generated from coulomb/repo-seed
feat(WARDEN-WP-0019): route secret-exec lanes to secrets-engine (route-primary, proxy fallback)
secrets-engine (SECRETS-WP-0003) shipped a native secret-exec front door (`secrets-engine route/exec`, decision e6381a56) and asked ops-warden to route to it. Bernd's call: route-primary, proxy-fallback — surface the secrets-engine exec as the primary path for owned lanes, keep `warden access --exec` as a transparent fallback. T1 — RouteEntry gains exec_owner/exec_command/pointer_command (+ has_native_exec), screened for secret material like the other handoff fields. whynot-design-npm-publish points its native exec at secrets-engine. `warden access` renders Primary (secrets-engine exec) + Fallback (warden proxy); route/access JSON gain the fields and a native-exec-aware next_action. Tests added; 217 pass, lint clean. T2 — credential-routing.md adds secrets-engine as the secret-exec owner (route primary, proxy fallback); SCOPE adds secrets-engine to Related Repos and records the npm lane as production-exercised (@whynot/design@0.4.0); playbook leads with secrets-engine exec and fixes the fallback one-liner (--field NPM_AUTH_TOKEN, --no-policy) per whynot-design. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
5
SCOPE.md
5
SCOPE.md
@@ -236,6 +236,10 @@ repos' lanes (see Known gaps).
|
||||
conformance checker, dev doubles); canon landing owner-driven
|
||||
- **ops-bridge cert_command:** WP-0016 shipped to pilot-ready (readiness gate +
|
||||
offline contract smoke + handoff); live cutover is ops-bridge's
|
||||
- **Access front door:** WP-0017 discoverability + WP-0018 first concrete lane
|
||||
(`whynot-design-npm-publish`), **production-exercised** — whynot-design published
|
||||
`@whynot/design@0.4.0` through the conduit. WP-0019 routes provisioned secret-exec
|
||||
lanes to **secrets-engine** (`secrets-engine exec`), proxy as transparent fallback
|
||||
- **Active work:** none open in ops-warden; remaining distance is other repos' lanes
|
||||
- **Integration docs:** cert_command migration, token hygiene, principals drift (`wiki/playbooks/`)
|
||||
- **Latest assessment:** `history/2026-06-24-intent-scope-gap-analysis.md`
|
||||
@@ -284,6 +288,7 @@ Downstream: `ops-bridge` (primary), kaizen agents, CI automations, human operato
|
||||
| `railiance-platform` | OpenBao deployment and platform secrets |
|
||||
| `flex-auth` | Authorization; policy package shipped (FLEX-WP-0006); runtime deploy FLEX-WP-0007 |
|
||||
| `key-cape` | Identity / IAM Profile lightweight mode |
|
||||
| `secrets-engine` | Owner-native secret-exec front door (`secrets-engine exec/route`); ops-warden routes provisioned secret lanes to it (WP-0019) |
|
||||
| `state-hub` | Workstream registry |
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user