both"}; passcode login 204,
|
||||
session now identity-shaped ({role: fleet_admin, operator_id: fleet, auth_method: passcode}).
|
||||
- SC-201/202 covered by tests (13 green): gpt login happy path binds {email, role,
|
||||
tenant_id, operator_id}; wrong password 401; foreign wallet 403 for non-admin;
|
||||
fleet_admin picker retained. LIVE gpt-credential login awaits the operator's own
|
||||
m2-gpt account (orchestrator holds no operator password — by design).
|
||||
- SC-203: secrets-leak test extended with M2GPT secrets; passcode mode green.
|
||||
- Introspection revalidation (FR-203) ships dark until m2-gpt PR #12 merges+deploys
|
||||
(github.com/machine-machine/m2-gpt/pull/12) and M2GPT_INTROSPECTION_KEY is set on
|
||||
both sides.
|
||||
Loading…
Reference in a new issue