sjat

0 followers · 0 following

• Joined on 2026-03-22

Repositories

2

Projects Packages Public activity Starred repositories

sjat pushed to main at sjat/boma 2026-06-20 12:01:31 +02:00

d1c3eb681a docs(status): coordinator-FQDN pin applied + live on ubongo (2026-06-20)

sjat pushed to main at sjat/boma 2026-06-20 11:42:52 +02:00

1299eef6ea Merge feat/mesh-spof-resilience: accept mesh SPOF (R8) + coordinator DNS-resilience pin

0030b45bbd docs(adr-016): soften the second stale off-site-backup claim (R8 consistency)

a483f4e55c fix: address whole-branch review (anchor pin regexp, ADR-016 backup note, verify comment)

c09b7fe6a5 docs(security): accept the single-coordinator mesh SPOF (R8) + ADR-016 availability amendment

74e54b359b fix(base): confine /etc/hosts unsafe-write fallback to the Docker Molecule env

Compare 6 commits »

sjat pushed to main at sjat/boma 2026-06-20 10:49:27 +02:00

0286c78f36 docs(plan): mesh-hardening SPOF — accept + DNS-resilience implementation plan

sjat pushed to main at sjat/boma 2026-06-20 10:42:36 +02:00

3ba22d199a docs(spec): mesh-hardening SPOF — accept single-coordinator SPOF + DNS-resilience pin

sjat pushed to main at sjat/boma 2026-06-20 09:22:41 +02:00

f10fe8bb60 docs(status): mesh-hardening askari redesign applied + live reboot-validated (2026-06-20)

dfc64da2eb feat(makefile): add EXTRA passthrough to check/deploy for ad-hoc ansible args

Compare 2 commits »

sjat pushed to main at sjat/boma 2026-06-19 22:47:04 +02:00

0194865437 Merge feat/mesh-hardening-askari-redesign: askari INPUT-only redesign + reboot gate

d6e80990b2 fix(integration): real wait_for_ip arp-fallback test + document substrate coverage gap

d1941c987e feat(integration_test): Ansible-manage virbr-boma nftables input allow

dc5cc8933f fix(harness): fall back to --source arp for VM IP discovery (no leaseshelper)

4933186d31 docs(friction): task-3 integration-gate findings (dnsmasq, nftables, hostname)

Compare 10 commits »

sjat deleted branch feat/mesh-hardening-askari-redesign from sjat/boma 2026-06-19 22:47:04 +02:00

sjat pushed to feat/mesh-hardening-askari-redesign at sjat/boma 2026-06-19 22:41:15 +02:00

d6e80990b2 fix(integration): real wait_for_ip arp-fallback test + document substrate coverage gap

sjat pushed to feat/mesh-hardening-askari-redesign at sjat/boma 2026-06-19 22:32:38 +02:00

d1941c987e feat(integration_test): Ansible-manage virbr-boma nftables input allow

dc5cc8933f fix(harness): fall back to --source arp for VM IP discovery (no leaseshelper)

Compare 2 commits »

sjat created branch feat/mesh-hardening-askari-redesign in sjat/boma 2026-06-19 19:16:49 +02:00

sjat pushed to feat/mesh-hardening-askari-redesign at sjat/boma 2026-06-19 19:16:49 +02:00

4933186d31 docs(friction): task-3 integration-gate findings (dnsmasq, nftables, hostname)

9f0626040b docs(todo): add note on ubongo↔cluster network topology question

8ca42c389c fix(integration): fix VM boot: hostname, netplan, known_hosts handling

1042f161b6 test(integration): askari_inputonly — INPUT-only default-deny reboot gate

d9b8676fce feat(inventory): askari INPUT-only firewall + WAN break-glass + manage over wt0

Compare 6 commits »

sjat pushed to main at sjat/boma 2026-06-19 17:11:03 +02:00

61cbcc6c18 docs(friction): re-asked settled defaults (push + subagent-driven) at plan->execute handoff

6be758bece docs(plan): mesh-hardening redesign — askari implementation plan

a178729587 docs(spec): mesh-hardening redesign — askari wt0-primary + WAN break-glass

ef5e049e9b docs(status): mesh-hardening 2/3 — ubongo reboot-validated

Compare 4 commits »

sjat pushed to main at sjat/boma 2026-06-19 15:34:33 +02:00

215060bac1 Merge feat/mesh-hardening-ubongo: ubongo INPUT-only default-deny (mesh-hardening 2/3)

fa2c4c6368 docs(status): mesh-hardening 2/3 — ubongo INPUT-only default-deny applied

a881185c73 docs(friction): base firewall flush wipes Docker nat (cutover finding)

180af46879 docs(friction): log the Molecule input_only-accept coverage gap

8d8c86fa39 docs(friction): VM-testing standard + libvirt stale-session gotcha

Compare 13 commits »

sjat deleted branch feat/mesh-hardening-ubongo from sjat/boma 2026-06-19 15:34:33 +02:00

sjat created branch feat/mesh-hardening-ubongo in sjat/boma 2026-06-19 10:41:42 +02:00

sjat pushed to feat/mesh-hardening-ubongo at sjat/boma 2026-06-19 10:41:42 +02:00

180af46879 docs(friction): log the Molecule input_only-accept coverage gap

8d8c86fa39 docs(friction): VM-testing standard + libvirt stale-session gotcha

468f8c3a92 fix(integration): match live nft priority filter in the ubongo verify

26bb7e442d fix(integration): pin system python for virt-install (venv PATH hijack)

6ac5afaf67 test(integration): add the 'be ubongo' profile (input-only default-deny)

Compare 10 commits »

sjat pushed to main at sjat/boma 2026-06-18 22:30:49 +02:00

77a20b8d40 docs(runbook): netbird-client mesh-drop / DNS troubleshooting

sjat pushed to main at sjat/boma 2026-06-18 21:57:22 +02:00

a23ecd708d Merge feat/integration-testing: local VM integration testing (ADR-025, TODO 2.4)

bc8592616b fix: address final whole-branch review findings

d7bd31babb docs(adr/status): integration-testing harness RED→GREEN validated (ADR-025)

cc772ff845 docs(adr/security): record claude NOPASSWD sudo model (ADR-015 amend + R7)

3fe6f68316 feat(base): codify AI-worker NOPASSWD sudo (ADR-015 amended)

Compare 37 commits »

sjat pushed to main at sjat/boma 2026-06-17 22:27:27 +02:00

69faaf5e43 docs(todo): local VM integration testing (2.4) + screenshot hand-off (10.8)

sjat pushed to main at sjat/boma 2026-06-17 22:21:20 +02:00

958e35e3c3 docs(friction): capture 6 signals from the mesh-hardening 1/3 incident