# ADR Inventory - generated by scripts/inv-adr.ps1
# GeneratedUtc: 2026-06-26T15:49:21Z
# Algorithm: SHA256
# Format: NUMBER | STATUS | FILE_HASH | FILENAME | TITLE | RATIFIED_BY
# RATIFIED_BY: - = N/A; PENDING = ratification line with signature PENDING; @op = stamped
#
0000 | Accepted | FF009381CE7836D6D2E9291B8C8B791E8CE892186F4B64CC66F123126828300C | ADR-0000-project-origin-and-adr-baseline.md | Project origin and ADR baseline | -
0001 | Accepted | 9AB8B17D2486FA8CCBAA2F9A6D1586DEF5A3FA1C25DF7477FC18E10523E81A2A | ADR-0001-markdown-fix-script-md029-and-semantic-step-lists.md | Markdown fix script, MD029, and semantic step lists | -
0002 | Accepted | 044BB37A80808F78699470D0BB7B59D67697690F3D3EE7485297B85C8C338D9F | ADR-0002-operator-facing-security-and-technical-docs.md | Operator-facing security and technical documentation | -
0003 | Accepted | C557C6ADBD3413480AC9819CAE4CBA3CCCBEF8FC1DBEFCE5F6CF9D4C7D7EC69D | ADR-0003-sbom-roadmap-cyclonedx-then-syft.md | SBOM roadmap — CycloneDX (JSON) first, then Syft on Docker images | -
0004 | Accepted | F3A6EB7F35D5785F867A428C9FADBB00CFA6EB518847B7785A2B08986E16C85C | ADR-0004-external-docs-no-markdown-links-to-plans.md | Information architecture — external-tier docs must not link into `plans/` | -
0005 | Accepted | 951A0037909F96B10570373DFA210ED708075F4272F320492C873C3BF8035BB2 | ADR-0005-ci-github-actions-supply-chain-pins.md | CI and GitHub Actions supply chain — pinned SHAs and pinned uv CLI | -
0006 | Accepted | 9EE43A16468DE8A858FF70F047338BA121B19046453E1A1161EDAB608FCFFA5B | ADR-0006-operator-today-mode-layout-and-published-sync.md | Operator today-mode layout and published-release sync | -
0007 | Accepted | BCCE61FC45E4324B5405BDC8C8057862A3C19EDDB34A67D223B81DF626C3439F | ADR-0007-synthetic-data-corpus-before-real-data.md | Synthetic data corpus as mandatory pre-requisite before real production data | -
0008 | Accepted | A239AD1734AE8BB8161AD62A1D4E446AB83E6E37C4C8F95612A76341F19005A5 | ADR-0008-docker-ce-swarm-over-docker-io-and-podman-only.md | Docker CE (official repo) + Compose plugin + Swarm as primary lab container runtime | -
0009 | Accepted | 726AFF22137A87B067E1FC4ECBCC3CED75B0507C4443959AB8DC6EDE0629B071 | ADR-0009-ansible-idempotent-roles-as-single-automation-source.md | Ansible idempotent roles as single automation source for LAB-NODE-01 lab baseline | -
0010 | Accepted | C77681FDB959E4A61E5432987EA43BFCDCEA4243FFAFDB6DD9F37B9E5A8FA0AD | ADR-0010-ip-declaration-prior-art-protection-at-employment.md | IP Declaration as prior-art protection for Data Boar at CLT employment | -
0011 | Accepted | 7F54FF8EDDB491FE5AC541F6D112BEB404BCBFED4F3084D85ED548BE21954AB5 | ADR-0011-lab-op-observability-stack-layered.md | Layered observability stack for lab-op (Munin + Wazuh + Prometheus + Monit + rsyslog/GELF) | -
0012 | Proposed | 9BEEB40FF09A33C84E38805207FA0870CFDC0AF5387AD9F7E26F7B45A3DEF830 | ADR-0012-ocr-image-sensitive-data-detection.md | OCR and Image-Based Sensitive Data Detection | -
0013 | Accepted | 9B321E3B333B05BC51290CCC6D984363361045BD282C48216F3478336B20A6D6 | ADR-0013-browser-artifact-sqlite-leveldb-scan-strategy.md | Browser artifact scanning — SQLite (default) + LevelDB (opt-in) strategy | -
