ARCHITECTURE §4 (Write side) box at L121 had alignment drift from
Pass 29's expansion to canonical FQDN form. Line content reached
89 chars while box border was 74 chars — overflow. Same drift
category as Pass 53's §8 acme-stg alignment fix.
Fixed by replacing the in-box content with a shorter form pointing
to NAMING §11.2 for the FQDN (already canonical there + 4 other places):
- Old: │ Gitea: gitea.<location-code>.<sovereign-domain>/{org}/{org}-{env_type} │ (89 chars)
- New: │ Environment Gitea repo: {org}/{org}-{env_type} │
│ (FQDN form per NAMING §11.2) │
Also normalized whitespace padding across L122-L130 (uniform 76 chars).
ARCHITECTURE §1-§14 third-cycle deep re-scan with all current methodology
lenses confirmed otherwise clean. §5 <env> shorthand explicitly defined,
§9 catalyst.openova.io/v1alpha1 canonical, §10/§11/§12 all consistent
with downstream canonical references.
platform/cnpg/README.md: clean. Banner correct (§4.1 Data services).
namespace: databases ✓, minio.storage.svc ✓, postgres.<env>.<sovereign-domain> ✓
(Pass 35 fix held). Cross-region DR example uses canonical Application
DNS — no Pass-60-style fully-qualified-hostname drift.
Methodology lesson #19: Pass-N expansion of placeholder-to-canonical-form
inside ASCII tables/diagrams must verify box alignment afterward. Pass 29
expansion broke alignment at §4 (this pass) and §8 (Pass 53).
FIRST drift in the new cycle. 6-consecutive-clean streak (54-59) ends
at Pass 60. However, drift is Pass-35 carry-over, not new architectural
drift — same "incomplete in-file fix" pattern as Pass 31 (openbao
L108 vs L127).
platform/valkey/README.md L79 had:
REPLICAOF primary-valkey.region1.svc.cluster.local 6379
Pass 35 fixed L147 (StatefulSet --replicaof argument) to canonical
valkey.<env>.<sovereign-domain> per NAMING §5.2 but the bash command
example at L79 retained the older non-canonical form.
Fixed L79 to valkey.<env>.<sovereign-domain> matching L147.
Methodology lesson #18: Pass-N sweep grep patterns can miss carry-over
drift that doesn't match the sweep's specific shape. Pass 35 grep
targeted <domain> placeholders; L79 used a fully-qualified hostname
with no placeholder, evading the sweep.
NAMING-CONVENTION fourth-cycle deep re-read confirmed stable across
§1-§11. §4.1 "hfrp" location-code example is for rtz cluster (vs hfmp
for mgt) — both valid for different cluster types, not drift. §11
already settled across Pass 37, 42, 50.
valkey README banner explicitly establishes "NOT a Catalyst
control-plane component" (Pass 26 framing) — exemplary canonical.
Convergence: Pass 54-59 = 6 consecutive cleans (nirvana approach met).
Pass 60 carry-over fix resets streak but architectural integrity holds.
The new cycle audit is doing its job — surfacing carry-over drift the
old cycle's specific-shape sweeps missed.
TENTH clean pass overall. SIX CONSECUTIVE clean architectural passes
(54-59). Per user's "restart from the top" instruction, Pass 59 is the
first pass of a new full-cycle audit — and it starts clean. Strongest
nirvana sustain signal yet.
GLOSSARY fourth-cycle deep re-read confirmed stable:
- 8 Core nouns: OpenOva-as-company / Catalyst-as-platform anchor (Pass 26)
- 7 Roles: sovereign-admin + 5 org roles + sme-end-user persona
- 6 Infrastructure terms: Placement modes match SOVEREIGN-PROVISIONING §7
- 14 Catalyst components: union-equal to PTS §2 via semantic groupings
- 5 Persona-facing surfaces: matches ARCHITECTURE §7
- 11 Banned terms: exact match with CLAUDE.md (Pass 44 verified, holds)
- 7 Acronyms
GLOSSARY stable across 4 review cycles (Pass 31, 44, 50 implicit, 59).
