coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8bb46903366599fa93091b00a1693a033c7a4ed
ops-warden/workplans/ADHOC-2026-06-27.md
tegwick 8bbd22285e feat(WARDEN-WP-0016): ops-bridge cert_command readiness gate + handoff 
Close ops-warden's side of the last Partial INTENT criterion (ops-bridge integrates
via a stable cert_command). The migration playbook and contract already existed; what
was missing was an automated readiness gate before touching tunnel config.

T1 — scripts/check_tunnel_cert_readiness.py: read-only preflight that asserts the
cert_command path is ready without signing — config/backend, actor inventory + TTL
within type max, pubkey exists/parses/not-private, principals present, and optional
host-principal deployment (mirrors check_principals_drift). Exit 0/1/2.

T2 — opt-in --sign-smoke: runs the cert_command against the local backend and validates
identity/principals/TTL of the emitted cert; refuses a vault backend. Window measured
from the cert's own valid_from->valid_before so it's timezone-robust (fixes a CEST
off-by-2h artifact). integration-marked test + a vault-refusal unit test.

T3 — playbook now leads with Step 0 readiness gate; ops-bridge handoff message sent.
T4 — SCOPE INTENT row: Partial -> Pilot-ready; known-gaps + SSH-lane list updated.

9 unit + 1 integration test, 209 default passing, lint clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 19:50:28 +02:00

42 lines
1.6 KiB
Markdown
Raw Blame History

---
id: ADHOC-2026-06-27
type: workplan
title: "Ad Hoc Tasks — 2026-06-27"
domain: infotech
repo: ops-warden
status: finished
owner: claude
topic_slug: custodian
created: "2026-06-27"
updated: "2026-06-27"
state_hub_workstream_id: "142b171b-c34b-4a45-91a5-c77e6d07ec6f"
---
# Ad Hoc Tasks — 2026-06-27
Low-risk opportunistic fixes completed directly during the consolidation session.
### T01 — Fix stale `warden` CLI install + make it usable outside the repo
```task
id: ADHOC-2026-06-27-T01
status: done
priority: medium
state_hub_task_id: "867c72c9-9904-400f-8542-04264e5856c2"
```
issue-core reported (msg `70bcf238`) that the `warden` CLI on `~/.local/bin` lacked
the `route` subcommand, forcing a `uv run warden` fallback.
- [x] Root cause: `uv tool install` had reused a **cached wheel** (version stayed
`0.1.0`), so the installed `warden.cli` predated the `route`/`access`/`policy`
subcommands. `uv cache clean ops-warden` + `uv tool install . --reinstall` fixed it.
- [x] Deeper cause: even rebuilt, `warden route`/`policy` failed outside a checkout
because the catalog + posture descriptors live in `registry/` at repo root,
outside the package. Bundled `registry/` into the wheel via hatch
`force-include``warden/_registry`, and added a packaged-data fallback in
`find_catalog_path` / `find_posture_path` (after the repo walk, so source runs
still prefer the repo's `registry/` as the single source of truth).
- [x] Verified `warden route list` / `warden policy list` work from `/tmp`; 200 tests
pass, lint clean.
Reference in New Issue View Git Blame Copy Permalink