Files
ops-warden/history/2026-06-17-post-wp0007-reassessment.md
tegwick a6a943fc3e chore(WP-0008): finish and archive production SSH path closeout
Mark WP-0008 finished and move to archived/. Spin flex-auth production gate
to WARDEN-WP-0009. Update SCOPE and reassessment history for R3 reliability.
2026-06-18 01:28:49 +02:00

2.5 KiB

INTENT ↔ SCOPE Reassessment — Post WP-0007

Date: 2026-06-17
Author: codex
Trigger: WARDEN-WP-0007 complete; WARDEN-WP-0008 T1.
Prior assessment: history/2026-06-17-intent-scope-reassessment.md


1. Executive summary

WARDEN-WP-0007 shipped the opt-in flex-auth policy gate (policy.py, policy.enabled in warden.yaml) and recorded production OpenBao health evidence (initialized, unsealed, v2.5.4). Signing behavior is unchanged when the gate is off (default). Production end-to-end warden sign against the SSH engine remains operator-verified — tracked in WARDEN-WP-0008 T2.

Vector movement: D5/A3/C3/R2D5/A3/C4/R2

Dimension Was Now Notes
Discovery D5 D5 Unchanged
Availability A3 A3 CLI + opt-in policy gate
Completeness C3 C4 Policy gate coded; flex-auth policies external
Reliability R2 R2 Health probe yes; live sign pending operator token

2. Deliverables (WP-0007)

Task Deliverable Status
T1 history/2026-06-17-openbao-production-verify.md Done (health)
T2 PolicyConfig, policy.py Done
T3 CLI wire-in, policy_decision_id in log Done
T4 tests/test_policy.py, wiki updates Done

3. Success criteria (INTENT.md) — updated

Criterion Was Now
Worker knows which subsystem for each credential type Yes Yes
SSH access short-lived, inventoried, audited Yes Yes — + optional flex-auth correlation id
ops-bridge integrates via cert_command Yes Yes
NetKingdom evolution reflected in ops-warden docs Yes Yes
Non-SSH secrets stay out of ops-warden Yes Yes

Score: 5 yes (live production sign is reliability, not INTENT criterion gap)


4. Remaining gaps (post WP-0008 closeout, 2026-06-18)

Prio Gap Owner Task
P1 flex-auth ssh-certificate policies flex-auth WP-0009
P2 NK-WP-0009 joint SSH tutorial net-kingdom Parallel
P3 ops-bridge cert_command on live tunnels ops-bridge Deferred

WP-0008 closed: production sign verified; stewardship canon and archive hygiene done.


5. Recommendation

  • Completeness C4: SSH lane + stewardship docs + opt-in policy gate shipped.
  • Reliability R3: production warden sign evidence on file (2026-06-18).
  • Keep policy.enabled: false in production until flex-auth policies exist (WP-0009).