Files
ops-warden/wiki/playbooks/scheduled-worker.md
tegwick a10bbd2162 feat(WARDEN-WP-0021): T3-T5 — visibility, approve loop, runbook (scheduled worker complete)
T4 (review→send loop): conservative tick persists structured drafts to
state_dir/worker-drafts.json; `warden worker drafts` lists them, `warden worker approve
<id> [--body …]` sends the reviewed draft as the reply + marks read + drops it. Escalated
plans persist no draft. Live-verified end-to-end.

T3 (visibility): `warden worker status` (pending drafts, triage count, last digest, timer
state); best-effort notify-send nudge in the tick when drafts are pending.

T5: wiki/playbooks/scheduled-worker.md (enable/disable, the approve loop, failure modes,
conservative-only posture) + SCOPE note.

WARDEN-WP-0021 finished: the conservative worker now runs on a systemd --user timer
(enabled, every 15 min), triages new inbox messages into drafts you approve with one
command, degrades gracefully, and stops with one command. 249 tests, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 15:24:10 +02:00

2.5 KiB

Scheduled coordination worker

Date: 2026-06-30 · Workplan: WARDEN-WP-0021 · Code: WARDEN-WP-0020

The ops-warden worker triages its State Hub inbox on a schedule and drafts replies you approve. Conservative tier only — it never auto-sends to other agents and never marks a message read on its own (build-stage decision 813899f9). The four guardrails (fixed charter, action allowlist, no-secret invariant, dry-run/audit) hold every run.

Enable / disable

./scripts/install-worker-timer.sh --enable     # install + start (systemd --user, every 15 min)
systemctl --user disable --now ops-warden-worker.timer   # kill switch
# or, leave the timer but pause every run:
echo 'WORKER_ENABLED=0' >> ~/.config/warden/worker.env

No systemd? Cron fallback:

*/15 * * * * /home/worsch/ops-warden/scripts/worker-tick.sh >> ~/.local/state/warden/worker-tick.log 2>&1

The loop

warden worker status                 # pending drafts, last run, timer state
warden worker drafts                 # list drafted replies awaiting your OK
warden worker approve <message_id>   # send a draft as your reply + mark read
warden worker approve <id> --body "…"  # edit before sending

Each tick writes ~/.local/state/warden/worker-digest.md and posts one progress note; a desktop notify-send fires when drafts are pending (if a display is present).

Config (~/.config/warden/worker.env)

Var Meaning
WARDEN_HUB_URL State Hub (default http://127.0.0.1:8000; railiance01 after cust-wp-0011)
WORKER_BRAIN llm (llm-connect) or rule (offline fallback)
WORKER_ENABLED 0 pauses every tick without touching the timer
LLM_CONNECT_URL set to skip the per-tick kubectl port-forward to llm-connect

Failure modes (all graceful)

  • State Hub unreachable → the tick /state/health-prechecks and skips cleanly (exit 0).
  • llm-connect unreachable → falls back to the deterministic rule brain (dumber, still triages).
  • Overlapping runsflock guard; the later run skips.
  • A worker-run hiccup is logged but never fails the unit — the next tick retries.

Posture

Conservative is the only scheduled mode. --full-auto (auto-send) exists but is not scheduled — it broadcasts the LLM's occasionally-wrong content unattended, which the guardrails can't prevent (they stop security harm, not content error). Revisit when the ecosystem reaches testing.

See also

  • WARDEN-WP-0020 (the worker), scripts/worker-tick.sh, scripts/install-worker-timer.sh
  • build-stage decision 813899f9