@@ -4,7 +4,7 @@ type: workplan
title: "Production SSH Path and Stewardship Closeout"
domain: custodian
repo: ops-warden
status: ready
status: active
owner: codex
topic_slug: custodian
planning_priority: high
@@ -48,20 +48,20 @@ Move ops-warden from **documented + code-shipped** (WP-0006/0007) to
``` task
id: WARDEN-WP-0008-T01
status: to do
status: done
priority: high
state_hub_task_id: "05379da4-79d0-4742-8638-9e9565cccf72"
```
- [ ] Write `history/2026-06-17-post-wp0007-reassessment.md` (vector D5/A3/C4/R? )
- [ ] Update `SCOPE.md` — policy gate implemented, WP-0007 done, WP-0008 active
- [ ] Resolve remaining `PolicyGatedSigning.md (not implemented)` references in SCOPE/README
- [x ] Write `history/2026-06-17-post-wp0007-reassessment.md` (vector D5/A3/C4/R2 )
- [x ] Update `SCOPE.md` — policy gate implemented, WP-0008 active
- [x ] Resolve remaining `PolicyGatedSigning.md (not implemented)` references in SCOPE/README
### T2 — Production OpenBao end-to-end sign verification
``` task
id: WARDEN-WP-0008-T02
status: todo
status: wait
priority: high
state_hub_task_id: "b1a1831d-b2b3-4204-95f6-04dc7f29f67c"
```
@@ -72,34 +72,34 @@ state_hub_task_id: "b1a1831d-b2b3-4204-95f6-04dc7f29f67c"
- [ ] Append pass/fail evidence to `history/2026-06-17-openbao-production-verify.md`
- [ ] Optional: cert_command smoke via ops-bridge tunnel (non-secret summary only)
**Blocked until: ** scoped token + SSH roles on Railiance OpenBao.
**Blocked until: ** scoped token + SSH roles on Railiance OpenBao. Operator guide in session notes.
### T3 — State Hub task status canon migration
``` task
id: WARDEN-WP-0008-T03
status: to do
status: done
priority: medium
state_hub_task_id: "876827c4-4a86-4e58-9a1f-ac87045dc903"
```
- [ ] Update `AGENTS.md` task status values and examples (`progress` , `wait` , `cancel` )
- [ ] Update `.claude/rules/workplan-convention.md` task block examples
- [ ] Mark state-hub interface change `649102a2-4373-4621-9848-cc257e67c262` resolved
- [ ] Reply to inbox message `c4072e5a-2afb-44ba-bfa2-7d4cb9979c6e` (read + note adaptation)
- [x ] Update `AGENTS.md` task status values and examples (`progress` , `wait` , `cancel` )
- [x ] Update `.claude/rules/workplan-convention.md` task block examples
- [x ] Mark state-hub interface change `649102a2-4373-4621-9848-cc257e67c262` resolved
- [x ] Reply to inbox message `c4072e5a-2afb-44ba-bfa2-7d4cb9979c6e` (read + note adaptation)
### T4 — Production config example and archive hygiene
``` task
id: WARDEN-WP-0008-T04
status: to do
status: done
priority: medium
state_hub_task_id: "75b9f366-3d7a-419d-98ad-bc10ab90a697"
```
- [ ] Add `examples/warden.production.example.yaml` (no secrets; OpenBao addr + policy off)
- [ ] Archive finished workplans → `workplans/archived/260617-WARDEN-WP-000{4,5,6,7}-*.md`
- [ ] `make fix-consistency REPO=ops-warden` after archive
- [x ] Add `examples/warden.production.example.yaml` (no secrets; OpenBao addr + policy off)
- [x ] Archive finished workplans → `workplans/archived/260617-WARDEN-WP-000{4,5,6,7}-*.md`
- [x ] `make fix-consistency REPO=ops-warden` after archive
### T5 — flex-auth policy gate production readiness (coordination)
@@ -120,11 +120,11 @@ state_hub_task_id: "03b412a5-5b99-42df-a154-733dd4156000"
## Acceptance Criteria
- [ ] Post-WP-0007 reassessment on file; SCOPE current
- [x ] Post-WP-0007 reassessment on file; SCOPE current
- [ ] Production `warden sign` evidence recorded OR explicit operator blocker logged
- [ ] AGENTS.md uses canonical task statuses
- [ ] WP-0004– 0007 archived; hub consistency pass
- [ ] Production example config committed (no secrets)
- [x ] AGENTS.md uses canonical task statuses
- [x ] WP-0004– 0007 archived; hub consistency pass
- [x ] Production example config committed (no secrets)
---
@@ -141,6 +141,7 @@ state_hub_task_id: "03b412a5-5b99-42df-a154-733dd4156000"
## See also
- `history/2026-06-17-openbao-production-verify.md` — health probe (WP-0007)
- `history/2026-06-17-intent-scope -reassessment.md` — pre-policy-g ate assessment
- `history/2026-06-17-post-wp0007 -reassessment.md` — l atest assessment
- `examples/warden.production.example.yaml` — operator config template
- `wiki/OpenBaoSshEngineChecklist.md`
- `wiki/PolicyGatedSigning.md` — opt-in gate (implemented WP-0007)