boma/docs/superpowers/specs
sjat 3ba22d199a docs(spec): mesh-hardening SPOF — accept single-coordinator SPOF + DNS-resilience pin
Sub-project 3 of the mesh-hardening follow-on. Accepts the single off-site coordinator as a documented availability SPOF (R8 + ADR-016 amendment) given the narrow blast radius (LAN/intra-cluster/local traffic unaffected; only remote relayed mesh access breaks). Hardens the one real gap: a base mesh coordinator-FQDN /etc/hosts pin so managed hosts survive a local-DNS hiccup. Coordinator off-site backup explicitly deferred to an ADR-022 kickoff (no throwaway infra).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-20 10:42:19 +02:00
..
2026-06-01-hardware-capacity-design.md Add hardware reference & capacity-evaluation design spec 2026-06-01 09:59:16 +02:00
2026-06-05-logging-log-integrity-design.md Add design spec for logging + log integrity (ship all to Loki) 2026-06-05 22:03:31 +02:00
2026-06-05-mesh-vpn-netbird-design.md Add design spec for mesh VPN (NetBird self-hosted on askari) 2026-06-05 10:58:35 +02:00
2026-06-05-service-ui-verification-design.md Add design spec for service-UI verification (ADR-008 Level 4) 2026-06-05 13:05:11 +02:00
2026-06-05-ubongo-control-host-design.md Add design spec for ubongo control/AI-worker host 2026-06-05 09:19:02 +02:00
2026-06-06-firewall-strategy-design.md docs(spec): firewall strategy design (TODO 3.5 → ADR-020) 2026-06-06 15:36:24 +02:00
2026-06-06-host-nftables-firewall-design.md docs(spec): host nftables firewall design (ADR-020 build #1) 2026-06-06 18:40:50 +02:00
2026-06-06-tagging-strategy-design.md docs(spec): tagging standard design (TODO 3.7/3.11 → ADR-019) 2026-06-06 09:15:44 +02:00
2026-06-09-operational-access-design.md docs(access): design operational-access doctrine (ADR-021) 2026-06-09 17:10:54 +02:00
2026-06-10-adr-structure-design.md docs(adr): add Proposed lifecycle state; mark ADR-011 Proposed 2026-06-10 14:48:55 +02:00
2026-06-10-backup-strategy-design.md docs(backup): final-review fixes — stateless BACKUP.md, dump-step wording, spec sync 2026-06-10 11:32:06 +02:00
2026-06-11-public-dns-gandi-migration-design.md docs(spec): note project (boma) vs domain (wingu.me) in the naming scheme 2026-06-14 09:47:13 +02:00
2026-06-14-askari-provisioning-design.md docs(spec): M2 — provision askari via Terraform + Hetzner Cloud 2026-06-14 10:12:10 +02:00
2026-06-14-base-ssh-fail2ban-m3-design.md docs(spec,plan): M3 — base ssh hardening + fail2ban 2026-06-14 16:38:38 +02:00
2026-06-14-kaizen-command-design.md docs(spec): /kaizen — kaizen-loop command (TODO 11) 2026-06-14 21:05:09 +02:00
2026-06-14-netbird-coordinator-m4-design.md docs(spec): M4 — NetBird coordinator on askari + Caddy reverse proxy 2026-06-14 17:19:21 +02:00
2026-06-17-m5-mesh-enrollment-design.md docs(spec): M5 mesh-enrollment design (reachability-only) 2026-06-17 15:44:13 +02:00
2026-06-17-mesh-hardening-askari-ssh-wt0-design.md docs(spec): mesh-hardening 1/3 — move askari SSH onto wt0 2026-06-17 20:15:12 +02:00
2026-06-18-local-vm-integration-testing-design.md docs(spec): design local VM integration testing on ubongo (2.4) 2026-06-18 11:35:51 +02:00
2026-06-19-mesh-hardening-askari-redesign-design.md docs(spec): mesh-hardening redesign — askari wt0-primary + WAN break-glass 2026-06-19 16:25:26 +02:00
2026-06-19-mesh-hardening-ubongo-default-deny-design.md docs: ubongo admin-addrs add 10.20.10.17 + flag raw-lease follow-up 2026-06-19 09:26:04 +02:00
2026-06-20-mesh-spof-accept-resilience-design.md docs(spec): mesh-hardening SPOF — accept single-coordinator SPOF + DNS-resilience pin 2026-06-20 10:42:19 +02:00