From 6152acd2853410baa88218f5eb945fed78ff94ff Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Tue, 23 Jun 2026 23:39:29 -0400
Subject: docs(todo): close security dashboard command (shipped)

---
 todo.org | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/todo.org b/todo.org
index b1dcc67..ec4ea02 100644
--- a/todo.org
+++ b/todo.org
@@ -686,11 +686,12 @@ Priority C because snapshot-based testing meets current needs
 :END:
 Practical guidelines for working in public spaces
 
-** TODO [#C] Build security dashboard command :solo:
+** DONE [#C] Build security dashboard command :solo:
+CLOSED: [2026-06-23 Tue]
 :PROPERTIES:
 :LAST_REVIEWED: 2026-05-21
 :END:
-Single command shows: encryption status, firewall status, open ports, running services
+Shipped 2026-06-23 as dotfiles commit =1b9b205=: =security-status= (=common/.local/bin=, on PATH). Read-only dashboard showing disk encryption (LUKS *and* ZFS native — the fleet runs ZFS, so a LUKS-only check would have falsely reported "no encryption"), ufw state, externally-reachable ports (counts all listening, lists only the non-loopback exposures), and running/failed service counts. Command lookups are env-overridable; parsing covered by unit tests against canned output. New file, so ratio needs =git pull && make stow hyprland= to link it.
 
 ** VERIFY [#C] Evaluate modern CLI tool replacements
 :PROPERTIES:
-- 
cgit v1.2.3