flex-auth/docs/ops-warden-policy-gate-handoff.md

# Ops-Warden Policy Gate Handoff

Date: 2026-06-23
Workplan: FLEX-WP-0006
Ops-warden unblocker: WARDEN-WP-0009 T01

## Published flex-auth assets

- Policy package: examples/ops-warden/policy_package.md
- Policy fixtures: examples/ops-warden/policy_fixtures.yaml
- Combined registry fixture: examples/ops-warden/registry_snapshot.json
- Protected-system manifest: examples/ops-warden/protected_system_manifest.yaml
- Resource manifest: examples/ops-warden/resource_manifest.yaml
- Subject manifest: examples/ops-warden/subject_manifest.yaml
- Service request fixtures: examples/ops-warden/check_request_*.json

## Local service command

    flex-auth serve --addr 127.0.0.1:8080 --registry examples/ops-warden/registry_snapshot.json --policy examples/ops-warden/policy_package.md --log /tmp/flex-auth-ops-warden-decisions.jsonl

Ops-warden can point policy.flex_auth_url at that base URL for local smoke.
Production should keep policy.fail_closed true unless an explicit break-glass
procedure exists.

## Fixture coverage

Allow fixtures:

- fixture:ops-warden-adm-sign-allow
- fixture:ops-warden-agt-sign-allow
- fixture:ops-warden-atm-sign-allow

Deny fixtures:

- fixture:ops-warden-unknown-subject-deny
- fixture:ops-warden-actor-type-mismatch-deny
- fixture:ops-warden-ttl-above-max-deny
- fixture:ops-warden-disallowed-principal-deny
- fixture:ops-warden-missing-fingerprint-deny

## Non-secret smoke evidence

CLI validation on 2026-06-23:

- protected-system manifest: valid
- resource manifest: valid
- subject manifest: valid
- registry snapshot: loaded 1 system, 1 resource manifest, 3 subjects,
  3 groups, 3 relationships, and 1 tenant
- policy package: valid with 8 passing fixtures

Local /v1/check service smoke on 2026-06-23:

- allow request: effect allow, reason signing_policy_matched,
  decision id decision:706efe49f68d9ef1
- deny request: effect deny, reason ttl_out_of_bounds,
  decision id decision:b69bdc25a988f367
- GET /v1/check: HTTP 405
- malformed POST /v1/check: HTTP 400
- decision log contained both decision ids

## Production sequence for ops-warden

1. Deploy the flex-auth registry and policy package above to the selected
   flex-auth runtime.
2. Configure ops-warden policy.flex_auth_url to the flex-auth base URL.
3. Set policy.enabled: true.
4. Keep policy.tenant as tenant:platform unless a tenant-specific policy package
   is introduced.
5. Run one allow-path sign smoke and confirm signatures.log includes
   policy_decision_id.
6. Run one deny-path smoke with fail_closed true and preserve only non-secret
   evidence.

## Ownership boundary

flex-auth owns the authorization decision for the signing request. ops-warden
continues to own actor inventory, SSH CA operation, OpenBao SSH engine
integration, host documentation, and signatures.log production evidence.

No SSH private keys, OpenBao tokens, database credentials, or real public-key
material are stored in these fixtures.


## FLEX-WP-0007 Production Update

Additional published assets:

- Production registry fixture: examples/ops-warden/production_registry_snapshot.json
- Registry sync runbook: docs/ops-warden-registry-sync.md

Production runtime command:

    flex-auth serve --addr 0.0.0.0:8080 --registry examples/ops-warden/production_registry_snapshot.json --policy examples/ops-warden/policy_package.md --log /var/log/flex-auth/ops-warden-decisions.jsonl

Use http://flex-auth.flex-auth.svc.cluster.local:8080 when cluster DNS is
reachable from warden workstations. Otherwise use the approved operator tunnel
or ingress URL. Always pre-flight GET /healthz from the same workstation before
enabling policy.enabled with fail_closed true.

Production actor coverage now verifies agt-state-hub-bridge,
agt-codex-interhub-bootstrap, adm-example, atm-backup-daily, ttl_out_of_bounds,
unknown_actor_resource, and the iam:agt-state-hub-bridge subject path used by
WARDEN_POLICY_SUBJECT.