ADR-0008: CanEast naming convention for public-facing documentation¶
Status¶
Accepted — 2026-03-31
Context¶
The peries.ca portfolio site will publish documentation and architecture diagrams from the Archon platform. Exposing real hostnames, IP addresses, and port assignments creates an unnecessary attack surface.
Decision¶
All public-facing documentation uses CanEast as the platform alias with sanitized substitutions:
| Real | Public |
|---|---|
| caneast-c1-node2, caneast-c1-node3 | compute-node-01, compute-node-02 |
| 192.168.2.x | 10.x.x.0/24 (network/mask only) |
| Real port numbers | Functional description (e.g., "monitoring stack") |
| CanEast Workstation, CanEast Server | "x86 compute nodes" |
| CAE prefix | CanEast region prefix |
Internal documentation (caneast-c1-node2:[INTERNAL]) uses real names and IPs. Only the MkDocs public layer for peries.ca uses CanEast naming.
Alternatives Considered¶
Full redaction — Removes too much context, diagrams become unreadable.
Real names in public docs — Unacceptable security posture for an internet-facing portfolio.
Generic names (node1, node2) — Less memorable and less enterprise-sounding than CanEast.
Consequences¶
- Two documentation layers: internal (real) and public (CanEast)
- Any automation agent updating docs must know which layer it is writing to
- Future: pipeline to auto-sanitize internal docs for public publish
References¶
- peries.ca (Cloudflare, REDACTED registrar)
- archon-docs MkDocs Material, caneast-c1-node2:[INTERNAL]