From 3ecb1fbfeb66f300013007e3812bb62b41c87f52 Mon Sep 17 00:00:00 2001
From: lerko96 <dev@tkoenig.simplelogin.com>
Date: Sat, 18 Apr 2026 20:16:32 -0400
Subject: [PATCH] feat(phase3): add scripts, diagrams, and lint integration

- scripts/tag.sh: CalVer validation + dual-remote push
- scripts/changelog.sh: prepend release entry to CHANGELOG
- scripts/lint-public.sh: public IP, .env, and setup file checks
- sync.sh: run lint before push
- public/assets/: Mermaid diagrams for network topology, DNS chain, auth flow
- CLAUDE.md: update current phase to Phase 3
---
 assets/auth-flow.md        | 15 +++++++++++++++
 assets/dns-chain.md        |  9 +++++++++
 assets/network-topology.md | 15 +++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 assets/auth-flow.md
 create mode 100644 assets/dns-chain.md
 create mode 100644 assets/network-topology.md

diff --git a/assets/auth-flow.md b/assets/auth-flow.md
new file mode 100644
index 0000000..acd7457
--- /dev/null
+++ b/assets/auth-flow.md
@@ -0,0 +1,15 @@
+# Authentication Flow
+
+```mermaid
+sequenceDiagram
+  User->>Caddy: HTTPS request
+  Caddy->>Authentik: Forward auth check
+  Authentik-->>Caddy: 401 if unauthenticated
+  Caddy-->>User: Redirect to auth.lerkolabs.com
+  User->>Authentik: Login (OIDC or forward auth)
+  Authentik-->>User: Session cookie
+  User->>Caddy: HTTPS request + cookie
+  Caddy->>Authentik: Forward auth check
+  Authentik-->>Caddy: 200 OK
+  Caddy->>Service: Proxy request
+```
diff --git a/assets/dns-chain.md b/assets/dns-chain.md
new file mode 100644
index 0000000..db04ef1
--- /dev/null
+++ b/assets/dns-chain.md
@@ -0,0 +1,9 @@
+# DNS Resolution Chain
+
+```mermaid
+graph LR
+  D[Device] --> PH[Pi-hole\n10.2.0.11]
+  PH --> UB[pfSense Unbound\n10.x.0.1]
+  UB --> CF[Cloudflare\n1.1.1.1]
+  PH -- "*.lerkolabs.com" --> CADDY[Caddy\n10.2.0.20]
+```
diff --git a/assets/network-topology.md b/assets/network-topology.md
new file mode 100644
index 0000000..74b8ce1
--- /dev/null
+++ b/assets/network-topology.md
@@ -0,0 +1,15 @@
+# Network Topology
+
+```mermaid
+graph TD
+  ONT[AT&T Fiber ONT] --> BGW[BGW320 IP Passthrough]
+  BGW --> PF[pfSense N100]
+  PF --> SW[Omada Switch]
+  SW --> MGMT[VLAN 1000 MGMT\n10.0.0.0/24]
+  SW --> LAN[VLAN 1010 LAN\n10.1.0.0/24]
+  SW --> HL[VLAN 1020 Homelab\n10.2.0.0/24]
+  SW --> GUEST[VLAN 1030 Guests\n10.3.0.0/24]
+  SW --> IOT[VLAN 1040 IoT\n10.4.0.0/24]
+  SW --> WFH[VLAN 1050 WFH\n10.5.0.0/24]
+  SW --> DMZ[VLAN 1 DMZ\n10.99.0.0/24]
+```