[INFRASTRUCTURE] Initial infrastructure inventory system (GUIDE-007, …#6
[INFRASTRUCTURE] Initial infrastructure inventory system (GUIDE-007, …#6ncimino wants to merge 9 commits into
Conversation
…INSTANCE_INVENTORY, TMPL-011) 🚀 NEW DOCUMENTS: 1. INSTANCE_INVENTORY.md (v3.2.0.0) - Master living infrastructure inventory - 10 active instances tracked (INT-P01, INT-P02, INT-P03, INT-P05, INT-OG1, INT-OG8, INT-OG9, INT-S003-planned, INT-M01-planned, INT-VSA-planned) - 14 sections: instances, resources, networking, team assignment, SLA, security, capacity, deployment, monitoring, backup, cost, maintenance log - Aligned with Elevated Instance Registry (SharedKernel D-053→D-057) - Living document: update within 24h of change - Stewards: @Gtm + @rmn 2. GUIDE-007_Infrastructure-Inventory-Management.md (v3.2.0.0) - How-to guide for maintaining the inventory - When to update (immediate vs standard vs scheduled) - Step-by-step update process (set #masterCCC, make change, log, commit, notify) - Instructions for filling each section - 4 detailed workflows: deploy new instance, scale resources, critical incident, API key rotation - Common scenarios and quick commands 3. TMPL-011_Instance-Deployment-Checklist.md (v3.2.0.0) - 10-phase deployment checklist template - Phase 1: Infrastructure setup (compute, database, storage) - Phase 2: AnythingLLM deployment (platform, workspaces, configuration) - Phase 3: System prompt & identity (R-213, BP-054) - Phase 4: Pinned docs & RAG (R-204, GUIDE-006) - Phase 5: Threads & agents (MAIT setup, user agents) - Phase 6: Security & access (API keys per BP-064, firewall) - Phase 7: Observability & monitoring - Phase 8: ISC certification (8-point checklist, BP-059) - Phase 9: Documentation & inventory - Phase 10: Verification & sign-off - Comprehensive resource table, cross-references to governance rules/BPs ALIGNMENT: - Standardized per governance framework (SharedKernel Elevated Registry R-208) - Uses CCC-ID tracking per BP-027 - Documents API key rotation per BP-064 - Integrates ISC certification per BP-059 - Follows #COOK workflow (documents generated by #MetaAgent approval) - Preserves content per L-097 READY FOR: - Infrastructure teams to index all droplets, servers, databases - Living document maintenance (update within 24h of changes) - Onboarding new infrastructure team members - Cost tracking and growth projections - Disaster recovery planning
…in INSTANCE_INVENTORY, GUIDE-007, TMPL-011 (CTO_2026-W11_001) ## Critical Fixes Applied: ✅ CCC-ID Correction - Changed: CCC_2026-W15_XXX → CTO_2026-W11_001 - Applied to all 3 documents (header, version history, update log, related docs) - Per R-168: CCC-ID tied to contributor code, not placeholder ✅ Version Number Alignment - Changed: v3.2.0.0 → v3.2.1.1 - Per L-094 #WeOwnVer standard: v3.2.1.1 for W11 (March, week 1-4 offset) - Season=3 ✅, Month=2 (March) ✅, Week-offset=1 ✅, Iteration=1 ✅ ✅ Approval Status - Updated to: ⬜ AWAITING HUMAN APPROVAL (R-011) - Per BP-045: Documents require #masterCCC + Approval CCC-ID ✅ Related Documents Table (BP-045) - Added #masterCCC and Approval columns per BP-045 standard - Populated with governance document metadata from SharedKernel, BEST-PRACTICES, PROTOCOLS ✅ Steward Field Correction - Changed: @ccc (invalid code) → @cto (registered contributor code) ## Governance Compliance: - R-168: CCC-ID sequence tied to contributor ✅ - R-011: #OnlyHumanApproves preserved ✅ - BP-045: Document Reference Standard applied ✅ - L-094: #WeOwnVer calendar-driven versioning ✅ - L-097: Preserve existing content on regen ✅"
There was a problem hiding this comment.
