Commit graph

  • 0df24909e3 docs(adr): restructure ADRs 016-018 to ADR-023 conformance sjat 2026-06-10 14:51:51 +02:00
  • 40a428975a docs(adr): restructure ADR-003 to ADR-023 conformance sjat 2026-06-10 14:50:03 +02:00
  • 6d7d27b03b docs(adr): add Proposed lifecycle state; mark ADR-011 Proposed sjat 2026-06-10 14:48:55 +02:00
  • b3ca510380 docs(adr): restructure ADRs 010,011,013 to ADR-023 conformance sjat 2026-06-10 14:43:41 +02:00
  • 44dbd4628f docs(adr): restructure ADRs 006-009 to ADR-023 conformance sjat 2026-06-10 14:41:24 +02:00
  • 188882449d docs(adr): restructure ADRs 001,002,004,005,012,014,015 to ADR-023 conformance sjat 2026-06-10 14:37:52 +02:00
  • 9b1502cf7d docs(adr): register ADR-023 and note adr-structure check sjat 2026-06-10 14:33:55 +02:00
  • a9aab9d040 docs(adr): ADR-023 — ADR structure & lifecycle sjat 2026-06-10 14:32:40 +02:00
  • 3c920ae630 docs(adr): sync plan Task 2 with flat-comment template fix sjat 2026-06-10 14:31:23 +02:00
  • ab14d65aa1 docs(adr): add adr-template.md scaffold (ADR-023) sjat 2026-06-10 14:29:12 +02:00
  • 89179dd7c9 docs(adr): revise spec+plan — full retroactive restructure of 001-018 sjat 2026-06-10 14:28:20 +02:00
  • a3ea0f7d80 feat(review): add adr-structure check to repo-scan sjat 2026-06-10 13:57:42 +02:00
  • ce3319cbed docs(adr): implementation plan + FRICTION signal for ADR structure sjat 2026-06-10 13:55:16 +02:00
  • dfbe37916f docs(adr): design spec for ADR structure & lifecycle (ADR-023) sjat 2026-06-10 13:45:21 +02:00
  • 4116286ed0 feat(hooks): Stop guard blocking the execution-mode menu sjat 2026-06-10 12:51:46 +02:00
  • 91713127cb docs(kaizen): migrate gotchas to docs; curate FRICTION log (2026-06-10 review) sjat 2026-06-10 12:51:39 +02:00
  • 2dbcac11a0 chore(tooling): scope ansible-lint to ansible content; venv PATH in make test sjat 2026-06-10 12:51:30 +02:00
  • 9be4366ac3 feat(backup): backup strategy foundation layer (ADR-022) sjat 2026-06-10 11:32:36 +02:00
  • ed6d5463aa docs(backup): final-review fixes — stateless BACKUP.md, dump-step wording, spec sync sjat 2026-06-10 11:32:06 +02:00
  • 1e85c11ede docs(backup): update hardware ref (ubongo M70q, add fisi) + CAPABILITIES §9 (ADR-022) sjat 2026-06-10 11:24:44 +02:00
  • 5f946ac640 feat(backup): add dormant /check-backup verifier (ADR-022) sjat 2026-06-10 11:22:57 +02:00
  • 01e47d0890 docs(backup): add BACKUP.md step to new-role runbook (ADR-022) sjat 2026-06-10 11:21:56 +02:00
  • 81dac4f28b docs(backup): gate BACKUP.md in service checklist (ADR-022) sjat 2026-06-10 11:20:55 +02:00
  • f3f80443d0 docs(backup): add BACKUP.md template + backup__* contract (ADR-022) sjat 2026-06-10 11:20:01 +02:00
  • f5c97d1f36 docs(backup): record ADR-022; wire into CLAUDE.md, STATUS, TODO sjat 2026-06-10 11:10:52 +02:00
  • da116e1d92 docs(friction): log execution-mode ask (4th occurrence) sjat 2026-06-10 11:06:25 +02:00
  • 2041bd3b70 docs(backup): add foundation-layer implementation plan (ADR-022) sjat 2026-06-10 11:05:17 +02:00
  • eaffd8d900 docs(backup): add backup & DR strategy design (→ ADR-022) sjat 2026-06-10 11:00:01 +02:00
  • 032adf1525 docs(friction): log execution-mode recurrence; fix list de-indents sjat 2026-06-10 08:54:37 +02:00
  • f151e99d04 docs(access): correct ADR-021 governance (runbook+gate, not scaffold) sjat 2026-06-09 17:52:24 +02:00
  • 13f0d482bd docs(access): wire ADR-021 into CLAUDE.md, STATUS, TODO sjat 2026-06-09 17:48:31 +02:00
  • 649925b303 docs(access): gate ACCESS.md in checklist + new-role runbook (ADR-021) sjat 2026-06-09 17:46:51 +02:00
  • 384b94e34b feat(access): add /check-access verifier command (ADR-021, dormant) sjat 2026-06-09 17:45:24 +02:00
