generated from coulomb/repo-seed
Add credential routing, actor patterns, security map, OpenBao SSH checklist, and policy-gated signing design. Update registry and SCOPE; record INTENT↔SCOPE reassessment (C3 completeness).
3.5 KiB
3.5 KiB
id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | planning_priority | planning_order | created | updated | state_hub_workstream_id |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WARDEN-WP-0006 | workplan | NetKingdom Alignment and Operational Access Stewardship | custodian | ops-warden | finished | codex | custodian | high | 6 | 2026-06-17 | 2026-06-17 | a5c9f24b-1ad4-46da-bc8e-b99897f8e302 |
WARDEN-WP-0006 — NetKingdom Alignment and Operational Access Stewardship
Scope: Close gaps identified in history/2026-06-17-intent-scope-assessment.md
between INTENT (operational access steward for NetKingdom security) and SCOPE
(shipped SSH CLI only). Documentation and alignment first; code changes limited
to optional CLI ergonomics.
Out of scope: flex-auth integration implementation, OpenBao cluster deploy, universal credential broker, net-kingdom INTENT.md rewrite.
Goal
After this workplan, a development worker or agent can:
- Read ops-warden material and know which NetKingdom subsystem handles each credential type.
- Obtain SSH certs via documented actor patterns and production OpenBao path.
- Find ops-warden recognized in NetKingdom responsibility/platform docs as the operational SSH credential authority.
Tasks
T1 — Credential routing runbook
id: WARDEN-WP-0006-T01
status: done
priority: high
state_hub_task_id: "ffc6a0c2-4312-4584-be7a-c8411cb01899"
wiki/CredentialRouting.mdwith decision tree and anti-examples- Linked from SCOPE, INTENT, README
T2 — Actor inventory patterns
id: WARDEN-WP-0006-T02
status: done
priority: high
state_hub_task_id: "3816463d-7dfd-469d-9324-fd7880b50608"
wiki/ActorInventoryPatterns.mdexamples/inventory.seed.yaml
T3 — NetKingdom cross-links (ops-warden side)
id: WARDEN-WP-0006-T03
status: done
priority: high
state_hub_task_id: "f158366a-5746-48b8-acce-472dce8f925e"
wiki/NetKingdomSecurityMap.md- Registry capability stewardship summary
.claude/rules/repo-boundary.mdrouting table
T4 — NetKingdom canon patch (coordination)
id: WARDEN-WP-0006-T04
status: done
priority: medium
state_hub_task_id: "e40e4395-8f01-4f79-a539-d0de8e427321"
net-kingdom/docs/responsibility-map.md— Operational SSH dependencynet-kingdom/docs/platform-identity-security-architecture.md— Operational SSH Path
T5 — OpenBao SSH engine operational checklist
id: WARDEN-WP-0006-T05
status: done
priority: medium
state_hub_task_id: "a94e20a2-970b-4a0c-bd23-8510b841b938"
wiki/OpenBaoSshEngineChecklist.md
T6 — Policy-gated signing design (design only)
id: WARDEN-WP-0006-T06
status: done
priority: low
state_hub_task_id: "b10a4b4d-bfa1-4f49-b6a5-f339f1e6a2e1"
wiki/PolicyGatedSigning.md
T7 — Re-assess INTENT ↔ SCOPE
id: WARDEN-WP-0006-T07
status: done
priority: medium
state_hub_task_id: "ef8b5c57-2343-4cfc-9fee-48db1e56f69a"
history/2026-06-17-intent-scope-reassessment.md- SCOPE.md Current State updated
make fix-consistency REPO=ops-warden
Acceptance Criteria
wiki/CredentialRouting.mdexists and is linked from README/SCOPEwiki/ActorInventoryPatterns.mdexistswiki/NetKingdomSecurityMap.mdexists- NetKingdom responsibility-map recognizes ops-warden SSH lane (T4)
- OpenBao SSH checklist documented (T5)
- Policy-gated signing design drafted (T6)
- INTENT ↔ SCOPE re-assessment recorded (T7)
reuse-surface validate --root .passes