generated from coulomb/repo-seed
feat(WP-0008): reassessment, task-status canon, archive hygiene
- Post-WP-0007 reassessment and SCOPE/README updates - AGENTS.md + workplan-convention task status canon migration - examples/warden.production.example.yaml for production OpenBao - Archive WP-0004 through WP-0007 to workplans/archived/260617-* - WP-0008 T1/T3/T4 done; T2/T5 wait on operator/flex-auth
This commit is contained in:
16
SCOPE.md
16
SCOPE.md
@@ -58,7 +58,7 @@ Vault-compatible SSH secrets engine API, production).
|
||||
- `wiki/NetKingdomSecurityMap.md` — NetKingdom component literacy
|
||||
- `wiki/ActorInventoryPatterns.md` + `examples/inventory.seed.yaml`
|
||||
- `wiki/OpenBaoSshEngineChecklist.md` — production SSH signing verify
|
||||
- `wiki/PolicyGatedSigning.md` — flex-auth integration design
|
||||
- `wiki/PolicyGatedSigning.md` — flex-auth integration (opt-in, WP-0007)
|
||||
|
||||
### Shipped (WARDEN-WP-0007)
|
||||
|
||||
@@ -66,11 +66,10 @@ Vault-compatible SSH secrets engine API, production).
|
||||
- `policy_decision_id` in `signatures.log` when gate allows
|
||||
- Production OpenBao health evidence (`history/2026-06-17-openbao-production-verify.md`)
|
||||
|
||||
### Planned (WARDEN-WP-0008)
|
||||
### Active (WARDEN-WP-0008)
|
||||
|
||||
- End-to-end production OpenBao `warden sign` verification on Railiance
|
||||
- Post-WP-0007 INTENT/SCOPE reassessment and archive hygiene
|
||||
- State Hub task status canon in `AGENTS.md`
|
||||
- End-to-end production OpenBao `warden sign` verification on Railiance (T2 — operator)
|
||||
- `examples/warden.production.example.yaml` — production config template
|
||||
- NK-WP-0009 SSH tutorial joint with net-kingdom (parallel)
|
||||
|
||||
---
|
||||
@@ -118,7 +117,7 @@ Vault-compatible SSH secrets engine API, production).
|
||||
- **Stewardship docs:** WP-0006 complete — routing, inventory patterns, OpenBao checklist
|
||||
- **Policy gate:** WP-0007 complete — opt-in flex-auth pre-sign
|
||||
- **Active workplan:** WP-0008 — production SSH path verification and stewardship closeout
|
||||
- **Gap reassessment:** `history/2026-06-17-intent-scope-reassessment.md` (pre-WP-0007)
|
||||
- **Gap reassessment:** `history/2026-06-17-post-wp0007-reassessment.md`
|
||||
|
||||
---
|
||||
|
||||
@@ -157,7 +156,7 @@ Downstream: `ops-bridge` (primary), kaizen agents, CI automations, human operato
|
||||
| `ops-bridge` | Primary cert_command consumer |
|
||||
| `railiance-infra` | Host-side SSH principals and hardening |
|
||||
| `railiance-platform` | OpenBao deployment and platform secrets |
|
||||
| `flex-auth` | Authorization; future pre-sign policy gate |
|
||||
| `flex-auth` | Authorization; opt-in pre-sign policy gate (`policy.enabled`) |
|
||||
| `key-cape` | Identity / IAM Profile lightweight mode |
|
||||
| `state-hub` | Workstream registry |
|
||||
|
||||
@@ -184,7 +183,8 @@ keywords: [ssh, certificate, ca, credential, warden, ops-warden, pki, openbao, v
|
||||
| `SCOPE.md` | What is implemented today (this file) |
|
||||
| `wiki/CredentialRouting.md` | Which subsystem for each credential need |
|
||||
| `wiki/NetKingdomSecurityMap.md` | Platform security component map |
|
||||
| `history/2026-06-17-intent-scope-reassessment.md` | Latest INTENT ↔ SCOPE assessment |
|
||||
| `history/2026-06-17-post-wp0007-reassessment.md` | Latest INTENT ↔ SCOPE assessment |
|
||||
| `examples/warden.production.example.yaml` | Production warden.yaml template |
|
||||
| `wiki/AccessManagementDirective.md` | SSH actor model |
|
||||
| `wiki/OpsWardenConfig.md` | warden.yaml and OpenBao |
|
||||
| `wiki/CertCommandInterface.md` | cert_command contract |
|
||||
|
||||
Reference in New Issue
Block a user