0014 | Accepted | 88525CC0F84B8C4EF98E531032A8F638A0B31CA2CB0FB5542E39E711F436ADBF | ADR-0014-rename-repo-and-package-python3-lgpd-crawler-to-data-boar.md | Rename repository and package from `python3-lgpd-crawler` to `data-boar` | -
0015 | Accepted | 5EFEB616136DF1FC30AA97AA1DD40F352B226E98E6AFA946580E88A6CF60B02E | ADR-0015-poc-test-infrastructure-synthetic-corpus-and-api-testing.md | POC Test Infrastructure: Synthetic Corpus, Postman Collection, and Ansible Database Role | -
0016 | Accepted | FC162C72A0470C91438F987CC65466CF5DE3FA5B5FB4B9903149F56592C21043 | ADR-0016-opentofu-corporate-iac-path-alongside-ansible.md | OpenTofu as Corporate IaC Path (Alongside Ansible) | -
0017 | Accepted | 5C15522CF7968A371D7C30262B9566A9995EEA7511F7E8B81B1A13A54C99B2A7 | ADR-0017-quasi-identification-risk-confidence-contract-and-lgpd-guardrails.md | Quasi-identification risk/confidence contract and LGPD guardrails | -
0018 | Accepted | C63E5F2B0AAB61B899FE90EA7B231FF2FFE04B77F17A57D5483CD313052E4691 | ADR-0018-pii-anti-recurrence-guardrails-for-tracked-files-and-branch-history.md | PII anti-recurrence guardrails for tracked files and branch history | -
0019 | Accepted | 63123FB2276D9105E8EC235AA920FB9B82098822280B3D0B319CC36184F47251 | ADR-0019-pii-verification-cadence-and-manual-review-gate.md | PII verification cadence and manual review gate | -
0020 | Accepted | A340654EF4E878A4B71DE6D5810DD9A548850D7880E9CC3D4412F5DF4103AEED | ADR-0020-ci-full-git-history-pii-gate.md | CI must scan full Git history for PII anti-recurrence patterns | -
0021 | Accepted | 855A2F0886A64A364F7834509C42AEE78230B2464FB3D54DA318F7E032D1070F | ADR-0021-public-web-presence-dns-alias-and-hosting.md | Public web presence: DNS alias (CNAME), canonical host, TLS, and hosting shape | -
0022 | Accepted | 200BC72306A4433C9E7A1043DFBCFAE49FDA21C876C27D017DF3E5C086D90738 | ADR-0022-public-glossary-compliance-and-platform-terms.md | Public glossary — compliance laws, roles, and platform terms | -
0023 | Accepted | 1D4BC739F75DA2691A4EB5D961FBAC587A9FAE30F7EED1DDA6ACD888CA3071DF | ADR-0023-windows-primary-dev-filename-search-everything-es-first-with-fallback.md | Windows primary dev PC filename search — Everything (`es.exe`) first, capped PowerShell fallback | -
0024 | Accepted | E26446AE3169E07E06DC1A4B608191C1056DDF559102B0ADF7419446E78D53D0 | ADR-0024-enterprise-discovery-three-complementary-tracks.md | Enterprise discovery — three complementary tracks (planning posture) | -
0025 | Accepted | 1D82CF078446E0964ADB95401AEDB3853DF77E259307E653AC93ED5942ABF15C | ADR-0025-compliance-positioning-evidence-inventory-not-legal-conclusion-engine.md | Compliance positioning: evidence and inventory, not a legal-conclusion engine | -
0026 | Accepted | 1E6864094792B2CE12581811449495439DBB5DCFB4DD3B5B15A034A89487766E | ADR-0026-optional-jurisdiction-hints-dpo-facing-heuristic-metadata-only.md | Optional jurisdiction hints (DPO-facing, heuristic, metadata-only) | -
