Shankar a13b4a10e2 docs: codify proxy agent pattern, sub-CA capability, IIS dual-mode design ...

Three architectural decisions from user feedback:

1. Pull-only deployment model — server never initiates outbound
   connections. Network appliances (F5, Palo Alto, FortiGate, Citrix)
   use a proxy agent in the same network zone. Added as design principle
   #2 across all docs.

2. IIS dual-mode — agent-local PowerShell (primary/recommended) + proxy
   agent WinRM (for agentless targets). Replaces the previous WinRM-only
   design. Updated connectors.md, architecture.md, demo-advanced.md.

3. Sub-CA to ADCS — Local CA can load a pre-signed CA cert+key from
   disk, so all issued certs chain to the enterprise root. Replaces the
   planned standalone ADCS issuer connector. Updated concepts.md,
   connectors.md, demo-advanced.md issuer diagram.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-20 21:45:18 -04:00

..

screenshots

docs: add 9 dashboard screenshots

2026-03-16 15:13:37 -04:00

architecture.md

docs: codify proxy agent pattern, sub-CA capability, IIS dual-mode design

2026-03-20 21:45:18 -04:00

concepts.md

docs: codify proxy agent pattern, sub-CA capability, IIS dual-mode design

2026-03-20 21:45:18 -04:00

connectors.md

docs: codify proxy agent pattern, sub-CA capability, IIS dual-mode design

2026-03-20 21:45:18 -04:00

demo-advanced.md

docs: codify proxy agent pattern, sub-CA capability, IIS dual-mode design

2026-03-20 21:45:18 -04:00

demo-guide.md

docs: update all documentation for v1.0.0 release

2026-03-20 01:43:18 -04:00

quickstart.md

docs: add 47-day cert lifespan motivation, update roadmap, cross-validate all docs

2026-03-20 19:28:02 -04:00