Drafts the standard at wiki/WorkloadSecurityPosture.md: Axis A (env
posture dev/test/prod, R1-R4 + matrix + ceremonies), Axis B (workload
maturity M0-M3 + promotion gates, reusing info-tech-canon
DataClassification/DevSecOps gates), unified by the secret-flow lattice
(deliver only if env_posture==prod AND workload.maturity >=
secret.required_maturity). Includes the canon-layering table and the
preserved OpenBao/flex-auth/CARING boundaries.
Coordination opened to net-kingdom (NK M0-M3 requirements) and
info-tech-canon (generic WorkloadMaturityLevel concept). WP-0015 active,
foundation-first; canon landing tracked in T5.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Folds the workload-maturity axis into WP-0015. The model is now two
orthogonal axes — environment posture (dev/test/prod, how the secret
store is secured) and workload maturity (M0-M3, how trusted a workload
is to receive secrets/classified data) — unified by a secret-flow
lattice (deliver only if posture==prod AND workload.maturity >=
secret.required_maturity). "Critical secrets must not flow to workloads
below maturity M" is the no-write-down case.
Layering: generic WorkloadMaturityLevel + lattice → info-tech-canon
(reusing its DataClassification / DevSecOps gates / Security criticality
/ CARING); NetKingdom M0-M3 requirements → net-kingdom canon. ops-warden
authors + checks conformance, not enforcement. Still proposed.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Proposed workplan for the dev→test→prod secret-posture ladder and
ops-warden's conformance-steward role (author + checks, not enforcement).
Authoritative standard lands in net-kingdom canon; ops-warden ships tier
descriptors, a conformance checker, and the dev-tier contract-double
library (the "fake bao" pattern generalized). Registered in State Hub
(workstream 99f4a0e1, 5 tasks); awaiting review before implementation.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- wiki/OperatorAccessAssist.md: warden access contract, conduit-vs-broker
boundary, the three guardrails + catalog secret guard, lane semantics.
- AccessRouting.md: issue/route/assist roles; reconciled the anti-pattern
table so the transparent conduit no longer contradicts it.
- credential-routing.md rule: added warden access + "standing broker
forbidden, transparent --fetch sanctioned" anti-pattern.
- INTENT.md: pointer→assist charter extension. SCOPE.md: implemented
list + Getting Oriented + maturity A4→A5 (Availability).
- history decision record for the proxy-mode choice and guardrails.
WP-0014 finished (T1–T5). 172 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds a lane: secret|login field to RouteEntry. The login lane is an
interactive auth bootstrap: it skips the caller-auth precheck (no token
yet — that's the point) and the secret-read gate (it establishes the
identity the gate needs), runs the owner's login command interactively
as the caller via inherited stdio, and rejects --exec. The token stays
in the caller's own store; warden never captures it (G2 holds). Audited
as action: login. key-cape-oidc-login populated as the reference login
entry. Advisory proxy hint updated now that T3 has shipped.
172 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds transparent, policy-gated, audited proxy of a non-SSH credential
through `warden access`, for exec_capable lanes. Three guardrails in code:
- G1 caller identity: runs the owner's tool with the caller's own env;
warden injects no token of its own (caller_auth_present check).
- G2 transit-only: --fetch inherits stdout (never PIPE) so the value
never enters warden's memory or any log; --exec injects into the child
env only. Audit (access-audit.log) is metadata-only.
- G3 policy gate: check_fetch_policy runs before any fetch; with
policy.enabled=false the proxy refuses unless --no-policy is given.
resolve_fetch_command refuses unresolved <…> placeholders rather than
guess owner-side names. New warden/proxy.py + policy.check_fetch_policy;
tests/test_proxy.py asserts all three guardrails. 168 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds `warden access <need> [--domain X] [--json]`: resolves a credential
need against the routing catalog and renders the structured handoff
(owner, auth method, path template, command skeleton, policy gate
status, proxy hint). SSH lane points at `warden sign`; routed lanes end
"warden advises, the owner vends". New pure warden/access.py module
(expand_handoff, policy_gate_status) reused by the T3 proxy lane. JSON
output is stable and secret-free. tests/test_access.py added.
157 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds optional assist-layer fields (auth_method, path_template,
fetch_command, exec_capable, policy_ref) to RouteEntry, parsed and
secret-screened in catalog.py. Handoff fields are templates/pointers
only — _assert_no_secret_material rejects known token prefixes and
high-entropy runs, and exec_capable requires a fetch_command. The
openbao-api-key entry is populated as the reference example (covers the
coulomb_social npm shape).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Extends the routing charter from a pointer-layer to an assist-layer:
a `warden access` front door that advises for any credential need and
proxies the OpenBao/key-cape lanes as a transparent, policy-gated,
audited conduit — never holding or persisting secret values.
