Split out of the stale v0.15 tracker #137 — the one identity item that didn't ship.
What
EnrollCommand has OrgAddMember / AddMembership / Republish but no import path: an operator who receives a signed org member-cert out-of-band (the AC-F-INGEST flow) has no verb to ingest it into their own card's org_memberships.
Proposal
wire enroll org-import-member-cert — read a signed member-cert JSON from stdin (or @/path), verify the org signature, and attach it to this agent's card org_memberships[] (republish). Mirror the existing enroll subcommands' shape + the card-attach path used by AddMembership.
Acceptance
- Verify the cert's org signature before attaching (reject unsigned/forged).
- Idempotent re-import (same cert ⇒ no-op).
- Unit test the verify+attach on a fixture cert.
Context: the other #137 survivor (RFC-004 connection health probing) is tracked separately at #142.
Split out of the stale v0.15 tracker #137 — the one identity item that didn't ship.
What
EnrollCommandhasOrgAddMember/AddMembership/Republishbut no import path: an operator who receives a signed org member-cert out-of-band (the AC-F-INGEST flow) has no verb to ingest it into their own card'sorg_memberships.Proposal
wire enroll org-import-member-cert— read a signed member-cert JSON from stdin (or@/path), verify the org signature, and attach it to this agent's cardorg_memberships[](republish). Mirror the existing enroll subcommands' shape + the card-attach path used byAddMembership.Acceptance
Context: the other #137 survivor (RFC-004 connection health probing) is tracked separately at #142.