feat(WP-0008): reassessment, task-status canon, archive hygiene

- Post-WP-0007 reassessment and SCOPE/README updates
- AGENTS.md + workplan-convention task status canon migration
- examples/warden.production.example.yaml for production OpenBao
- Archive WP-0004 through WP-0007 to workplans/archived/260617-*
- WP-0008 T1/T3/T4 done; T2/T5 wait on operator/flex-auth
This commit is contained in:
2026-06-17 23:51:12 +02:00
parent 7e739a426d
commit e0adc10896
11 changed files with 159 additions and 40 deletions

View File

@@ -5,8 +5,8 @@ Signs short-lived certs for `adm` / `agt` / `atm` actors and exposes the
`cert_command` interface consumed by `ops-bridge` and other tooling.
See `INTENT.md` for direction, `SCOPE.md` for current implementation, and
`wiki/AccessManagementDirective.md` for SSH policy. Gap analysis:
`history/2026-06-17-intent-scope-assessment.md`.
`wiki/AccessManagementDirective.md` for SSH policy. Latest gap analysis:
`history/2026-06-17-post-wp0007-reassessment.md`.
## Install
@@ -35,7 +35,8 @@ warden scorecard
```
Production uses the `vault` backend against OpenBao or HashiCorp Vault (Vault-compatible
SSH secrets engine API). See `wiki/OpsWardenConfig.md`.
SSH secrets engine API). Template: `examples/warden.production.example.yaml`.
See `wiki/OpsWardenConfig.md` and `wiki/OpenBaoSshEngineChecklist.md`.
## Development