coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c4be3cd4ba23eafff22947fc4e071f6dba831ac6
ops-warden/workplans/WARDEN-WP-0010-access-routing-charter.md
tegwick ffc2722006 docs(WP-0010): sharpen mission to "issue SSH, route the rest" + pointer catalog 
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.

- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
  draft). No-double-source rule enforced structurally — authored steps/cert_command
  only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
  SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-18 20:44:53 +02:00

6.6 KiB
Raw Blame History

id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, state_hub_workstream_id
id type title domain repo status owner topic_slug planning_priority planning_order created updated state_hub_workstream_id
WARDEN-WP-0010 workplan Access Routing — Charter and Pointer Catalog custodian ops-warden done codex custodian high 10 2026-06-18 2026-06-18 e93de9fd-0192-4d02-bb7c-5e859fb76b9b

WARDEN-WP-0010 — Access Routing — Charter and Pointer Catalog

Scope: Sharpen the existing steward framing so it cannot be misread as a desk API that wraps every subsystem. ops-warden issues SSH certificates and points workers to the owning subsystem for everything else. This workplan updates INTENT/SCOPE wording and adds a machine-readable routing catalog that is a pointer layer, not a second copy of NetKingdom canon.

Not a new security lane. This is wording + a thin lookup surface. SSH issuance remains the only thing ops-warden executes. Maturity moves Availability A3 → A4 (structured lookup for agents); Completeness and Reliability for SSH are unchanged.

Out of scope: Secret-vending, OIDC, policy PDP, tunnel, or host-hardening code in this repo; flex-auth policy packages (WARDEN-WP-0009); any universal broker.

Depends on: WARDEN-WP-0006 stewardship canon (routing wiki, security map) — shipped.

Feeds: WARDEN-WP-0011 (routing CLI over the catalog).

Principles (target)

  1. Point, don't proxy — Name the owner and the doc; do not wrap a foreign API unless the answer is an SSH certificate.
  2. Direct interaction — Workers (humans, agents, CI, operators) call OpenBao, key-cape, flex-auth, ops-bridge, and railiance repos themselves.
  3. One source of truth — Routing procedure for non-SSH needs lives in the wiki (aligned to net-kingdom canon) and upstream canon, not restated in the catalog. The catalog carries identifiers and pointers only. ops-warden authors procedure for exactly one lane: SSH certificate issuance, which it owns.
  4. Same truth, two shapes — Humans read the wiki; agents read the catalog. The catalog references wiki sections by anchor so they cannot drift apart.

No-double-source rule (binding on T3)

The catalog must not contain step-by-step procedure for any subsystem ops-warden does not own. For non-SSH scenarios an entry carries:

  • owner_repo, subsystem — who to talk to
  • wiki_ref — anchor into an in-repo wiki section (the authoritative restatement)
  • canon_ref — upstream net-kingdom doc the wiki section tracks
  • need_keywords, title, id — lookup metadata
  • warden_executes: false

Only warden_executes: true (SSH) entries may carry an authored steps block and the cert_command pattern — because that is the lane ops-warden owns. A CI test (WP-0011 T5) enforces this structurally: non-SSH entries with a steps block fail.

Tasks

T1 — INTENT wording

id: WARDEN-WP-0010-T01
status: done
priority: high
state_hub_task_id: "589081a6-d1f5-47b4-bec0-e82d9c3444f4"
  • INTENT.md — keep "operational access steward"; replaced the "operational access desk" phrasing with plain "issues SSH certs and routes everything else to its owner." Removed metaphors implying a wrapping service.
  • Non-goals: added "duplicating or restating another subsystem's procedure."
  • Cross-linked this workplan from the assessment note.

SCOPE.md (A3 → A4 plain statement + "issue vs route" table) is handled as a deliberate manual step after the loop retires, not as a ralph task.

T2 — Routing-role wiki page

id: WARDEN-WP-0010-T02
status: done
priority: high
state_hub_task_id: "9ac333f7-5fc4-4fa2-82f3-d5ece8ff0d92"
  • Create wiki/AccessRouting.md — what ops-warden answers (where + who owns it), what it executes (SSH only), anti-patterns (no warden secret, warden login, warden policy), and audience notes.
  • Include the issue-vs-route matrix (subsystem × ops-warden role × who acts).
  • Link from README, CredentialRouting.md, NetKingdomSecurityMap.md.

T3 — Pointer catalog schema + seed

id: WARDEN-WP-0010-T03
status: done
priority: high
state_hub_task_id: "59e0f480-694a-482a-b35e-b7bc4930aa41"
  • Define registry/routing/catalog.yaml per the No-double-source rule above: id, title, need_keywords, owner_repo, subsystem, warden_executes, wiki_ref, canon_ref, reviewed (date), status (active|draft); plus steps + cert_command only when warden_executes: true.
  • Seed from existing WP-0006 scenarios: SSH cert (executes), OpenBao API key, flex-auth policy, key-cape OIDC, ops-bridge tunnel, railiance-infra principals.
  • Add issue-core-ingestion-api-key as status: draft (owner path TBD by railiance-platform) — draft entries are not surfaced by default lookup.
  • Validated: 6 active + 1 draft, no non-SSH steps, every wiki_ref anchor resolves.

T4 — Routing index in CredentialRouting.md

id: WARDEN-WP-0010-T04
status: done
priority: medium
state_hub_task_id: "aabd28c0-db2d-4267-be98-95be272c687d"
  • Add a playbook index table to wiki/CredentialRouting.md keyed to catalog id.
  • Add "what ops-warden answers vs what the worker does next on the owner system" examples — without restating the owner's procedure.
  • Refresh the duplicate-interface anti-examples section (points at canonical anti-pattern table; not restated).

T5 — Registry and repo-boundary alignment

id: WARDEN-WP-0010-T05
status: done
priority: medium
state_hub_task_id: "3335a689-922c-4319-98d0-4263ab13790b"
  • Update registry/capabilities/capability.security.ssh-certificate-issuance.md — note routing lookup in discovery; target availability notes the routing CLI.
  • Update .claude/rules/repo-boundary.md and AGENTS.md one-liner (no new metaphor — "issues SSH certs; routes other credential needs to their owner").
  • Extend the existing capability entry rather than minting a second capability.

Acceptance

  • A reader of INTENT + wiki/AccessRouting.md understands ops-warden issues SSH certs and routes everything else, with no implication it proxies any API.
  • registry/routing/catalog.yaml exists with ≥6 active scenarios; every non-SSH entry has wiki_ref + canon_ref and no authored steps.
  • No new secret-storage or foreign-API code.

See also

  • INTENT.md · SCOPE.md
  • history/2026-06-18-access-routing-intent-shift-assessment.md — decision record
  • WARDEN-WP-0011 — routing CLI
  • WARDEN-WP-0012 — scenario playbook expansion (backlog)
Reference in New Issue View Git Blame Copy Permalink