Commit Graph

2 Commits

Author SHA1 Message Date
0b3486af9e fix(cli): bundle registry into wheel so installed warden works outside the repo
issue-core flagged the installed `warden` lacked the `route` subcommand. Two causes:

1. uv reused a cached wheel (version stayed 0.1.0) so the installed warden.cli was
   stale. Documented the cache-clean + --reinstall fix in ADHOC-2026-06-27.
2. Even rebuilt, route/access/policy were unusable outside a checkout because the
   routing catalog + posture descriptors live in registry/ at repo root, outside the
   package. Bundle registry/ into the wheel (hatch force-include -> warden/_registry)
   and add a packaged-data fallback in find_catalog_path / find_posture_path after the
   repo walk, so source runs still prefer the repo's registry/ (single source of truth).

Verified `warden route list` / `warden policy list` work from /tmp. 200 tests, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 19:40:14 +02:00
0812d7303d feat(WARDEN-WP-0015): T2 — machine-readable posture descriptors + warden policy
Adds registry/policy/security-posture.yaml (Axis A env postures, Axis B
maturity levels M0-M3, dataclass_floor, lattice rule — no secret
material) and src/warden/posture.py: typed loader with validation
(unique/contiguous ranks, floor references known levels) and the pure
can_deliver() lattice helper (no-write-down: prod posture + workload
maturity >= secret required_maturity + dataclass floor). New `warden
policy list|show` read-only lookup mirroring `warden route`.
tests/test_posture.py covers load, the allow/deny lattice matrix,
validation rejections, and CLI. 184 passed, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 18:10:54 +02:00