feat(WARDEN-WP-0017): make the access front door discoverable (not SSH-only)

WP-0014 made ops-warden the operator access front door (warden access --fetch/--exec
proxies an exec_capable secret as the caller), but every discovery surface still told
the pre-WP-0014 "SSH certs only, pointer not key" story — so agents like whynot-design
never found the proxy and concluded they had to message ops-warden for a token value.

Messaging/discoverability only; the conduit security model is unchanged (no custody,
no broker).

T1 — CLI: `warden route` table warden column is now three-valued (issue/assist/route);
route + access JSON gain warden_role + exec_capable and a proxy-aware next_action;
`warden access` closing line leads with "ops-warden can fetch this for you as the
caller" for exec_capable lanes (route-only lanes keep "owner vends").

T2 — .claude/rules/credential-routing.md reframed (lead + routing table role column);
SCOPE one-liner + a second capability block for the access front door.

T3 — registered the State Hub capability "Operator access front door (caller-identity
fetch proxy)" (the hub had no ops-warden security capability at all); messaged
whynot-design the corrected `warden access "npm auth token" --fetch/--exec` path.

210 tests pass, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-27 21:02:46 +02:00
parent 55c3404741
commit 46b340f45f
6 changed files with 210 additions and 21 deletions

View File

@@ -545,6 +545,14 @@ def _entry_summary(entry) -> dict:
"owner_repo": entry.owner_repo,
"subsystem": entry.subsystem,
"warden_executes": entry.warden_executes,
# warden_role tells an agent at a glance whether ops-warden runs this lane
# itself (issue), proxies the fetch as the caller (assist), or only points (route).
"warden_role": (
"issue" if entry.warden_executes
else "assist" if entry.exec_capable
else "route"
),
"exec_capable": entry.exec_capable,
"wiki_ref": entry.wiki_ref,
"canon_ref": entry.canon_ref,
"reviewed": entry.reviewed,
@@ -567,7 +575,12 @@ def _print_entry_table(
from warden.routing.catalog import days_since_review
for e in entries:
executes = "[green]issue[/green]" if e.warden_executes else "route"
if e.warden_executes:
executes = "[green]issue[/green]"
elif e.exec_capable:
executes = "[cyan]assist[/cyan]" # warden access --fetch/--exec proxies it
else:
executes = "route"
status_styled = e.status if e.status == "active" else f"[yellow]{e.status}[/yellow]"
if show_reviewed:
days = days_since_review(e.reviewed)
@@ -661,6 +674,12 @@ def route_show(
if entry.warden_executes:
summary["steps"] = entry.steps
summary["cert_command"] = entry.cert_command
elif entry.exec_capable:
summary["next_action"] = (
f"ops-warden can proxy this as the caller: `warden access <need> --fetch`"
f" (or `--exec -- <cmd>`); runs {entry.owner_repo}'s tool with your "
f"identity. See `{entry.wiki_ref}`."
)
else:
summary["next_action"] = (
f"next action on `{entry.owner_repo}` — see `{entry.wiki_ref}`"
@@ -734,6 +753,14 @@ def _access_json(entry, expanded, gate: str, domain: Optional[str]) -> dict:
if entry.warden_executes:
payload["next_action"] = "ops-warden issues this directly — see cert_command"
payload["cert_command"] = entry.cert_command
elif expanded.exec_capable:
verb = "fetch" if entry.lane != "login" else "login"
payload["next_action"] = (
f"ops-warden can proxy this {verb} as the caller: "
f"`warden access <need> --fetch`"
+ ("" if entry.lane == "login" else " (or `--exec -- <cmd>`)")
+ f". Runs {entry.owner_repo}'s tool with your identity; ops-warden holds no value."
)
else:
payload["next_action"] = (
f"obtain from {entry.owner_repo} ({entry.subsystem}); "
@@ -979,11 +1006,21 @@ def access(
" note : remaining <…> placeholders are owner-confirmed names "
f"(coordinate with {entry.owner_repo})."
)
console.print(
f"\n[yellow]ops-warden does not hold this secret.[/yellow] "
f"Obtain it from [bold]{entry.owner_repo}[/bold] as shown — "
"warden advises, the owner vends."
)
if expanded.exec_capable:
verb = "fetch this for you" if entry.lane != "login" else "run this login for you"
console.print(
f"\n[green]ops-warden can {verb}[/green] as the caller — "
f"[bold]{proxy} --fetch[/bold]"
+ ("" if entry.lane == "login" else f" (or [bold]{proxy} --exec -- <cmd>[/bold])")
+ f". It runs {entry.owner_repo}'s tool with [bold]your[/bold] identity; the "
"value streams to you and ops-warden never holds, caches, or logs it."
)
else:
console.print(
f"\n[yellow]ops-warden does not hold this secret.[/yellow] "
f"Obtain it from [bold]{entry.owner_repo}[/bold] as shown — "
"warden advises, the owner vends."
)
# ---------------------------------------------------------------------------