From 1f4a297dae2db5899300a331bd3cdaf2eb7b9bbb Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Mon, 11 May 2026 22:16:32 +0000 Subject: [PATCH] =?UTF-8?q?docs(readme):=20Status=20block=20rewrite=20?= =?UTF-8?q?=E2=80=94=20design-partner=20CTA,=20paragraph=20cadence?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Earlier versions were either link-soup or so tight they read as boilerplate. This pass aims for CMO-grade copy: - Paragraph 1: lede that combines the early-access label with the design-partner ask — sets the tone in one line. - Paragraph 2: what's production-quality today, with the RBAC + OIDC doc links inline (no bold, no link-soup). Names the v2.1.0 layer on top. - Paragraph 3: the ask — production deployments wanted, framed explicitly as 'we can't manufacture this exposure in CI'. Honest about the federated-identity surface being where the new exposure lives. Mutual-value framing. - Paragraph 4: the actionable bit — file issues liberally, with the why ('how the platform earns the right to drop early-access'). Three inline doc links (RBAC, OIDC runbook index, file-issues). Same factual content, warmer voice, paragraph cadence with breathing room between. --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0d73aa6..2c988d5 100644 --- a/README.md +++ b/README.md @@ -13,11 +13,13 @@ certctl is a self-hosted platform that automates the entire TLS certificate life The CA/Browser Forum's [Ballot SC-081v3](https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/) caps public TLS certificates at **200 days by March 2026**, **100 days by 2027**, and **47 days by 2029**. At 47-day lifespans, a team managing 100 certificates is processing 7+ renewals per week, every week, forever. Manual workflows stop being a choice. -> **Status: Early-access.** The certificate lifecycle core is production-quality, including [RBAC](docs/operator/rbac.md). - -> v2.1.0 adds [OIDC SSO](docs/operator/oidc-runbooks/index.md), server-side sessions, and break-glass admin. - -> Production welcome — [file issues](https://github.com/certctl-io/certctl/issues) when something's off, especially against your IdP. +> **Status: Early-access — actively looking for design partners.** +> +> The certificate lifecycle core is production-quality today: Local CA, ACME, agent deployment, audit, [role-based access control](docs/operator/rbac.md) with auditor split and four-eyes approval. v2.1.0 adds federated identity on top — [OIDC SSO](docs/operator/oidc-runbooks/index.md), server-side sessions, back-channel logout, and a break-glass admin path for SSO-outage recovery. +> +> If your team runs PKI infrastructure that could use real automation, we'd love to have you on certctl. Lab and dev deployments are great. Production is welcome too — especially on the federated-identity surface, where real-world IdP shapes are exactly the exposure we can't manufacture in CI. Battle-testing certctl in your environment is genuinely valuable to us. +> +> [File issues](https://github.com/certctl-io/certctl/issues) liberally. Every IdP quirk, every connector edge, every doc gap you hit — that's how the platform earns the right to drop the "early-access" label. The faster the loop, the faster everyone benefits. > **Actively maintained, shipping weekly.** [Open an issue](https://github.com/certctl-io/certctl/issues) if something breaks. CI runs the full test suite with race detection, static analysis, and vulnerability scanning on every commit.