antifragile

cqrenet/antifragile

Fork 0

Commit Graph

Author	SHA1	Message	Date
Claude Sonnet 4.6	5c4e91179d	feat: Add findings backlog as pragmatic alternative to risk register New: assessment-templates/findings-backlog.md Design principles: lives where client works, every finding has an owner, feeds the housekeeping stream, accumulates from all sources. Format: 6-field minimal entry (ID, finding, source, priority, owner, status) with optional target date/effort/notes/closed date. P0/P1/P2 priority using kill chain test. Flat file template for Git-based clients. Population guide: Day 30 (from Brownhat), subsequent modules, continuous tools (ASTRAL drift, PULSAR alerts, Elysium, BloodHound). Monthly housekeeping cycle structure. Relationship to formal risk register explained. Backlog health indicators (warning signs it is not functioning). Wired into existing framework: move-fast-and-fix-things.md: Rule 4 now names the backlog as the queue rapid-modernisation-plan.md: Day 30 item 7 and Phase 1 action updated engagement-model.md: Section 4 deliverables table updated at all stages assessment-templates/README.md: Production-ready templates section added index.md: Findings Backlog added to Assessment and Tools table Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>	2026-06-05 10:09:08 +00:00
Claude Sonnet 4.6	3062e435ca	chore: Full consistency scan — AOC->PULSAR, fix training-data claims, fix 90% claim AOC -> PULSAR across 10 files (engagement-model, retained-capability, modular-engagements, blue-purple-team-foundation, about-cqre, about-cqre-cs, consultant-field-guide, ai-assisted-tvm, m365-e3-hardening, sovereign-tool-stack, risk-register-example). Training-data framing corrected in: - executive-summary.md: opening paragraph and risk table - README.md: 90% solution claim -> 30-60% in 180 days - modular-engagements.md: public API data use claim - cis-controls-mapping.md: data protection framing - antifragile-risk-register.md: risk entry softened to accurate framing - azure-openai-sovereignty-bridge.md: consumer vs enterprise API distinction Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>	2026-06-05 07:05:13 +00:00
tomas.kracmar	64f73371c9	feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization New documents: - core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7) - core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing - core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use - core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE) - core/executive-summary-cs.md: Czech translation of the board executive summary - assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0) - assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops) - assessment-templates/module-completion-report.md: Module completion package template - assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement) - playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance - playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels Updated documents: - playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings - core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit - reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md - assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column - index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25) - README.md: Updated directory tree; updated Quick Start for Consultants Czech localization pointers: - executive-summary.md: Added Česká verze pointer - nist-csf-baseline.md: Added Česká verze pointer - engagement-model.md: Added note that client-facing Czech translation is planned Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-27 21:33:52 +02:00

Author

SHA1

Message

Date

Claude Sonnet 4.6

5c4e91179d

feat: Add findings backlog as pragmatic alternative to risk register

New: assessment-templates/findings-backlog.md
  Design principles: lives where client works, every finding has an owner,
  feeds the housekeeping stream, accumulates from all sources.
  Format: 6-field minimal entry (ID, finding, source, priority, owner,
  status) with optional target date/effort/notes/closed date.
  P0/P1/P2 priority using kill chain test.
  Flat file template for Git-based clients.
  Population guide: Day 30 (from Brownhat), subsequent modules, continuous
  tools (ASTRAL drift, PULSAR alerts, Elysium, BloodHound).
  Monthly housekeeping cycle structure.
  Relationship to formal risk register explained.
  Backlog health indicators (warning signs it is not functioning).

Wired into existing framework:
  move-fast-and-fix-things.md: Rule 4 now names the backlog as the queue
  rapid-modernisation-plan.md: Day 30 item 7 and Phase 1 action updated
  engagement-model.md: Section 4 deliverables table updated at all stages
  assessment-templates/README.md: Production-ready templates section added
  index.md: Findings Backlog added to Assessment and Tools table

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>

2026-06-05 10:09:08 +00:00

Claude Sonnet 4.6

3062e435ca

chore: Full consistency scan — AOC->PULSAR, fix training-data claims, fix 90% claim

AOC -> PULSAR across 10 files (engagement-model, retained-capability,
modular-engagements, blue-purple-team-foundation, about-cqre, about-cqre-cs,
consultant-field-guide, ai-assisted-tvm, m365-e3-hardening,
sovereign-tool-stack, risk-register-example).

Training-data framing corrected in:
- executive-summary.md: opening paragraph and risk table
- README.md: 90% solution claim -> 30-60% in 180 days
- modular-engagements.md: public API data use claim
- cis-controls-mapping.md: data protection framing
- antifragile-risk-register.md: risk entry softened to accurate framing
- azure-openai-sovereignty-bridge.md: consumer vs enterprise API distinction

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>

2026-06-05 07:05:13 +00:00

tomas.kracmar

64f73371c9

feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization

New documents:
- core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7)
- core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing
- core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use
- core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE)
- core/executive-summary-cs.md: Czech translation of the board executive summary
- assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0)
- assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops)
- assessment-templates/module-completion-report.md: Module completion package template
- assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement)
- playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance
- playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels

Updated documents:
- playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings
- core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit
- reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md
- assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column
- index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25)
- README.md: Updated directory tree; updated Quick Start for Consultants

Czech localization pointers:
- executive-summary.md: Added Česká verze pointer
- nist-csf-baseline.md: Added Česká verze pointer
- engagement-model.md: Added note that client-facing Czech translation is planned

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-27 21:33:52 +02:00

3 Commits