karvey-infralisted

# Karvey Infra ## Purpose Generate and configure the **cloud infrastructure (IaC)** and the **CI/CD pipelines** from the "Cloud Infrastructure" section of the change's `architecture.md`. This is **PHASE 6** of the Karvey Method, between `karvey-architecture` (PHASE 5) and `karvey-tasks` (PHASE 7). The phase is **idempotent over existing infra**: it never recreates what is already there, it only creates what is missing or modifies what is needed. It includes an **infra security review** as a gate, and respects the team's deployment flow (deploy via pipeline, never manual). ## Execution steps ### Step 1 — Load context Read in parallel: - `docs/spec/changes/{change-id}/spec.json` (especially `security_tier`, `layers`, `management`) - `docs/spec/changes/{change-id}/architecture.md` (especially the **"## Cloud Infrastructure"** section: which services from which cloud) - `docs/spec/project.json` (fields `git_platform`, `cloud.provider`, `iac_tool`, `repos`, `spec_repo`, `branch_flow`) - Shared rules: `rules/project-config.md`, `rules/deploy-workflow.md`, `rules/changelog-policy.md`, `rules/knowledge-sync.md`, `rules/security-tiers.md` Entry checks: - If `docs/spec/project.json` **does not exist** → **stop** and indicate to run `karvey-init` first (see `project-config.md`). - Verify `approvals.architecture.approved = true`. If it is **not** approved → **stop**: the architecture must be approved before generating infra. ### Step 2 — Discovery of existing infra (idempotency)