chore(WP-0008): finish and archive production SSH path closeout

Mark WP-0008 finished and move to archived/. Spin flex-auth production gate
to WARDEN-WP-0009. Update SCOPE and reassessment history for R3 reliability.
This commit is contained in:
2026-06-18 01:28:49 +02:00
parent da1b6695c4
commit a6a943fc3e
5 changed files with 100 additions and 22 deletions

View File

@@ -125,7 +125,8 @@ roles, and `warden-sign` policy **not yet applied** (no operator token in sessio
`public_key` export; roles need `allow_user_key_ids=true` for ops-warden `key_id`
embedding. Script fixes committed to `railiance-platform`.
**WP-0008 T2:** production sign path verified. flex-auth gate (T5) remains future work.
**WP-0008:** closed 2026-06-18 — production sign path verified. flex-auth production
enablement continues in WP-0009.
---

View File

@@ -51,19 +51,20 @@ engine remains operator-verified — tracked in WARDEN-WP-0008 T2.
---
## 4. Remaining gaps (WP-0008)
## 4. Remaining gaps (post WP-0008 closeout, 2026-06-18)
| Prio | Gap | Owner | Task |
| --- | --- | --- | --- |
| P1 | Production `warden sign` not executed | Operator | WP-0008 T2 |
| P2 | flex-auth `ssh-certificate` policies | flex-auth | WP-0008 T5 |
| P3 | NK-WP-0009 joint SSH tutorial | net-kingdom | Parallel |
| P4 | Task status canon in agent docs | ops-warden | WP-0008 T3 (done) |
| P1 | flex-auth `ssh-certificate` policies | flex-auth | WP-0009 |
| P2 | NK-WP-0009 joint SSH tutorial | net-kingdom | Parallel |
| P3 | ops-bridge `cert_command` on live tunnels | ops-bridge | Deferred |
WP-0008 closed: production sign verified; stewardship canon and archive hygiene done.
---
## 5. Recommendation
- **Completeness C4:** SSH lane + stewardship docs + opt-in policy gate shipped.
- **Reliability R2→R3** when WP-0008 T2 records successful production sign evidence.
- Keep `policy.enabled: false` in production until flex-auth policies exist (T5).
- **Reliability R3:** production `warden sign` evidence on file (2026-06-18).
- Keep `policy.enabled: false` in production until flex-auth policies exist (WP-0009).