coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8bbd22285eb2d759132b592b7ec7b6f0dd2d04e1
ops-warden/workplans/ADHOC-2026-06-27.md
tegwick 8bbd22285e feat(WARDEN-WP-0016): ops-bridge cert_command readiness gate + handoff 
Close ops-warden's side of the last Partial INTENT criterion (ops-bridge integrates
via a stable cert_command). The migration playbook and contract already existed; what
was missing was an automated readiness gate before touching tunnel config.

T1 — scripts/check_tunnel_cert_readiness.py: read-only preflight that asserts the
cert_command path is ready without signing — config/backend, actor inventory + TTL
within type max, pubkey exists/parses/not-private, principals present, and optional
host-principal deployment (mirrors check_principals_drift). Exit 0/1/2.

T2 — opt-in --sign-smoke: runs the cert_command against the local backend and validates
identity/principals/TTL of the emitted cert; refuses a vault backend. Window measured
from the cert's own valid_from->valid_before so it's timezone-robust (fixes a CEST
off-by-2h artifact). integration-marked test + a vault-refusal unit test.

T3 — playbook now leads with Step 0 readiness gate; ops-bridge handoff message sent.
T4 — SCOPE INTENT row: Partial -> Pilot-ready; known-gaps + SSH-lane list updated.

9 unit + 1 integration test, 209 default passing, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 19:50:28 +02:00

1.6 KiB
Raw Blame History

id, type, title, domain, repo, status, owner, topic_slug, created, updated, state_hub_workstream_id
id type title domain repo status owner topic_slug created updated state_hub_workstream_id
ADHOC-2026-06-27 workplan Ad Hoc Tasks — 2026-06-27 infotech ops-warden finished claude custodian 2026-06-27 2026-06-27 142b171b-c34b-4a45-91a5-c77e6d07ec6f

Ad Hoc Tasks — 2026-06-27

Low-risk opportunistic fixes completed directly during the consolidation session.

T01 — Fix stale warden CLI install + make it usable outside the repo

id: ADHOC-2026-06-27-T01
status: done
priority: medium
state_hub_task_id: "867c72c9-9904-400f-8542-04264e5856c2"

issue-core reported (msg 70bcf238) that the warden CLI on ~/.local/bin lacked the route subcommand, forcing a uv run warden fallback.

  • Root cause: uv tool install had reused a cached wheel (version stayed 0.1.0), so the installed warden.cli predated the route/access/policy subcommands. uv cache clean ops-warden + uv tool install . --reinstall fixed it.
  • Deeper cause: even rebuilt, warden route/policy failed outside a checkout because the catalog + posture descriptors live in registry/ at repo root, outside the package. Bundled registry/ into the wheel via hatch force-includewarden/_registry, and added a packaged-data fallback in find_catalog_path / find_posture_path (after the repo walk, so source runs still prefer the repo's registry/ as the single source of truth).
  • Verified warden route list / warden policy list work from /tmp; 200 tests pass, lint clean.
Reference in New Issue View Git Blame Copy Permalink