portfolio/CHANGELOG.md

# Changelog

## [Unreleased]

### Added

- Python tooling validation for operational scripts.
- `incident-log-summary` for general incident log summarization.
- `log-diff-checker` for pre-change and post-change log comparison.
- `auth-log-audit` for Linux authentication log review.
- `jvm-log-analyzer` for JVM application log summaries.
- `journal-analyzer` for exported `journalctl` log review.
- `known-error-matcher` with JSON-based known error patterns.
- Standalone Bash incident checks for CPU, memory/OOM, service restart loops, failed SSH logins, certificate expiry, DNS connectivity, NTP drift, read-only filesystems, inode usage, and JVM process diagnostics.
- Repository-level Codex guidance:
  - `AGENTS.md`
  - `docs/codex/README.md`
  - `docs/codex/review-checklist.md`
  - `docs/codex/task-template.md`
  - `docs/codex/plans-template.md`
- Lightweight validation helpers:
  - `scripts/validate-repo.sh`
  - `scripts/check-bash.sh`
  - `scripts/check-ansible.sh`
  - `scripts/check-docs.sh`
- Cross-repository operational documentation structure:
  - `infra-run/docs/operations-cheatsheet.md`
  - `platform-projects/docs/platform-cheatsheet.md`
  - `labs/docs/lab-cheatsheet.md`
- Production-oriented Linux/Unix operations reference with incident workflows, storage and networking checks, SSL/TLS notes, AIX commands, automation safety patterns, Ansible operational usage, and observability quick-reference.
- SELinux operational coverage for mode checks, context inspection, AVC audit review, persistent relabel workflow, booleans, and SELinux-specific incident response.
- Selected baseline Ansible hardening automation:
  - RHEL 9 role and playbook.
  - Debian 13 / Ubuntu 26.04 role and playbook.
  - IBM AIX 7 role and playbook.
- Shared sanitized Ansible inventory defaults for Linux and AIX examples.
- Role-level task structure covering pre-checks, SSH, sudo, auditing, logging, services, filesystem controls, platform-specific settings, handlers, and post-check validation.

### Changed

- Updated root, `infra-run`, Bash, Ansible, platform, and lab README guidance for safety-first usage, validation, and future Codex-driven work.
- Updated repository and `infra-run` README files to surface the new documentation structure and operational cheatsheets.
- Updated repository, `infra-run`, and Ansible README files to describe the new hardening automation instead of placeholder-only Ansible structure.
- Updated Python tooling documentation and repository roadmap.
- Integrated Python syntax validation into repository validation workflow and CI.

### Notes

- Hardening content covers selected baseline controls and intended for portfolio/lab use; live use requires environment-specific review and validation.

## [Initial Version]

### Added

- Repository structure:
  - `infra-run`
  - `platform-projects`
  - `labs`
- Linux operations Bash toolkit under `infra-run/scripts/bash/os-healthcheck/`:
  - healthcheck
  - disk usage checks
  - service checks
  - system reporting
- Disk full incident toolkit:
  - disk analysis
  - large files detection
  - deleted open files detection
  - safe cleanup suggestions
- Network troubleshooting script under `infra-run/scripts/bash/os-healthcheck/`:
  - interface, routing, DNS, connectivity checks
- Veritas storage toolkit:
  - VxVM disk detection
  - diskgroup extension
  - volume/filesystem resize
  - VCS freeze/unfreeze workflow
- GPFS storage toolkit:
  - cluster validation
  - NSD planning
  - filesystem expansion
  - rebalance
- Runbook-style structure and step-based execution.

### Changed

- Moved Linux operations scripts into `infra-run/scripts/bash/os-healthcheck/` to keep host health and troubleshooting checks grouped together.

### Notes

- All scripts default to dry-run where change actions are present.
- Designed for safety and readability.
- No destructive actions without explicit confirmation.