Registered in State Hub (workstream 3c30b2ed); T1 in progress.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add platform-secret playbooks for issue-core ingestion, OpenRouter llm-connect,
object-storage STS, and database dynamic credentials. Extend the routing catalog
with draft entries and implement `warden route list --stale` for quarterly drift
review. Document the review cadence in AccessRouting and mark the workplan finished.
Promote Inter-Hub bootstrap lane to active catalog with worker checklist,
attended/unattended branches, and flex-auth/OpenBao pointers. Mark WP-0012
T2/T3 done; ops-bridge tunnel playbook shipped in prior WP-0013 commit.
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
Add a read-only `warden route` command group (list/show/find) that reads
registry/routing/catalog.yaml and tells a worker which subsystem owns a need
and which wiki/canon doc to follow. ops-warden still executes exactly one lane
(SSH); routed entries return a pointer and never call any subsystem.
- src/warden/routing/: models.py + catalog.py loader; enforces the
no-double-source rule (non-SSH entries with steps/cert_command fail validation),
dup-id and schema checks.
- route list (active-only unless --all, --tag), route show (SSH appends steps +
cert pattern; routed ends with "next action on <owner> — see <wiki_ref>"),
route find (keyword ranking, --json).
- tests/test_routing.py: load/validation, find ranking, CLI JSON shapes, plus a
drift guard (every wiki_ref anchor resolves; every entry has a reviewed date).
- Docs: wiki/AccessRouting.md CLI section, README quick reference, SCOPE A3 -> A4.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
'wait' is a task-level status; valid workstream/workplan frontmatter statuses
are proposed/ready/active/blocked/backlog/finished/archived. The mislabeled
'wait' caused fix-consistency C-04 to 422 when syncing the workstream status.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.
- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
draft). No-double-source rule enforced structurally — authored steps/cert_command
only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Drop the "operational access desk" framing (and the rejected "coach"
metaphor) for plain language: ops-warden issues short-lived SSH certs and
routes every other credential need to its owner. SSH is the only lane it
executes.
Adds WARDEN-WP-0010/0011/0012 with a pointer-layer routing catalog that
points at owner docs rather than restating them, enforced structurally
(non-SSH entries carrying a steps block fail CI). Drops the scope-creep-prone
`check` command; hides unshipped-path scenarios as draft.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Mark WP-0008 finished and move to archived/. Spin flex-auth production gate
to WARDEN-WP-0009. Update SCOPE and reassessment history for R3 reliability.
- Post-WP-0007 reassessment and SCOPE/README updates
- AGENTS.md + workplan-convention task status canon migration
- examples/warden.production.example.yaml for production OpenBao
- Archive WP-0004 through WP-0007 to workplans/archived/260617-*
- WP-0008 T1/T3/T4 done; T2/T5 wait on operator/flex-auth
Add policy.py client that calls flex-auth /v1/check before sign/issue when
policy.enabled is true. Record policy_decision_id in signatures.log. Default
off preserves existing inventory-only behavior. Document production OpenBao
health probe and update config/wiki references.
Add ops-warden INTENT as operational access steward for NetKingdom
security (route credential lanes, align docs, issue SSH certs only).
Refresh SCOPE for stewardship scope, persist INTENT↔SCOPE gap assessment,
and open WARDEN-WP-0006 for routing runbooks and platform alignment.
Document OpenBao as the platform production secrets service while keeping
the vault-compatible warden.yaml config shape. Update OpsWardenConfig,
SCOPE, and CertCommandInterface cross-references.
Update SCOPE and README to reflect the shipped warden CLI, fill agent
rules for stack/architecture/boundary, archive finished workplans
0001–0003, and register WP-0004 in State Hub.
T1 — TTL max enforcement:
- models.py: MAX_TTL_HOURS policy constant
- ca.py: _enforce_ttl() raises CAError when spec.ttl_hours > type max
- Called at top of LocalCA.sign() and VaultCA.sign()
- scorecard.py: check_ttl_policy() — flags certs with issued TTL > type max
- run_scorecard() now returns 5 checks
T2 — Stale cert cleanup:
- ca.py: _evict_cert() removes existing cert before writing new one (no accumulation)
- cli.py: warden cleanup [actor] [--dry-run] command
- check_no_stale_certs detail suggests 'warden cleanup' when stale certs found
T3 — Outgoing signatures log:
- ca.py: _append_signature_log() writes JSONL to state_dir/signatures.log
- Called after every successful sign() in LocalCA and VaultCA
- cli.py: warden log [actor] [--last N] [--json] command
- parse_cert_metadata now also returns valid_from (needed for TTL policy check)
61 tests passing, ruff clean.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