Pull request overview
Adds a first-pass “infrastructure inventory system” documentation set (inventory + maintenance guide + deployment checklist template), and also introduces governance/project documents related to selecting a team password manager.
Changes:
- Adds a living infrastructure inventory document and an accompanying maintenance/how-to guide.
- Introduces a deployment checklist template for provisioning/verifying new AnythingLLM instances.
- Adds password-manager selection decision/evaluation documents (PRJ-026) plus supporting comparison research, and ignores a local RAG sync marker file.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 20 comments.
Show a summary per file
| File | Description |
|---|---|
_INSTANCE_/INSTANCE_INVENTORY.md |
New living inventory for instances/resources/ownership/SLA/security/cost tracking. |
_GUIDES_/GUIDE-007_Infrastructure-Inventory-Management.md |
New guide describing when/how to update the inventory and common workflows. |
_TEMPLATES_/TMPL-011_Instance-Deployment-Checklist.md |
New 10-phase deployment/verification checklist template for AnythingLLM instances. |
_PROJECTS_/PRJ-026-DECISION_Team-Password-Manager-Selection.md |
Decision/proposal doc to adopt 1Password, including cost/rollout details. |
_PROJECTS_/PRJ-026-APPENDIX_Bitwarden-vs-1Password-Evaluation.md |
Appendix with comparative evaluation and implementation roadmap. |
_PROJECTS_/COMP-001.md |
Additional comparison research outline for Bitwarden vs 1Password. |
.gitignore |
Ignores .last-rag-sync marker file. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| |-------|--------|-------| | ||
| | On-call schedule created | ☐ | Who? When? Rotation? | | ||
| | Incident channel created | ☐ | Signal: #incidents or similar | | ||
| | Runbook documented (GUIDE-009) | ☐ | Common issues + resolution steps | |
There was a problem hiding this comment.
GUIDE-009 is referenced here as a runbook, but in-repo GUIDE-009_AnythingLLM-SmokeTest-Post-Restart.md is a smoke-test checklist rather than a runbook. Please update the reference (either point to the actual runbook guide, or rename this task to reflect smoke-test/verification).
| | Runbook documented (GUIDE-009) | ☐ | Common issues + resolution steps | | |
| | Post-restart smoke test documented (GUIDE-009) | ☐ | Verification checklist after restart/deployment | |
| @@ -0,0 +1,419 @@ | |||
| # PRJ-026 Decision: Team Password Manager Selection — 1Password | |||
There was a problem hiding this comment.
The PR description lists only the infrastructure inventory/template docs, but this PR also adds password-manager governance documents (PRJ-026 decision + appendix, COMP-001). Please either update the PR description to include these additions or split them into a separate PR to keep scope clear.
| | Season | #WeOwnSeason003 🚀 | | ||
| | Status | 📝 **DRAFT** | | ||
| | Lifecycle Stage | D-062 — IDEA/DRAFT | | ||
| | Source of Truth | [GitHub](https://github.com/CCCbotNet/fedarch/blob/user/CTO/_PROJECTS_/COMP-001.md) | |
There was a problem hiding this comment.
The "Source of Truth" URL points to blob/user/CTO/..., which will likely become stale after merge. For consistency with other documents that use blob/main/..., consider updating this link (or documenting why drafts should point to a user branch).
| | Source of Truth | [GitHub](https://github.com/CCCbotNet/fedarch/blob/user/CTO/_PROJECTS_/COMP-001.md) | | |
| | Source of Truth | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_PROJECTS_/COMP-001.md) | |
| **Context**: | ||
| - Infisical (MIT FOSS) is our primary secrets management platform for infrastructure/application secrets | ||
| - 1Password is currently listed as "🟡 Team use option" in existing governance | ||
| - Bitwarden is NOT yet evaluated in current documentation |
There was a problem hiding this comment.
