CCR-2026-0007: binky IMAP on tenants/ mount + CCR allowlist
Enable tenant commercial secrets: applier accepts mount tenants/, apply policy and OIDC role for company-email IMAP (metadata only; values are founder Red provision). Extend agent-high-risk-boundary for the path.
This commit is contained in:
parent
347226eb36
commit
86209fa90c
6 changed files with 218 additions and 27 deletions
|
|
@ -1,36 +1,21 @@
|
|||
# Agent coding read-boundary for high-risk secret lanes (WARDEN-WP-0026 T04).
|
||||
# Agent coding read-boundary for high-risk secret lanes (WARDEN-WP-0026 T04 / WP-0028).
|
||||
#
|
||||
# Coding agents (Claude/Codex/Grok sessions, automated workers) MUST NOT hold
|
||||
# raw data-read on high-risk recovery/upload/admin secrets. This policy is the
|
||||
# allow-list they *may* carry for those paths: metadata + capabilities only.
|
||||
# Operator OIDC roles keep the full workload-kv-read-* policies separately.
|
||||
#
|
||||
# High-risk set (must stay in sync with ops-warden catalog risk: high):
|
||||
# - railiance backup offsite (WebDAV upload + age recovery escrow)
|
||||
# - forgejo admin PAT
|
||||
# - openrouter LLM provider key (provider spend + prompt-adjacent)
|
||||
#
|
||||
# Apply live: `bao policy write agent-high-risk-boundary openbao/policies/agent-high-risk-boundary.hcl`
|
||||
# Attach to agent AppRoles / tokens; never attach workload-kv-read-* for these paths
|
||||
# to the same identity.
|
||||
# Coding agents MUST NOT hold raw data-read on high-risk recovery/upload/admin
|
||||
# or tenant mailbox secrets. Metadata + capabilities only.
|
||||
|
||||
# --- railiance-backup-offsite-lane ---
|
||||
# --- platform high-risk ---
|
||||
path "platform/data/workloads/railiance/backup/offsite-lane" {
|
||||
capabilities = ["deny"]
|
||||
}
|
||||
path "platform/metadata/workloads/railiance/backup/offsite-lane" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
# --- forgejo-admin ---
|
||||
path "platform/data/workloads/forgejo/forgejo-admin" {
|
||||
capabilities = ["deny"]
|
||||
}
|
||||
path "platform/metadata/workloads/forgejo/forgejo-admin" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
# --- openrouter-llm-connect ---
|
||||
path "platform/data/workloads/activity-core/llm-connect/llm-connect-provider-secrets" {
|
||||
capabilities = ["deny"]
|
||||
}
|
||||
|
|
@ -38,7 +23,14 @@ path "platform/metadata/workloads/activity-core/llm-connect/llm-connect-provider
|
|||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
# Capabilities introspection (no secret values)
|
||||
# --- tenant high-risk (WARDEN-WP-0028) ---
|
||||
path "tenants/data/binky/company-email/imap" {
|
||||
capabilities = ["deny"]
|
||||
}
|
||||
path "tenants/metadata/binky/company-email/imap" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "sys/capabilities-self" {
|
||||
capabilities = ["update"]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
# Least-privilege read policy for Binky company email IMAP credentials.
|
||||
# Tenant mount (WARDEN-WP-0028) — client commercial secrets, not platform workloads.
|
||||
# Exact path only; no list on parent, no sibling tenant paths.
|
||||
|
||||
path "tenants/data/binky/company-email/imap" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "tenants/metadata/binky/company-email/imap" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue