boma/docs/reviews/2026-05-30-review.md

99 lines
5.3 KiB
Markdown
Raw Permalink Normal View History

# Repo review — 2026-05-30
- **Reviewed commit:** `de38d1c`
- **Mode:** on-demand (interactive); safe fixes applied, rest reported.
- **Method:** `scripts/repo-scan.py` (Phase 0) + 3 fan-out reviewers (consistency,
drift/cruft, conformance) + cross-cutting synthesis.
## Summary
| | high | medium | low | total |
|---|---|---|---|---|
| Auto-fixed | 2 | 3 | 2 | 7 |
| Open (reported) | 4 | 4 | 9 | 17 |
Dominant theme: **drift created by this session's own rapid changes** — residual
`.vault_pass` references after the Vaultwarden/rbw switch, and leftover
PR/merge-request language after going trunk-based.
## Auto-fixes applied (safe + obvious)
| File | Fix |
|---|---|
| `README.md` | `terraform/` tree comment: "infra DNS" → "no DNS" |
| `docs/decisions/003-toolchain.md` | closing line: "and infrastructure DNS" → "only (no DNS)" |
| `STATUS.md` | hosts.yml row: "commented examples" → "structured stubs with empty host maps" |
| `CLAUDE.md` | don't-modify bullet generalised `production``<env>` |
| `docs/runbooks/new-role.md` | "open PR / merge request" → "merge to main once make test passes" |
| `CONTRIBUTING.md` | "Before opening a merge request" → "Before committing or merging to main" |
| `scripts/README.md` | documented the 3 undocumented scripts |
Also hardened `scripts/repo-scan.py` itself: the marker check no longer matches
filenames like `TODO.md`, and path-ref checks only fire inside backticks/links (no
prose false positives).
## Open findings
### Secrets — residual `.vault_pass` references (reported, not auto-fixed: secrets-adjacent)
- **[high] R1** `docs/decisions/005-bootstrapping.md:64-65` — control-node setup still
says `cp /secure/location/.vault_pass …`. Replace with the rbw setup (ADR-002,
rotate-secrets runbook).
- **[high] R2** `docs/runbooks/new-host.md:6` — prerequisite "you have the vault
password (`.vault_pass`)". → "rbw installed and unlocked".
- **[high] R3** `docs/runbooks/new-host.md:129-130` — "place `.vault_pass`" step →
rbw unlock.
- **[medium] R4** `CONTRIBUTING.md:32-33` — secrets section describes `.vault_pass`
secure-channel sharing → point to rbw/Vaultwarden.
- **[medium] R5** `AGENTS.md:16` — "Never read/print/commit `.vault_pass`" names a
file that no longer exists → reword to the rbw flow.
### Workflow model — trunk-based vs PR/approval-gates (judgement)
- **[high] R6** `docs/decisions/003-toolchain.md` (CI/CD) & `docs/decisions/008-testing.md`
(CI pipeline) describe pull-requests-to-main + manual approval gates, contradicting
the trunk-based, no-MR model in CLAUDE.md/CONTRIBUTING. Decide: keep *deploy*
approval gates (reasonable even solo) but drop the PR framing, or fully reconcile.
- **[medium] R7** `CLAUDE.md:151` — "Push to `main` branch" listed as forbidden,
contradicting the trunk-based "commit straight to main" policy a few lines above.
### Roles not in git (judgement)
- **[high] R8** `roles/``base` and `docker_host` are empty dirs on disk and **not
tracked by git** (empty dirs aren't committed). A fresh clone has neither, so
`make deploy PLAYBOOK=site` would **error** (role-not-found), not "apply nothing"
as STATUS.md:29-30 says. Decide: scaffold them (`make new-role`) or correct the docs.
### Terraform correctness
- **[medium] R9** module `vlan_tag` is never passed by either environment → VMs land
on untagged `vmbr0`, contradicting ADR-007's srv VLAN. Wire `vlan_tag` through.
- **[low] R10** `<owner>/<repo>` placeholders unresolved in `backend.tf` (×2),
Makefile `MOLECULE_IMAGE`, `.scaffold/molecule.yml` — non-functional as committed.
### Scaffolding (new-role)
- **[medium] R11** `make new-role` copies `.scaffold/converge.yml` with literal
`ROLE_NAME_PLACEHOLDER`, never substituted → scaffolded molecule references a
non-existent role. Sed-substitute `NAME` or document the manual step.
- **[low] R12** `Makefile:154` writes the role README via `echo "…\n…"`; `\n` isn't
expanded in `sh` → literal `\n`. Use `printf`.
### Other consistency / drift
- **[low] R13** `CLAUDE.md:93` — group_vars tree lists `control/`, which doesn't exist
on disk. Create it or drop the line.
- **[low] R14** `docs/decisions/006-terraform.md:40` — "No Galaxy roles." reused in the
Terraform section (an Ansible-collections concept). Reword.
- **[low] R15** `docs/decisions/001-architecture.md:22` — DNS row reads as present-tense
reality though the `dns` role is unbuilt (per STATUS.md). Add a "planned" pointer.
- **[low] R16** `docs/decisions/001-architecture.md:42` — "monitoring agent" in the
Proxmox baseline isn't reflected in ADR-002's baseline. Align.
- **[low] R17** `playbooks/bootstrap.yml:12-16` — raw python-install task hardcodes
`changed_when: false` → never reports a change. Consider an honest `changed_when`.
## Suggested follow-up prompt
> Remediate the boma 2026-05-30 review (`docs/reviews/2026-05-30-review.md`):
> 1. Purge the residual `.vault_pass` references R1R5 → the rbw/Vaultwarden flow.
> 2. Decide the workflow model R6R7 — I lean "keep deploy approval gates, drop the
> PR/merge-request framing"; reconcile ADR-003/008 and CLAUDE.md to match.
> 3. Resolve R8 — scaffold `base`/`docker_host` via `make new-role`, or correct
> STATUS.md/roles/README.md to say the roles don't exist yet.
> 4. Fix the Terraform `vlan_tag` wiring (R9).
> Report on the rest.