This doc says "Bitwarden is NOT yet evaluated in current documentation", but this PR also introduces Bitwarden vs 1Password evaluation/decision documents (PRJ-026 decision + appendix). Please update this statement (or add a date qualifier) so it remains accurate once merged.
| - Bitwarden is NOT yet evaluated in current documentation | |
| - Prior to this comparison and the related PRJ-026 decision artifacts, Bitwarden was not formally evaluated in governance documentation |
| | **Data Sovereignty** | ✅ Self-hosted available | 🟡 Primarily cloud-managed | | ||
| | **Customization** | ✅ Can modify for specific needs | ❌ Limited customization | | ||
| | **Security Maturity** | ✅ Established, SOC 2 Type II | ✅ Established, SOC 2 Type II | | ||
| | **Funding/Governance** | Public company (BitwdravenUSA) | Private (1Password) | |
There was a problem hiding this comment.
BitwdravenUSA looks like a typo/misspelling and makes the funding/governance line unclear. Please correct the organization/name so the comparison reads cleanly and is searchable.
| | **Funding/Governance** | Public company (BitwdravenUSA) | Private (1Password) | | |
| | **Funding/Governance** | Public company (Bitwarden, Inc.) | Private (1Password) | |
| @@ -0,0 +1,482 @@ | |||
| # 🏗️ Infrastructure Instance Inventory | |||
|
|
|||
| ## INSTANCE_INVENTORY_v3.2.0.0.md | |||
There was a problem hiding this comment.
The header shows INSTANCE_INVENTORY_v3.2.0.0.md but the metadata table lists Version | 3.2.1.1. Please make these consistent so readers can reliably identify which version they're referencing.
| ## INSTANCE_INVENTORY_v3.2.0.0.md | |
| ## INSTANCE_INVENTORY_v3.2.1.1.md |
| | GUIDE-007 | v3.2.0.0 | How to maintain this inventory (procedures) | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_GUIDES_/GUIDE-007_Infrastructure-Inventory-Management.md) | | ||
| | TMPL-011 | v3.2.0.0 | Instance deployment checklist template | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_TEMPLATES_/TMPL-011_Instance-Deployment-Checklist.md) | |
There was a problem hiding this comment.
In the Related Documents table, GUIDE-007 and TMPL-011 are listed as v3.2.0.0, but the versions in this PR's documents are 3.2.1.1. Please update the referenced versions to match the actual files being introduced so cross-references stay accurate.
| | GUIDE-007 | v3.2.0.0 | How to maintain this inventory (procedures) | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_GUIDES_/GUIDE-007_Infrastructure-Inventory-Management.md) | | |
| | TMPL-011 | v3.2.0.0 | Instance deployment checklist template | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_TEMPLATES_/TMPL-011_Instance-Deployment-Checklist.md) | | |
| | GUIDE-007 | 3.2.1.1 | How to maintain this inventory (procedures) | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_GUIDES_/GUIDE-007_Infrastructure-Inventory-Management.md) | | |
| | TMPL-011 | 3.2.1.1 | Instance deployment checklist template | [GitHub](https://github.com/CCCbotNet/fedarch/blob/main/_TEMPLATES_/TMPL-011_Instance-Deployment-Checklist.md) | |
| | Version | Date | Changes | | ||
| |---------|------|---------| | ||
| | 3.2.1.1 | 2026-W11 | CTO_2026-W11_001 | ⬜ AWAITING | 🚀 **INITIAL RELEASE** — Complete guide for maintaining INSTANCE_INVENTORY.md; 7 sections: overview, when to update, process, filling out sections, workflows, scenarios, quick commands; 4 detailed workflows (deploy, scale, incident, key rotation); aligned with BP-027, L-097, BP-064 | |
There was a problem hiding this comment.
