Adds registry/policy/security-posture.yaml (Axis A env postures, Axis B maturity levels M0-M3, dataclass_floor, lattice rule — no secret material) and src/warden/posture.py: typed loader with validation (unique/contiguous ranks, floor references known levels) and the pure can_deliver() lattice helper (no-write-down: prod posture + workload maturity >= secret required_maturity + dataclass floor). New `warden policy list|show` read-only lookup mirroring `warden route`. tests/test_posture.py covers load, the allow/deny lattice matrix, validation rejections, and CLI. 184 passed, lint clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
10 KiB
id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | planning_priority | planning_order | created | updated | state_hub_workstream_id |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WARDEN-WP-0015 | workplan | Workload Security Posture — env posture × maturity + conformance | infotech | ops-warden | active | codex | custodian | high | 15 | 2026-06-27 | 2026-06-27 | 99f4a0e1-853c-456f-8aa7-8ff0f318ea65 |
WARDEN-WP-0015 — Workload Security Posture (two-axis) + conformance
Scope: Establish a NetKingdom standard for IT-security posture across two orthogonal axes, and make ops-warden the conformance steward for it:
- Axis A — Environment posture (
dev → test → prod): how the secret store is secured (mock / OpenBao-dev/ sealed). Identical contracts, divergent posture. - Axis B — Workload maturity (
M0 → M3): how trusted a workload is to receive secrets and handle classified data (PoC → alpha/early-access → beta/GA → critical).
The axes combine in a secret-flow lattice: a secret may be delivered to a workload only if the workload's posture and maturity meet the secret's requirements. ops-warden authors the ops-security slice, ships machine-readable descriptors + a conformance checker (incl. the lattice check), and the dev-tier contract-double fixture library (the "fake bao" pattern generalized).
Decisions locked (2026-06-27):
- Two-axis model folded into this WP (was "Secret Lifecycle Tiering", env posture only).
- Authoritative NetKingdom requirements (M0–M3 table, secret-flow gates, env-posture
ceremonies) live in net-kingdom canon; the generic
WorkloadMaturityLevelconcept + lattice is contributed to info-tech-canon (DevSecOps/Landscape), reusing its governedDataClassification. ops-warden authors the ops-security slice + conformance tooling. - ops-warden role = author + conformance checks, not runtime enforcement.
Reuse, don't reinvent (info-tech-canon already defines the primitives):
DataClassification (confidential/restricted…) in the Data Model; promotion /
quality gates / policy gates / DeploymentVerification + progressive delivery in the
DevSecOps Model; asset/business criticality in the Security Model; access semantics
in the CARING Access Governance Standard. This WP assembles these into a named
maturity ladder + flow rule; it does not fork them.
Hard boundary (responsibility-map, ~line 154): ops-warden "must not become a universal secret broker — runtime secrets remain OpenBao; authorization remains flex-auth." ops-warden = policy author + conformance verifier only. OpenBao holds the secrets; flex-auth makes allow/deny decisions; CARING governs access semantics.
Cross-repo note: T1/T5 author content destined for net-kingdom and info-tech-canon. ops-warden drafts; landing it is coordinated through each repo's own process (inbox/PR), not a unilateral write from here.
Depends on / relates to: WARDEN-WP-0014 (the warden access proxy is the
posture-aware fetch surface; its caller-identity/transit guardrails are prod-compatible).
Status: proposed — awaiting Bernd's review before implementation.
The model (to be encoded by this WP)
Axis A — Environment posture (the secret store)
R1 — Contract parity, posture divergence. Identical interface at every tier; only
the backend's security posture changes. Automation written once runs at all tiers
unchanged (this is why contract doubles work).
R2 — Promote topology, regenerate material. Secret values are never promoted up
the ladder; only structure (paths, policy shape, names). Values are generated fresh
per tier. Test conveniences (reuse, single-unseal) are quarantined in test.
R3 — Dev touches no real data, ever. Insecure personal mock store is sanctioned
iff dev uses only synthetic data. Absolute.
R4 — Phase-changes are ceremonies, not copies. test→prod is a gated checklist
referencing net-kingdom security-bootstrap-* / unseal-custody docs.
| dev | test | prod | |
|---|---|---|---|
| backend | mock / contract double | OpenBao -dev (single-unseal) |
OpenBao sealed (Shamir 3-of-5) |
| real values | forbidden (synthetic) | generated, reuse allowed | generated fresh, reuse forbidden |
| unseal | n/a | single key / auto | 3-of-5 + break-glass |
| real user/business data | never | never | allowed |
| audit | optional | on | full, tamper-evident |
Axis B — Workload maturity (the trust to receive secrets/data)
Production is a posture, not a maturity. A workload can be prod-posture yet low maturity (alpha with friendly customers). Maturity gates which secrets and data classes a prod workload may touch.
| Level | Phase | Max DataClassification | Promotion gate (reuses DevSecOps gates) |
|---|---|---|---|
| M0 | Experimental / PoC | synthetic only | — |
| M1 | Alpha / early-access | low-criticality, loss-acceptable; no confidential/restricted | friendly-customer scope, basic SLO, data-handling note |
| M2 | Beta / GA | up to confidential; SLOs; audited |
security review, SLO history, on-call, incident runbooks |
| M3 | Critical / regulated | restricted; break-glass; compliance |
pen-test, 3-of-5 custody, human-in-loop, compliance audit |
The combined rule (secret-flow lattice)
deliver(secret → workload) permitted only if
workload.env_posture == prod # Axis A
AND workload.maturity >= secret.required_maturity # Axis B (no-write-down)
AND workload.maturity >= required_maturity(dataclass(secret))
"Critical secrets must not be transferred to workloads below maturity M" is exactly this no-write-down constraint. Checkable by ops-warden; enforceable by flex-auth.
