{"results":[{"id":"async-api-poll-convergence-pattern","text":"Hetzner Cloud API operations are asynchronous with action tracking — the CLI polls at 500ms intervals and the Go SDK requires explicit `WaitFor()` calls, establishing a converge-and-poll pattern as the standard automation idiom.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"async-propagates-through-automation-stack","text":"Hetzner's asynchronous API design propagates through the entire automation stack — CLI polls at 500ms intervals, Go SDK requires explicit WaitFor() calls, and Terraform (built on hcloud-go) inherits the same async convergence requirement — making action completion handling a universal automation concern.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"automated-incident-response-doubly-blocked","text":"Automated incident response on Hetzner is blocked at both ends of the detection-recovery pipeline — platform metrics remain ALPHA (inadequate for automated alerting and anomaly detection) while server recovery requires explicit multi-step manual intervention (enable rescue, separate reboot, SSH key reconfiguration), creating a full-stack gap that external tooling must bridge at both detection AND remediation layers simultaneously.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"automated-recovery-impossible-without-external-tooling","text":"Automated server recovery is impossible without comprehensive external tooling — rescue mode requires manual multi-step intervention (explicit reboot, per-attempt SSH key setup, type selection) while the broader safety model is fundamentally user-responsible (explicit backup strategy, shallow protection flags), creating a gap where no platform-native path exists from failure detection to restored operation.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"automation-must-bridge-api-paradigm-gap","text":"Full Hetzner automation requires tools that bridge fundamentally different API paradigms — modern JSON/Bearer token (Cloud) vs legacy URL-encoded/Basic Auth (Robot) — across three toolchain layers (CLI, SDK, IaC), making unified abstraction a prerequisite for multi-product management.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"billing-traps-invisible-without-external-monitoring","text":"Hetzner's billing traps (powered-off server charges, IPv4 idle costs, 64KB minimum object billing, empty bucket charges) pervade all products but are invisible to users relying on platform-native monitoring — since both server and load balancer metrics remain ALPHA, detecting cost anomalies from idle or misconfigured resources requires external billing instrumentation.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ccm-dev-requires-opentofu-k3sup-docker-skaffold","text":"CCM development environment requires OpenTofu, k3sup, Docker, and Skaffold.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ccm-robot-env-vars","text":"Robot API integration requires `ROBOT_ENABLED=true`, `ROBOT_USER`, and `ROBOT_PASSWORD` environment variables.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cost-optimization-requires-location-aware-architecture","text":"Cost optimization on Hetzner is inseparable from architecture — the 40x regional traffic asymmetry makes location selection a billing decision, while resource binding (volumes, IPs, networks) makes location selection an architectural commitment, so cost-efficient architectures must account for location as a first-class design parameter from day one rather than treating it as a deployment detail.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"csi-driver-min-k8s-1-19","text":"The Hetzner Cloud CSI driver requires Kubernetes 1.19 or newer.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"data-migration-between-locations-impossible","text":"Hetzner resources are location-coupled (servers, volumes, networks bound to their creation location), meaning moving workloads between locations requires recreating resources rather than migrating them in place.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"data-protection-requires-explicit-strategy","text":"Server operations include destructive paths (rebuild replaces root disk, poweroff/reset are non-graceful) and Hetzner's two data protection strategies have inverse cost/control tradeoffs (automatic backups: simple but capped at 7; snapshots: flexible but manual and per-GB), meaning data protection requires deliberate architectural decisions — there is no implicit safety net covering both convenience and retention depth.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-rule-direction-determines-ip-flag","text":"Firewall rule direction determines the required IP flag: `in` requires `--source-ips`, `out` requires `--destination-ips`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-lb-create-required-flags","text":"`hcloud load-balancer create` requires both `--name` and `--type` flags.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-lb-private-ip-requires-shared-network","text":"Using `--use-private-ip` for Load Balancer targets requires the load balancer to be attached to a network that the target is also part of.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-lb-tcp-requires-ports","text":"TCP protocol services require both `--listen-port` and `--destination-port` flags; HTTPS requires `--http-certificates`; HTTP needs only `--protocol`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-network-add-route-requires-destination-and-gateway","text":"The `hcloud network add-route` command requires both `--destination` (CIDR notation) and `--gateway` (single IP) flags.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-network-add-subnet-requires-type-and-network-zone","text":"The `hcloud network add-subnet` command requires `--type` and `--network-zone` as mandatory flags.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-network-create-requires-name-and-ip-range","text":"The `hcloud network create` command requires `--name` and `--ip-range` as mandatory flags.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-network-subnet-vswitch-requires-vswitch-id","text":"The `--vswitch-id` flag is required when subnet type is `vswitch` and only relevant for that type.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":43,"limit":20,"offset":0}