The Version History table is malformed (header has 3 columns but the row has 5 cells), and the row’s week/CCC-ID (2026-W11, CTO_2026-W11_001) conflicts with this guide’s metadata (CTO_2026-W15_001). Please fix the column structure and reconcile the version-history identifiers so they match the document metadata.
| | Version | Date | Changes | | |
| |---------|------|---------| | |
| | 3.2.1.1 | 2026-W11 | CTO_2026-W11_001 | ⬜ AWAITING | 🚀 **INITIAL RELEASE** — Complete guide for maintaining INSTANCE_INVENTORY.md; 7 sections: overview, when to update, process, filling out sections, workflows, scenarios, quick commands; 4 detailed workflows (deploy, scale, incident, key rotation); aligned with BP-027, L-097, BP-064 | | |
| | Version | Date | CCC-ID | Approval | Changes | | |
| |---------|------|--------|----------|---------| | |
| | 3.2.1.1 | 2026-W15 | CTO_2026-W15_001 | ⬜ AWAITING | 🚀 **INITIAL RELEASE** — Complete guide for maintaining INSTANCE_INVENTORY.md; 7 sections: overview, when to update, process, filling out sections, workflows, scenarios, quick commands; 4 detailed workflows (deploy, scale, incident, key rotation); aligned with BP-027, L-097, BP-064 | |
|
|
||
| ### Decision Statement | ||
|
|
||
| > **WeOwnNet will adopt 1Password as the official team password manager, effective W12 Week 2.** |
There was a problem hiding this comment.
This document is labeled as a PROPOSAL/awaiting approvals in metadata, but the Decision Statement is written as a finalized decision with an effective date. Please make the language consistent (e.g., conditional wording until approved, or update status/lifecycle to reflect an approved decision).
| > **WeOwnNet will adopt 1Password as the official team password manager, effective W12 Week 2.** | |
| > **WeOwnNet proposes adopting 1Password as the official team password manager, subject to stakeholder approval. If approved, the target effective date is W12 Week 2.** |
| |-----------|--------|-----------| | ||
| | Enterprise Readiness | 1Password ✅ | SOC 2 certified, ISO 27001 roadmap | | ||
| | Security Posture | Tie | Both industry-leading | | ||
| | Cost | Bitwarden | $50-100/year self-hosted vs $8/user/mo | |
There was a problem hiding this comment.
In the Executive Summary, the cost winner rationale says Bitwarden is "$50-100/year self-hosted", but the later Cost Analysis section estimates Bitwarden self-hosted total Year 1 cost at $3,570 (labor included). Please reconcile these two statements (e.g., clarify whether the summary is license/infra-only vs total cost including labor) to avoid an internal contradiction.
| | Cost | Bitwarden | $50-100/year self-hosted vs $8/user/mo | | |
| | Cost | Bitwarden | Lower direct license/infra spend (~$50-100/year self-hosted), but total Year 1 cost is higher when self-hosting labor is included (see Cost Analysis) | |
- Implemented three-tier backup strategy: * Tier 1: PostgreSQL replication to NYC3 (real-time, hot failover) * Tier 2: Daily automated backups to weown-dev-backup.atl1.digitaloceanspaces.com * Tier 3: Weekly long-term archives with cross-region replication - Added backup bucket configuration: * Bucket: weown-dev-backup * Region: ATL1 (co-located with primary) * Daily retention: 30 days * Archive retention: 1 year - Updated Infrastructure Specifications table with Spaces bucket endpoint - Added comprehensive Backup & Disaster Recovery Architecture diagram - Enhanced Failover Strategy with recovery paths for each backup tier - Updated recovery time estimates for different disaster scenarios Addresses deployment readiness for PRJ-003 KeyCloak SSO project.
…INSTANCE_INVENTORY, TMPL-011)
🚀 NEW DOCUMENTS:
INSTANCE_INVENTORY.md (v3.2.0.0)
GUIDE-007_Infrastructure-Inventory-Management.md (v3.2.0.0)
TMPL-011_Instance-Deployment-Checklist.md (v3.2.0.0)
ALIGNMENT:
READY FOR: