sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/docs
History
sjat cc772ff845 docs(adr/security): record claude NOPASSWD sudo model (ADR-015 amend + R7) 
The integration-testing shakedown reversed ADR-015's "no local sudo" sub-decision:
the claude AI-worker now has NOPASSWD:ALL sudo on ubongo — without it, virsh,
nft, and journalctl all block during VM diagnosis. Compensating controls:
password-locked account, auditd/Loki attribution, repo-managed revocable drop-in.

ADR-015: dated amendment note in Status + expanded AI-worker identity section.
ADR-021: new §Sudo model (amendment 2026-06-18) — claude=NOPASSWD, sjat=password
required; former sjat NOPASSWD drop-in removed 2026-06-18 (least-privilege cleanup).
accepted-risks.md: R7 added (claude NOPASSWD:ALL on ubongo); last-reviewed updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 21:39:20 +02:00
..
access docs(access): correct ADR-021 governance (runbook+gate, not scaffold) 2026-06-09 17:52:24 +02:00
backup docs(backup): add BACKUP.md template + backup__* contract (ADR-022) 2026-06-10 11:20:01 +02:00
decisions docs(adr/security): record claude NOPASSWD sudo model (ADR-015 amend + R7) 2026-06-18 21:39:20 +02:00
hardware docs: wire ADR-025 into testing/control-host/risks/status/capacity 2026-06-18 12:51:22 +02:00
reviews docs(review): 2026-06-14 repo audit — M4a doc drift + Traefik→Caddy lag 2026-06-14 18:37:54 +02:00
runbooks docs(runbook): integration-testing runbook + pre-flight cross-links 2026-06-18 12:59:06 +02:00
security docs(adr/security): record claude NOPASSWD sudo model (ADR-015 amend + R7) 2026-06-18 21:39:20 +02:00
superpowers docs(plan): implementation plan for local VM integration testing (2.4) 2026-06-18 11:56:04 +02:00
testing docs(kaizen): bind-mount gotcha + consume 7 signals into the ledger (2026-06-17) 2026-06-17 17:50:17 +02:00
CAPABILITIES.md docs: reconcile 2026-06-14 review findings (O1-O7,O18,O22) 2026-06-14 19:06:33 +02:00
FRICTION.md docs(friction): capture 9 signals from the ADR-025 harness shakedown 2026-06-18 16:30:13 +02:00
README.md docs: reconcile lower-severity review findings (O9-O24) 2026-06-14 19:31:40 +02:00
ROADMAP.md docs(roadmap): Phase 1 complete — point Next step at mesh-hardening follow-on 2026-06-17 18:39:08 +02:00
TODO.md docs(todo): local VM integration testing (2.4) + screenshot hand-off (10.8) 2026-06-17 22:27:26 +02:00

README.md

docs/

Project documentation.

  • decisions/ — Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.
  • runbooks/ — step-by-step operational procedures (add a host, add a role, rotate secrets).
  • security/ — security baseline, accepted-risk register, per-service checklist + template (ADR-002/004).
  • testing/ — testing methodology artifacts + the VERIFY.md template (ADR-008/017).
  • access/ — operational-access doctrine + the ACCESS.md template (ADR-021).
  • backup/ — backup doctrine + the BACKUP.md template (ADR-022).
  • hardware/ — capacity reference + /capacity-review output (ADR-012).
  • reviews//review-repo audit trail.
  • CAPABILITIES.md / ROADMAP.md / TODO.md / FRICTION.md — what boma does, the build order, the backlog, and recurring-friction notes.

For what is actually built vs only designed, see STATUS.md at the repo root — the ADRs describe intent, not necessarily current reality.