Define opaque provider credential custody boundary

[jmcentire]

Summary

• add a cloud-neutral Baton custody contract that exposes opaque provider handles and sanitized outcomes only
• require a trusted verifier outcome bound to workload, operation references, fingerprint, channel, purpose, connector scope, and provider-attempt budget
• require an atomic single-dispatch consumption reservation before provider use, while allowing scoped primary/backup selection under that one reservation
• define resolver, audit sink, and failure notifier protocols plus current OpenBao candidate evidence and explicit non-adoption gates

Coordination Boundary

• this is a non-overlapping contract slice for Claude's delegated-executor lane in draft PR Add delegated connector executor with no-key verification paths #13; it does not change that executor or the MEA consumer
• concrete Signet verification, ledger persistence, OpenBao-backed resolution, audit/notification sinks, and MEA integration remain required
• Claude review is required before either draft is reconciled or merged

Safety

• no provider credential value, signing key, secret-store path, deployment, or live service is used
• focused tests pass only opaque handles and credential-free verification/reservation outcomes
• cryptogram remains blocked separately because its current tests generate X25519 keypairs

Validation

• prohibited-material static scan over the three new files: no candidates
• git diff --check
• python3 -B -m py_compile src/baton/credential_custody.py tests/test_credential_custody.py
• PYTHONPATH=src python3 -B -m pytest tests/test_credential_custody.py -q (12 passed)

OpenBao Sources Checked 2026-06-04

• https://openbao.org/docs/policies/osps-baseline/
• https://openbao.org/docs/secrets/kv/kv-v2/
• https://openbao.org/docs/secrets/transit/
• https://openbao.org/docs/audit/
• https://openbao.org/docs/auth/jwt/