The keystone canonical doc is rock-solid.
platform/vpa/README.md: clean. Banner correct (per-host-cluster §3.4).
Kyverno auto-generation pattern with vpa.openova.io/skip annotation
key is Catalyst convention (free-form annotation, not apiVersion).
VPA + KEDA coordination consistent with PTS §3.4.
Convergence trajectory:
- Pass 54-59: 0% drift rate ✓ (5 from old cycle + 1 from new cycle)
Validation loop has sustained the nirvana approach state into a new
full-cycle audit. Architectural integrity established.
ARCHITECTURE §8 (Promotion across Environments) L287 had column-
alignment drift from Pass 39's `replace_all acme-staging → acme-stg`.
The 12-char acme-staging filled the column padding; the 8-char
acme-stg shifted "1.3.0" left of the adjacent "1.4.0"/"1.2.0" values.
PERSONAS-AND-JOURNEYS L230 had the same Pass 39 fix but I'd done
that as an explicit Edit with proper padding; ARCHITECTURE used
replace_all which produced misaligned 7-space gap.
Fixed: acme-stg padded to acme-stg + 11 spaces (was 7) so all four
rows in the §8 mockup table align at the version column.
Methodology lesson #17: replace_all on shorter strings inside ASCII
code-block tables silently breaks column alignment. Greps can't
detect whitespace-alignment drift; manual column-check after
replace_all is needed.
ARCHITECTURE.md §1-§14 deep re-scan with all current lessons:
- §3 Topology: 15-component Catalyst control plane matches PTS §2
union (post-Pass 40). Per-host-cluster list omits OpenTofu
(bootstrap-only/not-runtime) defensibly.
- §5 explicitly defines <env> as {org}-{env_type} — anchors the
ws.<env>.> shorthand Pass 30 noted.
- §10 11-component bootstrap kit matches SOVEREIGN-PROVISIONING §3.
- §11 bp-catalyst-* list matches IMPLEMENTATION-STATUS §2.
- §12 Independent-failure-domains cites OpenBao per-region Raft ✓.
platform/langfuse/README.md: clean. Banner correct (§4.7 AI
Observability). Distinguishes per-host-cluster Grafana stack from
Application-level LangFuse correctly.
Drift found. Consecutive-clean count remains 0 but drift surface
shifting toward cosmetic territory (column alignment, freshness)
rather than architectural.
platform/flink/README.md L137 + L166 used strimzi-kafka-bootstrap.messaging.svc
but canonical Catalyst namespace per strimzi README (L100/146/181/191) and
debezium (L135) is `databases`. Same Helm-default-vs-Catalyst-convention drift
as Pass 41 minio (minio-system → storage). Pass 51 sweep confirmed no other
component uses "messaging" as a Catalyst namespace — only generic English
usage and K8s API group messaging.knative.dev/v1.
Fixed both instances to strimzi-kafka-bootstrap.databases.svc:9093. Port
9093 (TLS) kept — port choice (9092 vs 9093) is a separate architectural
question deferred.
SECURITY.md re-scan with all current methodology lessons:
- §1-§5: clean. Independent-Raft-per-region principle intact.
- §6 Keycloak topology: clean.
- §7 Rotation policy: SecretPolicy uses canonical catalyst.openova.io/v1alpha1.
- §8 Path of a secret: clean.
- §9 Compliance posture: borderline OpenSearch SIEM wording re-evaluated;
acceptable in context.
- §10 Threat model: clean.
Methodology note: Helm-default-namespace drift now found across 3 instances
(Pass 41 minio, Pass 51 flink). Add cross-component namespace verification
to standard checks.
