Always review or update architecture and task documentation (in `docs/`) before modifying code or configurations.

When modifying or generating Docker Compose files, validate volume paths, network bridges, and container restart policies.

Ensure that Keycloak, FreeIPA, and FreeRADIUS integration configurations include group-based access control and secure environment variables.

When working with n8n workflows, include webhook triggers, FreeIPA API steps, and notification actions.

Review the docs/full-project-plan.md and generate a mermaid diagram summarizing the architecture. Include FreeIPA, Keycloak, FreeRADIUS, n8n, Docker Host, Sophos VM, and VLAN mappings.

Generate the docker-compose service block for FreeIPA, Keycloak, FreeRADIUS, and n8n. Use bridge networking and add persistent volumes where applicable.

Create a Keycloak realm config block to support Apple and Google identity providers, and describe how to secure the client secrets using docker secrets or environment variables.

Generate an n8n workflow that listens on a webhook, then calls FreeIPA's API to register a new host using JSON-RPC, and notifies an admin via Slack.

Convert the VLAN mappings from docs/vlan-plan.md into a mermaid diagram with VLAN IDs and labels.

Add a new markdown document under docs/ called service-setup.md that walks through setting up each service in the docker stack and connecting them together.

Write a step-by-step workflow to provision a test laptop using WPA2 Enterprise and assign VLAN 201.