coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8bb46903366599fa93091b00a1693a033c7a4ed
ops-warden/workplans/WARDEN-WP-0017-access-front-door-discoverability.md
tegwick e8bb469033 feat(WARDEN-WP-0018): activate whynot-design npm publish lane + resolvable flag 
railiance-platform finished provisioning the whynot-design npm publish lane
(CCR-2026-0001, commit 8f617fc: active, readiness=ready, resolvable=true, positive
fetch + negative denial verified). First concrete warden access --fetch-resolvable
non-SSH lane — end-to-end proof of the WP-0014 conduit + WP-0017 discoverability.

T1 — catalog entry whynot-design-npm-publish (active, exec_capable) with the
owner-confirmed zero-placeholder handoff: path platform/workloads/coulomb/whynot-design/
npm-publish (the superseded whynot-design/whynot-design/... form is not used), field
NPM_AUTH_TOKEN, OIDC role whynot-design-workload-kv-read, policy + flex-auth ref. Added
wiki/playbooks/whynot-design-npm-publish.md.

T2 — RouteEntry.resolvable (active + exec_capable + no <…> placeholder), surfaced in
route/access --json; Catalog.find resolves an exact catalog-id first so
`warden access whynot-design-npm-publish` is deterministic. Tests added; fixed a
no-match test query that substring-collided (no ⊂ whynot). 213 pass, lint clean.

T3 — notified whynot-design (zero-placeholder command + resolvable gate + path
correction) and confirmed activation to railiance-platform. Sibling lanes stay draft
per their deferral.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 00:32:00 +02:00

121 lines
5.1 KiB
Markdown
Raw Blame History

---
id: WARDEN-WP-0017
type: workplan
title: "Access front-door discoverability — stop reading as SSH-only"
domain: infotech
repo: ops-warden
status: finished
owner: claude
topic_slug: custodian
planning_priority: high
planning_order: 17
created: "2026-06-27"
updated: "2026-06-27"
state_hub_workstream_id: "cf8b392e-7624-4585-8935-a85e29202935"
---
# WARDEN-WP-0017 — Access front-door discoverability
**Problem:** WP-0014 made ops-warden the operator **access front door** — for
`exec_capable` lanes (OpenBao reads, key-cape login) `warden access <need> --fetch/--exec`
proxies the fetch **as the caller** and streams the value to them (ops-warden holds
nothing). But every *discovery* surface still tells the pre-WP-0014 story, so agents
(e.g. whynot-design needing `NPM_AUTH_TOKEN`) conclude "ops-warden only issues SSH certs
and replies with a pointer, not a token" and never find the proxy.
**Fix:** propagate the WP-0014 conduit charter to the surfaces agents actually read. This
is a *messaging/discoverability* change — **no** change to the security model: the conduit
stays a conduit (no custody, no standing broker; the responsibility-map boundary holds).
**Out of scope:** ops-warden holding/brokering token values (that would override the
WP-0014 charter); shipping the concrete OpenBao npm KV path (railiance-platform infra —
tracked separately); any new fetch capability (the proxy already exists).
**Depends on:** WP-0014 (the proxy lane being described).
---
## Surfaces that mislead today
| Surface | Says now | Should say |
| --- | --- | --- |
| `warden route` table `warden` column | binary `issue` / `route` | `issue` / **`assist`** (exec_capable) / `route` |
| `warden route` `--json` | no proxyability field | add `warden_role` + `exec_capable` |
| `warden access` closing line | "warden advises, the owner vends" | for exec_capable: "ops-warden can fetch this for you as the caller…" |
| `.claude/rules/credential-routing.md` | "issues SSH certs **only**… reply is a pointer, not a key" | issues SSH certs **and** is the access front door; exec_capable lanes proxy as you |
| Federated capability registry | only "SSH certificate issuance" | also "Operator access front door / caller-identity fetch proxy" |
| SCOPE one-liner + capability block | SSH + routing + posture | add the access-assist/proxy front door |
---
## Tasks
### T1 — CLI discoverability: route role + access framing
```task
id: WARDEN-WP-0017-T01
status: done
priority: high
state_hub_task_id: "6e98df42-b5b4-49f8-a444-3c6346c8abd7"
```
- [x] `warden route` table: three-valued `warden` column — `issue` / `assist`
(exec_capable) / `route`. `_entry_summary` JSON gains `warden_role` + `exec_capable`;
`route show` JSON `next_action` surfaces the proxy for exec_capable lanes.
- [x] `warden access` closing line: for `exec_capable` lanes leads with "ops-warden can
fetch this for you as the caller (`--fetch`/`--exec`); runs the owner's tool with
your identity, value never held/cached/logged." Non-exec lanes keep "advises, owner
vends." `_access_json` `next_action` mirrors it.
- [x] Tests in `tests/test_routing.py` (warden_role issue/assist) and `tests/test_access.py`
(front-door framing for exec lane, owner-vends for route-only lane). 210 pass.
### T2 — Agent rule + SCOPE reframe
```task
id: WARDEN-WP-0017-T02
status: done
priority: high
state_hub_task_id: "6e2a7067-1afc-4f38-8d99-4d5c36a4661c"
```
- [x] `.claude/rules/credential-routing.md`: reframed the lead ("issues SSH certs **and**
is the operator access front door…") and the quick routing table (`ops-warden role`
column: Issue / Assist / Route). Kept the true anti-pattern: don't POST a State Hub
message for a secret *value* — it comes from the CLI front door run as you.
- [x] SCOPE one-liner reframed to "steward **and front door**"; added a second `capability`
block "Operator access front door (caller-identity fetch proxy)".
### T3 — Federated capability registration
```task
id: WARDEN-WP-0017-T03
status: done
priority: medium
state_hub_task_id: "7199625b-e78e-4495-8ca0-076100ae9f08"
```
- [x] Registered the State Hub capability "Operator access front door (caller-identity
fetch proxy)" (id `708e46f6`, repo ops-warden) — the hub had **no** ops-warden
security capability before, so the front door was undiscoverable cross-domain.
- [x] Sent whynot-design (msg `83a3bb2e`) the corrected path: `warden access "npm auth
token" --fetch/--exec`, the CLI refresh, the OpenBao-auth prereq, and the
railiance-platform path caveat.
---
## Acceptance
- An agent doing the first-line `warden route find` / `--json` lookup can see ops-warden
*assists* (proxies) the OpenBao lane, not merely points.
- The credential-routing rule and federated capability registry describe the access
front door; none of them say "SSH certificates only".
- The conduit boundary is unchanged and explicit: ops-warden fetches *as the caller* and
holds nothing — no custody, no broker.
---
## See also
- `WARDEN-WP-0014` (the proxy lane), `wiki/OperatorAccessAssist.md`
- `.claude/rules/credential-routing.md`, `registry/routing/catalog.yaml`
Reference in New Issue View Git Blame Copy Permalink