docs: convert all 9 ASCII diagrams to mermaid

Audit of docs/ found 32 diagrams: 23 already in mermaid, 9 in ASCII art (box-drawing chars / +-pipe boxes). Converting all 9 to mermaid so GitHub renders them as actual diagrams in the docs preview. Files affected (9 diagram blocks across 6 files): docs/architecture.md block 1 line 706 EST request flow docs/architecture.md block 2 line 798 SCEP request flow docs/architecture.md block 3 line 893 Per-profile TrustAnchor + Intune challenge dispatch docs/architecture.md block 4 line 935 signer.Driver interface + 4 implementations docs/ci-pipeline.md block 1 line 20 On-push pipeline tree docs/est.md block 1 line 254 WiFi 802.1X / EAP-TLS flow docs/legacy-est-scep.md block 1 line 40 TLS-version-bridging proxy docs/qa-test-guide.md block 1 line 41 qa_test.go to demo stack docs/scep-intune.md block 1 line 39 Intune cloud chain Conversion notes: - Linear flows → flowchart TD/LR. Per-step annotations that the ASCII had as floating text between arrows are now edge labels — cleaner and easier to read. - architecture.md block 4 (signer drivers) → flowchart LR with a subgraph for the Driver interface. Cleaner than a class diagram for the "code uses one of these implementations" semantics. - ci-pipeline.md tree → flowchart TD. Adds a dotted '-.depends on.->' arrow making the go-build-and-test → deploy-vendor-e2e dependency visually obvious (was a parenthetical in the ASCII). - est.md WiFi/RADIUS → flowchart LR with EAP, Radius, trusts, and EST as four distinct labeled arrows. The 'trusts' annotation was floating off to the side in the ASCII; now it's the arrow label between Radius and certctl CA. - All semantic detail preserved: every node label, arrow direction, inline annotation, and multi-line cell content carries through. Verified: post-conversion audit shows 32 mermaid blocks, 0 ASCII. Diff is symmetric — 108 inserts, 123 deletes — because mermaid is slightly more compact than the box-drawing characters it replaces. GitHub renders mermaid blocks natively in markdown previews since 2022, so all 9 diagrams now render as real flowcharts in the docs view rather than as monospaced character art.
2026-06-07 17:12:04 +00:00 · 2026-05-01 05:09:00 +00:00
parent 2643a427ac
commit dcd82d062f
6 changed files with 108 additions and 123 deletions
@@ -251,20 +251,16 @@ This recipe stands up an EAP-TLS-authenticated corporate WiFi network
 where certctl issues every device certificate via EST. End-to-end
 flow:

-```
-┌─────────────┐      ┌──────────────────┐      ┌─────────────┐
-│ Laptop /    │ EAP  │ WiFi access      │ Radius│ FreeRADIUS  │
-│ supplicant  │─────▶│ point (NAS)      │──────▶│ (validate   │
-│ (wpa_       │      │                  │      │  cert chain)│
-│  supplicant │      └──────────────────┘      └──────┬──────┘
-│  / iwd /    │                                       │
-│  Apple WiFi)│                                       │ trusts
-└──────┬──────┘                                       ▼
-       │ EST (one-time, then renewal)         ┌─────────────┐
-       │ /simpleenroll, /simplereenroll       │ certctl CA  │
-       └────────────────────────────────────▶│ (EST profile│
-                                              │  "wifi")    │
-                                              └─────────────┘
+```mermaid
+flowchart LR
+    Laptop["Laptop / supplicant<br/>(wpa_supplicant / iwd / Apple WiFi)"]
+    AP["WiFi access point (NAS)"]
+    Radius["FreeRADIUS<br/>(validate cert chain)"]
+    CA["certctl CA<br/>(EST profile 'wifi')"]
+    Laptop -->|EAP| AP
+    AP -->|Radius| Radius
+    Radius -.->|trusts| CA
+    Laptop -->|"EST: /simpleenroll, /simplereenroll<br/>(one-time, then renewal)"| CA
 ```

 ### certctl-side: EST profile config for 802.1X