feat(WARDEN-WP-0021): T3-T5 — visibility, approve loop, runbook (scheduled worker complete)

T4 (review→send loop): conservative tick persists structured drafts to
state_dir/worker-drafts.json; `warden worker drafts` lists them, `warden worker approve
<id> [--body …]` sends the reviewed draft as the reply + marks read + drops it. Escalated
plans persist no draft. Live-verified end-to-end.

T3 (visibility): `warden worker status` (pending drafts, triage count, last digest, timer
state); best-effort notify-send nudge in the tick when drafts are pending.

T5: wiki/playbooks/scheduled-worker.md (enable/disable, the approve loop, failure modes,
conservative-only posture) + SCOPE note.

WARDEN-WP-0021 finished: the conservative worker now runs on a systemd --user timer
(enabled, every 15 min), triages new inbox messages into drafts you approve with one
command, degrades gracefully, and stops with one command. 249 tests, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-30 15:24:10 +02:00
parent 9dc1db0162
commit a10bbd2162
7 changed files with 253 additions and 6 deletions

View File

@@ -0,0 +1,60 @@
# Scheduled coordination worker
Date: 2026-06-30 · Workplan: WARDEN-WP-0021 · Code: WARDEN-WP-0020
The ops-warden worker triages its State Hub inbox on a schedule and drafts replies you
approve. **Conservative tier only** — it never auto-sends to other agents and never marks a
message read on its own (build-stage decision `813899f9`). The four guardrails (fixed
charter, action allowlist, no-secret invariant, dry-run/audit) hold every run.
## Enable / disable
```bash
./scripts/install-worker-timer.sh --enable # install + start (systemd --user, every 15 min)
systemctl --user disable --now ops-warden-worker.timer # kill switch
# or, leave the timer but pause every run:
echo 'WORKER_ENABLED=0' >> ~/.config/warden/worker.env
```
No systemd? Cron fallback:
```
*/15 * * * * /home/worsch/ops-warden/scripts/worker-tick.sh >> ~/.local/state/warden/worker-tick.log 2>&1
```
## The loop
```bash
warden worker status # pending drafts, last run, timer state
warden worker drafts # list drafted replies awaiting your OK
warden worker approve <message_id> # send a draft as your reply + mark read
warden worker approve <id> --body "…" # edit before sending
```
Each tick writes `~/.local/state/warden/worker-digest.md` and posts one progress note; a
desktop `notify-send` fires when drafts are pending (if a display is present).
## Config (`~/.config/warden/worker.env`)
| Var | Meaning |
| --- | --- |
| `WARDEN_HUB_URL` | State Hub (default `http://127.0.0.1:8000`; railiance01 after cust-wp-0011) |
| `WORKER_BRAIN` | `llm` (llm-connect) or `rule` (offline fallback) |
| `WORKER_ENABLED` | `0` pauses every tick without touching the timer |
| `LLM_CONNECT_URL` | set to skip the per-tick kubectl port-forward to llm-connect |
## Failure modes (all graceful)
- **State Hub unreachable** → the tick `/state/health`-prechecks and skips cleanly (exit 0).
- **llm-connect unreachable** → falls back to the deterministic rule brain (dumber, still triages).
- **Overlapping runs** → `flock` guard; the later run skips.
- A worker-run hiccup is logged but never fails the unit — the next tick retries.
## Posture
Conservative is the only scheduled mode. `--full-auto` (auto-send) exists but is **not**
scheduled — it broadcasts the LLM's occasionally-wrong content unattended, which the
guardrails can't prevent (they stop *security* harm, not *content* error). Revisit when the
ecosystem reaches testing.
## See also
- `WARDEN-WP-0020` (the worker), `scripts/worker-tick.sh`, `scripts/install-worker-timer.sh`
- build-stage decision `813899f9`