Drift found. Consecutive-clean count resets from 2 (49→50) to 0.
platform/crossplane/README.md had three real drift items:
1. §"Terraform vs Crossplane" — Catalyst's canonical bootstrap IaC is
OpenTofu (PTS §3.2 + SOVEREIGN-PROVISIONING §3), not Terraform.
Renamed section to "OpenTofu vs Crossplane", added intro paragraph
clarifying the OSS-fork rationale, updated table rows + Decision.
2. XRD CompositeResourceDefinition example used name: xdatabases.openova.io
and group: openova.io. Per BLUEPRINT-AUTHORING §8 (Pass 42 verified
canonical), Crossplane XRDs use compose.openova.io group — separate
from Catalyst CRDs (catalyst.openova.io). Fixed to
xdatabases.compose.openova.io / group: compose.openova.io with inline
pointer to BLUEPRINT-AUTHORING §8.
3. Composition compositeTypeRef.apiVersion was openova.io/v1alpha1, fixed
to compose.openova.io/v1alpha1. Also corrected Composition metadata.name
to database.hcloud.compose.openova.io for naming consistency.
Pass 1's API group unification was Catalyst-CRDs-only; Pass 42 verified
the separate Crossplane group; Pass 48 catches a downstream consequence
where the crossplane README defaulted to bare `openova.io` matching
neither canonical form.
PERSONAS-AND-JOURNEYS §1-§7 deep re-scan: clean. Pass 22, 33, 39 fixes
all intact. Three-pass-touched doc reads consistently. Stable.
Banner already correctly enforces "platform plumbing, never user-facing"
per ARCHITECTURE §7.4 / GLOSSARY.
Header L3 and footer L1214 both said "Last Updated: 2026-02-26" but
Pass 26 made substantive architectural fixes (OpenBao active-active
correction §8.4, Catalyst/OpenOva conflation resolution §5.1+§5.2).
Stale date misled readers about freshness for a "Living Document".
Updated to 2026-04-28.
Date-staleness sweep across canonical docs found 5 other 2026-02-26
markers: relay (no architectural edits, may be accurate), fabric/cortex/
fingate (Pass 34 TENANT rename architectural), TECHNOLOGY-FORECAST
(Pass 27 + Pass 45 architectural). Per Pass 47 scope discipline, only
BUSINESS-STRATEGY fixed this pass — others flagged for future bundled
date-sweep pass.
§1-§16 deep re-scan otherwise clean. Pass 26 fixes intact across all
sections. §16.2 "self-service deployment via wizard" acceptable as
generic UX term (not the banned Bootstrap-wizard-as-separate-product).
Approximation grep #12 false positive: L667 "~15 components" refers to
OpenShift competitor count, not OpenOva self-claim.
platform/coraza/README.md: clean. Banner correct (per-host-cluster
§3.1 DMZ). Integration table consistent with §3.1 + §10 SIEM pipeline.
§"A La Carte Components (26)" header was stale. Pass 27 added
anthropic-adapter to the table body but didn't update the header count.
Pass 40 confirmed canonical count is 27 in PLATFORM-TECH-STACK §1.
Verified by counting:
- Mandatory: 25 platform/-folder components + OpenTelemetry note = 26 ✓
- A La Carte: 27 platform/-folder components ✓
- Total platform/ folders: 52 (matches Overview L11 "all 52 platform
components" and the 52 directories in platform/)
Fixed header (26) → (27). 25 + 27 = 52 = Overview claim. Internally
consistent.
Lesson: union-equality checks must verify both body count AND header
count. Adding an item to a body without updating the header creates
off-by-one drift.
§"Removed Components" Dapr/RabbitMQ "Kafka covers..." entries reviewed:
defensible context (app-level use cases; NATS is control-plane only,
Kafka via Strimzi is the Application Blueprint).
§"Product Impact Analysis / Fabric" L110 "Merging Titan + Fuse into
Fabric" — historical product-rename narrative (Pass 26 documented).
