diff --git a/README.md b/README.md index 09c734a..83474be 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,11 @@ See `Makefile` for the full list of targets. │ ├── docs/ │ ├── decisions/ # Architecture decision records (ADRs) -│ └── runbooks/ # Step-by-step operational procedures +│ ├── runbooks/ # Step-by-step operational procedures +│ ├── security/ # Per-service security checklist + templates + accepted risks +│ ├── testing/ # VERIFY.md template + service-UI verification reports +│ ├── hardware/ # Physical capacity reference + reviews +│ └── reviews/ # /review-repo reports │ ├── inventories/ │ ├── production/ # Live hosts — edit carefully @@ -92,6 +96,17 @@ See `Makefile` for the full list of targets. - Network topology: `docs/decisions/007-network.md` - Testing methodology: `docs/decisions/008-testing.md` - Terraform ↔ Ansible handoff: `docs/decisions/009-provisioning-handoff.md` +- Forgejo & CI: `docs/decisions/010-forgejo-ci.md` +- Update management: `docs/decisions/011-update-management.md` +- Hardware & capacity: `docs/decisions/012-hardware-capacity.md` +- Heritage / V4 policy: `docs/decisions/013-heritage-v4.md` +- Sourcing technical knowledge: `docs/decisions/014-knowledge-sourcing.md` +- Control / AI-worker host (`ubongo`): `docs/decisions/015-control-host.md` +- Mesh VPN (NetBird): `docs/decisions/016-mesh-vpn.md` +- Service-UI verification (Level 4): `docs/decisions/017-service-ui-verification.md` + +(CLAUDE.md carries the full cross-referenced table, including the runbooks and +security/testing docs.) ## Contributing diff --git a/docs/decisions/004-docker-model.md b/docs/decisions/004-docker-model.md index 2d18b31..e1cd147 100644 --- a/docs/decisions/004-docker-model.md +++ b/docs/decisions/004-docker-model.md @@ -42,6 +42,7 @@ below). Each service role contains a standard set of files: | `defaults/main.yml` | Tuneables, `rolename__` namespace | | `README.md` | Purpose, variables, usage (role convention) | | `SECURITY.md` | Per-service security record — see ADR-002 and `docs/security/service-security-template.md` | +| `VERIFY.md` | Per-service UI acceptance spec — see ADR-008 Level 4 / ADR-017 and `docs/testing/service-verify-template.md` | | `meta/main.yml`, `molecule/default/` | Metadata + Debian 13 test scenario | ### Standard deploy mechanics diff --git a/docs/runbooks/new-role.md b/docs/runbooks/new-role.md index 4e133a4..9fdcde8 100644 --- a/docs/runbooks/new-role.md +++ b/docs/runbooks/new-role.md @@ -82,7 +82,16 @@ service clears the security bar — record any conscious deviation in manual in review today, with the planned `/security-review` aggregating every `roles/*/SECURITY.md` to automate it. -### 10. Commit +### 10. Write the per-service verification spec (services) + +For a **service** role, copy `docs/testing/service-verify-template.md` to +`roles//VERIFY.md` and fill it in: the critical user journeys that define +"working" for this service, what good looks like, what is not browser-verifiable +(→ manual handoff), and the test data needed. This is the per-service backbone for the +Level 4 `/verify-service` check (ADR-008 / ADR-017) and is part of the pre-production +service-clearance gate (`docs/security/service-checklist.md`). + +### 11. Commit ```bash git checkout -b role/