Merge pull request #2342 from jimthompson5802/iss-2017-migrate-aoc-part2

feat(docs): Migrate Days 8 to 20 to calm.finos.org Learning section

Author: rocketstack-matt

docs/docs/tutorials/beginner/07-complete-architecture.md

@@ -246,6 +246,7 @@ Your e-commerce architecture should look something like this:
 🎉 **Congratulations!** You've completed the beginner tutorials and can now model complete architectures with CALM.
 
 **Continue Learning:**
+- Continue with the **Intermediate** level tutorials.
 - Explore the [Core Concepts](../../core-concepts/) for deeper understanding
 - Check out [Working with CALM](../../working-with-calm/) for CLI and tooling details
 - Join the [FINOS Architecture as Code community](https://github.com/finos/architecture-as-code/discussions)

docs/docs/tutorials/index.md

@@ -15,27 +15,44 @@ Welcome to the CALM learning path! These tutorials take you from zero CALM knowl
 │                         YOUR CALM LEARNING PATH                             │
 ├─────────────────────────────────────────────────────────────────────────────┤
 │                                                                             │
-│   BEGINNER TUTORIALS                                                        │
+│   🟢 BEGINNER TUTORIALS                                                     │
 │   ├── Setup & CLI                                                           │
 │   ├── First Node                                                            │
 │   ├── Relationships                                                         │
 │   ├── VSCode Extension                                                      │
 │   ├── Interfaces                                                            │
 │   ├── Metadata                                                              │
 │   └── Complete Architecture                                                 │
-│                                                                             │
-│   PRACTITIONER TUTORIAL                                                     │
+│                          │                                                  │
+│                          ▼                                                  │
+│   🟡 INTERMEDIATE TUTORIALS                                                 │
+│   ├── Controls                                                              │
+│   ├── Business Flows                                                        │
+│   ├── ADR Linking                                                           │
+│   ├── Docify                                                                │
+│   ├── CALM Widgets                                                          │
+│   ├── Handlebars Templates                                                  │
+│   ├── AI Advisor                                                            │
+│   ├── Ops Advisor                                                           │
+│   ├── Ops Documentation                                                     │
+│   ├── Patterns                                                              │
+│   ├── Standards                                                             │
+│   ├── Enforcing Standards                                                   │
+│   └── Multi-Pattern Validation                                              │
+│                          │                                                  │
+│                          ▼                                                  │
+│   🛠️ PRACTITIONER TUTORIAL                                                  │
 │   ├── Tool Setup                                                            │
 │   ├── Understand the Business Context                                       │
 │   ├── Define Initial Architecture                                           │
 │   ├── Refine Architecture Definition                                        │
-│   ├── Generate Architecture Documentation                                  │
+│   ├── Generate Architecture Documentation                                   │
 │   └── Key Takeaways                                                         │
 │                                                                             │
 └─────────────────────────────────────────────────────────────────────────────┘
 ```
 
-## Start Here: Beginner Tutorials
+## Start Here: Beginner
 
 ### 🟢 Beginner Tutorials
 
@@ -49,11 +66,7 @@ Learn the core building blocks of CALM architectures:
 
 **Time commitment:** ~15-45 minutes per tutorial
 
-[Start with Beginner Tutorials →](./beginner/)
-
----
-
-## Prerequisites
+### Prerequisites
 
 Before you begin, make sure you have:
 
@@ -62,30 +75,84 @@ Before you begin, make sure you have:
 - **VSCode** editor (version 1.96+)
 - **GitHub Copilot** access (optional but recommended, requires VSCode 1.106+)
 
-## Getting Started
+### Getting Started
 
 1. **[Start with Setup & CLI](./beginner/01-setup)** — Set up your CALM workspace and tools
 2. **Work through each tutorial** — They build on each other progressively
 3. **Ask questions** — Join the [FINOS Architecture as Code community](https://github.com/finos/architecture-as-code/discussions)
 
-## Skills You'll Acquire
+### Skills You'll Acquire
 
