Skip to content

fix: RFC-002 documentation alignment#16

Merged
beonde merged 4 commits intomainfrom
fix/rfc002-doc-alignment
Feb 3, 2026
Merged

fix: RFC-002 documentation alignment#16
beonde merged 4 commits intomainfrom
fix/rfc002-doc-alignment

Conversation

@beonde
Copy link
Member

@beonde beonde commented Jan 18, 2026

Summary

Fixes documentation discrepancies with RFC-002 and actual implementation.

Changes

CLI Documentation (docs/reference/cli/index.md)

  • Fix badge keep CA mode shown as implemented (was incorrectly marked "future")
  • Add --agent-id flag documentation
  • Update trust level descriptions to RFC-002 §5 names

Middleware Examples

  • Fix request.state.agent_claimsrequest.state.agent (matches SDK)
  • Add request.state.agent_id to examples

Server API (docs/reference/server/api.md)

  • Add "API Route Architecture" section documenting dual-path pattern
  • Document auth requirements for each path prefix

SDK Badge Reference (docs/reference/sdk-python/badge.md)

  • Update trust level gate example with all 5 levels (0-4)
  • Add tip about using built-in CapiscioMiddleware

Related

  • RFC-002 §5: Trust Levels
  • capiscio/capiscio-sdk-python#XX (SDK alignment PR)

beonde added 4 commits January 18, 2026 10:04
@beonde
fix: RFC-002 documentation alignment
f33288e 
- Fix CLI docs: badge keep CA mode shown as implemented (not future)
- Add --agent-id flag documentation to badge keep
- Update trust level descriptions to RFC-002 §5 names
- Fix request.state.agent_claims → request.state.agent in middleware examples
- Add API Route Architecture section documenting dual-path pattern
- Update SDK badge reference with IAL documentation
@beonde
fix: Correct Trust Badges FAQs per RFC-002
dcffeb0 
- Fix badge lifetime: badges are 5-minute TTL, not 1 year
- Add IAL (Identity Assurance Level) FAQ explaining IAL-0 vs IAL-1
- Add FAQ explaining why badges are short-lived
- Fix badge structure example to match RFC-002 §4.3 claims
- Correct Trust Level 1 description: 'Registered' not 'Email verification'
- Update SSL comparison to highlight lifetime difference
- Fix badge lifecycle diagram for short-lived token model
- Add warning about Level 0 in production

BREAKING MISCONCEPTION FIX: The previous docs implied badges last
1 year like SSL certificates. Badges are intentionally short-lived
(5 min default) for security. This is a critical conceptual fix.
@beonde
fix: Align trust level documentation with RFC-002 §5 - Fix trust leve…
43d20df 
…ls 0-4 mapping across all docs (SS, REG, DV, OV, EV)
@beonde
docs: Add verification tracker and accuracy guides
3b3914f
@beonde beonde merged commit af4c0c1 into main Feb 3, 2026
3 of 4 checks passed
@beonde beonde deleted the fix/rfc002-doc-alignment branch February 3, 2026 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@beonde