  • 0c507bbace feat(base): add ssh-from-control management-plane source (ADR-021) sjat 2026-06-09 17:40:01 +02:00
  • 46d091e82e docs(access): add ACCESS.md service record template sjat 2026-06-09 17:36:28 +02:00
  • f8098c2e15 docs(access): reconcile ADR-016/020 with control-node SSH source (ADR-021) sjat 2026-06-09 17:34:57 +02:00
  • 0fe9e45f57 docs(access): add ADR-021 operational-access doctrine sjat 2026-06-09 17:28:08 +02:00
  • cdbd66410a docs(access): implementation plan for ADR-021 operational access sjat 2026-06-09 17:16:49 +02:00
  • fd4bbbc977 docs(access): design operational-access doctrine (ADR-021) sjat 2026-06-09 17:10:54 +02:00
  • fcfb056591 docs(friction): record host-nftables build gotchas (iif/iifname, molecule ansible_host, venv PATH, apply-path coverage) sjat 2026-06-06 19:16:21 +02:00
  • 402913efb3 fix(base): make rollback snapshot restorable (flush-prefixed) sjat 2026-06-06 19:15:38 +02:00
  • 90683c7912 docs: record base firewall concern built (ADR-020 host layer) sjat 2026-06-06 19:10:27 +02:00
  • 6fb104e934 test(base): molecule verify asserts rendered firewall rules + nft -c sjat 2026-06-06 19:07:24 +02:00
  • b006196cc5 fix(base): confirm firewall apply over a FRESH connection sjat 2026-06-06 19:06:39 +02:00
  • 026a29f609 feat(base): safe nftables apply with systemd-run auto-rollback sjat 2026-06-06 19:03:58 +02:00
  • bca74458fb fix(base): iifname for load-time safety; zone-source molecule fixture sjat 2026-06-06 19:02:50 +02:00
  • eeab5ed8de feat(base): render nftables ruleset from catalog (+ molecule fixture) sjat 2026-06-06 18:57:44 +02:00
  • 7dae93e4e1 fix(base): firewall resolver fails fast on empty/malformed sources; cover hosts: + proto default sjat 2026-06-06 18:56:04 +02:00
  • 4127f8bc6b feat(base): firewall catalog resolver filter plugin + tests sjat 2026-06-06 18:51:10 +02:00
  • 390cd3b335 feat(base): shared firewall catalog/zones + firewall defaults sjat 2026-06-06 18:49:40 +02:00
  • 2486e31f7d feat(base): scaffold role + meta/README (firewall concern incoming) sjat 2026-06-06 18:48:35 +02:00
  • 03329d7d25 docs(plan): host nftables firewall implementation plan sjat 2026-06-06 18:47:48 +02:00
  • d7fbaca554 docs(spec): host nftables firewall design (ADR-020 build #1) sjat 2026-06-06 18:40:50 +02:00
  • 2ad50e4d5b docs(capabilities): note two-layer firewall model (ADR-020) sjat 2026-06-06 16:00:19 +02:00
  • a9287427e3 docs(todo): mark 3.5 firewall strategy decided (ADR-020) sjat 2026-06-06 16:00:01 +02:00
  • e24aab28b2 docs: link ADR-020; harden firewall guardrail to the service catalog sjat 2026-06-06 15:59:47 +02:00
  • d311f67098 docs(adr): ADR-020 firewall strategy (two-layer + shared catalog) sjat 2026-06-06 15:59:30 +02:00
  • 8d1d8a88ea docs(friction): escalate execution-mode prompt; no plan→impl approval gate sjat 2026-06-06 15:57:40 +02:00
  • f700f4a475 docs(plan): firewall strategy ADR-020 landing plan sjat 2026-06-06 15:42:17 +02:00
  • 2a65391c0e docs(spec): firewall strategy design (TODO 3.5 → ADR-020) sjat 2026-06-06 15:36:24 +02:00
  • 86bb3559ad STATUS: record tag standard + enforcement (ADR-019) sjat 2026-06-06 15:23:58 +02:00
  • fac438cc92 fix(tags): recognize name: role key; only check roles: in plays sjat 2026-06-06 15:20:09 +02:00
  • 5aeeb094eb feat(tags): enforce role imports carry their role-name tag sjat 2026-06-06 15:12:48 +02:00
  • 2e5a1e1e23 fix(tags): exclude molecule scenarios from tag scan; clarify ADR enforcement sjat 2026-06-06 09:50:14 +02:00
  • 24b5e9361e docs(tags): ADR-019 + CLAUDE.md/TODO/CAPABILITIES (tagging standard) sjat 2026-06-06 09:42:22 +02:00
