Files

tegwick d003f0ca4d chore(ADHOC-2026-06-29): stamp state_hub ids from consistency sync

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-29 00:41:38 +02:00

id, type, title, domain, repo, status, owner, topic_slug, created, updated, state_hub_workstream_id

id	type	title	domain	repo	status	owner	topic_slug	created	updated	state_hub_workstream_id
ADHOC-2026-06-29	workplan	Ad Hoc Tasks — 2026-06-29	infotech	ops-warden	finished	claude	custodian	2026-06-29	2026-06-29	1c0460b7-bc8a-48db-96d4-681bce18ac91

Ad Hoc Tasks — 2026-06-29

id: ADHOC-2026-06-29-T01
status: done
priority: medium
state_hub_task_id: "371235cc-b9d3-4103-b09f-e4e01cc83c5b"

flex-auth (msg ea00620b) asked ops-warden to help close FLEX-WP-0007 T4 (joint OpenBao

policy-gate production smoke). Their deployed runtime is reachable on CoulombCore via the flex-auth-coulombcore tunnel at 127.0.0.1:18090, but policy_gate_production_smoke.sh spawned its own local flex-auth binary — so it never exercised the deployed runtime.

Added FLEX_AUTH_EXTERNAL=1 mode to scripts/policy_gate_production_smoke.sh: skips the local serve/load-registry and runs the allow/deny/vault paths against the already-running deployed flex-auth, with a /healthz precheck that fails fast with a "is the flex-auth-coulombcore tunnel up?" hint (verified: clean exit 2 when down).
Verified the committed production_registry_snapshot.json is current (rebuilt from ~/.config/warden/inventory.yaml, diff-clean; 4 actors).
Answered flex-auth's three questions and handed the operator the exact CoulombCore runbook (see reply). Remaining T4 steps are operator-gated and cannot run from the workstation: mint a scoped VAULT_TOKEN (ops-warden holds no standing token by design), run the joint smoke on CoulombCore, then flip policy.enabled: true.