boma/docs/superpowers/specs
sjat cff368ece2 docs(spec,plan): M3 — base ssh hardening + fail2ban
ADR-002 baseline (key-only, no root, fail2ban 5/1h) as two base task files under
the existing 'hardening' concern tag; applied to askari by tag (NOT the host
firewall — that's mesh-gated to avoid lockout; Hetzner Cloud Firewall is the
perimeter until M5). NetBird agent deferred to M4. Adds a LIMIT=/TAGS= passthrough
to make check/deploy.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 16:38:38 +02:00
..
2026-06-01-hardware-capacity-design.md Add hardware reference & capacity-evaluation design spec 2026-06-01 09:59:16 +02:00
2026-06-05-logging-log-integrity-design.md Add design spec for logging + log integrity (ship all to Loki) 2026-06-05 22:03:31 +02:00
2026-06-05-mesh-vpn-netbird-design.md Add design spec for mesh VPN (NetBird self-hosted on askari) 2026-06-05 10:58:35 +02:00
2026-06-05-service-ui-verification-design.md Add design spec for service-UI verification (ADR-008 Level 4) 2026-06-05 13:05:11 +02:00
2026-06-05-ubongo-control-host-design.md Add design spec for ubongo control/AI-worker host 2026-06-05 09:19:02 +02:00
2026-06-06-firewall-strategy-design.md docs(spec): firewall strategy design (TODO 3.5 → ADR-020) 2026-06-06 15:36:24 +02:00
2026-06-06-host-nftables-firewall-design.md docs(spec): host nftables firewall design (ADR-020 build #1) 2026-06-06 18:40:50 +02:00
2026-06-06-tagging-strategy-design.md docs(spec): tagging standard design (TODO 3.7/3.11 → ADR-019) 2026-06-06 09:15:44 +02:00
2026-06-09-operational-access-design.md docs(access): design operational-access doctrine (ADR-021) 2026-06-09 17:10:54 +02:00
2026-06-10-adr-structure-design.md docs(adr): add Proposed lifecycle state; mark ADR-011 Proposed 2026-06-10 14:48:55 +02:00
2026-06-10-backup-strategy-design.md docs(backup): final-review fixes — stateless BACKUP.md, dump-step wording, spec sync 2026-06-10 11:32:06 +02:00
2026-06-11-public-dns-gandi-migration-design.md docs(spec): note project (boma) vs domain (wingu.me) in the naming scheme 2026-06-14 09:47:13 +02:00
2026-06-14-askari-provisioning-design.md docs(spec): M2 — provision askari via Terraform + Hetzner Cloud 2026-06-14 10:12:10 +02:00
2026-06-14-base-ssh-fail2ban-m3-design.md docs(spec,plan): M3 — base ssh hardening + fail2ban 2026-06-14 16:38:38 +02:00