3eb7fd9f95
docs: align SDD / REQUIREMENTS / SPEC v0.0.3 with closed open issues
...
ARCHITECTURE.md -> 0.0.3
REQUIREMENTS.md -> 0.0.2
SPEC.md -> 0.0.2
Closed OI-01 through OI-06 with concrete decisions:
- OI-01: Encryption at rest delegated to hardware-host (no OS-level LUKS,
no column-level). Compliance intent preserved at infrastructure layer.
- OI-02: Argon2id starting parameters m=64MiB, t=3, p=1; 250-500 ms
login-latency budget on Intel Xeon 4c/16GB; calibration recorded in
system_config at deploy time.
- OI-03: JWT signing = EdDSA/Ed25519; 90-day key rotation with 24-hour
overlap; web holds signing key, worker holds verifying key only.
- OI-04: CIDR scan concurrency = 128, per-host timeout = 1.5 s; /22 across
sites completes under 10 s; progress UI + cancel required.
- OI-05: PDF stack = printpdf + plotters (in-process, no sidecar);
charts required; no branding; no digital signatures.
- OI-06: /status/health = minimal unauthenticated liveness;
/api/v1/status/fleet = authenticated fleet aggregates.
Added architecture decisions:
- AD-15: Web UI TLS certificate strategy (self-signed from internal CA
by default; operator may supply external cert)
- AD-16: Azure SSO + SMTP runtime configuration via Settings GUI with
test-connection actions
- AD-17: PDF generation via printpdf + plotters
- AD-18: IP whitelist enforcement at every listener
Added FR-07 (System Configuration) in REQUIREMENTS.md covering Azure
SSO GUI, SMTP GUI, polling-interval tuning, Web UI TLS strategy,
and IP whitelist management.
SDD review pass also added (from v0.0.2):
- IEEE 1016-aligned structure (Introduction, Stakeholders, Design
Rationale, Risks, Open Issues, Glossary, References, Revision History)
- Portable ASCII diagrams; split into Context/Logical/Deployment/Process
views
- Explicit WebSocket ticket authentication flow
- Rollback data flow (6.5)
- API error envelope + X-Request-Id correlation
- Configuration, migration, and backup/DR sections
- Worker heartbeat and dead-process detection
- Sizing math for 2,500-host scalability claim
- Split /status/health (Manager) from /api/v1/health (Agent) namespaces
See ARCHITECTURE.md section 18 for the full change log.
2026-04-23 15:18:10 +00:00
f6540133c2
Complete SDD specification documents
...
- SPEC.md: Full project specification including scope, objectives, constraints,
architecture overview, API integration, certificate management, UI structure,
error handling, audit logging, and out-of-scope items
- REQUIREMENTS.md: Functional requirements (host mgmt, patch monitoring,
deployment, scheduling, reporting, user mgmt), non-functional requirements
(security, performance, scalability, reliability, usability), interface
requirements, data requirements, HIPAA/PCI-DSS compliance
- ARCHITECTURE.md: Architecture decisions, system architecture diagram,
component design (Axum web server, background worker, PostgreSQL, React SPA,
internal CA), data flows, technology stack, security architecture,
deployment architecture, integration points, monitoring
2026-04-23 14:40:33 +00:00
