Promotes ADR-0001 from Proposed (2026-05-01) to Accepted (2026-05-08) with one amendment to §2.3:
K8s-to-K8s reconciliation (RoleBindings, Kustomizations, ConfigMaps from a
higher-level intent CR) is the responsibility of Flux Kustomizations or thin
in-cluster controllers — never Crossplane Compositions. The useraccess-
controller (slice C5 of #1095) is the canonical example. The earlier
XUserAccess Composition that used provider-kubernetes is retired.
Why amend: the audit synthesized in openova-private/.claude/audit-synthesis-
2026-05-08.md confirmed XUserAccess on every Sovereign was silently broken
(Composition references provider-kubernetes which is not installed). The
amendment makes the in-cluster path canonical so future K8s-to-K8s seams
follow it without re-debating.
Refs: #1094 (umbrella), #1095 (foundation), docs/EPICS-1-6-unified-design.md
Co-authored-by: hatiyildiz <hatiyildiz@noreply.openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d966651fae