Tasks
T1 — Author the two-axis Workload Security Posture standard (canon-bound)
id: WARDEN-WP-0015-T01
status: done
priority: high
state_hub_task_id: "85aeb676-a593-4056-986a-db14d4c5209f"
- Drafted the standard: Axis A (R1–R4 + env-posture matrix + phase-change ceremonies)
and Axis B (M0–M3 ladder + promotion gates) unified by the secret-flow lattice —
wiki/WorkloadSecurityPosture.md. - Layered it: doc marks the generic
WorkloadMaturityLevel+ lattice → info-tech-canon (reusingDataClassification) and the NetKingdom M0–M3 requirements + env-posture ceremonies → net-kingdom canon, with a canon-layering table. - Cross-linked the unseal/bootstrap/responsibility canon + info-tech-canon Security/DevSecOps/Data/CARING models. Staged in ops-warden; coordination opened to net-kingdom (msg 8d6f8d83) and info-tech-canon (msg ca07b085).
- Encoded ops-warden's role: author + conformance, not enforcement/custody.
- Note: canon landing in the two repos is owner-driven; tracked to closure in T5.
T2 — Machine-readable posture descriptors (both axes)
id: WARDEN-WP-0015-T02
status: done
priority: high
state_hub_task_id: "011fb0af-154d-40f4-a03e-3172c325321a"
registry/policy/security-posture.yaml— env-posture tiers (backend, value-policy, unseal, data-class, audit) and maturity levels (M0–M3, max DataClassification, promotion gates),dataclass_floormapping, and the lattice rule. No secret material.- Loader + validation in
src/warden/posture.py(mirrorsrouting/catalog.py): unique/contiguous ranks, dataclass_floor references known levels, lattice env posture exists. Includes the purecan_deliverlattice helper (reused by T3). warden policy list|showlookup (mirrorswarden route;--json).- Tests:
tests/test_posture.py(load, lattice allow/deny matrix, validation rejections, CLI). 184 pass, lint clean.
T3 — Conformance checker (incl. secret-flow lattice)
id: WARDEN-WP-0015-T03
status: todo
priority: high
state_hub_task_id: "c1a0e987-19d0-478e-ac08-2dbe98e64e09"
scripts/check_secret_posture_conformance.py— assert env-posture matches the standard (prod sealed + Shamir; dev no real-value paths) and evaluate the lattice: flag any secret whoserequired_maturityexceeds a target workload's maturity. Drift-style report, likecheck_principals_drift.py. Read-only.- Surface conformance + lattice violations; never read or print a secret value.
T4 — Dev-tier contract-double fixture library
id: WARDEN-WP-0015-T04
status: todo
priority: medium
state_hub_task_id: "e556fd2e-4e39-4c7d-bd94-b4330e4bef45"
- Generalize "fake bao": hermetic dev-tier doubles for routed subsystems (bao, key-cape login) honoring each contract (argv/stdout/exit) with synthetic values only — fully offline dev/test of access flows.
- Document the pattern in the standard (R1) as the sanctioned dev backend.
T5 — INTENT/SCOPE alignment + canon contributions
id: WARDEN-WP-0015-T05
status: todo
priority: medium
state_hub_task_id: "298c9b09-4a5a-41bf-a3bd-6c572385236b"
INTENT.md: ops-warden stewards security-policy conformance of the infrastructure (authoring the two-axis posture standard + conformance checks + dev doubles), scoped to author+check — not enforcement or custody.- SCOPE: add the posture policy + conformance surface; note the net-kingdom / info-tech-canon homes; bump the maturity vector where warranted.
- Track the info-tech-canon contribution (generic
WorkloadMaturityLevel) and the net-kingdom requirements landing to closure. history/2026-06-27-workload-security-posture-charter.md— decision record.
Acceptance
- A coherent two-axis standard exists: generic concept in info-tech-canon, NetKingdom M0–M3 + env-posture requirements in net-kingdom canon, authored by ops-warden.
- ops-warden ships posture descriptors + a read-only conformance checker (incl. the secret-flow lattice) + dev-tier doubles.
- No secret material in any descriptor, checker, fixture, doc, or log.
- ops-warden's role is documented as author+conformance; OpenBao custody, flex-auth authorization, and CARING access boundaries are explicitly preserved.
- INTENT/SCOPE reflect the conformance-steward role without overclaiming enforcement.
See also
WARDEN-WP-0014(operator access assist; the posture-aware fetch surface)net-kingdom/docs/openbao-unseal-custody-models.md,responsibility-map.md,platform-root-custody.md,security-bootstrap-*info-tech-canonSecurity / DevSecOps / Data Models + CARING Access Governanceflex-auth(runtime enforcement of the lattice, as a follow-up)