docs(WP-0010): sharpen mission to "issue SSH, route the rest" + pointer catalog

Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.

- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
  draft). No-double-source rule enforced structurally — authored steps/cert_command
  only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
  SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-18 20:44:53 +02:00
parent b9c8eadcfd
commit ffc2722006
12 changed files with 338 additions and 46 deletions

View File

@@ -26,8 +26,11 @@ This repo owns **ops-warden** only. It does not own:
| SSH tunnel | ops-bridge | cert_command consumer |
| Host principals | railiance-infra | Document only |
Full map: `wiki/NetKingdomSecurityMap.md`.
Full map: `wiki/NetKingdomSecurityMap.md`. Role and boundary: `wiki/AccessRouting.md`.
Machine-readable pointer catalog: `registry/routing/catalog.yaml`.
ops-warden issues **short-lived SSH certificates** and maintains **operational
access stewardship docs**. It is not a general secrets manager and must not
store long-lived API keys in Git, State Hub, workplans, logs, or chat.
ops-warden **issues short-lived SSH certificates** (the one lane it executes) and
**routes every other credential need to its owner** via stewardship docs and the
pointer catalog. It is not a general secrets manager and must not store long-lived
API keys in Git, State Hub, workplans, logs, or chat. Routing material **points at**
the owner's docs — it never restates or forks another subsystem's procedure.