coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(WARDEN-WP-0015): T1 — author two-axis Workload Security Posture standard

Browse Source 
Drafts the standard at wiki/WorkloadSecurityPosture.md: Axis A (env
posture dev/test/prod, R1-R4 + matrix + ceremonies), Axis B (workload
maturity M0-M3 + promotion gates, reusing info-tech-canon
DataClassification/DevSecOps gates), unified by the secret-flow lattice
(deliver only if env_posture==prod AND workload.maturity >=
secret.required_maturity). Includes the canon-layering table and the
preserved OpenBao/flex-auth/CARING boundaries.

Coordination opened to net-kingdom (NK M0-M3 requirements) and
info-tech-canon (generic WorkloadMaturityLevel concept). WP-0015 active,
foundation-first; canon landing tracked in T5.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-06-27 18:07:42 +02:00
parent f787e09a1b
commit a54403b9d7
2 changed files with 128 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
workplans/WARDEN-WP-0015-secret-lifecycle-tiering.md
View File

@@ -4,7 +4,7 @@ type: workplan
title: "Workload Security Posture — env posture × maturity + conformance"
domain: infotech
repo: ops-warden
status: proposed
status: active
owner: codex
topic_slug: custodian
planning_priority: high
@@ -118,21 +118,22 @@ this no-write-down constraint. Checkable by ops-warden; enforceable by flex-auth
```task
id: WARDEN-WP-0015-T01
status: todo
status: done
priority: high
state_hub_task_id: "85aeb676-a593-4056-986a-db14d4c5209f"
```
- [ ] Draft the standard: Axis A (R1R4 + env-posture matrix + phase-change ceremonies)
and Axis B (M0M3 ladder + promotion gates) unified by the secret-flow lattice.
- [ ] Layer it: generic `WorkloadMaturityLevel` + lattice → **info-tech-canon**
contribution (DevSecOps/Landscape, reusing `DataClassification`); NetKingdom M0M3
security requirements + env-posture ceremonies → **net-kingdom canon**.
- [ ] Cross-link `openbao-unseal-custody-models.md`, `responsibility-map.md`,
`platform-root-custody.md`, `security-bootstrap-*`, and the info-tech-canon
Security / DevSecOps / Data / CARING models. Stage drafts in ops-warden; open
coordination requests to net-kingdom and info-tech-canon to land them.
- [ ] Encode ops-warden's role: author + conformance, not enforcement/custody.
- [x] Drafted the standard: Axis A (R1R4 + env-posture matrix + phase-change ceremonies)
and Axis B (M0M3 ladder + promotion gates) unified by the secret-flow lattice
`wiki/WorkloadSecurityPosture.md`.
- [x] Layered it: doc marks the generic `WorkloadMaturityLevel` + lattice → **info-tech-canon**
(reusing `DataClassification`) and the NetKingdom M0M3 requirements + env-posture
ceremonies → **net-kingdom canon**, with a canon-layering table.
- [x] Cross-linked the unseal/bootstrap/responsibility canon + info-tech-canon
Security/DevSecOps/Data/CARING models. Staged in ops-warden; **coordination
opened** to net-kingdom (msg 8d6f8d83) and info-tech-canon (msg ca07b085).
- [x] Encoded ops-warden's role: author + conformance, not enforcement/custody.
- Note: canon **landing** in the two repos is owner-driven; tracked to closure in T5.
### T2 — Machine-readable posture descriptors (both axes)