generated from coulomb/repo-seed
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues short-lived SSH certificates and routes every other credential need to the subsystem that owns it — no desk metaphor, one execution lane. - wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns - registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1 draft). No-double-source rule enforced structurally — authored steps/cert_command only on the warden_executes:true SSH entry; every wiki_ref anchor resolves - wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note - INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing; SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI - WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
142 lines
4.7 KiB
Markdown
142 lines
4.7 KiB
Markdown
---
|
|
id: WARDEN-WP-0012
|
|
type: workplan
|
|
title: "Routing Scenario Playbooks"
|
|
domain: custodian
|
|
repo: ops-warden
|
|
status: backlog
|
|
owner: codex
|
|
topic_slug: custodian
|
|
planning_priority: medium
|
|
planning_order: 12
|
|
created: "2026-06-18"
|
|
updated: "2026-06-18"
|
|
state_hub_workstream_id: "a7e712a0-02f8-4f83-944e-6b207e77bc4c"
|
|
---
|
|
|
|
# WARDEN-WP-0012 — Routing Scenario Playbooks
|
|
|
|
**Scope:** Grow the routing catalog and wiki playbooks for high-frequency NetKingdom
|
|
access scenarios. Each wiki playbook restates **what the worker does on the owning
|
|
system** and tracks an upstream canon doc; the catalog only points at it. ops-warden
|
|
authors procedure only for the SSH lane.
|
|
|
|
**Out of scope:** Implementing custody in ops-warden; creating OpenBao paths in
|
|
railiance-platform (coordinate only); authoring flex-auth policy; restating an
|
|
owner's procedure inside the catalog.
|
|
|
|
**Depends on:** WARDEN-WP-0010 (charter + catalog schema), WARDEN-WP-0011 (routing CLI).
|
|
|
|
**Status:** `backlog` — start after WP-0010 T3 and WP-0011 T2 ship.
|
|
|
|
---
|
|
|
|
## Anti-stale rule
|
|
|
|
A scenario is added to the catalog as `status: active` **only when its owning repo's
|
|
path actually exists** and a `wiki_ref` is written. Until then it stays `status:
|
|
draft` and is hidden from default `warden route find`/`list`. We do not seed
|
|
agent-visible entries for paths that owners have not shipped — a confident-looking
|
|
pointer to a non-existent path is worse than no entry.
|
|
|
|
---
|
|
|
|
## Scenario backlog
|
|
|
|
| Catalog id | Routing focus | Executing owner | Gate |
|
|
| --- | --- | --- | --- |
|
|
| `issue-core-ingestion-api-key` | OpenBao KV path, K8s injection, rotation | railiance-platform + issue-core | path exists |
|
|
| `activity-core-issue-sink` | `ISSUE_CORE_URL` + consumer key custody | activity-core + issue-core | path exists |
|
|
| `inter-hub-bootstrap-ssh` | SSH envelope + on-host wrapper reads OpenBao | ops-warden SSH + railiance-infra | ready (SSH lane) |
|
|
| `openrouter-llm-connect` | OpenBao → K8s Secret in activity-core | railiance-platform | path exists |
|
|
| `object-storage-sts` | NK-WP-0007 vending path | net-kingdom + flex-auth + OpenBao | canon exists |
|
|
| `ops-bridge-tunnel-cert` | cert_command vs static-key migration | ops-bridge | coordinate |
|
|
| `human-oidc-login` | key-cape / Keycloak IAM Profile | key-cape | canon exists |
|
|
| `flex-auth-resource-check` | Policy decision before sensitive action | flex-auth | canon exists |
|
|
| `host-principal-deploy` | auth_principals sync | railiance-infra | canon exists |
|
|
|
|
---
|
|
|
|
## Tasks
|
|
|
|
### T1 — issue-core ingestion key playbook
|
|
|
|
```task
|
|
id: WARDEN-WP-0012-T01
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "830bb512-0288-4dba-9dd4-ccfd28a4921f"
|
|
```
|
|
|
|
- [ ] Coordinate with railiance-platform to canonicalize the OpenBao path first.
|
|
- [ ] Then write `wiki/playbooks/issue-core-ingestion-api-key.md` (prerequisites,
|
|
ESO pattern, rotation, privileged-read policy) and promote the catalog entry
|
|
from `draft` to `active` with a `wiki_ref`.
|
|
|
|
### T2 — Inter-Hub and bootstrap lanes
|
|
|
|
```task
|
|
id: WARDEN-WP-0012-T02
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "7726a703-6e00-4e49-9380-ed3fb3268827"
|
|
```
|
|
|
|
- [ ] Align `wiki/InterHubBootstrapAccessLane.md` with the catalog id.
|
|
- [ ] Document attended vs unattended bootstrap branches.
|
|
- [ ] Cross-link flex-auth and OpenBao expectations (pointers, not restated steps).
|
|
|
|
### T3 — ops-bridge tunnel migration
|
|
|
|
```task
|
|
id: WARDEN-WP-0012-T03
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "9fb397f0-0abb-48f5-bb62-7e77edae93bb"
|
|
```
|
|
|
|
- [ ] Playbook: static-key → `cert_command` migration checklist.
|
|
- [ ] Pilot tunnel notes (`agt-state-hub-bridge`) — coordinate with ops-bridge.
|
|
|
|
### T4 — Platform secret scenarios (LLM, STS, DB)
|
|
|
|
```task
|
|
id: WARDEN-WP-0012-T04
|
|
status: todo
|
|
priority: low
|
|
state_hub_task_id: "edcf4ed7-f18d-4a92-a42d-8cc7ca0ab792"
|
|
```
|
|
|
|
- [ ] Playbooks for OpenRouter, object-storage STS, DB dynamic creds.
|
|
- [ ] Each ends with an owner-repo action; no warden secret code; pointers to canon.
|
|
|
|
### T5 — Drift review cadence
|
|
|
|
```task
|
|
id: WARDEN-WP-0012-T05
|
|
status: todo
|
|
priority: low
|
|
state_hub_task_id: "db98d655-8551-487b-9413-41bf97fc06e1"
|
|
```
|
|
|
|
- [ ] Document a review cadence against net-kingdom canon.
|
|
- [ ] `warden route list --stale` keyed off the `reviewed:` date field.
|
|
- [ ] Process note in `wiki/AccessRouting.md`.
|
|
|
|
---
|
|
|
|
## Acceptance
|
|
|
|
- Every active catalog entry has a `wiki_ref` to an existing section; no active entry
|
|
points at a path its owner has not shipped (those stay `draft`).
|
|
- `warden route find` resolves common agent queries without wiki grep.
|
|
- Playbooks and catalog contain no secret material — only owners, pointers, checklists.
|
|
|
|
---
|
|
|
|
## See also
|
|
|
|
- `WARDEN-WP-0010`, `WARDEN-WP-0011`
|
|
- `wiki/CredentialRouting.md`
|
|
- `history/2026-06-18-post-wp0008-intent-scope-reassessment.md`
|