0027 | Accepted | 7EEB8774B3C7F3819CEF1A75B62C5FDA27D80E24193FCF3251C6E64ADF6C0C04 | ADR-0027-commercial-tier-boundaries-licensing-docs-and-future-jwt-claims.md | Commercial tier boundaries — licensing docs and future JWT claims | -
0028 | Accepted | 0C929415CA0323CA7AC50E0EE9555DE6E6DDFFA29330F206E1659CF06E5241ED | ADR-0028-lab-external-connectivity-eval-playbook.md | Lab external connectivity evaluation playbook (tracked) | -
0029 | Accepted | BAF178C37B9D571A7FBD9CEF7C05EF9B989DEC31E9F29C03F9E6F80F3A2E8797 | ADR-0029-cursor-markdown-preview-guardrail-and-lab-smoke-ansible-hook.md | Cursor Markdown preview guardrail + lab-smoke Ansible hook | -
0030 | Accepted | D7808E3E4701B566CE1B49F6CBC6D1C3C8CEE4C687DA8EE1F26622EB734B558A | ADR-0030-python-dependency-update-closure-single-pass.md | Python dependency update closure (single pass) | -
0031 | Accepted | F674ED1FCB087EE0554F7E3BF2E3A99B3A6F1F7609427993CEB439EF2505EBEB | ADR-0031-pypi-packaging-hatchling-flat-layout.md | PyPI packaging with Hatchling (flat layout) | -
0032 | Accepted | A1DDC6816074E60B2FD07F92BA95D6FA8E26632C2551C4383AB16549D7131001 | ADR-0032-maturity-assessment-batch-history-sqlite.md | Maturity self-assessment: per-batch history on the dashboard HTML | -
0033 | Accepted | D4BAE560BA679D6703640B80AA1BA7C524F1873799B908B873460B86CE7C57E2 | ADR-0033-webauthn-open-relying-party-json-endpoints.md | WebAuthn open Relying Party — JSON endpoints (Phase 1) | -
0034 | Accepted | 1B864FA756F651C13C47483F1C6C574444C2426F621559AA2A0047583CA3E2C7 | ADR-0034-outbound-http-user-agent-data-boar-prospector.md | Outbound HTTP User-Agent: `DataBoar-Prospector/<version>` | -
0035 | Accepted | 7C5EF8028657A84D84FC96F864E5CA995CE61E38A9E144AFDF4CE82E53FF781E | ADR-0035-readme-stakeholder-pitch-vs-deck-vocabulary.md | README stakeholder pitch vs optional deck vocabulary | -
0036 | Accepted | 38D1D3544AA4AD9C6AA5BA50BFCBDEBFA4E804CC0F94149E4C91DBB04C622774 | ADR-0036-exception-and-log-pii-redaction-pipeline.md | Exception and log PII redaction pipeline | -
0037 | Accepted | 1CC6095A67ACACA17C813DC44169821E406672F0A3A6B82C193F0D1678926B95 | ADR-0037-data-boar-self-audit-log-governance.md | Data Boar self-audit log and governance of the auditor | -
0038 | Accepted | CF34EB72836151DA0DD8148DF06020CB0C17331DF317364CE4ABD4E175C6CEB0 | ADR-0038-jurisdictional-ambiguity-alert-dont-decide.md | Jurisdictional ambiguity: alert and inventory, do not decide law | -
0039 | Accepted | 11CF900EBE2BF9709D084D1D3D937FAF36E70223453240544038C786B6C9D7A0 | ADR-0039-retention-evidence-posture-bonded-customs-adjacent-contexts.md | Retention and evidence posture in bonded / customs-adjacent contexts | -
0040 | Accepted | EF85800736EEADF32C293AA8F08F728DB63C018930EA7AAEF2EB5E7DBDF211D0 | ADR-0040-assistant-private-stack-evidence-mirrors-default.md | Assistant default: private stack evidence mirrors without rhetorical asks | -
0041 | Accepted | ED258898EF87A9159B8C6DFB35367353BDA466751DA513E3501C3F77F7B12FB1 | ADR-0041-lab-completao-data-contract-preflight.md | Lab completão data contract preflight (optional) | -
0042 | Accepted | A23FB9FFAF01E4017713AFE4BF16B30AB651A8D0BA157E0C474F48DC7B6F8FEC | ADR-0042-lab-lessons-learned-archive-contract.md | Public LAB lessons archive + hub (dated snapshots) | -
