ops-warden/registry/indexes/capabilities.yaml

version: 1
updated: '2026-06-17'
domain: helix_forge
capabilities:
- id: capability.security.ssh-certificate-issuance
  name: SSH Certificate Issuance
  summary: Issue short-lived CA-signed SSH certificates for adm, agt, and atm actors
    through a stable cert_command CLI interface; steward NetKingdom operational access routing.
  vector: D4 / A3 / C3 / R2
  domain: helix_forge
  status: draft
  owner: ops-warden
  path: registry/capabilities/capability.security.ssh-certificate-issuance.md
  tags:
  - ssh
  - certificate
  - ca
  - ops-warden
  - openbao
  - security
  consumption_modes:
  - CLI
  - cert_command subprocess