generated from coulomb/repo-seed
tegwick
90007c2cda
Ship flex-auth policy gate registry and smoke evidence, archive WP-0009 through WP-0013, and add integration docs: ops-bridge cert_command migration playbook, operator OpenBao token hygiene, principals drift check script, and 2026-06-24 INTENT/SCOPE gap analysis.
33 lines
1.1 KiB
Markdown
33 lines
1.1 KiB
Markdown
# ops-bridge cert_command Pilot — Coordination Note
|
|
|
|
**Date:** 2026-06-24
|
|
**Workplan:** WARDEN-WP-0013 T3
|
|
**Playbook:** `wiki/playbooks/ops-bridge-tunnel-cert.md`
|
|
|
|
## Status
|
|
|
|
ops-warden shipped the migration playbook and upgraded catalog entry `ops-bridge-tunnel`.
|
|
Pilot tunnel **`agt-state-hub-bridge`** is documented with actor, key paths, and
|
|
`cert_command` string.
|
|
|
|
**Execution owner:** ops-bridge (tunnel config in `~/.config/bridge/tunnels.yaml`).
|
|
|
|
## Request to ops-bridge
|
|
|
|
Apply `cert_command` to the `state-hub-coulombcore` tunnel per the playbook migration
|
|
checklist. ops-warden will record smoke evidence in `history/` when the pilot completes
|
|
(non-secret: tunnel up/down, cert re-issue after TTL).
|
|
|
|
## Pre-requisites (operator)
|
|
|
|
- Scoped `VAULT_TOKEN` for production OpenBao sign (`wiki/playbooks/operator-openbao-token-hygiene.md`)
|
|
- `warden sign agt-state-hub-bridge` succeeds before tunnel config change
|
|
|
|
## Evidence pending
|
|
|
|
| Check | Status |
|
|
| --- | --- |
|
|
| Playbook on file | Done |
|
|
| Catalog `wiki_ref` | Done |
|
|
| ops-bridge tunnel config updated | Pending |
|
|
| `bridge up` smoke | Pending | |