  • 9584cc2c76 feat(tags): Proxmox VM metadata convention (managed-by=terraform) sjat 2026-06-06 09:39:19 +02:00
  • 0b59107b33 feat(tags): enforce tag vocabulary in make lint; fix docker_host tag sjat 2026-06-06 09:37:43 +02:00
  • a3ea2aceb2 feat(tags): scan roles/+playbooks/ and fail on unknown tags sjat 2026-06-06 09:33:12 +02:00
  • b45118dac3 feat(tags): checker helpers — tag collection & allowed-set sjat 2026-06-06 09:28:03 +02:00
  • 24397fa280 feat(tags): add allowed-tag vocabulary (tests/tags.yml) sjat 2026-06-06 09:26:20 +02:00
  • 04bfc26422 docs(plan): tagging standard implementation plan (ADR-019) sjat 2026-06-06 09:21:15 +02:00
  • 4ed9e9a8bf docs(spec): tagging standard design (TODO 3.7/3.11 → ADR-019) sjat 2026-06-06 09:15:44 +02:00
  • 9bdb3017bb CLAUDE.md: link ADR-018 (logging) sjat 2026-06-06 07:07:43 +02:00
  • 12baeba750 TODO: mark log management decided (ADR-018); reconcile 3.6 sjat 2026-06-06 07:07:01 +02:00
  • 1021c6d25d STATUS: record logging pipeline + security alerting (ADR-018) sjat 2026-06-06 07:06:06 +02:00
  • c6aa45037d ADR-012: track log-storage allocation + SSD wearout (ADR-018) sjat 2026-06-06 07:05:15 +02:00
  • 687d623a52 CAPABILITIES: Loki decided + Alloy agent + security alerting (ADR-018) sjat 2026-06-06 07:04:26 +02:00
  • 6f68f8b8c5 accepted-risks: add R4 (no cryptographic WORM for logs) sjat 2026-06-06 07:03:27 +02:00
  • 30c6a93c28 ADR-002: make central-logging + alerting controls concrete (ADR-018) sjat 2026-06-06 07:02:32 +02:00
  • 2894319f01 Add ADR-018 (logging and log integrity) sjat 2026-06-06 07:01:36 +02:00
  • 96f8f20c05 Add implementation plan for logging + log integrity (ADR-018) sjat 2026-06-06 06:59:58 +02:00
  • 8eb5ccf97d Add design spec for logging + log integrity (ship all to Loki) sjat 2026-06-05 22:03:31 +02:00
  • 568729e7bd repo-scan: cut broken-path-ref + marker false positives sjat 2026-06-05 20:37:40 +02:00
  • db76be2a63 review-repo: clear O7-O12 clarity items sjat 2026-06-05 19:28:07 +02:00
  • 8e4bf3dd88 ADR-006/014: clear two stale labels sjat 2026-06-05 18:55:17 +02:00
  • d8afa94c4b Name and propagate the offsite_hosts inventory group (askari) sjat 2026-06-05 18:54:54 +02:00
  • f0d189ca09 Thread the VERIFY.md convention through ADR-004/new-role/README sjat 2026-06-05 18:52:42 +02:00
  • 3dd03d4198 review-repo: 2026-06-05 report (4 auto-fixed, 12 open) sjat 2026-06-05 18:24:39 +02:00
  • 666ad42634 review-repo: fix DNS-write contradictions + stale control-node/template refs sjat 2026-06-05 18:23:16 +02:00
  • f566fd17eb review-repo: add stale-deferred check for ADR Deferred entries sjat 2026-06-05 18:13:49 +02:00
  • 66d11cc352 FRICTION: stale-deferred-item pattern recurred a 3rd time — build the check sjat 2026-06-05 18:06:26 +02:00
  • d5c62c99ad STATUS/ADR-015: mark the three deferred design threads resolved sjat 2026-06-05 18:01:14 +02:00
  • 91d851fe4d TODO: mark headless-browsing + test-user standard decided (ADR-017) sjat 2026-06-05 13:20:40 +02:00
  • 01e4f96983 STATUS: record Level 4 service-UI verification (ADR-017) sjat 2026-06-05 13:19:53 +02:00
  • eb415db96e Git-ignore verify screenshots; add testing/reviews dir sjat 2026-06-05 13:19:04 +02:00
  • 920e47b50d CLAUDE.md: VERIFY.md role convention; link ADR-017 sjat 2026-06-05 13:18:07 +02:00
  • 22c0747c0b service-checklist: add Level 4 UI verification to the gate sjat 2026-06-05 13:17:16 +02:00
  • 25f04002df Add /verify-service skill for Level 4 UI verification (ADR-017) sjat 2026-06-05 13:16:25 +02:00
  • 05abb3b6a5 Add VERIFY.md template for service-UI acceptance (ADR-017) sjat 2026-06-05 13:15:13 +02:00
  • 2df1f98153 ADR-008: expand Level 4 into the verify-service harness (ADR-017) sjat 2026-06-05 13:14:12 +02:00