TODOs & Backlog

Adopt generic commit messages — never name tools (Wazuh, K3s, ISE) in git log

Consider pre-commit hook rejecting messages containing infrastructure tool names

Enable commit signing (git config commit.gpgsign true or SSH signing)

Verify gitleaks runs as pre-commit hook (not just config file)

Add rotation tracking — dsec stale command or rotation-schedule.yaml.age

Add dsec smoke test suite (test-dsec.sh with dummy domain)

Standardize commit convention (conventional commits)

Tag significant milestones as recovery anchors

Acknowledge documents/ dual-purpose scope in README