generated from coulomb/repo-seed
Implement WP-0022 audit trail and WP-0023 INTENT–SCOPE closeout
Add unified metadata-only audit.jsonl with secret-material guard, instrument sign/access/worker paths, and expose warden activity CLI. Surface broker hint when VAULT_TOKEN is unset, refresh INTENT/SCOPE docs, and add production integration checklists plus catalog lane promotion playbook.
This commit is contained in:
@@ -4,7 +4,7 @@ type: workplan
|
||||
title: "Audit trail + `warden activity` — one place to see what ops-warden did"
|
||||
domain: infotech
|
||||
repo: ops-warden
|
||||
status: ready
|
||||
status: finished
|
||||
owner: claude
|
||||
topic_slug: custodian
|
||||
planning_priority: high
|
||||
@@ -17,7 +17,7 @@ state_hub_workstream_id: "fc8afa28-68a7-4250-a19e-9754829f0cd5"
|
||||
# WARDEN-WP-0022 — Audit trail + `warden activity`
|
||||
|
||||
**Problem:** ops-warden's actions are recorded in scattered places — `signatures.log`
|
||||
(cert signs), `access-audit.log` (proxy fetches), the systemd journal (worker ticks), and
|
||||
`access-audit.log`, the systemd journal (worker ticks), and
|
||||
State Hub progress notes (the narrative). There is **no single, structured audit trail**
|
||||
and no one command to answer *"what did ops-warden do in the last N days?"*. For a security
|
||||
steward, a coherent, metadata-only audit record is table stakes.
|
||||
@@ -46,44 +46,44 @@ needs the State Hub + tunnels to be login-independent (State Hub → railiance01
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0022-T01
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "7f8f768a-4c62-4096-bad8-912cea0f35a7"
|
||||
```
|
||||
|
||||
- [ ] `src/warden/audit.py`: append-only JSONL at `state_dir/audit.jsonl`. Common event
|
||||
- [x] `src/warden/audit.py`: append-only JSONL at `state_dir/audit.jsonl`. Common event
|
||||
schema — `ts`, `kind` (`sign`|`access`|`worker`), `action`, `subject`, `target`,
|
||||
`decision_id`, `outcome`, `source`. `record_event(**meta)` with a secret-material
|
||||
guard (reject token prefixes / high-entropy runs) so no value can ever land here.
|
||||
`read_events(*, since, kinds)` for the reader.
|
||||
- [ ] Log rotation / bound (size or age) so it stays manageable.
|
||||
- [x] Log rotation / bound (size or age) so it stays manageable.
|
||||
|
||||
### T2 — Instrument the actions
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0022-T02
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "e7ae4037-ca79-4557-81f0-bfb8478ff647"
|
||||
```
|
||||
|
||||
- [ ] Emit an audit event from each ops-warden action: `warden sign` (cert issued —
|
||||
- [x] Emit an audit event from each ops-warden action: `warden sign` (cert issued —
|
||||
actor, type, ttl, backend, policy_decision_id), `warden access --fetch/--exec`
|
||||
(proxy — need id, owner, decision id), and the worker (`approve` → reply sent to X;
|
||||
tick → triage summary N/drafted/escalated). Fold the existing `signatures.log` /
|
||||
`access-audit.log` in as sources (keep back-compat; don't drop a record).
|
||||
- [ ] Assert no secret value reaches the audit in any path (tests).
|
||||
- [x] Assert no secret value reaches the audit in any path (tests).
|
||||
|
||||
### T3 — `warden activity` command
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0022-T03
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "4439bdd8-1461-47df-8b0b-048df7384a68"
|
||||
```
|
||||
|
||||
- [ ] `warden activity [--days N] [--kind sign|access|worker] [--json] [--hub]` — a single
|
||||
- [x] `warden activity [--days N] [--kind sign|access|worker] [--json] [--hub]` — a single
|
||||
chronological view merging the audit log (and, for back-compat, `signatures.log` /
|
||||
`access-audit.log`); `--hub` also pulls recent ops-warden State Hub progress notes for
|
||||
the narrative. Human table by default; stable `--json` for agents.
|
||||
@@ -92,14 +92,14 @@ state_hub_task_id: "4439bdd8-1461-47df-8b0b-048df7384a68"
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0022-T04
|
||||
status: todo
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "bdfb8703-7a79-43e7-913b-19d61722f164"
|
||||
```
|
||||
|
||||
- [ ] Tests: audit append/read/rotation, the secret-material guard rejects values, the
|
||||
- [x] Tests: audit append/read/rotation, the secret-material guard rejects values, the
|
||||
instrumented actions emit events, `warden activity` filtering + `--json` shape.