-By completing all tutorials, you'll be able to:
+By completing all beginner tutorials, you'll be able to:
 
 ✅ **Create** complete architecture documents from scratch  
 ✅ **Model** nodes, relationships, interfaces, and metadata  
 ✅ **Use** the VSCode extension for visualization  
 ✅ **Build** realistic multi-service architectures  
 
-Ready to begin? [Start your CALM journey →](beginner/01-setup)
+[Start your CALM journey →](./beginner/01-setup)
+
+---
+
+## Start Here: Intermediate
+
+### 🟡 Intermediate Tutorials
+
+**Complete the Beginner Tutorials before starting here**
+
+Go beyond the basics and learn how to build richer, governance-ready architectures:
+- Adding controls and business flows to architectures
+- Linking Architecture Decision Records (ADRs)
+- Publishing architecture docs with `docify`
+- Building custom templates and widgets
+- Using CALM as an AI-powered advisor
+- Creating reusable Patterns and organizational Standards
+- Enforcing compliance with multi-pattern validation
+
+**Time commitment:** ~30-60 minutes per tutorial
+
+### Prerequisites
+
+- **Completed all Beginner Tutorials** (see [Start Here: Beginner](#start-here-beginner) above)
+
+### Getting Started
+
+1. **[Start with Controls](./intermediate/08-controls)** — Add governance controls to your architecture
+2. **Work through each tutorial** — They build on each other progressively
+3. **Ask questions** — Join the [FINOS Architecture as Code community](https://github.com/finos/architecture-as-code/discussions)
+
+### Skills You'll Acquire
+
+By completing all intermediate tutorials, you'll be able to:
+
+✅ **Add** controls and business flows to architectures  
+✅ **Link** Architecture Decision Records (ADRs) to architecture elements  
+✅ **Publish** architecture documentation using `docify`  
+✅ **Build** custom templates and widgets for visualization  
+✅ **Use** CALM as an AI-powered architecture advisor  
+✅ **Create** reusable Patterns and organizational Standards  
+✅ **Enforce** compliance through multi-pattern validation  
+
+[Start Intermediate Tutorials →](./intermediate/)
+
+---
 
 ## Start Here: Practitioner
 
 ### 🛠️ Practitioner Tutorial
 
-**Some CALM knowledge required, similar to what is covered in the Beginner tutorial.**
+**Some CALM knowledge required, similar to what is covered in the Beginner and Intermediate tutorials.**
+
+Apply your CALM knowledge to build a complete, real-world architecture end-to-end with AI assistance:
+- Setting up your practitioner toolset
+- Understanding business context for architecture decisions
+- Defining and refining an initial architecture
+- Generating architecture documentation
+- Applying key takeaways for future projects
 
-## Prerequisites
+**Time commitment:** ~2-3 hours for the complete tutorial
+
+### Prerequisites
 
 Before you begin, make sure you have:
 
@@ -95,13 +162,19 @@ Before you begin, make sure you have:
 - **CALM AI Assistant** Copilot, Claude or KIRO AI Assistant is enabled
 - **calm cli** installed
 
-## Skills You'll Acquire
+### Getting Started
+
+1. **[Start with Tool Setup](./build-a-calm-architecture/tool-setup)** — Configure your practitioner environment
+2. **Work through each section** — They build a complete architecture from start to finish
+3. **Ask questions** — Join the [FINOS Architecture as Code community](https://github.com/finos/architecture-as-code/discussions)
+
+### Skills You'll Acquire
 
 By completing this tutorial, you'll see how to use the CALM AI Assistant to:
 
 ✅ **Create** complete architecture document from a business design  
 ✅ **Enhance** definition of nodes, relationships, interfaces, and metadata with organizational specific information  
-✅ **Use** the VSCode extension for visualization   
+✅ **Use** the VSCode extension for visualization  
 ✅ **Generate** views of the architecture  
 ✅ **Learn** best practices in working with CALM architectures  
 

docs/docs/tutorials/intermediate/08-controls.md

@@ -0,0 +1,171 @@
+---
+id: 08-controls
+title: "Controls for Non-Functional Requirements"
+sidebar_position: 2
+---
+
+# Controls for Non-Functional Requirements
+
+🟡 **Difficulty:** Intermediate | ⏱️ **Time:** 30-45 minutes
+
+## Overview
+
+Document security, performance, and compliance requirements using CALM's controls feature to capture non-functional requirements (NFRs).
+
+## Learning Objectives
+
+By the end of this tutorial, you will:
+- Understand the structure of CALM controls
+- Add architecture-level and node-level controls
+- Distinguish between inline `config` and external `config-url` implementations
+- Know which control domains are available (security, compliance, performance, operational)
+
+## Prerequisites
+
+Complete the [Beginner Tutorials](../beginner/07-complete-architecture) section first. You will need your `architectures/ecommerce-platform.json` from the [Build a Complete Architecture](../beginner/07-complete-architecture) lesson.
+
+## Step-by-Step Guide
+
+### 1. Understand Controls
+
+Controls in CALM consist of:
+- **Domain key:** Category (e.g., `security`, `compliance`, `performance`, `operational`)
+- **Description:** What the control addresses
+- **Requirements:** Array of requirement specifications with:
