coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(WARDEN-WP-0014): T5 — assist-layer docs, security model, INTENT/SCOPE

Browse Source 
- wiki/OperatorAccessAssist.md: warden access contract, conduit-vs-broker
  boundary, the three guardrails + catalog secret guard, lane semantics.
- AccessRouting.md: issue/route/assist roles; reconciled the anti-pattern
  table so the transparent conduit no longer contradicts it.
- credential-routing.md rule: added warden access + "standing broker
  forbidden, transparent --fetch sanctioned" anti-pattern.
- INTENT.md: pointer→assist charter extension. SCOPE.md: implemented
  list + Getting Oriented + maturity A4→A5 (Availability).
- history decision record for the proxy-mode choice and guardrails.

WP-0014 finished (T1–T5). 172 passed, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-06-27 17:35:57 +02:00
parent 1c3d1b4d52
commit 5bbb791f21
7 changed files with 253 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
workplans/WARDEN-WP-0014-operator-access-assist.md
View File

@@ -4,7 +4,7 @@ type: workplan
title: "Operator Access Assist — warden access front door"
domain: infotech
repo: ops-warden
status: active
status: finished
owner: codex
topic_slug: custodian
planning_priority: high
@@ -172,20 +172,21 @@ state_hub_task_id: "481997e4-193d-4724-84a6-61cbc2940153"
```task
id: WARDEN-WP-0014-T05
status: todo
status: done
priority: medium
state_hub_task_id: "a5eb616e-4edf-42db-a4fb-bf296cdb92bc"
```
- [ ] `wiki/OperatorAccessAssist.md` — the `warden access` contract, the conduit-vs-broker
boundary, and the three guardrails as a security model statement.
- [ ] Update `wiki/AccessRouting.md` (issue/route/**assist** roles), `CredentialRouting.md`,
and the `credential-routing.md` agent rule (new anti-pattern: "warden as standing
broker" is forbidden; transparent `--fetch` is sanctioned).
- [ ] SCOPE/INTENT: record the charter extension from pointer-layer to assist-layer and
bump the maturity vector (A4 → A5 candidate on Availability).
- [ ] `history/2026-06-27-operator-access-assist-charter.md` — decision record for the
proxy-mode choice and its guardrails.
- [x] `wiki/OperatorAccessAssist.md` — the `warden access` contract, the conduit-vs-broker
boundary, and the three guardrails (+ the catalog secret-material guard) as a
security-model statement; lanes documented.
- [x] Updated `wiki/AccessRouting.md` (issue/route/**assist** roles + reconciled the
anti-patterns table so the conduit doesn't contradict it) and the
`.claude/rules/credential-routing.md` agent rule (added `warden access` + the
"standing broker forbidden, transparent `--fetch` sanctioned" anti-pattern).
- [x] SCOPE/INTENT: recorded the pointer→assist charter extension; SCOPE implemented
list + Getting Oriented updated; maturity vector A4 → **A5** on Availability.
- [x] `history/2026-06-27-operator-access-assist-charter.md` — decision record.
---