coulomb/config-atlas
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc702db4cfa01e5d11ff1da41bfe3fe7fcd76dae
config-atlas/registry/surfaces/surface.infotech.ops-bridge.tunnel-config.md
tegwick 72bbdad2c8
Some checks failed
validate-registry / validate (push) Has been cancelled
Details
feat(registry): complete ATLAS-WP-0002 T02, T03, T06 
T02: remove inherited capability.infotech.repo-template and template consumer
docs (statehub-register, template-validation-checklist); add
capability.infotech.config-surface-atlas and rewrite capabilities.yaml.

T03: seed 4 configuration surfaces (state-hub api-config, ops-warden
routing-catalog, reuse-surface federation-sources, ops-bridge tunnel-config)
with registry/indexes/surfaces.yaml; source-linked, no values, secret deps by
reference.

T06: add tools/validate_registry.py (schema + index gate), Makefile (make
validate), and .github/workflows/validate.yml (GitHub + Gitea Actions);
document in stack-and-commands. Verified malformed entries are rejected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-26 23:19:18 +02:00

44 lines
1.4 KiB
Markdown
Raw Blame History

---
id: surface.infotech.ops-bridge.tunnel-config
name: ops-bridge SSH tunnel configuration
kind: infra-state
summary: Declares the reverse SSH tunnels (local/remote port maps) that expose State Hub and MCP services to remote machines.
owner: ops-bridge
status: active
scope:
allowed_layers: [company, environment, installation]
default_layer: installation
mutability: deploy-time
security_class: operational
schema:
type: object
validator: ~/ops-bridge/schemas/tunnel.schema.yaml
sources:
- repo: ops-bridge
path: config/tunnels.yaml
role: installation-overlay
relations:
consumed_by:
- service.ops-bridge
overrides: []
depends_on_secret:
- ops-bridge/ssh-cert
related_to:
- surface.infotech.state-hub.api-config
evidence:
last_seen: '2026-06-26'
discovery_method: manual
change_log_ref: ATLAS-WP-0002-T03
---
# ops-bridge SSH tunnel configuration
ops-bridge maintains reverse SSH tunnels that expose the State Hub API and MCP
endpoints to remote machines (the remote port map: State Hub API `:18000`, MCP
`:18001`). This surface maps that tunnel configuration as **infra-state**.
- **Source of truth:** the `ops-bridge` repo tunnel config; SSH certs are a secret
reference (`depends_on_secret`), signed by ops-warden, never stored here.
- **Relation:** exposes `surface.infotech.state-hub.api-config` to remote workers.
- **Mutability:** deploy-time — tunnel changes are brought up via `bridge up`.
Reference in New Issue View Git Blame Copy Permalink