generated from coulomb/repo-seed
docs: CLAUDE.md — expand SBOM section with host_paths guidance
Clarify that the ops-bridge ingest_sbom_tool requires the lockfile to be accessible from the bridge machine, document requirements.txt generation command, and note the host_paths prerequisite (T05 partial). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
12
CLAUDE.md
12
CLAUDE.md
@@ -301,12 +301,18 @@ Templates: `~/the-custodian/canon/standards/contrib-templates/`
|
||||
|
||||
## SBOM
|
||||
|
||||
After updating dependencies:
|
||||
Re-run the SBOM after any dependency change (new package added/removed/upgraded in `pyproject.toml`).
|
||||
|
||||
The ops-bridge `ingest_sbom_tool` requires the lockfile to be accessible from the bridge machine.
|
||||
Use a `requirements.txt` generated via:
|
||||
```bash
|
||||
cd ~/the-custodian/state-hub
|
||||
make ingest-sbom REPO=marki-docx SCAN=1 REPO_PATH=/home/tegwick/marki-docx
|
||||
pip list --format=freeze | grep -E "^(python-docx|PyYAML|typer|rich|mistune|fastapi|uvicorn|mcp|pytest|pytest-cov|ruff|mypy|types-PyYAML|httpx|pydantic|click|starlette|anyio|httpcore|certifi|h11|sniffio|idna)=" | sort > requirements.txt
|
||||
```
|
||||
|
||||
Then either:
|
||||
- Run locally if API is accessible: `cd ~/the-custodian/state-hub && make ingest-sbom REPO=marki-docx SCAN=1 REPO_PATH=/home/tegwick/marki-docx`
|
||||
- Or via MCP `ingest_sbom_tool` once `host_paths` mapping is configured for `marki-docx` in the custodian
|
||||
|
||||
---
|
||||
|
||||
## Quick Reference
|
||||
|
||||
Reference in New Issue
Block a user