generated from coulomb/repo-seed
41 lines
1.7 KiB
Markdown
41 lines
1.7 KiB
Markdown
---
|
|
id: ADHOC-2026-06-29
|
|
type: workplan
|
|
title: "Ad Hoc Tasks — 2026-06-29"
|
|
domain: infotech
|
|
repo: ops-warden
|
|
status: finished
|
|
owner: claude
|
|
topic_slug: custodian
|
|
created: "2026-06-29"
|
|
updated: "2026-06-29"
|
|
state_hub_workstream_id: "1c0460b7-bc8a-48db-96d4-681bce18ac91"
|
|
---
|
|
|
|
# Ad Hoc Tasks — 2026-06-29
|
|
|
|
### T01 — Joint-smoke mode for the deployed flex-auth (assist FLEX-WP-0007 T4)
|
|
|
|
```task
|
|
id: ADHOC-2026-06-29-T01
|
|
status: done
|
|
priority: medium
|
|
state_hub_task_id: "371235cc-b9d3-4103-b09f-e4e01cc83c5b"
|
|
```
|
|
|
|
flex-auth (msg `ea00620b`) asked ops-warden to help close FLEX-WP-0007 T4 (joint OpenBao
|
|
+ policy-gate production smoke). Their deployed runtime is reachable on CoulombCore via
|
|
the flex-auth-coulombcore tunnel at `127.0.0.1:18090`, but `policy_gate_production_smoke.sh`
|
|
spawned its **own** local flex-auth binary — so it never exercised the deployed runtime.
|
|
|
|
- [x] Added `FLEX_AUTH_EXTERNAL=1` mode to `scripts/policy_gate_production_smoke.sh`: skips
|
|
the local `serve`/`load-registry` and runs the allow/deny/vault paths against the
|
|
already-running deployed flex-auth, with a `/healthz` precheck that fails fast with a
|
|
"is the flex-auth-coulombcore tunnel up?" hint (verified: clean exit 2 when down).
|
|
- [x] Verified the committed `production_registry_snapshot.json` is **current** (rebuilt
|
|
from `~/.config/warden/inventory.yaml`, diff-clean; 4 actors).
|
|
- [x] Answered flex-auth's three questions and handed the operator the exact CoulombCore
|
|
runbook (see reply). Remaining T4 steps are operator-gated and cannot run from the
|
|
workstation: mint a scoped `VAULT_TOKEN` (ops-warden holds no standing token by
|
|
design), run the joint smoke on CoulombCore, then flip `policy.enabled: true`.
|