Capital-F "Fuse" missed by case-sensitive \bfuse\b grep — extending
Pass 38 case-insensitivity lesson to this category as well.
platform/syft-grype/README.md: clean. Banner correct (per-host-cluster
§3.3). Catalyst integration accurate.
Both targets verified clean. No edits needed.
GLOSSARY deep re-scan with Pass 40-41 union-equality lens against
PLATFORM-TECH-STACK §2: component count difference (14 GLOSSARY vs 15
PTS) is semantic grouping vs technology naming, not drift. GLOSSARY's
`identity` = Keycloak + SPIRE; `secret` = OpenBao + ESO; `event-spine`
= NATS JetStream. The `secret` entry conflates OpenBao (CCP) with ESO
(per-host-cluster infra) — borderline categorization flagged for a
future stylistic pass but not architectural drift.
Banned-terms cross-check vs CLAUDE.md: all 11 entries match exactly.
Pass 31 had previously declared GLOSSARY clean via carry-forward greps.
Pass 44's union-equality re-check confirms it. GLOSSARY's stability
across two reviews is the positive signal that anchors the validation
loop — other docs derive their terminology from this keystone.
platform/sigstore/README.md: clean. Banner correct (per-host-cluster
§3.3). Integration table consistent with §3.3 supply-chain stack
(Harbor, Kyverno, Gitea Actions, Syft + Grype).
All 10 carry-forward acceptance greps clean — including the new
active-active rejection grep (Pass 43) which surfaces only correct
architectural rejection language in SECURITY §5 and ARCHITECTURE §6.
§2.5 (Data replication patterns) line 106 had: Gitea | Bidirectional
mirror + CNPG primary-replica. Direct architectural contradiction with
platform/gitea/README.md "Multi-Region Strategy" which EXPLICITLY rejects
bidirectional mirror (write-conflict semantics, EnvironmentPolicy
enforcement). The canonical pattern is intra-cluster HA replicas +
CNPG primary-replica on the mgt cluster only — DR for Gitea is via
mgt-cluster recovery, not cross-region sync.
Same drift category as Pass 7 (component READMEs active-active) and
Pass 26 (BUSINESS-STRATEGY active-active OpenBao). The "active-active
for everything stateful" mental model survived in this row.
Fixed to canonical wording with inline pointer to gitea README.
SRE.md §1-§14 deep re-scan otherwise clean. §7.1 framing nit ("All
Catalyst control-plane components" lists per-host-cluster infra too)
flagged but not fixed — reads as "Catalyst-managed" in context.
§14 Runbooks <org>/runbooks path-placeholder unambiguous in context;
optional tightening flagged.
platform/keda/README.md: clean. mimir.monitoring.svc reference is the
per-host-cluster Mimir collector (consistent with dual-categorization
Pass 38 documented), not contradicting SRE §8.1's catalyst-grafana
namespace which is per-Sovereign self-monitoring.
Recurring drift category: vague composite placeholders like
<sovereign-domain-gitea> and <sovereign-gitea> standing in for the
canonical Catalyst control-plane DNS form gitea.{location-code}.{sovereign-domain}.
These survived Pass 29's DNS sweep because they don't match Pass 29's
grep patterns (<sovereign>.<domain>, <sovereign-domain>, etc.) —
different shape entirely (single hyphenated placeholder vs multi-segment).
BLUEPRINT-AUTHORING.md §1: <sovereign-domain-gitea>/<org>/shared-blueprints/bp-<name>/
→ gitea.<location-code>.<sovereign-domain>/<org>/shared-blueprints/bp-<name>/
plus inline pointer to NAMING §5.1.
NAMING-CONVENTION.md §11.2 step 1: <sovereign-gitea>/{org}/{org}-{env_type}
abstract pattern → gitea.{location-code}.{sovereign-domain}/{org}/{org}-{env_type}.
The authoritative naming doc was teaching a non-canonical shorthand
while its example showed the canonical form — second drift instance in
§11.2 (Pass 37 fixed example URL, Pass 42 fixes abstract pattern).