+  - `requirement-url`: Link to the requirement definition
+  - Plus ONE of:
+    - `config-url`: Link to external configuration, OR
+    - `config`: Inline configuration object
+
+> **Important:** Each requirement MUST specify how it's implemented — either via `config-url` or inline `config`. This enforces that controls are not just declared but actually configured.
+
+Controls can be applied at multiple levels:
+- **Architecture level:** Apply to the entire system
+- **Node level:** Apply to specific components
+- **Relationship level:** Apply to specific connections between components
+- **Flow level:** Apply to business processes and data flows
+
+### 2. Add an Architecture-Level Security Control
+
+Open your `architectures/ecommerce-platform.json` from the [Build a Complete Architecture](../beginner/07-complete-architecture) lesson.
+
+**Prompt:**
+```text
+Add a controls section at the top level of architectures/ecommerce-platform.json
+
+Add a "security" control with:
+- description: "Data encryption and secure communication requirements"
+- requirements array with two items:
+  1. requirement-url: "https://internal-policy.example.com/security/encryption-at-rest"
+     config (inline): { "algorithm": "AES-256", "scope": "all-data-stores" }
+  2. requirement-url: "https://internal-policy.example.com/security/tls-1-3-minimum"
+     config-url: "https://configs.example.com/security/tls-config.yaml"
+
+Place it after the metadata section and before nodes.
+```
+
+### 3. Add an Architecture-Level Performance Control
+
+**Prompt:**
+```text
+Add a "performance" control at the architecture level of architectures/ecommerce-platform.json
+
+Add with:
+- description: "System-wide performance and scalability requirements"
+- requirements array with two items:
+  1. requirement-url: "https://internal-policy.example.com/performance/response-time-sla"
+     config (inline): { "p99-latency-ms": 200, "p95-latency-ms": 100 }
+  2. requirement-url: "https://internal-policy.example.com/performance/availability-target"
+     config-url: "https://configs.example.com/infra/ha-config.yaml"
+
+Place it alongside the security control in the controls section.
+```
+
+### 4. Add a Node-Level Compliance Control
+
+Add a control to the `payment-service` node.
+
+**Prompt:**
+```text
+Add a controls section to the payment-service node in architectures/ecommerce-platform.json
+
+Add a "compliance" control with:
+- description: "PCI-DSS compliance for payment processing"
+- requirements array with one item:
+  - requirement-url: "https://www.pcisecuritystandards.org/documents/PCI-DSS-v4.0"
+    config-url: "https://configs.example.com/compliance/pci-dss-config.json"
+```
+
+### 5. Add a Node-Level Performance Control
+
+Add a performance control to the `api-gateway` node.
+
+**Prompt:**
+```text
+Add a controls section to the api-gateway node in architectures/ecommerce-platform.json
+
+Add a "performance" control with:
+- description: "API Gateway rate limiting and caching requirements"
+- requirements array with two items:
+  1. requirement-url: "https://internal-policy.example.com/performance/rate-limiting"
+     config-url: "https://configs.example.com/gateway/rate-limits.yaml"
+  2. requirement-url: "https://internal-policy.example.com/performance/caching-policy"
+     config (inline): { "default-ttl-seconds": 300, "cache-control": "private" }
+```
+
+### 6. Validate
+
+```bash
+calm validate -a architectures/ecommerce-platform.json
+```
+
+Should pass! ✅
+
+Now is a good time to use git to snapshot your progress. Stage your changes and commit them with a meaningful message before moving on.
+
+## Key Concepts
+
+### Control Domains
+
+| Domain | Purpose | Example Requirements |
+|--------|---------|---------------------|
+| `security` | Data protection, access control | Encryption, TLS, authentication |
+| `compliance` | Regulatory adherence | PCI-DSS, GDPR, SOC2 |
+| `performance` | Non-functional requirements | SLAs, rate limits, availability |
+| `operational` | Runtime concerns | Logging, monitoring, backup |
+
+### Inline Config vs Config URL
+
+```json
+{
+  "requirements": [
+    {
+      "requirement-url": "https://policy.example.com/encryption",
+      "config": { "algorithm": "AES-256", "scope": "all-data-stores" }
+    },
+    {
+      "requirement-url": "https://policy.example.com/tls",
+      "config-url": "https://configs.example.com/tls-config.yaml"
+    }
+  ]
+}
+```
+
+Use **inline `config`** for simple, self-contained settings. Use **`config-url`** when configuration is managed externally or is too complex to inline.
+
+### Multi-Level Controls
+
+Controls can be placed at four levels:
+- **Architecture level** — system-wide requirements
+- **Node level** — component-specific requirements
+- **Relationship level** — connection-specific requirements
+- **Flow level** — business-process-specific requirements
+
+## Resources
+
+- [CALM Controls Schema](https://github.com/finos/architecture-as-code/blob/main/calm/release/1.2/meta/control.json)
+- [PCI-DSS Standards](https://www.pcisecuritystandards.org/)
+
+## Next Steps
+
+In the [next tutorial](./09-business-flows), you'll model business flows that trace how business processes traverse your architecture!