Drafts the cloud deployment design as three earned stages — managed
single-region, elastic data plane with an off-path worker tier, then
BYOC/VPC/air-gapped — each winning one irreducible property. Sets
foundational principles (object-storage-only commit, a soft-state
control plane off the request path, one config-driven binary) drawn
from turbopuffer, Neon, and WarpStream, threads the RFC 0001 auth
design through every stage, and records the open decisions and
invariant analysis.
https://claude.ai/code/session_01N22WDYC6vv2njR5Xu96QaC
Drafts a design for OIDC-based federated authentication that lets a
managed cloud offering issue identity tokens while keeping VPC and
air-gapped on-prem deployments free of any request-time dependency on
the cloud. Introduces a server-only TokenVerifier seam with static and
OIDC implementations, validates the design against the OSS/Cloud
invariants, and records the open decisions needed before acceptance.
https://claude.ai/code/session_01N22WDYC6vv2njR5Xu96QaC
