Files
net-kingdom/.claude/rules/stack-and-commands.md
tegwick 9a7d10f840 Repo hygiene: fill stack-and-commands, normalize workplan statuses
- Fill .claude/rules/stack-and-commands.md (was an empty TODO template)
- Normalize workplan frontmatter statuses to canonical vocabulary
  (completed/done -> finished) per ADR-001
- Repair glued frontmatter delimiter in NK-WP-0001 (superseded_by line)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 00:21:49 +02:00

23 lines
1.0 KiB
Markdown

## Stack
- **Language:** Kubernetes manifests, Bash Make targets, SOPS-encrypted secret custody
- **Key deps:** Keycloak (SSO/MFA), age/SOPS, KeePassXC-based credential custody, repo-local git hooks
## Dev Commands
```bash
make help # list all targets
make hooks && make hooks-test # secrets-guard git hooks
make check-secrets # fail if anything under secrets/ is unencrypted
make sops-edit FILE=secrets/foo.yaml # edit encrypted file
make sops-custody-check # validate custody age key without writing to disk
make sops-custody-run COMMAND='...' # run one command with temporary custody key
make creds-init # one-time credential custody setup
make creds-generate # generate service secrets + KeePassXC guide
make creds-bundle # age-encrypt ops bundle for offsite storage
```
Credential material never lands in Git, State Hub, or logs — the hooks and
check-secrets enforce this. Deployment of identity services runs through the
S2/S5 railiance repos, not from here.