From 25404466bb8c19133ecb410dd72387176c90c4b3 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Thu, 30 Apr 2026 18:37:04 +0000 Subject: [PATCH] docs: add merge priority order with security hardening as #1 priority - Updated roadmap phase status (Phase 4 complete) - Added merge priority table with PR #28 (security) at top - Documented that security must merge before new services exposed - Added deployment command reference --- .planning/ROADMAP.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md index 6369118..8e69231 100644 --- a/.planning/ROADMAP.md +++ b/.planning/ROADMAP.md @@ -13,7 +13,9 @@ None - ✅ **Phase 1: Foundation Setup** - Establish core NixOS configuration with flakes - ✅ **Phase 2: Docker Service Integration** - Integrate Docker Compose services - ✅ **Phase 3: AI Assistant Integration** - Enable AI-assisted infrastructure management -- [ ] **Phase 4: Internet Access & MCP** - MCP server for web access +- ✅ **Phase 4: Internet Access & MCP** - MCP server for web access +- 🚨 **Security Hardening** - CRITICAL: Firewall, fail2ban, SSH hardening (PR #28) +- [ ] **Phase 5: TAK Server** - Research, implementation, and validation ## Phase Details @@ -133,8 +135,25 @@ Plans: ## Progress +**Merge Priority Order** (CRITICAL - merge in this order): + +| Priority | PR | Description | Status | Notes | +|----------|-----|-------------|--------|-------| +| 🚨 1 | #28 | **Security hardening** (firewall, fail2ban, SSH) | Open | **MERGE FIRST** - protects all other services | +| 2 | #22 | Matrix bridge dependency fix | Open | Blocks Hermes functionality | +| 3 | #21 | Backup network creation fix | Open | Infrastructure fix | +| 4 | #25 | Hermes voice GPU support | Open | Feature enhancement | +| 5 | #24 | uConsole CM5 host | Open | New hardware support | +| 6 | #23 | NixOS deployment infrastructure | Open | Deployment tooling | +| 7 | #1 | AI worker restricted access | Open | Legacy PR (superseded by hardening) | + **Execution Order:** -Phases execute in numeric order: 1 → 2 → 3 → 4 → 5 → 6 → 7 +Phases execute in numeric order: 1 → 2 → 3 → 4 → Security → 5 → 6 → 7 + +**Merge vs Phase Execution:** +- PRs can merge independently (no strict phase ordering for merges) +- **EXCEPTION:** Security hardening (#28) must merge before any new services are exposed +- After security merge, deploy with: `nh os switch --flake .#lazyworkhorse` | Phase | Milestone | Plans Complete | Status | Completed | |-------|-----------|----------------|--------|-----------|