{ "date": "2026-06-05", "reviewed_commit": "f566fd1", "fixes_commit": "666ad42", "mode": "on-demand", "counts": { "auto_fixed": 4, "open": 12, "scan": {"broken-path-ref": 14, "marker": 35, "open-deferred-item": 6, "stale-deferred": 0} }, "auto_fixed": [ {"id": "AF1", "dimension": "consistency", "severity": "high", "location": "docs/decisions/005-bootstrapping.md:36; docs/runbooks/new-host.md:62,71", "description": "Terraform 'writes the host's DNS A record' contradicts ADR-009 (dns role owns the zone)", "fix": "removed the DNS-write clause; noted Terraform writes no DNS records", "tag": "recurring"}, {"id": "AF2", "dimension": "consistency", "severity": "high", "location": "docs/decisions/005-bootstrapping.md:8", "description": "control node described as cloned from the cloud-init template; ADR-015 makes ubongo physical", "fix": "control node is a physical box installed directly, not cloned (ADR-015)", "tag": "new"}, {"id": "AF3", "dimension": "consistency", "severity": "low", "location": "CLAUDE.md:197", "description": "Further reading missing the VERIFY.md template row", "fix": "added docs/testing/service-verify-template.md row", "tag": "new"}, {"id": "AF4", "dimension": "cruft", "severity": "low", "location": "docs/TODO.md:79", "description": "typos: 'we we', 'seperate'", "fix": "corrected to 'we' and 'separate'", "tag": "new"} ], "open": [ {"id": "O1", "dimension": "consistency", "severity": "medium", "location": "docs/decisions/004-docker-model.md", "description": "service-role standard file table lists SECURITY.md but not VERIFY.md (ADR-017/CLAUDE.md:85 mandate it)", "suggested_fix": "add a VERIFY.md row to ADR-004's file table", "tag": "new"}, {"id": "O2", "dimension": "consistency", "severity": "medium", "location": "docs/runbooks/new-role.md", "description": "no step to write VERIFY.md for service roles; STATUS.md:17 'runbooks reconciled' now overstated", "suggested_fix": "add a VERIFY.md step mirroring the SECURITY.md step", "tag": "new"}, {"id": "O3", "dimension": "cruft", "severity": "low", "location": "README.md:58-60,94", "description": "ADR list stops at 001-009; docs/ tree omits security/, testing/, hardware/", "suggested_fix": "extend ADR list + docs/ subtree", "tag": "new"}, {"id": "O4", "dimension": "consistency", "severity": "medium", "location": "CLAUDE.md:106; docs/decisions/009-provisioning-handoff.md:78; scripts/tf_to_inventory.py:24", "description": "ADR-016 says askari gets its own inventory group but none is named; valid-groups set excludes it", "suggested_fix": "name the group; add to host-groups + ADR-009 valid groups", "tag": "new"}, {"id": "O5", "dimension": "consistency", "severity": "medium", "location": "docs/decisions/006-terraform.md:78", "description": "backend.tf labelled 'Forgejo state backend' contradicts ADR-006's own local-state section", "suggested_fix": "relabel to local state backend (no remote backend)", "tag": "new"}, {"id": "O6", "dimension": "drift", "severity": "medium", "location": "docs/decisions/014-knowledge-sourcing.md:88", "description": "plugin reproducibility described as open, but TODO 10.7 is DONE", "suggested_fix": "update to resolved state; drop the forward-pointer", "tag": "new"}, {"id": "O7", "dimension": "consistency", "severity": "low", "location": "docs/decisions/011-update-management.md:128", "description": "ruled-out 'Digest-pinning the stateful tier' contradicts Decision #2 (adopts tag@digest); ADR-011 is draft", "suggested_fix": "remove/replace the ruled-out row when accepting ADR-011 (TODO 16)", "tag": "new"}, {"id": "O8", "dimension": "consistency", "severity": "low", "location": "docs/decisions/003-toolchain.md:85; docs/decisions/010-forgejo-ci.md:66", "description": "'act_runner on control node or a dedicated runner VM' ambiguous vs ADR-015", "suggested_fix": "name ubongo as runner host; cross-ref ADR-015", "tag": "new"}, {"id": "O9", "dimension": "consistency", "severity": "low", "location": "docs/decisions/008-testing.md:148", "description": "WireGuard Molecule-exclusion row framed for retired OPNsense VLAN-99 WireGuard", "suggested_fix": "reframe to NetBird wt0 data plane (ADR-016)", "tag": "new"}, {"id": "O10", "dimension": "consistency", "severity": "low", "location": "docs/decisions/011-update-management.md:67", "description": "cross-refs 'scheduled_jobs plan and ADR-010'; ADR-010 has no such plan (TODO 8.3)", "suggested_fix": "point to TODO 8.3", "tag": "new"}, {"id": "O11", "dimension": "consistency", "severity": "low", "location": "docs/CAPABILITIES.md", "description": "no row for the /verify-service (Level 4) capability decided in ADR-017", "suggested_fix": "add an Operations row for /verify-service", "tag": "new"}, {"id": "O12", "dimension": "cruft", "severity": "low", "location": "docs/TODO.md:30", "description": "item 3.10 is garbled/unfollowable", "suggested_fix": "rewrite clearly or strike", "tag": "new"} ], "scan_noise": [ "broken-path-ref x14: illustrative report-name templates (YYYY-MM-DD-.md) and not-yet-created latest.md files; scanner stops at the boundary", "marker x35: mostly prose references to TODO.md items, not code markers", "open-deferred-item x6: all confirmed genuinely open (ADR-011 #1-5, ADR-015 #3); 0 stale-deferred" ] }