Description
Two address-range schemes documented in different places:
- `hydraneck/docs/runbooks/partner-network-design.md` (and site-types.md): partner sites get `10.10X.0.0/20` as a per-site supernet, with `10.10X.0.0/20` for management and `10.10X.4.0/20` for heads.
- `hydraguard/CLAUDE.md` and `hydraguard/docs/runbooks/runbook.md` Address Scheme: venues get `10.10.N.1/32` tunnel + `10.0.N.0/24` LAN, auto-assigned.
The first is the partner-facing design (intended for partner-managed locations with their own VLAN structure). The second is the operator-facing default (used by `hydraguard venue add` without `--lan`).
Not a bug today — both are real and serve different audiences — but a reader hitting both docs will be confused which one applies.
## Fix
Add a short reconciliation paragraph in one of the address-ranges docs explaining:
- Default auto-assignment from hydraguard CLI: `10.10.N.1/32` tunnel, `10.0.N.0/24` LAN. Used for HYDRA-managed sites and partner sites that accept our defaults.
- Partner-managed sites with their own VLAN structure: pass `--lan <cidr>` to override, partner allocates from their site supernet (typically `10.10X.0.0/20`).
Keep both schemes documented; just cross-reference them so the relationship is explicit.