Operational-access verification (ADR-021) Probe every documented way in to a service or host from `ubongo` and report which paths are live. Reads the target's `access__*` data (and host baseline), so the verifier and `ACCESS.md` can never disagree. Argument: a service/role name or a host (e.g. `/check-access photoprism`, `/check-access docker01`). ## Prerequisites (this is forward-looking — ADR-021 dependencies) This skill cannot run until these exist; if any is missing, say so and stop — do not improvise around it: - `ubongo` reachable on the mesh **and** the LAN (it runs the probes). - The target host/service is deployed (staging or production inventory). - `roles//` carries `access__*` data (services) / the host baseline applies. - Vault unlocked (`rbw unlocked`) for any token-authenticated API probe. ## Process ### Phase 0 — resolve the target Resolve the argument to a host or a service role + its host. Load the `access__*` data (service) or the host-baseline + break-glass record (host). State what you will probe. ### Phase 1 — probe each declared path | Path | Probe | Green = | |---|---|---| | `wt0` mesh SSH | connect over the mesh, run `true` | reachable + key works | | LAN SSH from `ubongo` | connect via the LAN address, run `true` | reachable + key works | | exec + compose | `docker compose -p ps`; exec `true` in each `access__containers` entry | stack up, exec works | | logs | query Loki for `access__log.loki_labels`, expect recent lines | logs flowing | | admin API | `curl` `access__api.health_path` with the token from `access__api.auth.vault_ref` | 2xx | | break-glass | reachability of the Proxmox/provider console endpoint **only** | console host reachable | Break-glass is **never exercised** — firing a serial console is invasive; confirm the fallback exists, do not drive it. ### Phase 2 — report Emit a pass/fail table. For any red path, name it and the likely cause (e.g. "API token in vault stale", "Alloy not shipping", "`base__firewall_control_addr` unset → no `ssh-from-control` rule"). Verdict line: e.g. "3/4 paths green; admin API red". ## Notes - Read-only and non-destructive — probes confirm reachability, they do not change state. - This is the access analogue of `/verify-service` (ADR-017): designed now, runs when the control node + hosts exist.