Add a managerial security frame on top of the host baseline: explicit threat model (opportunistic external, lateral movement/blast radius, operator/agent error; supply chain accepted-lower-priority), security principles, and four governance mechanisms that ADR-002 establishes and links out to: - docs/security/service-checklist.md — per-service security bar (referenced from the new-role runbook) - docs/security/accepted-risks.md — living accepted-risk register (R1-R4) - planned /security-review skill (TODO 8.5) - agent guardrails in CLAUDE.md "what Claude must not do" STATUS.md records the frame as present (manual enforcement) and /security-review as planned-not-built. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| decisions | ||
| hardware | ||
| reviews | ||
| runbooks | ||
| security | ||
| superpowers | ||
| FRICTION.md | ||
| README.md | ||
| TODO.md | ||
docs/
Project documentation.
decisions/— Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.runbooks/— step-by-step operational procedures (add a host, add a role, rotate secrets).
For what is actually built vs only designed, see STATUS.md at the repo root —
the ADRs describe intent, not necessarily current reality.