boma/docs
sjat fd4bbbc977 docs(access): design operational-access doctrine (ADR-021)
Brainstorming spec for ADR-021: operational access as a deployment
deliverable. Two layers (host baseline + per-service), a three-tier
access ladder (mesh SSH -> LAN SSH from ubongo -> console break-glass),
declarative access__* data rendering ACCESS.md and driving a
/check-access verifier. Resolves TODO 3.2 (API access) and 7.2 (host
access); amends ADR-016 (SSH also from ubongo) and ADR-020
(ssh-from-control source).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 17:10:54 +02:00
..
decisions docs(adr): ADR-020 firewall strategy (two-layer + shared catalog) 2026-06-06 15:59:30 +02:00
hardware ADR-012/hardware: add ubongo as physical control node 2026-06-05 09:43:09 +02:00
reviews review-repo: 2026-06-05 report (4 auto-fixed, 12 open) 2026-06-05 18:24:39 +02:00
runbooks Thread the VERIFY.md convention through ADR-004/new-role/README 2026-06-05 18:52:42 +02:00
security accepted-risks: add R4 (no cryptographic WORM for logs) 2026-06-06 07:03:27 +02:00
superpowers docs(access): design operational-access doctrine (ADR-021) 2026-06-09 17:10:54 +02:00
testing Git-ignore verify screenshots; add testing/reviews dir 2026-06-05 13:19:04 +02:00
CAPABILITIES.md docs: record base firewall concern built (ADR-020 host layer) 2026-06-06 19:10:27 +02:00
FRICTION.md docs(friction): record host-nftables build gotchas (iif/iifname, molecule ansible_host, venv PATH, apply-path coverage) 2026-06-06 19:16:21 +02:00
README.md Add architecture decision records and runbooks 2026-05-30 14:10:01 +02:00
TODO.md docs(todo): mark 3.5 firewall strategy decided (ADR-020) 2026-06-06 16:00:01 +02:00

docs/

Project documentation.

  • decisions/ — Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.
  • runbooks/ — step-by-step operational procedures (add a host, add a role, rotate secrets).

For what is actually built vs only designed, see STATUS.md at the repo root — the ADRs describe intent, not necessarily current reality.