generated from coulomb/repo-seed
feat(WARDEN-WP-0019): route secret-exec lanes to secrets-engine (route-primary, proxy fallback)
secrets-engine (SECRETS-WP-0003) shipped a native secret-exec front door (`secrets-engine route/exec`, decision e6381a56) and asked ops-warden to route to it. Bernd's call: route-primary, proxy-fallback — surface the secrets-engine exec as the primary path for owned lanes, keep `warden access --exec` as a transparent fallback. T1 — RouteEntry gains exec_owner/exec_command/pointer_command (+ has_native_exec), screened for secret material like the other handoff fields. whynot-design-npm-publish points its native exec at secrets-engine. `warden access` renders Primary (secrets-engine exec) + Fallback (warden proxy); route/access JSON gain the fields and a native-exec-aware next_action. Tests added; 217 pass, lint clean. T2 — credential-routing.md adds secrets-engine as the secret-exec owner (route primary, proxy fallback); SCOPE adds secrets-engine to Related Repos and records the npm lane as production-exercised (@whynot/design@0.4.0); playbook leads with secrets-engine exec and fixes the fallback one-liner (--field NPM_AUTH_TOKEN, --no-policy) per whynot-design. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -556,6 +556,17 @@ def _entry_summary(entry) -> dict:
|
||||
# resolvable: can `warden access --fetch` run this now with no <…> to fill?
|
||||
# Lets an automated caller gate on readiness before attempting a fetch.
|
||||
"resolvable": entry.resolvable,
|
||||
# Owner-native exec front door (WP-0019): when present, this subsystem's exec is
|
||||
# the PRIMARY path; ops-warden's proxy is the transparent fallback.
|
||||
**(
|
||||
{
|
||||
"exec_owner": entry.exec_owner,
|
||||
"exec_command": entry.exec_command,
|
||||
"pointer_command": entry.pointer_command,
|
||||
}
|
||||
if entry.has_native_exec
|
||||
else {}
|
||||
),
|
||||
"wiki_ref": entry.wiki_ref,
|
||||
"canon_ref": entry.canon_ref,
|
||||
"reviewed": entry.reviewed,
|
||||
@@ -677,6 +688,11 @@ def route_show(
|
||||
if entry.warden_executes:
|
||||
summary["steps"] = entry.steps
|
||||
summary["cert_command"] = entry.cert_command
|
||||
elif entry.has_native_exec:
|
||||
summary["next_action"] = (
|
||||
f"primary: run via {entry.exec_owner} — `{entry.exec_command}`; ops-warden "
|
||||
f"routes to the owner (fallback: `warden access <need> --exec`). See `{entry.wiki_ref}`."
|
||||
)
|
||||
elif entry.exec_capable:
|
||||
summary["next_action"] = (
|
||||
f"ops-warden can proxy this as the caller: `warden access <need> --fetch`"
|
||||
@@ -756,6 +772,12 @@ def _access_json(entry, expanded, gate: str, domain: Optional[str]) -> dict:
|
||||
if entry.warden_executes:
|
||||
payload["next_action"] = "ops-warden issues this directly — see cert_command"
|
||||
payload["cert_command"] = entry.cert_command
|
||||
elif entry.has_native_exec:
|
||||
payload["next_action"] = (
|
||||
f"primary: run via {entry.exec_owner} — `{entry.exec_command}`; "
|
||||
"ops-warden routes to the owner (fallback: `warden access <need> --exec`). "
|
||||
"ops-warden holds no token."
|
||||
)
|
||||
elif expanded.exec_capable:
|
||||
verb = "fetch" if entry.lane != "login" else "login"
|
||||
payload["next_action"] = (
|
||||
@@ -994,22 +1016,39 @@ def access(
|
||||
console.print(f" wiki : {entry.wiki_ref}")
|
||||
console.print(f" canon : {entry.canon_ref}")
|
||||
|
||||
if expanded.exec_capable:
|
||||
proxy = f"warden access {need!r}"
|
||||
if domain:
|
||||
proxy += f" --domain {domain}"
|
||||
hint = (
|
||||
"add --fetch to proxy as the caller"
|
||||
if entry.lane != "login"
|
||||
else "add --fetch to run the interactive login as the caller"
|
||||
proxy = f"warden access {need!r}"
|
||||
if domain:
|
||||
proxy += f" --domain {domain}"
|
||||
|
||||
if entry.has_native_exec:
|
||||
console.print(
|
||||
f" exec : [bold]{entry.exec_command}[/bold] "
|
||||
f"[cyan](via {entry.exec_owner} — primary)[/cyan]"
|
||||
)
|
||||
console.print(f" proxy : [dim]{proxy} --fetch[/dim] [yellow]({hint})[/yellow]")
|
||||
if entry.pointer_command:
|
||||
console.print(f" pointer : [dim]{entry.pointer_command}[/dim]")
|
||||
if expanded.exec_capable:
|
||||
label = "fallback" if entry.has_native_exec else "proxy"
|
||||
hint = (
|
||||
"transparent conduit — fetches as you"
|
||||
if entry.lane != "login"
|
||||
else "runs the interactive login as you"
|
||||
)
|
||||
console.print(f" {label:<8} : [dim]{proxy} --fetch[/dim] [yellow]({hint})[/yellow]")
|
||||
if expanded.path_template and "<" in expanded.path_template:
|
||||
console.print(
|
||||
" note : remaining <…> placeholders are owner-confirmed names "
|
||||
f"(coordinate with {entry.owner_repo})."
|
||||
)
|
||||
if expanded.exec_capable:
|
||||
|
||||
if entry.has_native_exec:
|
||||
console.print(
|
||||
f"\n[green]Primary:[/green] run it via [bold]{entry.exec_owner}[/bold] — "
|
||||
f"[bold]{entry.exec_command}[/bold]. ops-warden routes to the owner and holds no token.\n"
|
||||
f"[dim]Fallback:[/dim] [bold]{proxy} --exec -- <cmd>[/bold] — ops-warden's transparent "
|
||||
"conduit (runs the fetch as you, holds nothing)."
|
||||
)
|
||||
elif expanded.exec_capable:
|
||||
verb = "fetch this for you" if entry.lane != "login" else "run this login for you"
|
||||
console.print(
|
||||
f"\n[green]ops-warden can {verb}[/green] as the caller — "
|
||||
|
||||
Reference in New Issue
Block a user