generated from coulomb/repo-seed
feat(WARDEN-WP-0017): make the access front door discoverable (not SSH-only)
WP-0014 made ops-warden the operator access front door (warden access --fetch/--exec proxies an exec_capable secret as the caller), but every discovery surface still told the pre-WP-0014 "SSH certs only, pointer not key" story — so agents like whynot-design never found the proxy and concluded they had to message ops-warden for a token value. Messaging/discoverability only; the conduit security model is unchanged (no custody, no broker). T1 — CLI: `warden route` table warden column is now three-valued (issue/assist/route); route + access JSON gain warden_role + exec_capable and a proxy-aware next_action; `warden access` closing line leads with "ops-warden can fetch this for you as the caller" for exec_capable lanes (route-only lanes keep "owner vends"). T2 — .claude/rules/credential-routing.md reframed (lead + routing table role column); SCOPE one-liner + a second capability block for the access front door. T3 — registered the State Hub capability "Operator access front door (caller-identity fetch proxy)" (the hub had no ops-warden security capability at all); messaged whynot-design the corrected `warden access "npm auth token" --fetch/--exec` path. 210 tests pass, lint clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -72,7 +72,17 @@ def test_access_advisory_output(monkeypatch):
|
||||
assert r.exit_code == 0
|
||||
assert "railiance-platform" in r.stdout
|
||||
assert "platform/workloads/coulomb_social/" in r.stdout
|
||||
assert "does not hold this secret" in r.stdout
|
||||
# npm is an exec_capable lane → the front door leads with the proxy, not "owner vends".
|
||||
assert "can fetch this for you" in r.stdout
|
||||
assert "never holds" in r.stdout
|
||||
|
||||
|
||||
def test_access_route_only_lane_says_owner_vends(monkeypatch):
|
||||
"""A non-exec lane (host principal deploy) keeps the advise-only framing."""
|
||||
monkeypatch.setenv("WARDEN_ROUTING_CATALOG", str(_repo_catalog()))
|
||||
r = runner.invoke(app, ["access", "host principal deploy"])
|
||||
assert r.exit_code == 0
|
||||
assert "warden advises, the owner vends" in r.stdout
|
||||
|
||||
|
||||
def test_access_json_shape_is_secret_free(monkeypatch):
|
||||
|
||||
@@ -248,6 +248,7 @@ def test_cli_show_ssh_json_includes_cert_pattern(repo_catalog_env):
|
||||
assert result.exit_code == 0
|
||||
data = json.loads(result.stdout)
|
||||
assert data["warden_executes"] is True
|
||||
assert data["warden_role"] == "issue"
|
||||
assert "warden sign" in data["cert_command"]
|
||||
assert data["steps"]
|
||||
|
||||
@@ -256,8 +257,12 @@ def test_cli_show_routed_has_next_action_not_steps(repo_catalog_env):
|
||||
result = runner.invoke(app, ["route", "show", "openbao-api-key", "--json"])
|
||||
data = json.loads(result.stdout)
|
||||
assert data["warden_executes"] is False
|
||||
# exec_capable lane surfaces as an "assist" role so agents see it is proxyable.
|
||||
assert data["warden_role"] == "assist"
|
||||
assert data["exec_capable"] is True
|
||||
assert "steps" not in data
|
||||
assert "next_action" in data
|
||||
assert "proxy" in data["next_action"]
|
||||
|
||||
|
||||
def test_cli_show_unknown_exits_one(repo_catalog_env):
|
||||
|
||||
Reference in New Issue
Block a user