feat(WP-0012): add inter-hub-bootstrap-ssh catalog entry and align wiki

Promote Inter-Hub bootstrap lane to active catalog with worker checklist,
attended/unattended branches, and flex-auth/OpenBao pointers. Mark WP-0012
T2/T3 done; ops-bridge tunnel playbook shipped in prior WP-0013 commit.
This commit is contained in:
2026-06-24 12:45:23 +02:00
parent c393fbd021
commit f10f813d7e
4 changed files with 78 additions and 25 deletions

View File

@@ -4,7 +4,7 @@ type: workplan
title: "Routing Scenario Playbooks"
domain: infotech
repo: ops-warden
status: ready
status: active
owner: codex
topic_slug: custodian
planning_priority: medium
@@ -27,7 +27,7 @@ owner's procedure inside the catalog.
**Depends on:** WARDEN-WP-0010 (charter + catalog schema), WARDEN-WP-0011 (routing CLI).
**Status:** `ready` — WP-0010 and WP-0011 shipped; parallel to WP-0013 integration closeout.
**Status:** `active` — WP-0013 archived; T2/T3 in progress.
---
@@ -50,7 +50,7 @@ pointer to a non-existent path is worse than no entry.
| `inter-hub-bootstrap-ssh` | SSH envelope + on-host wrapper reads OpenBao | ops-warden SSH + railiance-infra | ready (SSH lane) |
| `openrouter-llm-connect` | OpenBao → K8s Secret in activity-core | railiance-platform | path exists |
| `object-storage-sts` | NK-WP-0007 vending path | net-kingdom + flex-auth + OpenBao | canon exists |
| `ops-bridge-tunnel-cert` | cert_command vs static-key migration | ops-bridge | coordinate |
| `ops-bridge-tunnel-cert` | cert_command vs static-key migration | ops-bridge | done (WP-0013) |
| `human-oidc-login` | key-cape / Keycloak IAM Profile | key-cape | canon exists |
| `flex-auth-resource-check` | Policy decision before sensitive action | flex-auth | canon exists |
| `host-principal-deploy` | auth_principals sync | railiance-infra | canon exists |
@@ -77,26 +77,27 @@ state_hub_task_id: "830bb512-0288-4dba-9dd4-ccfd28a4921f"
```task
id: WARDEN-WP-0012-T02
status: todo
status: done
priority: medium
state_hub_task_id: "7726a703-6e00-4e49-9380-ed3fb3268827"
```
- [ ] Align `wiki/InterHubBootstrapAccessLane.md` with the catalog id.
- [ ] Document attended vs unattended bootstrap branches.
- [ ] Cross-link flex-auth and OpenBao expectations (pointers, not restated steps).
- [x] Align `wiki/InterHubBootstrapAccessLane.md` with catalog id `inter-hub-bootstrap-ssh`
- [x] Document attended vs unattended bootstrap branches
- [x] Cross-link flex-auth and OpenBao expectations (pointers, not restated steps)
- [x] Promote catalog entry to `active` with `wiki_ref`
### T3 — ops-bridge tunnel migration
```task
id: WARDEN-WP-0012-T03
status: todo
status: done
priority: medium
state_hub_task_id: "9fb397f0-0abb-48f5-bb62-7e77edae93bb"
```
- [ ] Playbook: static-key → `cert_command` migration checklist.
- [ ] Pilot tunnel notes (`agt-state-hub-bridge`) — coordinate with ops-bridge.
- [x] Playbook: `wiki/playbooks/ops-bridge-tunnel-cert.md` (WARDEN-WP-0013)
- [x] Pilot tunnel `agt-state-hub-bridge` documented; ops-bridge coordination sent
### T4 — Platform secret scenarios (LLM, STS, DB)