generated from coulomb/repo-seed
docs(WP-0010): sharpen mission to "issue SSH, route the rest" + pointer catalog
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues short-lived SSH certificates and routes every other credential need to the subsystem that owns it — no desk metaphor, one execution lane. - wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns - registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1 draft). No-double-source rule enforced structurally — authored steps/cert_command only on the warden_executes:true SSH entry; every wiki_ref anchor resolves - wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note - INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing; SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI - WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -26,8 +26,11 @@ This repo owns **ops-warden** only. It does not own:
|
||||
| SSH tunnel | ops-bridge | cert_command consumer |
|
||||
| Host principals | railiance-infra | Document only |
|
||||
|
||||
Full map: `wiki/NetKingdomSecurityMap.md`.
|
||||
Full map: `wiki/NetKingdomSecurityMap.md`. Role and boundary: `wiki/AccessRouting.md`.
|
||||
Machine-readable pointer catalog: `registry/routing/catalog.yaml`.
|
||||
|
||||
ops-warden issues **short-lived SSH certificates** and maintains **operational
|
||||
access stewardship docs**. It is not a general secrets manager and must not
|
||||
store long-lived API keys in Git, State Hub, workplans, logs, or chat.
|
||||
ops-warden **issues short-lived SSH certificates** (the one lane it executes) and
|
||||
**routes every other credential need to its owner** via stewardship docs and the
|
||||
pointer catalog. It is not a general secrets manager and must not store long-lived
|
||||
API keys in Git, State Hub, workplans, logs, or chat. Routing material **points at**
|
||||
the owner's docs — it never restates or forks another subsystem's procedure.
|
||||
Reference in New Issue
Block a user