Hardening
Hardening is prevention — the work done so fewer things can go wrong in the first place. Firewalls and the edge router (see Software › OPNsense) limit what can be reached; hosts expose only the ports they must; experimental and life-critical workloads sit on separate networks, so a breach in one can’t walk into another.
This room collects the standing rules that reduce exposure across the enclave. It’s the counterpart to Watch: hardening tries to stop trouble, Watch notices it. Detection lives there; prevention lives here.