Drop the "operational access desk" framing (and the rejected "coach" metaphor) for plain language: ops-warden issues short-lived SSH certs and routes every other credential need to its owner. SSH is the only lane it executes. Adds WARDEN-WP-0010/0011/0012 with a pointer-layer routing catalog that points at owner docs rather than restating them, enforced structurally (non-SSH entries carrying a steps block fail CI). Drops the scope-creep-prone `check` command; hides unshipped-path scenarios as draft. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
4.4 KiB
Decision Record — Sharpen "steward" into "issue SSH, route the rest"
Date: 2026-06-18 Author: codex Status: Accepted. Feeds WARDEN-WP-0010 T1. Supersedes: the earlier "operations security coach" draft (rejected — see below).
1. The decision
Keep ops-warden's mission exactly as it is in production and sharpen only the
wording: ops-warden issues short-lived SSH certificates and routes every other
credential need to the subsystem that owns it. Add a small machine-readable
routing catalog and a warden route lookup CLI so agents stop re-deriving routing
from wiki prose.
This is wording plus a thin lookup surface, not a new security lane. SSH issuance stays the only thing ops-warden executes.
| Before | After | |
|---|---|---|
| Framing | "operational access steward / desk" | "issues SSH certs; routes the rest to its owner" |
| Non-SSH creds | document paths in wiki | same wiki + structured catalog pointing at it |
| Lookup | grep the wiki | warden route find/show |
| Foreign APIs | not owned | explicitly not proxied or restated |
Maturity moves Availability A3 → A4 (structured lookup for agents). Completeness and Reliability for the SSH lane are unchanged — nothing here ships new signing code.
2. Why not "coach"
An earlier draft framed this as an "operations security coach." Rejected:
- Overpromises. What is built is a routing directory — lookup, not pedagogy. "Coach" implies teaching and an ongoing relationship the CLI does not deliver, which feeds the "agent stops at the lookup and never learns the subsystem" failure mode.
- Generic / collision-prone across other custodian domains.
- No new metaphor needed. "Steward who issues SSH and routes the rest" is already accurate and harder to misread as a wrapping service.
Command verb is warden route (concrete), not warden coach.
3. The double-source-of-truth trap, and how we avoid it
A routing catalog risks becoming a hand-maintained fork of net-kingdom's responsibility map. A stale-but-authoritative-looking catalog is worse than wiki prose, because an agent trusts structured output and will not second-guess it.
Rule (binding on WP-0010 T3 / enforced by WP-0011 T5): the catalog is a
pointer layer. For any subsystem ops-warden does not own, an entry carries only
identifiers + owner_repo + wiki_ref (in-repo authoritative section) +
canon_ref (upstream net-kingdom doc) — no restated procedure. Procedure is
authored in exactly one place per need: the wiki section it points to. ops-warden
authors steps for exactly one lane — SSH issuance — because it owns it.
This is enforced structurally, not by process: a CI test fails any non-SSH entry
that carries a steps block, and checks every wiki_ref anchor resolves. We do
not rely on a quarterly human review to catch drift.
4. Other tightenings applied
- Dropped
warden coach check. Highest scope-creep risk, thin value (warden statusalready covers SSH local preconditions). SSH precondition hints fold intowarden route showinstead. - No agent-visible stubs for unshipped paths. Scenarios whose owning repo has
not shipped a real path stay
status: draftand are hidden from default lookup (WP-0012 anti-stale rule).
5. Guardrails (non-negotiable)
- One execution lane — only SSH cert issuance in ops-warden code.
- No secret material in catalog, CLI output, logs, or history.
- No foreign API wrappers — beyond the existing opt-in SSH pre-sign gate.
- No restated procedure for subsystems ops-warden does not own — pointers only.
- Canon supremacy — wiki tracks net-kingdom; ops-warden never overrides it.
6. Failing signals (watch for these)
- Feature requests cluster on
warden secret/warden bao/warden login. - A catalog entry grows a
stepsblock for a non-SSH subsystem. wiki_refanchors rot without CI failure.- Operators bypass OpenBao "because warden is easier" — but warden cannot help.
7. References
INTENT.md,SCOPE.md— pre-update wordingworkplans/WARDEN-WP-0010-access-routing-charter.mdworkplans/WARDEN-WP-0011-routing-guide-cli.mdworkplans/WARDEN-WP-0012-routing-scenario-playbooks.mdhistory/2026-06-18-post-wp0008-intent-scope-reassessment.md— prior gap analysiswiki/CredentialRouting.md,wiki/NetKingdomSecurityMap.md