BLUEPRINT-AUTHORING.md §1-§14 deep re-scan: clean apart from §1 fix.
§8 Crossplane Compositions verified — compose.openova.io/v1alpha1 is
intentionally separate from catalyst.openova.io/v1alpha1 (Crossplane
XRDs use their own group; Pass 1's unification was for Catalyst's own
CRDs only).
platform/falco/README.md: clean.
SOVEREIGN-PROVISIONING.md §4 (Phase 1 Hand-off) "self-sufficient" list
had 6 items vs PLATFORM-TECH-STACK §2.3's 6 control-plane supporting
services. List was missing SPIRE (5-min rotating SVIDs — critical to
SECURITY model) and observability (Grafana stack — Catalyst's
self-monitoring). Same drift category as Pass 40: summary list drifted
independently from canonical reference. Added both, plus enumerated the
§2.1+§2.2 services in the "Catalyst control plane" bullet.
Mid-pass sweep finding: kserve L217 used minio.minio-system.svc but
canonical minio README declares namespace: storage (L70). Three other
components also used minio-system: milvus L78, harbor L145. Fixed all
three to align with canonical `storage` namespace per PLATFORM-TECH-STACK
§3.5. Drift likely came from Helm-chart upstream defaults.
platform/kserve substantively clean apart from namespace fix.
Pass 41 lesson: union-equality check applies to ALL summary passages in
canonical docs. When a passage enumerates items derived from a canonical
source list, count both and verify equality.
§1 summary table had three incomplete component lists vs the detailed
§2-§4 sections. The drift survived because earlier passes focused on
the detail sections, treating the §1 summary as an assumed-correct
intro rather than cross-checking against detail.
Catalyst control plane row: missing provisioning (§2.2) and observability
(§2.3 Grafana stack). Added both. Reordered to match §2 subsection order.
Per-host-cluster infrastructure row: missing external-dns (§3.1),
opentofu (§3.2 — marked bootstrap-only to prevent Pass 23-style
miscategorization), minio + velero (§3.5), failover-controller (§3.6).
Application Blueprints row: missing anthropic-adapter (§4.6, member of
bp-cortex). Added.
§1 is now strictly the union of §2+§3+§4 — a true index, not a
parallel list that drifts independently.
§2-§5 detailed sections all clean. iceberg README clean (literal
MINIO_ACCESS_KEY placeholders flagged with clickhouse's similar
minioadmin issue for a future security-hardening pass).
Pass 23 lesson inverted: the lesson was "deep-read later sections"; this
pass demonstrates summary sections also need cross-reference checks
against detail. Both directions need re-scans.
NAMING §2.4 establishes the 3-char env_type form (prod|stg|uat|dev|poc)
but multiple Environment-name examples used the long form `staging`.
ARCHITECTURE.md §8 (Promotion across Environments): 3 instances of
acme-staging (Blueprint detail mockup L287, prose L295, EnvironmentPolicy
sourceEnvironment L310) renamed to acme-stg.
PERSONAS-AND-JOURNEYS.md: 3 instances renamed —
- digital-channels-staging → digital-channels-stg (Layla narrative L126, L135)
- acme-staging → acme-stg (Blueprint detail mockup L230)
Pass 33 fixed Layla's DNS but left the env_type spelling.
Preserved: payment-rail-staging (Application name, free-form per NAMING)
and minimum-replicas-production (Kyverno policy identifier).
ARCHITECTURE.md deep re-scan with Pass 23 lesson (focus on later
sections): §5-§13 substantively clean. §5 explicitly defines <env> as
{org}-{env_type} which retroactively grounds the ws.<env>.> shorthand
Pass 30 noted as "documented shorthand".
platform/clickhouse/README.md: clean. minioadmin literal placeholder
flagged for future security-hardening pass but not Catalyst drift.
