tegwick
211994ddbb
Foundation for an autonomous worker that handles ops-warden's State Hub coordination lane via llm-connect (Bernd's call: full-auto in-scope + scheduled, staged dry-run -> manual -> scheduled). T1 is the llm-connect-independent, safe slice: src/warden/worker.py — HubClient (read unread to_agent=ops-warden), Brain protocol, deterministic RuleBrain (answers clear routing questions, escalates the rest), PlannedAction/WorkerPlan model, guardrail allowlist + validate_action enforced brain-agnostically (no-secret invariant + prod-config + off-allowlist all escalate), render_plans dry-run output. `warden worker run --dry-run` (default); --execute refused (exit 2) until the guarded executor (T3) lands. Guardrails are load-bearing because full-auto has no human in the loop: message content is untrusted data, the allowlist is enforced regardless of what the brain proposes. Hard dependency flagged in the workplan: the brain is llm-connect, which needs its provider key (OPENROUTER_API_KEY, deferred CCR-2026-0003) before it can run. 18 worker tests; 229 pass, lint clean. Live dry-run against the real hub verified. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ops-warden
SSH Certificate Authority and certificate lifecycle manager for the ops fleet.
Signs short-lived certs for adm / agt / atm actors and exposes the
cert_command interface consumed by ops-bridge and other tooling.
See INTENT.md for direction, SCOPE.md for current implementation, and
wiki/AccessManagementDirective.md for SSH policy. ops-warden issues SSH certs
and routes every other credential need to its owner — see wiki/AccessRouting.md.
Latest gap analysis: history/2026-06-17-post-wp0007-reassessment.md.
Install
uv sync
uv tool install .
Or run without installing:
uv run warden --help
Quick start (local backend)
# One-time: generate a CA key (keep mode 600, never commit)
ssh-keygen -t ed25519 -f ~/.ssh/ops-ca-user -C "Ops SSH User CA" -N ""
# Configure warden (~/.config/warden/warden.yaml) — see wiki/OpsWardenConfig.md
warden inventory add agt-example --type agt --principal agt-example
warden sign agt-example --pubkey ~/.ssh/id_ed25519.pub
warden status agt-example
warden scorecard
Production uses the vault backend against OpenBao or HashiCorp Vault (Vault-compatible
SSH secrets engine API). Template: examples/warden.production.example.yaml.
See wiki/OpsWardenConfig.md and wiki/OpenBaoSshEngineChecklist.md.
Routing lookup (warden route)
ops-warden issues SSH certs and routes every other credential need to its
owner. The route command group is a read-only lookup over the pointer catalog
(registry/routing/catalog.yaml) — it never calls another subsystem or returns
secrets.
warden route list [--all] [--json] # scenarios (active-only unless --all)
warden route list --stale [--stale-days 90] [--all] # past review cadence
warden route show <id> [--json] # owner + wiki/canon pointers; SSH adds steps
warden route find "issue an api key" # rank scenarios by keyword overlap
Full role and examples: wiki/AccessRouting.md.
Development
uv sync
uv run pytest # unit tests (integration excluded)
uv run pytest -m integration # requires ssh-keygen in PATH
uv run ruff check .
Key paths
| Path | Purpose |
|---|---|
~/.config/warden/warden.yaml |
Backend and CA/Vault settings |
~/.config/warden/inventory.yaml |
Actor → principals registry |
~/.local/state/warden/ |
Signed certs, keys, signatures.log |
Documentation
INTENT.md— operational access steward mission (NetKingdom-aligned)wiki/CredentialRouting.md— which subsystem for each credential typewiki/NetKingdomSecurityMap.md— platform security component mapwiki/ActorInventoryPatterns.md— standard adm/agt/atm actor patternswiki/OpsWardenConfig.md— configuration referencewiki/CertCommandInterface.md—cert_commandcontract for callerswiki/InterHubBootstrapAccessLane.md— short-lived cert envelope for bootstrap tasks
Workplans
Active and proposed work lives in workplans/. Finished plans are archived under
workplans/archived/.