WARDEN-WP-0006: NetKingdom stewardship docs and alignment

Add credential routing, actor patterns, security map, OpenBao SSH checklist, and policy-gated signing design. Update registry and SCOPE; record INTENT↔SCOPE reassessment (C3 completeness).
2026-06-17 08:22:45 +02:00
parent 5ae3821b88
commit 1865e0744e
14 changed files with 879 additions and 108 deletions
--- a/examples/inventory.seed.yaml
+++ b/examples/inventory.seed.yaml
@@ -0,0 +1,41 @@
+# Non-secret inventory template — copy to ~/.config/warden/inventory.yaml
+# and adjust for your environment. Do not commit real operator paths or keys.
+#
+# See wiki/ActorInventoryPatterns.md and wiki/OpsWardenConfig.md
+
+actors:
+  agt-state-hub-bridge:
+    type: agt
+    principals:
+      - agt-task-bridge
+    ttl_hours: 24
+    description: "ops-bridge tunnel agent for state-hub"
+
+  agt-codex-interhub-bootstrap:
+    type: agt
+    principals:
+      - agt-interhub-bootstrap
+    ttl_hours: 2
+    description: "Short-lived agent access for attended Inter-Hub bootstrap"
+
+  adm-example:
+    type: adm
+    principals:
+      - adm-full
+    ttl_hours: 48
+    description: "Example human operator — replace with per-person adm-* actors"
+
+  atm-backup-daily:
+    type: atm
+    principals:
+      - atm-backup-daily
+    ttl_hours: 8
+    description: "Example nightly automation actor"
+
+hosts:
+  example-host:
+    allowed_principals:
+      agt:
+        - agt-task-bridge
+      atm:
+        - atm-backup-daily