left4me

History

mwiegand 81dc29a9c3 spec(hardening-refactor): revise design — inline-in-reactor, defer drop-in reshape Going back to the inline-in-reactor shape: hardening directives land in ckn-bw's systemd_units reactor as shared Python dicts (HARDENING_COMMON + HARDENING_SERVER + HARDENING_WEB), spread into each unit's Service block. Educational reference units in deploy/files/.../*.service stay and get per-directive comments. Operator discipline hand-syncs the reference to the reactor; no CI drift test. The broader responsibility reshape — hardening drop-ins living in left4me with ckn-bw as a thin file-shipper — is worth pursuing as a separate dedicated session, not bundled into this refactor. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 14:16:02 +02:00
..
plans	spec(deploy-dir-rethink): plan + mark adjacent specs resolved	2026-05-15 12:05:53 +02:00
specs	spec(hardening-refactor): revise design — inline-in-reactor, defer drop-in reshape	2026-05-15 14:16:02 +02:00

spec(hardening-refactor): revise design — inline-in-reactor, defer drop-in reshape

Going back to the inline-in-reactor shape: hardening directives land in
ckn-bw's systemd_units reactor as shared Python dicts (HARDENING_COMMON
+ HARDENING_SERVER + HARDENING_WEB), spread into each unit's Service
block. Educational reference units in deploy/files/.../*.service stay
and get per-directive comments. Operator discipline hand-syncs the
reference to the reactor; no CI drift test.

The broader responsibility reshape — hardening drop-ins living in
left4me with ckn-bw as a thin file-shipper — is worth pursuing as a
separate dedicated session, not bundled into this refactor.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 14:16:02 +02:00

plans

spec(deploy-dir-rethink): plan + mark adjacent specs resolved

2026-05-15 12:05:53 +02:00

specs

spec(hardening-refactor): revise design — inline-in-reactor, defer drop-in reshape

2026-05-15 14:16:02 +02:00