Zero-credential Goose recipe: OpenBao policy auditor running through Warden

[stephnangue]

I built a Goose recipe that audits an OpenBao cluster for ACL-policy hygiene issues and publishes the report as a Slack channel canvas — and the agent's environment has no API keys, no Vault tokens, and no Slack tokens.

The trick: every egress call goes through Warden, an open-source credential-injection gateway. The CI job mints a short-lived Forgejo OIDC JWT (one identity), and Warden enforces three independent access policies on that JWT — one for OpenBao, one for the Anthropic-compatible LLM, one for Slack — injecting the real upstream credential at egress and writing an audit log entry tied to the JWT claims. The recipe just calls bao and curl.

The recipe's instructions block locks the agent out of credential handling explicitly:

instructions: |
  You are a security auditor performing a HYGIENE REVIEW of every ACL policy on
  this OpenBao cluster. The `bao` CLI in your shell is already pointed at Warden —
  **do not log in, do not set a token, and do not modify `VAULT_ADDR` or
  `VAULT_TOKEN`**. They are pre-set to the Warden gateway URL and a per-job
  JWT respectively.

The agent emits four deterministic finding categories — dead-mount references, orphan bindings, duplicate paths, least-privilege smells — derives severity (ok / warning / critical), and publishes the report as a Slack channel canvas.

Full walkthrough with the recipe, Forgejo workflow, and audit-log examples: https://github.com/stephnangue/warden/blob/main/docs/tutorials/vault-policy-hygiene/README.md

Curious what other Goose recipes folks have running in CI without long-lived credentials in the agent environment.