aiwg
Version:
Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo
51 lines (50 loc) • 1.35 kB
YAML
apiVersion: ops.aiwg.io/v1
kind: OpsCapability
metadata:
name: secret-unseal
labels:
category: secrets
annotations:
blast-radius: "cluster-wide — unsealing exposes secrets engine to all authenticated clients"
ops-gate: required
ops-gate-reason: "Unseal operation grants access to the secrets engine; requires explicit human authorization"
spec:
description: Unseal an OpenBao or HashiCorp Vault instance — always requires OpsGate human authorization before execution
version: "1.0.0"
inputs:
- name: vault_addr
type: string
required: true
- name: unseal_key_paths
type: list
required: true
- name: key_threshold
type: integer
required: false
default: 3
- name: tls_ca_cert
type: path
required: false
- name: timeout_seconds
type: integer
required: false
default: 30
outputs:
- name: status
type: string
- name: sealed
type: boolean
- name: cluster_name
type: string
- name: ha_enabled
type: boolean
- name: progress
type: string
target_requirements:
os: [linux]
capabilities: [vault-cli]
agent: secrets-operator
idempotent: true
verification:
command: "VAULT_ADDR={{ vault_addr }} vault status -format=json 2>/dev/null | jq -r '.sealed'"
expect: "false"