boma/docs/decisions
sjat f338bccd46 Expand ADR-002 into a security baseline + strategy
Add a managerial security frame on top of the host baseline: explicit threat
model (opportunistic external, lateral movement/blast radius, operator/agent
error; supply chain accepted-lower-priority), security principles, and four
governance mechanisms that ADR-002 establishes and links out to:

- docs/security/service-checklist.md — per-service security bar (referenced
  from the new-role runbook)
- docs/security/accepted-risks.md — living accepted-risk register (R1-R4)
- planned /security-review skill (TODO 8.5)
- agent guardrails in CLAUDE.md "what Claude must not do"

STATUS.md records the frame as present (manual enforcement) and /security-review
as planned-not-built.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 14:39:51 +02:00
..
001-architecture.md Reconcile CI to trunk-based; mark base/docker_host not-built (R6-R8,R15-R16) 2026-05-30 19:32:37 +02:00
002-security.md Expand ADR-002 into a security baseline + strategy 2026-06-04 14:39:51 +02:00
003-toolchain.md Reconcile CI to trunk-based; mark base/docker_host not-built (R6-R8,R15-R16) 2026-05-30 19:32:37 +02:00
004-docker-model.md Add architecture decision records and runbooks 2026-05-30 14:10:01 +02:00
005-bootstrapping.md Purge residual .vault_pass references (review R1-R5) 2026-05-30 19:17:25 +02:00
006-terraform.md Use local Terraform state; drop unworkable Forgejo HTTP backend (R10b) 2026-05-30 21:34:05 +02:00
007-network.md Correct Forgejo host to forgejo.nyumbani.baobab.band 2026-05-30 18:16:38 +02:00
008-testing.md Fix Forgejo registry path to owner/image format (review R10a) 2026-05-30 21:34:02 +02:00
009-provisioning-handoff.md Correct Forgejo host to forgejo.nyumbani.baobab.band 2026-05-30 18:16:38 +02:00
010-forgejo-ci.md Record the Vaultwarden item name for the Forgejo token in ADR-010 2026-05-30 21:35:24 +02:00
012-hardware-capacity.md Note latest.md report mirror in ADR-012 2026-06-01 10:40:16 +02:00