Files
ops-warden/workplans/WARDEN-WP-0012-routing-scenario-playbooks.md
tegwick ffc2722006 docs(WP-0010): sharpen mission to "issue SSH, route the rest" + pointer catalog
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.

- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
  draft). No-double-source rule enforced structurally — authored steps/cert_command
  only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
  SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-18 20:44:53 +02:00

4.7 KiB

id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, state_hub_workstream_id
id type title domain repo status owner topic_slug planning_priority planning_order created updated state_hub_workstream_id
WARDEN-WP-0012 workplan Routing Scenario Playbooks custodian ops-warden backlog codex custodian medium 12 2026-06-18 2026-06-18 a7e712a0-02f8-4f83-944e-6b207e77bc4c

WARDEN-WP-0012 — Routing Scenario Playbooks

Scope: Grow the routing catalog and wiki playbooks for high-frequency NetKingdom access scenarios. Each wiki playbook restates what the worker does on the owning system and tracks an upstream canon doc; the catalog only points at it. ops-warden authors procedure only for the SSH lane.

Out of scope: Implementing custody in ops-warden; creating OpenBao paths in railiance-platform (coordinate only); authoring flex-auth policy; restating an owner's procedure inside the catalog.

Depends on: WARDEN-WP-0010 (charter + catalog schema), WARDEN-WP-0011 (routing CLI).

Status: backlog — start after WP-0010 T3 and WP-0011 T2 ship.


Anti-stale rule

A scenario is added to the catalog as status: active only when its owning repo's path actually exists and a wiki_ref is written. Until then it stays status: draft and is hidden from default warden route find/list. We do not seed agent-visible entries for paths that owners have not shipped — a confident-looking pointer to a non-existent path is worse than no entry.


Scenario backlog

Catalog id Routing focus Executing owner Gate
issue-core-ingestion-api-key OpenBao KV path, K8s injection, rotation railiance-platform + issue-core path exists
activity-core-issue-sink ISSUE_CORE_URL + consumer key custody activity-core + issue-core path exists
inter-hub-bootstrap-ssh SSH envelope + on-host wrapper reads OpenBao ops-warden SSH + railiance-infra ready (SSH lane)
openrouter-llm-connect OpenBao → K8s Secret in activity-core railiance-platform path exists
object-storage-sts NK-WP-0007 vending path net-kingdom + flex-auth + OpenBao canon exists
ops-bridge-tunnel-cert cert_command vs static-key migration ops-bridge coordinate
human-oidc-login key-cape / Keycloak IAM Profile key-cape canon exists
flex-auth-resource-check Policy decision before sensitive action flex-auth canon exists
host-principal-deploy auth_principals sync railiance-infra canon exists

Tasks

T1 — issue-core ingestion key playbook

id: WARDEN-WP-0012-T01
status: todo
priority: high
state_hub_task_id: "830bb512-0288-4dba-9dd4-ccfd28a4921f"
  • Coordinate with railiance-platform to canonicalize the OpenBao path first.
  • Then write wiki/playbooks/issue-core-ingestion-api-key.md (prerequisites, ESO pattern, rotation, privileged-read policy) and promote the catalog entry from draft to active with a wiki_ref.

T2 — Inter-Hub and bootstrap lanes

id: WARDEN-WP-0012-T02
status: todo
priority: medium
state_hub_task_id: "7726a703-6e00-4e49-9380-ed3fb3268827"
  • Align wiki/InterHubBootstrapAccessLane.md with the catalog id.
  • Document attended vs unattended bootstrap branches.
  • Cross-link flex-auth and OpenBao expectations (pointers, not restated steps).

T3 — ops-bridge tunnel migration

id: WARDEN-WP-0012-T03
status: todo
priority: medium
state_hub_task_id: "9fb397f0-0abb-48f5-bb62-7e77edae93bb"
  • Playbook: static-key → cert_command migration checklist.
  • Pilot tunnel notes (agt-state-hub-bridge) — coordinate with ops-bridge.

T4 — Platform secret scenarios (LLM, STS, DB)

id: WARDEN-WP-0012-T04
status: todo
priority: low
state_hub_task_id: "edcf4ed7-f18d-4a92-a42d-8cc7ca0ab792"
  • Playbooks for OpenRouter, object-storage STS, DB dynamic creds.
  • Each ends with an owner-repo action; no warden secret code; pointers to canon.

T5 — Drift review cadence

id: WARDEN-WP-0012-T05
status: todo
priority: low
state_hub_task_id: "db98d655-8551-487b-9413-41bf97fc06e1"
  • Document a review cadence against net-kingdom canon.
  • warden route list --stale keyed off the reviewed: date field.
  • Process note in wiki/AccessRouting.md.

Acceptance

  • Every active catalog entry has a wiki_ref to an existing section; no active entry points at a path its owner has not shipped (those stay draft).
  • warden route find resolves common agent queries without wiki grep.
  • Playbooks and catalog contain no secret material — only owners, pointers, checklists.

See also

  • WARDEN-WP-0010, WARDEN-WP-0011
  • wiki/CredentialRouting.md
  • history/2026-06-18-post-wp0008-intent-scope-reassessment.md