docs(architecture): Layer 3 — Storage broker zone + Control-plane MCP/operator split

[Yambr]

Description retired during the initial-public-release history consolidation. The canonical content lives in docs/architecture/ at the current tip.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b0795c0d-a26f-4e4f-9a2f-9535a5ded171

📥 Commits

Reviewing files that changed from the base of the PR and between a19af1c and 4c8572f.

📒 Files selected for processing (5)

• docs/architecture/02-trust-boundaries.md
• docs/architecture/diagrams/02-trust-boundaries.mmd
• docs/architecture/glossary.md
• docs/architecture/manifesto/02-nfrs.md
• docs/future-architecture/architecture/06-storage.md

---

Walkthrough

This PR refines the Open Computer Use trust-boundary architecture by introducing a Storage broker as a sixth trust zone. The change updates scope, zone definitions, guest-data paths (Storage mount vs. Egress), token taxonomy to include Storage-mount handle class, and cascades updates across the trust diagram, C4 context, bounded contexts, glossary, and NFR documentation.

Changes

Storage broker trust-zone model refinement

Layer / File(s)	Summary
Trust-boundary zone model and guest-data paths docs/architecture/02-trust-boundaries.md	Scope expanded to include Storage broker in the trust-chain. Zones table revised to reflect six zones with adjusted descriptions. New "Two guest-data paths" section defines Storage mount (resource handle routed via Storage broker) and Egress (network-bound identity) paths. Token taxonomy extended to include Storage-mount handle class held by guest. Regulator citation map extended with Storage broker row.
Trust-zone diagram and visual representation docs/architecture/02-trust-boundaries.md, docs/architecture/diagrams/02-trust-boundaries.mmd	Mermaid diagram expanded to introduce Storage broker (STORE) subgraph positioned between credential custody and compute plane. Internal edges reworked to route session/resource-handle mounting and credential-leasing through Storage broker. Explicit mount-path and egress edges added so the broker performs/signed object-store requests and emits OCSF events to the audit bus. Diagram styling applied consistently to Storage broker as a trusted host zone.
Glossary and terminology definitions docs/architecture/glossary.md	Control plane definition refined to distinguish agent-facing MCP interface (tool calls) from operator/lifecycle interface (lifecycle, quota, kill-switch with operator-only access). New Storage broker entry added describing host-side broker for guest's mutable user-data mount, credential boundary (backend key not in guest), and authorization via Egress trust-edge. Open Host Service updated to reflect five trust-zone OCSF event fan-in.
Downstream architecture documentation cascade docs/architecture/03-c4-context.md, docs/architecture/04-bounded-contexts.md, docs/architecture/manifesto/02-nfrs.md	C4 context updates AI-guardrail policy boundary reference from zone 4 to zone 5. Bounded contexts reframed to reflect six zones: five zones merge into Agent Execution context, Audit pipeline mapped to Compliance Evidence, and fan-in relationship adjusted to five zones. NFR introduction expanded to define six interacting zones, clarify Session JWT and Storage-mount handle as guest-held tokens, and refine NFR-SEC-23 and NFR-SEC-25 to explicitly locate upstream credentials (Credential custody) and storage-backend credentials (Storage broker) on host-side only.
Future storage architecture docs/future-architecture/architecture/06-storage.md	Tier-4 user-data design changed from a FUSE sidecar with direct S3 access to a broker-mediated filesystem (file-RPC/FUSE) where the broker holds and signs object-store credentials, issues short-lived STS scoped to a filesystem_id, and the guest retains only a filesystem_id handle; Phase 4 and non-goals updated accordingly.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Wide-Moat/open-computer-use#167: Updates bounded-contexts trust-zone→context mapping; closely related to this PR's bounded-contexts changes.
• Wide-Moat/open-computer-use#130: DN-1 design note on egress/identity/secret-broker overlaps with the Storage broker introduction and credential custody model.
• Wide-Moat/open-computer-use#177: Modifies trust-boundary/identity model and token semantics similar to this PR's addition of storage-mount handle and egress injection.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately summarizes the two main changes in the PR: the addition of a Storage broker as its own Layer 3 trust zone and the refinement of the Control plane into distinct MCP/operator interfaces.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/layer3-mmd-topology-sync

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}