generated from coulomb/repo-seed
feat(WP-0008): reassessment, task-status canon, archive hygiene
- Post-WP-0007 reassessment and SCOPE/README updates - AGENTS.md + workplan-convention task status canon migration - examples/warden.production.example.yaml for production OpenBao - Archive WP-0004 through WP-0007 to workplans/archived/260617-* - WP-0008 T1/T3/T4 done; T2/T5 wait on operator/flex-auth
This commit is contained in:
69
history/2026-06-17-post-wp0007-reassessment.md
Normal file
69
history/2026-06-17-post-wp0007-reassessment.md
Normal file
@@ -0,0 +1,69 @@
|
||||
# INTENT ↔ SCOPE Reassessment — Post WP-0007
|
||||
|
||||
**Date:** 2026-06-17
|
||||
**Author:** codex
|
||||
**Trigger:** WARDEN-WP-0007 complete; WARDEN-WP-0008 T1.
|
||||
**Prior assessment:** `history/2026-06-17-intent-scope-reassessment.md`
|
||||
|
||||
---
|
||||
|
||||
## 1. Executive summary
|
||||
|
||||
WARDEN-WP-0007 shipped the **opt-in flex-auth policy gate** (`policy.py`,
|
||||
`policy.enabled` in `warden.yaml`) and recorded **production OpenBao health**
|
||||
evidence (initialized, unsealed, v2.5.4). Signing behavior is unchanged when
|
||||
the gate is off (default). Production end-to-end `warden sign` against the SSH
|
||||
engine remains operator-verified — tracked in WARDEN-WP-0008 T2.
|
||||
|
||||
**Vector movement:** `D5/A3/C3/R2` → **`D5/A3/C4/R2`**
|
||||
|
||||
| Dimension | Was | Now | Notes |
|
||||
| --- | --- | --- | --- |
|
||||
| Discovery | D5 | D5 | Unchanged |
|
||||
| Availability | A3 | A3 | CLI + opt-in policy gate |
|
||||
| Completeness | C3 | **C4** | Policy gate coded; flex-auth policies external |
|
||||
| Reliability | R2 | R2 | Health probe yes; live sign pending operator token |
|
||||
|
||||
---
|
||||
|
||||
## 2. Deliverables (WP-0007)
|
||||
|
||||
| Task | Deliverable | Status |
|
||||
| --- | --- | --- |
|
||||
| T1 | `history/2026-06-17-openbao-production-verify.md` | Done (health) |
|
||||
| T2 | `PolicyConfig`, `policy.py` | Done |
|
||||
| T3 | CLI wire-in, `policy_decision_id` in log | Done |
|
||||
| T4 | `tests/test_policy.py`, wiki updates | Done |
|
||||
|
||||
---
|
||||
|
||||
## 3. Success criteria (INTENT.md) — updated
|
||||
|
||||
| Criterion | Was | Now |
|
||||
| --- | --- | --- |
|
||||
| Worker knows which subsystem for each credential type | Yes | Yes |
|
||||
| SSH access short-lived, inventoried, audited | Yes | **Yes** — + optional flex-auth correlation id |
|
||||
| ops-bridge integrates via cert_command | Yes | Yes |
|
||||
| NetKingdom evolution reflected in ops-warden docs | Yes | Yes |
|
||||
| Non-SSH secrets stay out of ops-warden | Yes | Yes |
|
||||
|
||||
**Score: 5 yes** (live production sign is reliability, not INTENT criterion gap)
|
||||
|
||||
---
|
||||
|
||||
## 4. Remaining gaps (WP-0008)
|
||||
|
||||
| Prio | Gap | Owner | Task |
|
||||
| --- | --- | --- | --- |
|
||||
| P1 | Production `warden sign` not executed | Operator | WP-0008 T2 |
|
||||
| P2 | flex-auth `ssh-certificate` policies | flex-auth | WP-0008 T5 |
|
||||
| P3 | NK-WP-0009 joint SSH tutorial | net-kingdom | Parallel |
|
||||
| P4 | Task status canon in agent docs | ops-warden | WP-0008 T3 (done) |
|
||||
|
||||
---
|
||||
|
||||
## 5. Recommendation
|
||||
|
||||
- **Completeness C4:** SSH lane + stewardship docs + opt-in policy gate shipped.
|
||||
- **Reliability R2→R3** when WP-0008 T2 records successful production sign evidence.
|
||||
- Keep `policy.enabled: false` in production until flex-auth policies exist (T5).
|
||||
Reference in New Issue
Block a user