Complete WARDEN-WP-0012 routing scenario playbooks

Add platform-secret playbooks for issue-core ingestion, OpenRouter llm-connect, object-storage STS, and database dynamic credentials. Extend the routing catalog with draft entries and implement `warden route list --stale` for quarterly drift review. Document the review cadence in AccessRouting and mark the workplan finished.
2026-06-25 10:27:23 +02:00
parent 318f2558f5
commit 1237cc767b
12 changed files with 720 additions and 30 deletions
--- a/src/warden/routing/catalog.py
+++ b/src/warden/routing/catalog.py
@@ -15,6 +15,7 @@ from __future__ import annotations

 import os
 from dataclasses import dataclass
+from datetime import date
 from pathlib import Path
 from typing import List, Optional

@@ -36,6 +37,26 @@ _REQUIRED_FIELDS = (
 )
 _VALID_STATUS = ("active", "draft")

+# Default review cadence — see wiki/AccessRouting.md#drift-review-cadence
+DEFAULT_STALE_DAYS = 90
+
+
+def days_since_review(reviewed: str, *, today: Optional[date] = None) -> int:
+    """Calendar days between reviewed date (YYYY-MM-DD) and today."""
+    reviewed_date = date.fromisoformat(reviewed)
+    ref = today or date.today()
+    return (ref - reviewed_date).days
+
+
+def is_review_stale(
+    reviewed: str,
+    *,
+    threshold_days: int = DEFAULT_STALE_DAYS,
+    today: Optional[date] = None,
+) -> bool:
+    """True when reviewed date is older than the cadence threshold."""
+    return days_since_review(reviewed, today=today) > threshold_days
+

 class CatalogError(Exception):
    """Raised when the routing catalog is missing or invalid."""
@@ -89,6 +110,20 @@ class Catalog:
        scored.sort(key=lambda pair: (-pair[0], pair[1].id))
        return [e for _, e in scored[:limit]]

+    def stale(
+        self,
+        include_draft: bool = False,
+        threshold_days: int = DEFAULT_STALE_DAYS,
+        *,
+        today: Optional[date] = None,
+    ) -> List[RouteEntry]:
+        """Entries whose reviewed date is past the cadence threshold."""
+        return [
+            e
+            for e in self.listed(include_draft=include_draft)
+            if is_review_stale(e.reviewed, threshold_days=threshold_days, today=today)
+        ]
+

 def _parse_entry(raw: dict, index: int) -> RouteEntry:
    if not isinstance(raw, dict):