coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WARDEN-WP-0006: NetKingdom stewardship docs and alignment

Browse Source 
Add credential routing, actor patterns, security map, OpenBao SSH
checklist, and policy-gated signing design. Update registry and SCOPE;
record INTENT↔SCOPE reassessment (C3 completeness).
This commit is contained in:
Bernd Worsch
2026-06-17 08:22:45 +02:00
parent 5ae3821b88
commit 1865e0744e
14 changed files with 879 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
SCOPE.md
View File

@@ -52,13 +52,19 @@ Vault-compatible SSH secrets engine API, production).
- Capability registry entry for SSH certificate issuance
- Keeping ops access patterns consistent with `net-kingdom` platform architecture
### Planned (see workplan)
### Stewardship (shipped WP-0006)
- NetKingdom cross-links and responsibility-map alignment
- Credential routing runbook for dev workers
- Standard actor inventory patterns for agents and CI
- flex-auth policy hook design for gated SSH issuance
- Production OpenBao SSH engine operational checklist
- `wiki/CredentialRouting.md` — credential type → subsystem routing
- `wiki/NetKingdomSecurityMap.md` — NetKingdom component literacy
- `wiki/ActorInventoryPatterns.md` + `examples/inventory.seed.yaml`
- `wiki/OpenBaoSshEngineChecklist.md` — production SSH signing verify
- `wiki/PolicyGatedSigning.md` — flex-auth integration design (not implemented)
### Planned (follow-up)
- flex-auth policy hook implementation (WARDEN-WP-0007, proposed)
- Live production OpenBao SSH engine verification on Railiance
- NK-WP-0009 SSH tutorial joint with net-kingdom
---
@@ -101,8 +107,9 @@ Vault-compatible SSH secrets engine API, production).
- **SSH CLI:** shipped v0.1.0 (WARDEN-WP-00010003)
- **Docs:** OpenBao-first config (WARDEN-WP-0005), Inter-Hub bootstrap runbook
- **Registry:** `capability.security.ssh-certificate-issuance` published
- **INTENT:** defined 2026-06-17; stewardship layer largely **documentation-only**
- **Gap:** see `history/2026-06-17-intent-scope-assessment.md`
- **INTENT:** operational access steward (2026-06-17)
- **Stewardship docs:** WP-0006 complete — routing, inventory patterns, OpenBao checklist
- **Gap reassessment:** `history/2026-06-17-intent-scope-reassessment.md`
---
@@ -166,7 +173,9 @@ keywords: [ssh, certificate, ca, credential, warden, ops-warden, pki, openbao, v
| --- | --- |
| `INTENT.md` | Why ops-warden exists and where it is going |
| `SCOPE.md` | What is implemented today (this file) |
| `history/2026-06-17-intent-scope-assessment.md` | INTENT ↔ SCOPE gaps |
| `wiki/CredentialRouting.md` | Which subsystem for each credential need |
| `wiki/NetKingdomSecurityMap.md` | Platform security component map |
| `history/2026-06-17-intent-scope-reassessment.md` | Latest INTENT ↔ SCOPE assessment |
| `wiki/AccessManagementDirective.md` | SSH actor model |
| `wiki/OpsWardenConfig.md` | warden.yaml and OpenBao |
| `wiki/CertCommandInterface.md` | cert_command contract |