sops patches
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 48m15s
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 48m15s
This commit is contained in:
Danilo Reyes
@@ -24,3 +24,8 @@
|
||||
- **Decision**: Treat the constitution as authoritative, update MCP docs to include explicit tool anchors, and align the tool catalog anchors to actual markdown headings; scope sync checks to MCP tool headings in `docs/reference/mcp-server.md`.
|
||||
- **Rationale**: Prevents false drift from unrelated docs while ensuring tool anchors remain accurate and navigable.
|
||||
- **Alternatives considered**: (a) Force every doc to map to a tool (rejected: inflates catalog and adds noise); (b) Keep loose anchors without validation (rejected: undermines navigation and sync intent).
|
||||
|
||||
## Decision 6 (2026-02-02): secureHost gating for SOPS config
|
||||
- **Decision**: Gate SOPS configuration behind `config.my.secureHost` so non-secure hosts skip secret loading.
|
||||
- **Rationale**: Aligns `config/base.nix` behavior with the constitution’s secureHost rules and avoids secret dependency on non-secure hosts.
|
||||
- **Alternatives considered**: (a) Leave SOPS enabled on all hosts (rejected: violates secureHost contract); (b) Duplicate SOPS logic per host (rejected: increases drift risk).
|
||||
|
||||
Reference in New Issue
Block a user