|
||||
- [ ] `wiki/AuditTrail.md` (what's recorded, the no-secret guarantee, how to query, the
|
||||
- [x] `wiki/AuditTrail.md` (what's recorded, the no-secret guarantee, how to query, the
|
||||
linger + login-independence note). SCOPE entry.
|
||||
|
||||
---
|
||||
@@ -116,3 +116,4 @@ state_hub_task_id: "bdfb8703-7a79-43e7-913b-19d61722f164"
|
||||
|
||||
- `WARDEN-WP-0014` (`access-audit.log`), `WARDEN-WP-0020`/`0021` (the worker)
|
||||
- `wiki/OperatorAccessAssist.md` (the metadata-only audit principle)
|
||||
- `wiki/AuditTrail.md`
|
||||
@@ -4,7 +4,7 @@ type: workplan
|
||||
title: "INTENT–SCOPE Alignment Closeout"
|
||||
domain: infotech
|
||||
repo: ops-warden
|
||||
status: ready
|
||||
status: finished
|
||||
owner: codex
|
||||
topic_slug: custodian
|
||||
planning_priority: high
|
||||
@@ -64,7 +64,7 @@ Acceptance:
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0023-T02
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "9a9b3631-8948-45af-ace1-c19ee74ace4d"
|
||||
```
|
||||
@@ -85,11 +85,13 @@ Acceptance:
|
||||
- INTENT still describes direction, not implementation inventory.
|
||||
- No contradiction with SCOPE 2026-07-01 boundary (ops-warden does not mint tokens).
|
||||
|
||||
**2026-07-01:** INTENT.md updated.
|
||||
|
||||
### T03 — Production integration coordination pack
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0023-T03
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "26f23798-494b-45fc-baa8-af27bdffa038"
|
||||
```
|
||||
@@ -111,11 +113,14 @@ Acceptance:
|
||||
- A human operator can run the flip/cutover checklists without re-deriving steps.
|
||||
- Evidence fields are defined; completion is recorded via State Hub progress when done.
|
||||
|
||||
**2026-07-01:** Rollback section added to `wiki/PolicyGatedSigning.md`; live cutover
|
||||
evidence template added to `wiki/playbooks/ops-bridge-tunnel-cert.md`.
|
||||
|
||||
### T04 — `warden sign` broker hint when `VAULT_TOKEN` unset
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0023-T04
|
||||
status: todo
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "85e324f9-273d-4740-a202-9c4e8fb122ae"
|
||||
```
|
||||
@@ -129,11 +134,13 @@ Acceptance:
|
||||
- Unit test covers the hint text (catalog id + exec shape, no secret placeholders).
|
||||
- Manual `export VAULT_TOKEN` remains documented as fallback in playbooks.
|
||||
|
||||
**2026-07-01:** `src/warden/vault_hints.py` + `tests/test_vault.py`.
|
||||
|
||||
### T05 — Catalog draft-lane promotion checklist
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0023-T05
|
||||
status: todo
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "82608692-2845-41e1-a498-90ed53780748"
|
||||
```
|
||||
@@ -151,11 +158,14 @@ Acceptance:
|
||||
- Checklist is reviewable by humans and agents.
|
||||
- At least one promotion example or explicit “none ready yet” note in the workplan.
|
||||
|
||||
**2026-07-01:** `wiki/playbooks/catalog-lane-promotion.md` — worked example
|
||||
`ops-warden-warden-sign-token`; four draft lanes explicitly not ready.
|
||||
|
||||
### T06 — SCOPE and workplan consistency
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0023-T06
|
||||
status: todo
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "79ca7b9a-554e-4952-9393-a29b100f6190"
|
||||
```
|
||||
@@ -171,11 +181,13 @@ Acceptance:
|
||||
- SCOPE and gap analysis cross-link correctly.
|
||||
- Uncommitted SCOPE edits from 2026-07-01 broker routing are committed with this WP.
|
||||
|
||||
**2026-07-01:** SCOPE.md updated.
|
||||
|
||||
### T07 — Sequence WP-0022 audit implementation
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0023-T07
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "1f3b3b33-974e-49bf-be4a-9d50b702c2a4"
|
||||
```
|
||||
@@ -190,6 +202,8 @@ Acceptance:
|
||||
- WP-0023 `depends_on_workplans` includes WP-0022.
|
||||
- Hub consistency run syncs both workplans.
|
||||
|
||||
**2026-07-01:** WP-0022 implemented and both workplans marked `finished`.
|
||||
|
||||
---
|
||||
|
||||
## Exit criteria
|
||||
|
||||
Reference in New Issue
Block a user