Ragnor Comerford eaeacb2385 docs(rfc-002): tighten credential trust model + accuracy (2nd review) ... Address the second implementation-readiness review (7 points): 1. env-token endpoint-binding was not enforceable as written -> replace with a trusted-origin credential model: ambient creds (env/keychain/profile) apply only to servers whose identity came from a trusted layer; login-written creds additionally bind to their issued-for endpoint. 2. project-layer auth: a lower-trust layer may define endpoint-only servers but may not carry an auth: block at all (command = repo-authored RCE) - now a validation rule, not just prose. 3. legacy remote-URI migration: split https://host/graphs/{gid} into endpoint+graph_id so V2's always-/graphs/{id}/ client can't double the prefix. 4. summary realigned with body: enumeration is graph_list-gated, oauth reserved (not first-class), secrets out-of-repo (not 'structurally unreachable'). 5. disambiguate higher-precedence (project wins merges) vs higher-trust (global owns identity) - they run opposite for the project layer. 6. drop top-level 'queries' from the named-resource merge map (per-graph only). 7. mark OMNIGRAPH_BIND proposed, not current; binary honors --bind/server.bind only (lib.rs:899).		2026-06-02 13:23:58 +02:00
..
dev	docs(rfc-002): tighten credential trust model + accuracy (2nd review)	2026-06-02 13:23:58 +02:00
releases	docs: rename runs.md/runs.rs → writes and repoint all references (#131)	2026-05-30 23:20:56 +02:00
user	Stored-query registry foundation + config/CLI RFC-002 (#128)	2026-06-01 22:50:31 +02:00