Skip to content

README.md

Latest commit

 

History

History
99 lines (83 loc) · 6.32 KB

README.md

File metadata and controls

99 lines (83 loc) · 6.32 KB

Architecture Decision Records

This directory contains the Architecture Decision Records (ADRs) for APME.

Implemented

Decisions that are fully reflected in the codebase.

ADR Title Date
ADR-001 gRPC for Inter-Service Communication 2026-02
ADR-002 OPA/Rego for Declarative Policy Rules 2026-02
ADR-003 Vendor the ARI Engine, Do Not Use as Dependency 2026-02
ADR-004 Podman Pod as Deployment Unit 2026-02
ADR-005 Reject etcd/Service Discovery for Single-Pod Deployment 2026-02
ADR-007 Fully Async gRPC Servers (grpc.aio) 2026-03
ADR-008 Rule ID Conventions (L/M/R/P) 2026-02
ADR-009 Separate Remediation Engine with Transform Registry 2026-03
ADR-010 Gitleaks as a gRPC Validator 2026-03
ADR-011 YAML Formatter as Phase 1 Pre-Pass 2026-03
ADR-013 Structured Diagnostics in the gRPC Contract 2026-03
ADR-014 Ruff Linter and prek Pre-commit Hooks 2026-03
ADR-015 GitHub Actions CI with prek 2026-03
ADR-017 Trust-and-verify Model for Agent SDLC Invocation 2026-03
ADR-018 mypy Strict Mode Type Checking 2026-03
ADR-019 Dependency Governance Policy 2026-03
ADR-020 Reporting Service and Event Delivery Model 2026-03
ADR-021 Proactive PR Feedback via GitHub Actions 2026-03-17
ADR-022 Session-Scoped Venvs with Lifecycle Management 2026-03-17
ADR-023 Per-Finding Remediation Classification and Resolution 2026-03-18
ADR-024 Thin CLI with Local Daemon Mode 2026-03-18
ADR-025 AIProvider Protocol Abstraction 2026-03-17
ADR-026 Rule Scope as First-Class Metadata 2026-03-19
ADR-028 Session-Based Fix Workflow with Bidirectional Streaming 2026-03-19
ADR-029 Web Gateway Architecture 2026-03-19
ADR-030 Frontend Deployment Model 2026-03-19
ADR-031 Unified Collection Cache as Single Authoritative Source 2026-03-19
ADR-032 FQCN-Based Collection Auto-Discovery 2026-03-19
ADR-033 Centralized Log Bridge with gRPC Transport 2026-03-22
ADR-037 Project-Centric UI Model with Session Abstraction 2026-03-24
ADR-039 Unified Operation Stream — Check and Remediate 2026-03-24
ADR-044 Node Identity and Progression Model 2026-03-27
ADR-047 tox as Sole Developer Orchestration Tool 2026-03-30

Accepted

Decisions that have been accepted but are not yet fully implemented.

ADR Title Date
ADR-012 Scale Pods, Not Services Within a Pod 2026-02
ADR-016 Single-branch main Strategy 2026-03
ADR-040 Scan Metadata Enrichment 2026-03-25
ADR-043 Default Severity Assignment for Rule Catalog 2026-03-26
ADR-048 Pod-Internal Admin Endpoints Rely on Network Isolation 2026-04-01
ADR-049 Gateway Embedded in Local Daemon 2026-04-01

Proposed

Decisions under consideration — not yet accepted or implemented.

ADR Title Date
ADR-027 Agentic Project-Level AI Remediation 2026-03-19
ADR-034 Multi-Pod Health Registration 2026-03-23
ADR-036 Two-Pass Remediation Engine with Project-Level Transforms 2026-03-23
ADR-038 Public Data API for Platform Consumers 2026-03-25
ADR-041 Rule Catalog & Override Architecture 2026-03-25
ADR-042 Third-Party Plugin Services 2026-03-20
ADR-045 Delegate Galaxy Authentication to ansible-galaxy, Galaxy Config as Scan Metadata 2026-03-28
ADR-046 AI-Assisted Report Generation 2026-03-30
ADR-050 Post-Remediation PR Creation via Gateway SCM Integration 2026-04-07
ADR-051 Dependency Health Scanning 2026-04-07

Superseded

Decisions replaced by newer ADRs.

ADR Title Date
ADR-006 Ephemeral Per-Request venvs for Ansible Validator (Superseded by ADR-022 and ADR-031) 2026-03
ADR-035 Secret Externalization for Ansible Content (Proposed — implementation approach superseded by ADR-036) 2026-03-23

Creating New ADRs

  1. Copy the template from ../templates/adr.md
  2. Use the next available number (currently ADR-052)
  3. Include:
    • Status (Proposed → Accepted → Implemented)
    • Date
    • Context
    • Options Considered
    • Decision
    • Rationale
    • Consequences (positive/negative)
    • Implementation Notes
    • Related Decisions