coulomb/config-atlas
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
bc702db4cfa01e5d11ff1da41bfe3fe7fcd76dae
config-atlas/registry/surfaces/surface.infotech.ops-warden.routing-catalog.md
tegwick 72bbdad2c8
Some checks failed
validate-registry / validate (push) Has been cancelled
Details
feat(registry): complete ATLAS-WP-0002 T02, T03, T06 
T02: remove inherited capability.infotech.repo-template and template consumer
docs (statehub-register, template-validation-checklist); add
capability.infotech.config-surface-atlas and rewrite capabilities.yaml.

T03: seed 4 configuration surfaces (state-hub api-config, ops-warden
routing-catalog, reuse-surface federation-sources, ops-bridge tunnel-config)
with registry/indexes/surfaces.yaml; source-linked, no values, secret deps by
reference.

T06: add tools/validate_registry.py (schema + index gate), Makefile (make
validate), and .github/workflows/validate.yml (GitHub + Gitea Actions);
document in stack-and-commands. Verified malformed entries are rejected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-26 23:19:18 +02:00

1.5 KiB
Raw Blame History

id, name, kind, summary, owner, status, scope, mutability, security_class, schema, sources, relations, evidence
id name kind summary owner status scope mutability security_class schema sources relations evidence
surface.infotech.ops-warden.routing-catalog ops-warden credential routing catalog policy Catalog mapping credential/access needs to their owning subsystem (who issues what), consumed via `warden route`. ops-warden active
allowed_layers default_layer
company
platform
company
deploy-time policy
type validator
object ~/ops-warden/registry/routing/catalog.schema.yaml
repo path role
ops-warden registry/routing/catalog.yaml company-baseline
consumed_by overrides depends_on_secret related_to
service.warden-cli
surface.infotech.state-hub.api-config
last_seen discovery_method change_log_ref
2026-06-26 manual ATLAS-WP-0002-T03

ops-warden credential routing catalog

The credential routing catalog answers "who owns this credential need?" — SSH certs (ops-warden), API keys/DB passwords (OpenBao), login/OIDC (key-cape), etc. It is a routing policy surface: it carries pointers, never secret values.

  • Source of truth: ops-warden/registry/routing/catalog.yaml; consumed via warden route find/show.
  • Boundary: this surface maps the catalog's existence, owner, and scope; secret values are never stored here (security_class: policy, no depends_on_secret).
  • Why indexed: credential routing is high-frequency and high-risk; the atlas records where the routing policy lives and who owns it.
Reference in New Issue View Git Blame Copy Permalink