HubClient gains writes (mark_read, send_reply, add_progress). execute_plan/execute_plans run the safe, allowlisted actions autonomously: route_answer (reply with the computed answer + auto mark-read), reply (LLM-drafted body), progress_note, mark_read. Escalated plans and non-auto-executable kinds are left for a human; every action is metadata-only (no secret value read/sent/logged). Deliberate guardrail: propose_catalog_diff and any code/routing change is NOT auto-executed even under full-auto — a bad catalog commit could misroute credentials, so it goes to human review (recoverability over convenience). AUTO_EXECUTABLE is the messaging/hub tier only. `warden worker run --execute` runs the executor (dry-run still default). 7 executor tests (reply+mark, with/without body, escalated skip, catalog-diff-left-for-human, progress, failure-without-crash); 243 pass, lint clean. First live --execute shakedown is the operator's (staged rollout); T4 schedules it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ops-warden
SSH Certificate Authority and certificate lifecycle manager for the ops fleet.
Signs short-lived certs for adm / agt / atm actors and exposes the
cert_command interface consumed by ops-bridge and other tooling.
See INTENT.md for direction, SCOPE.md for current implementation, and
wiki/AccessManagementDirective.md for SSH policy. ops-warden issues SSH certs
and routes every other credential need to its owner — see wiki/AccessRouting.md.
Latest gap analysis: history/2026-06-17-post-wp0007-reassessment.md.
Install
uv sync
uv tool install .
Or run without installing:
uv run warden --help
Quick start (local backend)
# One-time: generate a CA key (keep mode 600, never commit)
ssh-keygen -t ed25519 -f ~/.ssh/ops-ca-user -C "Ops SSH User CA" -N ""
# Configure warden (~/.config/warden/warden.yaml) — see wiki/OpsWardenConfig.md
warden inventory add agt-example --type agt --principal agt-example
warden sign agt-example --pubkey ~/.ssh/id_ed25519.pub
warden status agt-example
warden scorecard
Production uses the vault backend against OpenBao or HashiCorp Vault (Vault-compatible
SSH secrets engine API). Template: examples/warden.production.example.yaml.
See wiki/OpsWardenConfig.md and wiki/OpenBaoSshEngineChecklist.md.
Routing lookup (warden route)
ops-warden issues SSH certs and routes every other credential need to its
owner. The route command group is a read-only lookup over the pointer catalog
(registry/routing/catalog.yaml) — it never calls another subsystem or returns
secrets.
warden route list [--all] [--json] # scenarios (active-only unless --all)
warden route list --stale [--stale-days 90] [--all] # past review cadence
warden route show <id> [--json] # owner + wiki/canon pointers; SSH adds steps
warden route find "issue an api key" # rank scenarios by keyword overlap
Full role and examples: wiki/AccessRouting.md.
Development
uv sync
uv run pytest # unit tests (integration excluded)
uv run pytest -m integration # requires ssh-keygen in PATH
uv run ruff check .
Key paths
| Path | Purpose |
|---|---|
~/.config/warden/warden.yaml |
Backend and CA/Vault settings |
~/.config/warden/inventory.yaml |
Actor → principals registry |
~/.local/state/warden/ |
Signed certs, keys, signatures.log |
Documentation
INTENT.md— operational access steward mission (NetKingdom-aligned)wiki/CredentialRouting.md— which subsystem for each credential typewiki/NetKingdomSecurityMap.md— platform security component mapwiki/ActorInventoryPatterns.md— standard adm/agt/atm actor patternswiki/OpsWardenConfig.md— configuration referencewiki/CertCommandInterface.md—cert_commandcontract for callerswiki/InterHubBootstrapAccessLane.md— short-lived cert envelope for bootstrap tasks
Workplans
Active and proposed work lives in workplans/. Finished plans are archived under
workplans/archived/.