0043 | Accepted | F01413019C3E6E155F24790211FF4CD7A4B4599A3A915D17E71C73B85DFD0097 | ADR-0043-sql-column-sampling-non-null-and-strategy-hook.md | SQL column sampling — non-null filter and strategy hook | -
0044 | Accepted | 26518A8C9DB6DC9A06713D75D47FDE3CEFDFD29A4CDFB2DBB463FBB77930EFE8 | ADR-0044-dependabot-uv-ecosystem-for-pyproject-lock-closure.md | Dependabot uses the `uv` ecosystem for Python deps (pyproject + lock closure) | -
0045 | Accepted | 6226BB8F1184C1D5A1D3BF371C25C23ACAD78CCA4AABD19327012E282622F8C2 | ADR-0045-adr-metadata-and-format-standardization.md | ADR metadata and format standardization | -
0046 | Accepted | 07CA56EB399E5F06E6A2BB19C3940FB84A3F8B425036A6CE278A35E77564FFCC | ADR-0046-operator-intent-and-blameless-collaboration.md | Operator intent and blameless collaboration posture | -
0047 | Accepted | E4BF0EAE26EA9C357D6BB1AD79ADEC52B66011C509D620A7263D7FF2A8CB9037 | ADR-0047-rca-first-defect-investigation-and-fix-discipline.md | RCA-first defect investigation and fix discipline | -
0048 | Accepted | BB07A2FC540513470844DF8B4D1609154877777E5D75E2C217A4041892637727 | ADR-0048-operator-facing-taxonomy-and-naming-contract-preservation.md | Operator-facing taxonomy and naming contract preservation | -
0049 | Accepted | 04A634D892FE07A30560FDBC04F3CEACBD710491B94E3E9B5CEE346417A7B30A | ADR-0049-no-brittle-mitigations-robust-input-handling.md | No brittle mitigations — robust input handling over symptom suppression | -
0050 | Accepted | 902D694FAE7CDEF77B48BBA352502BA550F6EE651F265B96012F1FE216DE5401 | ADR-0050-plan-document-metadata-standard.md | Plan document metadata standard | -
0051 | Accepted | 28F5BCB170C515F028A747C286420FF2A099EE39B132B9C0D0223BDD2ADF57AB | ADR-0051-incremental-filesystem-scan-file-identity-fingerprint.md | Incremental filesystem scan: file-identity fingerprint contract | -
0052 | Accepted | 1C946B32D67778A9AE6C2D38AEFC708935E6C983FB2007FC536AB85E77DC5BD2 | ADR-0052-yaml-plugin-system-centralized-schema.md | YAML-Based Plugin System: Centralized Schema and Unified Plugin File | -
0053 | Accepted | 6873B9285B0C6F4DAAFFD7673FB7A92CA871D5E947CE66120E864228EB1A2CD2 | ADR-0053-ebcdic-direct-upper-bound-and-dependabot-ignore.md | `ebcdic` direct upper-bound pin and Dependabot ignore for blocked semver-major | -
0054 | Accepted | C52B8EBA09F06CAB83FD7469F027C8DFDDDE3DE9BFED11F61DA117E78AA638DE | ADR-0054-chardet-pinned-by-cyclonedx-bom.md | Decline `chardet` semver-major bumps while `cyclonedx-bom` pins `chardet<6.0` | -
0055 | Accepted | C32CF2DF14272B351D0D68360741343027860503CB7EEB46C0768CE1A1E5C7E9 | ADR-0055-orthogonal-priority-axes-anti-collision-contract.md | Orthogonal priority axes (H/U/A/P/G/S/M) anti-collision contract | -
0056 | Accepted | 4F2A7D491D5E1D4F20E1441284C09C14FF4B5FA45DEAF012619F3577604A8F71 | ADR-0056-cryptographic-adr-inventory-inv-adr-ssh-attestation.md | Cryptographic ADR inventory (inv-adr.ps1 + SSH ed25519 attestation) | -
0057 | Accepted | 632C02C677BAE045DD1A2F4019819F59A7AE4A175330AEDF87D9673CBF15EB8A | ADR-0057-lightweight-hub-index-co-located-links.md | Lightweight hub index (co-located links, no file moves) | -
