Files
ops-warden/history/2026-06-18-access-routing-intent-shift-assessment.md
tegwick dcfcc4b20a docs(WP-0010): rewire INTENT to "issue SSH, route the rest"; add access-routing plan
Drop the "operational access desk" framing (and the rejected "coach"
metaphor) for plain language: ops-warden issues short-lived SSH certs and
routes every other credential need to its owner. SSH is the only lane it
executes.

Adds WARDEN-WP-0010/0011/0012 with a pointer-layer routing catalog that
points at owner docs rather than restating them, enforced structurally
(non-SSH entries carrying a steps block fail CI). Drops the scope-creep-prone
`check` command; hides unshipped-path scenarios as draft.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-18 20:07:01 +02:00

106 lines
4.4 KiB
Markdown

# Decision Record — Sharpen "steward" into "issue SSH, route the rest"
**Date:** 2026-06-18
**Author:** codex
**Status:** Accepted. Feeds WARDEN-WP-0010 T1.
**Supersedes:** the earlier "operations security coach" draft (rejected — see below).
---
## 1. The decision
Keep ops-warden's mission exactly as it is in production and sharpen only the
wording: **ops-warden issues short-lived SSH certificates and routes every other
credential need to the subsystem that owns it.** Add a small machine-readable
routing catalog and a `warden route` lookup CLI so agents stop re-deriving routing
from wiki prose.
This is **wording plus a thin lookup surface**, not a new security lane. SSH
issuance stays the only thing ops-warden executes.
| | Before | After |
| --- | --- | --- |
| Framing | "operational access steward / desk" | "issues SSH certs; routes the rest to its owner" |
| Non-SSH creds | document paths in wiki | same wiki + structured catalog pointing at it |
| Lookup | grep the wiki | `warden route find/show` |
| Foreign APIs | not owned | explicitly not proxied or restated |
Maturity moves **Availability A3 → A4** (structured lookup for agents). Completeness
and Reliability for the SSH lane are unchanged — nothing here ships new signing code.
---
## 2. Why not "coach"
An earlier draft framed this as an "operations security coach." Rejected:
- **Overpromises.** What is built is a routing directory — lookup, not pedagogy.
"Coach" implies teaching and an ongoing relationship the CLI does not deliver,
which feeds the "agent stops at the lookup and never learns the subsystem"
failure mode.
- **Generic / collision-prone** across other custodian domains.
- **No new metaphor needed.** "Steward who issues SSH and routes the rest" is
already accurate and harder to misread as a wrapping service.
Command verb is `warden route` (concrete), not `warden coach`.
---
## 3. The double-source-of-truth trap, and how we avoid it
A routing catalog risks becoming a hand-maintained fork of net-kingdom's
responsibility map. A stale-but-authoritative-looking catalog is **worse** than
wiki prose, because an agent trusts structured output and will not second-guess it.
**Rule (binding on WP-0010 T3 / enforced by WP-0011 T5):** the catalog is a
*pointer layer*. For any subsystem ops-warden does not own, an entry carries only
identifiers + `owner_repo` + `wiki_ref` (in-repo authoritative section) +
`canon_ref` (upstream net-kingdom doc) — **no restated procedure**. Procedure is
authored in exactly one place per need: the wiki section it points to. ops-warden
authors `steps` for exactly one lane — SSH issuance — because it owns it.
This is enforced structurally, not by process: a CI test fails any non-SSH entry
that carries a `steps` block, and checks every `wiki_ref` anchor resolves. We do
not rely on a quarterly human review to catch drift.
---
## 4. Other tightenings applied
- **Dropped `warden coach check`.** Highest scope-creep risk, thin value (`warden
status` already covers SSH local preconditions). SSH precondition hints fold into
`warden route show` instead.
- **No agent-visible stubs for unshipped paths.** Scenarios whose owning repo has
not shipped a real path stay `status: draft` and are hidden from default
lookup (WP-0012 anti-stale rule).
---
## 5. Guardrails (non-negotiable)
1. **One execution lane** — only SSH cert issuance in ops-warden code.
2. **No secret material** in catalog, CLI output, logs, or history.
3. **No foreign API wrappers** — beyond the existing opt-in SSH pre-sign gate.
4. **No restated procedure** for subsystems ops-warden does not own — pointers only.
5. **Canon supremacy** — wiki tracks net-kingdom; ops-warden never overrides it.
---
## 6. Failing signals (watch for these)
- Feature requests cluster on `warden secret` / `warden bao` / `warden login`.
- A catalog entry grows a `steps` block for a non-SSH subsystem.
- `wiki_ref` anchors rot without CI failure.
- Operators bypass OpenBao "because warden is easier" — but warden cannot help.
---
## 7. References
- `INTENT.md`, `SCOPE.md` — pre-update wording
- `workplans/WARDEN-WP-0010-access-routing-charter.md`
- `workplans/WARDEN-WP-0011-routing-guide-cli.md`
- `workplans/WARDEN-WP-0012-routing-scenario-playbooks.md`
- `history/2026-06-18-post-wp0008-intent-scope-reassessment.md` — prior gap analysis
- `wiki/CredentialRouting.md`, `wiki/NetKingdomSecurityMap.md`