- wiki/OperatorAccessAssist.md: warden access contract, conduit-vs-broker
boundary, the three guardrails + catalog secret guard, lane semantics.
- AccessRouting.md: issue/route/assist roles; reconciled the anti-pattern
table so the transparent conduit no longer contradicts it.
- credential-routing.md rule: added warden access + "standing broker
forbidden, transparent --fetch sanctioned" anti-pattern.
- INTENT.md: pointer→assist charter extension. SCOPE.md: implemented
list + Getting Oriented + maturity A4→A5 (Availability).
- history decision record for the proxy-mode choice and guardrails.
WP-0014 finished (T1–T5). 172 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add platform-secret playbooks for issue-core ingestion, OpenRouter llm-connect,
object-storage STS, and database dynamic credentials. Extend the routing catalog
with draft entries and implement `warden route list --stale` for quarterly drift
review. Document the review cadence in AccessRouting and mark the workplan finished.
Add a read-only `warden route` command group (list/show/find) that reads
registry/routing/catalog.yaml and tells a worker which subsystem owns a need
and which wiki/canon doc to follow. ops-warden still executes exactly one lane
(SSH); routed entries return a pointer and never call any subsystem.
- src/warden/routing/: models.py + catalog.py loader; enforces the
no-double-source rule (non-SSH entries with steps/cert_command fail validation),
dup-id and schema checks.
- route list (active-only unless --all, --tag), route show (SSH appends steps +
cert pattern; routed ends with "next action on <owner> — see <wiki_ref>"),
route find (keyword ranking, --json).
- tests/test_routing.py: load/validation, find ranking, CLI JSON shapes, plus a
drift guard (every wiki_ref anchor resolves; every entry has a reviewed date).
- Docs: wiki/AccessRouting.md CLI section, README quick reference, SCOPE A3 -> A4.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.
- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
draft). No-double-source rule enforced structurally — authored steps/cert_command
only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