0058 | Accepted | 6CAC53E65CC1A308F25D137E1F8D58DD2A0DAB1163B66E524E6F9AAB28D80B33 | ADR-0058-primer-hub-registration-ritual.md | Primer hub registration ritual | -
0060 | Accepted | C8F73CB28A23C4212F26365C9FFC9B6507977EF224B5A0E34CCC4E9CCCA8D7EF | ADR-0060-db-lint-bandit-exclusion-risk-accepted.md | `db/` Ruff and Bandit exclusion — risk accepted (temporary) | @FabioLeitao
0061 | Accepted | F22099446FA731245A9B9FF522A22C8FD7B1C2C1C7C203A4C3C8BB347180966F | ADR-0061-u-axis-issue-suborder-and-cross-milestone-gate.md | U-axis issue sub-order and cross-milestone gate | -
0062 | Accepted | 91BF4B93F207DFF45382AF71B8D6CF64209CF3C346F9AAAD851545E627CD5EEA | ADR-0062-agent-containment-triple-audit-offband-pingpong.md | Agent containment: triple-audit offband pattern (A.I.I.D.C.O.B.P.P.) | -
0063 | Accepted | 8094D1F64C8C4415A5DBC75F6D6430550F70A1FF2F313238B89D781D1980CAAA | ADR-0063-ed25519-license-jwt-signing.md | ed25519 (EdDSA) for license JWT signing | @FabioLeitao
0064 | Proposed | F22CBA69D87526E8B17BC1B595B594FE2F0F7DF302906A198615D9CD7305B03A | ADR-0064-license-enforcement-additive-model.md | License enforcement — additive open-core + JWT Pro/Enterprise | -
0065 | Deferred | 172139DE0BA2891DB126B7058D5EF05B3BF5D7CCEBBA8DBD2D3874BDEBDD6C6C | ADR-0065-nist-sp800228a-api-security-reference.md | NIST SP 800-228A as REST API security hardening reference | -
0066 | Accepted | D55D681D1A1F7D46100ADC8236480E6E3ECDE0D00CDC645696C9760C2935AF24 | ADR-0066-tampered-state-behavior.md | TAMPERED state behavior (fail-closed in enforced mode) | -
0068 | Accepted | 4919D01BDEF50429F7F853CA082CC8A5EFE9F6A7C12D71D8FFF91EC2CAF5370C | ADR-0068-primary-linux-dev-workstation-temporary.md | Primary Linux dev workstation (temporary) | @FabioLeitao
0069 | Accepted | CED0118D6F68CA1B17B5AEC61D2048C1F523C80CB1C7D9CC905EB40FC8347133 | ADR-0069-cap-rpds-py-below-the-2026-calver-pivot.md | Cap `rpds-py` below the 2026 CalVer pivot | -
0070 | Accepted | 6027996FE7D12C83E574AD77CCAAD47541B61609C6371C9A9175F76E28BC651A | ADR-0070-primer-taxonomy-and-home.md | Primer taxonomy and home: technical/onboarding (docs/primers/) vs deliverable (docs/plans/) | -
0071 | Accepted | 8D6FB89D7247D8E353D30EF14F6C3A281C15BBED9ECF574D2955E220DA8734D8 | ADR-0071-self-protecting-pii-gate.md | Self-protecting PII gate: word-boundary matcher, CODEOWNERS, modification tripwire, sanctioned FP allowlist | @FabioLeitao
0072 | Accepted | 0BE6A85E1154BC9951A0228B5528993471FA37760B1B3B507ABC952AD0045E8C | ADR-0072-commit-gate-vs-release-gate-distinct-criteria.md | Commit Gate vs Release Gate: distinct criteria | @FabioLeitao
0073 | Accepted | 5A5FF207AE9882B2CA6C208AD600DE6A232C6E41F5D986435B572359E7E30106 | ADR-0073-version-scheme-octet-maturity-and-roadmap.md | Version scheme: octet-maturity side-channel + release-line roadmap | -
0075 | Proposed | DFB13E4514D8BBC0E5A994FA6D6649C870AF672670D951DB938DBC1BCA13E456 | ADR-0075-plugin-auth-file-based-vs-bearer.md | Plugin authentication — file-based license vs Bearer per-request | -
#
# InventoryHash: 19F09F48B298B6E2347E462743504D76D0DFFEBB01D4B56E367DB00B1CFBB5AF
