Runbooks
Operational procedures for the SecurityV0 team and platform.
Active Runbooks
| Runbook | Focus |
|---|---|
| Authentication, end-to-end | Start here for any auth question. Single overview tying together the human cookie flow and the agent/machine bearer flows, the four-middleware pipeline, the Cloudflare Access perimeter, and which doc to read next for the deep-dive. |
| Agent and M2M Authentication | "I'm an agent / CI job / connector — how do I auth?" Quick-reference covering the three live machine-auth paths (staff CLI device_code, CI M2M Connect App, connector API key) with curl examples. |
| Claude Code Onboarding | Start here for new developers. Full setup guide — repos, sv0-skills symlinks, MCP servers, hooks, VS Code workspace. |
| Team Workflow and Task Tracking | How the team coordinates work. GitHub Projects + Slack + automation. Prevents duplicate work, separates research / implementation / infrastructure. |
| Claude Code Extensions Registry | Canonical list of all plugins, skills, agents, MCP servers, and hooks across SecurityV0 repos. |
| Claude Code Best Practices | Team-shareable lessons learned from March 2026 sprint -- cross-file verification, implementation discipline, sprint review workflow, common pitfalls. |
| Project Statistics | Operational metrics — commits, code size, Claude Code usage, token costs, subscription analysis, developer-equivalent comparisons. Updated periodically. |
| Git Workflow, Branching, and Worktrees | Branching strategy, worktree usage for multi-agent parallelism, protected branch rules, and .claude/settings.json git safety configuration. |
| Obsidian Setup and Workflow | How to open the repo as an Obsidian vault, required plugins, graph view, Dataview queries, and YAML frontmatter field reference. For both developers and product owners. |
| Workspace and Session Layout | Directory layout, where to start Claude Code sessions, VS Code multi-root workspace, and using worktrees for parallel work on the same repo. |
| Provisioning a personal-agent (DEPRECATED) | The personal-agent bridge was deleted in sv0-platform PR-B (#826). This runbook is a deprecation stub — for headless agent access, use the Agent and M2M Authentication paths instead. |
| IaC Drift and Emergency Changes | When dashboard changes are allowed, the three reconciliation paths (accept / revert / allowlist), the emergency dashboard playbook, and which resource fields are intentionally drift-immune via lifecycle.ignore_changes. Companion to ADR-019. |
| Cross-Env Tenant Reconciliation | How to bring the SV0-owned tenant set (names / classes / descriptions / status) into line across dev, dev-azure, and staging with the apply-canonical-tenants reconciler — the 3-step rename→create→reconcile model, per-env Mongo access (Hetzner SSH, Azure cloudflared, staging Atlas + IP allowlist), and dry-run-then-apply discipline. |
Planned Runbooks
- Deployment — How to deploy SecurityV0 components
- Connector Operations — Managing connector syncs, troubleshooting failures
- Database Operations — MongoDB backup, restore, monitoring
- Incident Response — Handling platform issues
Planned Tooling
/statsClaude Code skill — Automated project statistics collection. Runsgit log,wc -l, and Claude conversation JSONL parsing to produce a monthly snapshot of commits, code size, Claude Code usage, and token consumption. Could serve as a team performance indicator over time. See Project Statistics for the current manual snapshot.