From 86bb3559ade429a887c54d98d04450491a91f49c Mon Sep 17 00:00:00 2001 From: sjat Date: Sat, 6 Jun 2026 15:23:58 +0200 Subject: [PATCH] STATUS: record tag standard + enforcement (ADR-019) Co-Authored-By: Claude Opus 4.8 (1M context) --- STATUS.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS.md b/STATUS.md index 24b9682..4c16151 100644 --- a/STATUS.md +++ b/STATUS.md @@ -5,7 +5,7 @@ This repo is partly aspirational: the ADRs in `docs/decisions/` describe the truth. **Before relying on a role, provider, or pipeline existing, check here.** If something is listed as "designed, not built", do not assume it works. -_Last reviewed: 2026-05-30._ +_Last reviewed: 2026-06-06._ ## Real and working today @@ -25,6 +25,7 @@ _Last reviewed: 2026-05-30._ | `/capacity-review` | Works — on-demand capacity evaluation → `docs/hardware/reviews/`. Intent-based (no live usage yet) | | ADR-002 security strategy + `docs/security/{accepted-risks,service-checklist}.md` | Present — threat model, principles, governance frame; checklist + risk register are docs, enforced manually in review | | Service-role standard + per-service `SECURITY.md` convention | Defined (ADR-004 + `docs/security/service-security-template.md`); not yet applied — no service roles exist | +| Tag standard + enforcement (ADR-019) | Works — `tests/tags.yml` (closed vocabulary) + `scripts/check-tags.py` (run by `make lint`, unit-tested): enforces the tag vocabulary and that each role import in a play's `roles:` block carries its role-name tag. Governs mostly-unbuilt roles, but the linter is live now. Proxmox VM tag convention (``, group, `managed-by=terraform`) is in the Terraform HCL but unprovisioned. | ## Scaffolded but empty — NOT implemented