- add explicit Windows ATVM guest credential references alongside the existing Linux target defaults
- update the ATVM automation guide and AGENTS rules so Linux SSH uses ATVM_TARGET_* while Windows guest access uses ATVM_WINDOWS_TARGET_*
- update the CDS MCP CMC install and VMware workflow docs to distinguish Linux and Windows credential usage for the shared ATVM target IP
- update the VM lookup reference so common VM credentials list both Linux and Windows target variables
- add the per-run ATVM watcher service package under atvm/watcher-service, including the Python watcher, systemd template unit, helper scripts, and deployment docs
- document the watcher-service install and operating model, including one-run-per-instance behavior, Mattermost posting rules, and the best-practice /opt/atvm-watcher-service install path
- clarify ATVM run approval semantics so `approve` means run without watcher and `approve with watcher` means run and start the watcher
- update the ATVM automation guide and AGENTS rules so watcher usage and approval behavior are explicit and consistent
- update the ATVM status template so the HOSTS: table includes a Kernel column after Host
- document that kernel values should be resolved by cross-referencing hostnames in atvm/inventory/vm-inventory.md
- document that unknown should be used when a kernel value cannot be verified from the VM inventory
- align the ATVM automation guide so local status output and Mattermost posts use the kernel-aware host table
- update the ATVM status template to include COVERAGE: and FUNCTIONALLY: sections ahead of the existing summary tables
- document that COVERAGE: should describe intended run scope without listing target hosts
- document that FUNCTIONALLY: should summarize the intended workflow steps at a high level
- align the ATVM automation guide so local status output and Mattermost posts use the expanded default format
- remove hardcoded credentials, tokens, registration codes, and similar secret values from tracked ATVM and CDS MCP docs
- replace those values with references to /home/aw/code/cds/.env.credentials.local and the corresponding environment variable names
- update current operator guides to instruct sourcing .env.credentials.local before credential-dependent setup and automation workflows
- update the ATVM setup scripts to consume ATVM_TARGET_PASSWORD from the environment instead of hardcoding the Ubuntu root SSH password
- scrub the remaining tracked artifact log entry that still included the old CMC registration code
- keep the local-only credential inventory in .env.credentials.local while leaving that file untracked
- change ATVM status formatting to the approved Markdown-table template with SUMMARY:, HOSTS:, TIMING:, and NOTES:
- document that normal status requests print locally only unless explicitly asked to send to Mattermost
- document Mattermost defaults and posting rules, including only sending after full run completion
- document the controller-side systemd watcher design for future automation
- add the secrets migration/cleanup review doc
- ignore .env.credentials.local in git and reflect the move toward using that local credentials file instead of hardcoded secrets
Restructure the ATVM folder to separate executable scripts from workflow documentation and long-form environment reference material.
Move setup and automation scripts into scripts/, move setup and automation guides into docs/, add top-level README and workflow conventions, and organize durable environment details into inventory/ while preserving the original long-form ATVM notes under archive/imported-notes/.
Update internal documentation paths to match the new layout and remove the archived Zone.Identifier metadata file.
