docs(WP-0010): sharpen mission to "issue SSH, route the rest" + pointer catalog

Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.

- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
  draft). No-double-source rule enforced structurally — authored steps/cert_command
  only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
  SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-18 20:44:53 +02:00
parent b9c8eadcfd
commit ffc2722006
12 changed files with 338 additions and 46 deletions

View File

@@ -2,7 +2,7 @@
## Repo Identity
**Purpose:** SSH CA and certificate lifecycle manager — signs short-lived certs for adm/agt/atm actors; provides the cert_command interface consumed by ops-bridge.
**Purpose:** Issues short-lived SSH certs for adm/agt/atm actors (the one lane it executes) and routes every other credential need to its owner; provides the cert_command interface consumed by ops-bridge.
**Domain:** custodian
**Repo slug:** ops-warden