adrs

Architecture Decision Records

This directory contains the Architecture Decision Records (ADRs) for APME.

Implemented

Decisions that are fully reflected in the codebase.

ADR	Title	Date
ADR-001	gRPC for Inter-Service Communication	2026-02
ADR-002	OPA/Rego for Declarative Policy Rules	2026-02
ADR-003	Vendor the ARI Engine, Do Not Use as Dependency	2026-02
ADR-004	Podman Pod as Deployment Unit	2026-02
ADR-005	Reject etcd/Service Discovery for Single-Pod Deployment	2026-02
ADR-007	Fully Async gRPC Servers (grpc.aio)	2026-03
ADR-008	Rule ID Conventions (L/M/R/P)	2026-02
ADR-009	Separate Remediation Engine with Transform Registry	2026-03
ADR-010	Gitleaks as a gRPC Validator	2026-03
ADR-011	YAML Formatter as Phase 1 Pre-Pass	2026-03
ADR-013	Structured Diagnostics in the gRPC Contract	2026-03
ADR-014	Ruff Linter and prek Pre-commit Hooks	2026-03
ADR-015	GitHub Actions CI with prek	2026-03
ADR-017	Trust-and-verify Model for Agent SDLC Invocation	2026-03
ADR-018	mypy Strict Mode Type Checking	2026-03
ADR-019	Dependency Governance Policy	2026-03
ADR-020	Reporting Service and Event Delivery Model	2026-03
ADR-021	Proactive PR Feedback via GitHub Actions	2026-03-17
ADR-022	Session-Scoped Venvs with Lifecycle Management	2026-03-17
ADR-023	Per-Finding Remediation Classification and Resolution	2026-03-18
ADR-024	Thin CLI with Local Daemon Mode	2026-03-18
ADR-025	AIProvider Protocol Abstraction	2026-03-17
ADR-026	Rule Scope as First-Class Metadata	2026-03-19
ADR-028	Session-Based Fix Workflow with Bidirectional Streaming	2026-03-19
ADR-029	Web Gateway Architecture	2026-03-19
ADR-030	Frontend Deployment Model	2026-03-19
ADR-031	Unified Collection Cache as Single Authoritative Source	2026-03-19
ADR-032	FQCN-Based Collection Auto-Discovery	2026-03-19
ADR-033	Centralized Log Bridge with gRPC Transport	2026-03-22
ADR-037	Project-Centric UI Model with Session Abstraction	2026-03-24
ADR-039	Unified Operation Stream — Check and Remediate	2026-03-24
ADR-044	Node Identity and Progression Model	2026-03-27
ADR-047	tox as Sole Developer Orchestration Tool	2026-03-30

Accepted

Decisions that have been accepted but are not yet fully implemented.

ADR	Title	Date
ADR-012	Scale Pods, Not Services Within a Pod	2026-02
ADR-016	Single-branch main Strategy	2026-03
ADR-040	Scan Metadata Enrichment	2026-03-25
ADR-043	Default Severity Assignment for Rule Catalog	2026-03-26
ADR-048	Pod-Internal Admin Endpoints Rely on Network Isolation	2026-04-01
ADR-049	Gateway Embedded in Local Daemon	2026-04-01
ADR-051	Dependency Health Scanning	2026-04-07

Proposed

Decisions under consideration — not yet accepted or implemented.

ADR	Title	Date
ADR-027	Agentic Project-Level AI Remediation	2026-03-19
ADR-034	Multi-Pod Health Registration	2026-03-23
ADR-036	Two-Pass Remediation Engine with Project-Level Transforms	2026-03-23
ADR-038	Public Data API for Platform Consumers	2026-03-25
ADR-041	Rule Catalog & Override Architecture	2026-03-25
ADR-042	Third-Party Plugin Services	2026-03-20
ADR-045	Delegate Galaxy Authentication to ansible-galaxy, Galaxy Config as Scan Metadata	2026-03-28
ADR-046	AI-Assisted Report Generation	2026-03-30
ADR-050	Post-Remediation PR Creation via Gateway SCM Integration	2026-04-07
ADR-052	Project Operation SSE Architecture	2026-04-14

Superseded

Decisions replaced by newer ADRs.

ADR	Title	Date
ADR-006	Ephemeral Per-Request venvs for Ansible Validator (Superseded by ADR-022 and ADR-031)	2026-03
ADR-035	Secret Externalization for Ansible Content (Proposed — implementation approach superseded by ADR-036)	2026-03-23

Creating New ADRs

1. Copy the template from ../templates/adr.md
2. Use the next available number (currently ADR-053)
3. Include:
   • Status (Proposed → Accepted → Implemented)
   • Date
   • Context
   • Options Considered
   • Decision
   • Rationale
   • Consequences (positive/negative)
   • Implementation Notes
   • Related Decisions