Files

tegwick 1c3d1b4d52 feat(WARDEN-WP-0014): T4 — key-cape login orchestration lane

Adds a lane: secret|login field to RouteEntry. The login lane is an
interactive auth bootstrap: it skips the caller-auth precheck (no token
yet — that's the point) and the secret-read gate (it establishes the
identity the gate needs), runs the owner's login command interactively
as the caller via inherited stdio, and rejects --exec. The token stays
in the caller's own store; warden never captures it (G2 holds). Audited
as action: login. key-cape-oidc-login populated as the reference login
entry. Advisory proxy hint updated now that T3 has shipped.

172 passed, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-27 17:31:55 +02:00

capabilities

docs(WP-0010): sharpen mission to "issue SSH, route the rest" + pointer catalog

2026-06-18 20:44:53 +02:00

flex-auth

feat: close WP-0009/WP-0013 production integration stewardship strand

2026-06-24 12:44:32 +02:00

indexes

WARDEN-WP-0006: NetKingdom stewardship docs and alignment

2026-06-17 08:22:45 +02:00

routing

feat(WARDEN-WP-0014): T4 — key-cape login orchestration lane

2026-06-27 17:31:55 +02:00

README.md

Add capability registry scaffold (REUSE-WP-0014-T06 B04)

2026-06-16 01:56:08 +02:00

README.md

Capability Registry

Markdown-first capability index for federation and reuse planning.

Authoring

Copy a capability entry template (see reuse-surface templates/capability-entry.template.md).
Add the row to indexes/capabilities.yaml.
Run reuse-surface validate from a checkout with the CLI installed.
Merge to main and verify publish with reuse-surface establish --publish-check.

Federation contract: reuse-surface docs/RegistryFederation.md.