docs: audit SecretStore endpoint scope

2026-06-02 16:28:42 +00:00
parent 0ff8e9d0c6
commit df3f9b3e3b
2 changed files with 31 additions and 8 deletions
--- a/AI.md
+++ b/AI.md
@@ -626,3 +626,19 @@ Latest endpoint audit checkpoint from patch 0224:
  unless the filesystem provider grows real backing state.

 Next patch number should be `0225`.
+
+Latest endpoint audit checkpoint from patch 0225:
+
+- SDK `0x2222/92` / wire `0x5c` SecretStore is now scope-audited as
+  later-generation and out of the current source-stub target.  The NDK PDF marks
+  SecretStore Services as NetWare Server 5.x and eDirectory 8.5 or later, with
+  subverbs `0` Query Server through `9` Get Service Information.
+- No active top-level `case 0x5c` exists in `src/nwconn.c`, and no indirect
+  handler/provider path was found during this audit.  Do not add a disabled
+  source stub for SecretStore while the target remains 1.x/2.x/3.x plus planned
+  4.x only.
+- SecretStore is not the same as the planned 4.x `libdirectory`/`nwnds` work.
+  If a future post-4.x/eDirectory target is ever added, it should be designed as
+  a separate secure secret-storage provider with strict no-secret logging rules.
+
+Next patch number should be `0226`.