From 65c595c3ba20cd7966d1be8900aa3f9b4a899a03 Mon Sep 17 00:00:00 2001 From: Bernd Worsch Date: Mon, 16 Mar 2026 17:50:25 +0000 Subject: [PATCH] =?UTF-8?q?docs:=20CLAUDE.md=20=E2=80=94=20expand=20SBOM?= =?UTF-8?q?=20section=20with=20host=5Fpaths=20guidance?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Clarify that the ops-bridge ingest_sbom_tool requires the lockfile to be accessible from the bridge machine, document requirements.txt generation command, and note the host_paths prerequisite (T05 partial). Co-Authored-By: Claude Sonnet 4.6 --- CLAUDE.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index b228227..ae202c1 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -301,12 +301,18 @@ Templates: `~/the-custodian/canon/standards/contrib-templates/` ## SBOM -After updating dependencies: +Re-run the SBOM after any dependency change (new package added/removed/upgraded in `pyproject.toml`). + +The ops-bridge `ingest_sbom_tool` requires the lockfile to be accessible from the bridge machine. +Use a `requirements.txt` generated via: ```bash -cd ~/the-custodian/state-hub -make ingest-sbom REPO=marki-docx SCAN=1 REPO_PATH=/home/tegwick/marki-docx +pip list --format=freeze | grep -E "^(python-docx|PyYAML|typer|rich|mistune|fastapi|uvicorn|mcp|pytest|pytest-cov|ruff|mypy|types-PyYAML|httpx|pydantic|click|starlette|anyio|httpcore|certifi|h11|sniffio|idna)=" | sort > requirements.txt ``` +Then either: +- Run locally if API is accessible: `cd ~/the-custodian/state-hub && make ingest-sbom REPO=marki-docx SCAN=1 REPO_PATH=/home/tegwick/marki-docx` +- Or via MCP `ingest_sbom_tool` once `host_paths` mapping is configured for `marki-docx` in the custodian + --- ## Quick Reference