coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,626 Commits 1 Branch 0 Tags
65152e25ea9ef4e6ed026db4e7ff7dcc8601b7fd
Commit Graph

7 Commits

Author SHA1 Message Date
tegwick
0777e5b2f0 feat: add FOS/credential standards, big-picture guidance, and CUST-WP-0025 workplan 
- canon/standards/credential-management_v0.1.md: single root-of-trust credential hierarchy standard
- canon/standards/federated-organization-standard_v1.0.md: FOS reference architecture (VSM-based)
- wiki/BigPictureGuidance.md: integration guidance for OAS + FOS orthogonal layers
- workplans/CUST-WP-0025-fos-hub-bootstrap.md: 4-phase plan (identity, hub-core extraction, ops-hub, fin-hub)
- state-hub/Makefile: treat exit 2 (warnings-only) as success in check-consistency targets

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-20 23:48:13 +01:00
tegwick
1c94f5545c feat(sbom): CUST-WP-0013 — expand SBOM infra to terraform, ansible, and tool manifests 
- Migration d6e7f8a9b0c1: add terraform, ansible, tool to Ecosystem enum
- ingest_sbom.py: new Ansible Galaxy requirements.yml parser (collections + roles)
- ingest_sbom.py: new sbom-tools.yaml manifest parser (agent-generated tool deps)
- ingest_sbom.py: promote .terraform.lock.hcl parser from ecosystem=other → terraform
- ingest_sbom.py: detect_all() runs all four parsers in one comprehensive scan
- capture_sbom_tools.py: agent-assisted tool manifest generator (claude -p)
- prompts/sbom-capture-agent.md: parameterised prompt for repo tool discovery
- Makefile: capture-tools target; ingest-sbom updated docs and DRY_RUN support
- 29 unit tests covering all new parsers and detect_all() behaviour
- canon/standards/sbom-convention_v0.1.md: updated with four-mechanism model and workflow

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 04:40:26 +01:00
tegwick
2be217f51a feat(canon): add Privileged Execution Control standard v0.2 and schemas 
Maturity model and schemas for handling necessary privilege escalation
across three contexts: OS sudo, Kubernetes RBAC, and CI/CD pipelines.
To be applied to the codebase once initial Railiance setup is complete.

Files:
- privileged-execution-control_v0.2 (standard)
- privileged-execution-control-schema_v0.2.1.md (base schema)
- privileged-execution-control-schema-os-sudo_v0.2.1.md
- privileged-execution-control-schema-kubernetes-rbac_v0.2.1.md
- privileged-execution-control-schema-cicd_v0.2.1.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-11 01:13:02 +01:00
tegwick
3fa58bccb7 feat(canon): add Orthogonal Architecture Standard v1.0 and schema v1.0.1 
OAS defines a multidimensional architecture model for compute systems:
- 6 canonical dimensions: Stack, Logic, Plane, Quality, Capability, Intelligence
- VSM (Viable System Model) tagging throughout
- Canonical element types and 9 relation types
- Intelligence dimension I1-I5 with governance constraint: I5 agents MUST
  operate through the control plane (P3 — directly governs Custodian design)

Schema provides two-layer validation:
- Layer 1: JSON Schema 2020-12 structural validation
- Layer 2: semantic rule profile R1-R16 (placement, governance, intelligence
  coupling, relation typing rules) + YAML machine-readable rule block
- Draft and production validation profiles

Terminology and dimensions will guide state-hub and Custodian implementation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 23:32:42 +01:00
tegwick
c90c7a7d97 feat(sbom): add Terraform .terraform.lock.hcl parser; ingest railiance repos 
- ingest_sbom.py: parse .terraform.lock.hcl provider blocks (name, version);
  ecosystem stored as 'other' until terraform added to DB ENUM
- Registered railiance-bootstrap + railiance-hosts under railiance domain
- railiance-hosts ingested: 2 Terraform providers (hashicorp/template 2.2.0,
  hetznercloud/hcloud 1.52.0)
- railiance-bootstrap: no lockfile (pure Ansible/shell — noted in convention)
- sbom-convention_v0.1.md: add Terraform + Ansible rows to lockfile table;
  update registered repos status table

Total SBOM: 422 packages across 2 repos (custodian + railiance-hosts)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 18:07:56 +01:00
tegwick
1c3c6ef27d feat(sbom): scan mode, domain grouping dashboard, SBOM convention doc 
- ingest_sbom.py: add --scan flag (recursive lockfile discovery) +
  --lockfile repeatable for explicit multi-file ingestion; skip
  .venv/node_modules/.git/dist/etc; Makefile gains SCAN= and REPO_PATH= vars
- sbom.md: add /domains/ fetch; domain-level summary table; per-repo
  accordion with details/summary; domain filter on package table; dual-
  licence false-positive note; +1 KPI card (Domains Covered)
- canon/standards/sbom-convention_v0.1.md: authoritative lockfile table,
  ingest workflow (single/scan/explicit), snapshot semantics, direct-vs-
  transitive caveats, licence governance + copyleft escalation, update
  cadence, multi-repo domain pattern, planned enhancements

First ingest: the-custodian — 420 pkgs (88 python + 332 node), 13 licence
groups, 1 copyleft flag (jszip dual-licensed MIT OR GPL-3.0-or-later)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 16:15:40 +01:00
tegwick
0d978b1417 feat(canon): add contribution-convention v0.1, contrib/ templates, and first UPR artifact 
- canon/standards/contribution-convention_v0.1.md: master spec for BR/FR/EP/UPR
  artifact types, directory layout, frontmatter schema, ID schemes (EP-DOMAIN-NNN
  for extension points), status lifecycle, and relationship to State Hub
- canon/standards/contrib-templates/: four template files (br, fr, ep, upr)
- contrib/upstream-prs/2026-02-26--observablehq--framework--toc-sidebar-inject.md:
  first real UPR artifact — proposes injectTocTop() to Observable Framework

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 17:28:13 +01:00