tracking: next-step improvements - Rocket.Chat (admin/rocketchat)

[hyde-repo]

tracking: training-readiness gaps - Rocket.Chat (admin/rocketchat)

Umbrella: TBD
Wave: WAVE_04 (since TBD)
Cross-repo umbrellas: TBD

Planning checklist : items to scope and integrate on this element before it
can be exposed to students.

Scope to cover

• HTTPS support : self-signed cert auto-generated at first boot
• Slot for operator-provided signed cert (volume mount or env)
• Pre-defined teams (e.g. trainees, instructors)
• Pre-defined channels (e.g. #general, #help, #soc, #incidents)
• Player-team layer : list-driven default set (suggested : blue/red/yellow/purple x 1-4 = 16 player-teams ; the list is configurable, not hard-coded) - one dedicated channel per player-team
• Pre-created users carry a player_team assignment at provisioning - they auto-join the channel of their assigned player-team
• Auto-join config : declarative mapping <user-group OR player-team> -> [channels...] so members are pre-joined on first login
• Bot account with known credentials / token, surfaced via make tokens
• 1 incoming webhook example pre-configured on a known channel
• Pre-installed Apps : GitHub / GitLab integration, Jitsi (voice/video)
• SSO via Gitea OAuth/OIDC (admin + user accounts delegate auth to the standalone Gitea instance) ; blocked by the Gitea OAuth-provider item in the Gitea (admin/gitea) tracking issue landing first
• Channel discussions / threads pre-seeded (sample reply chains)
• Channel announcements set with welcome rules
• Custom user status set (in-incident, focus, debrief)
• Read-only #announcements channel (one-way operator broadcast)
• Engagement Dashboard pre-configured (activity heatmap for instructors)
• OAuth client config : Rocket.Chat as IDP for other tools if needed (mirror of the Gitea SSO direction)
• Channel filters / banned-words regex (moderation training)
• Rate-limit policy per user (anti-spam training)
• File-upload allowlist (size + types per channel)
• Webhook integration with the doc pipeline (announce in #general on doc-gen completion)
• Custom branding (logo, primary colour, footer text)
• Department / team hierarchy (org-chart navigation for trainees)
• Custom OAuth scope config (advanced SSO labs)
• Emit rocketchat-credentials.json per the shared training-doc credentials schema (defined in the "training-doc pipeline" tracking issue on range42/range42-playbooks) ; service_specific includes channels, bot_account, player_team, auto_joined_channels

Deferred (tracked here for context, not for this iteration)

(no deferred items at this iteration)