stack

Author	SHA1	Message	Date
Hermes Agent	e88a89f34d	fix(framework): remediate Codex review findings in VAULT-SECRETS.md Some checks failed ci/woodpecker/push/ci Pipeline failed Details ci/woodpecker/pr/ci Pipeline failed Details Two should-fix findings from automated Codex review: 1. Vault KV v2 policy path — add explicit path for exact top-level `secret/data/k3s/<app>` entry alongside the wildcard `/*` sub-path rule. Without the exact path, apps reading the top-level secret get permission denied from Vault KV v2 even with the wildcard. 2. Go envconfig example — remove unused `os` import from config.go snippet (os was only referenced in a comment). Move the main() usage to a separate clearly-labelled main.go block to make both snippets copy-paste compilable. Both fixes mirrored to duplicate path: guides/ <-> packages/mosaic/framework/guides/ Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 12:01:29 -05:00
Hermes Agent	373e4558a3	chore(framework): canonize Vault-as-SSOT + ESO-default secrets policy Some checks failed ci/woodpecker/push/ci Pipeline failed Details ci/woodpecker/pr/ci Pipeline failed Details Encodes operator-approved (Jason, 2026-05-22) secrets policy as binding framework rules across all Mosaic agent sessions and projects. Changes: - STANDARDS.md: add "Secrets handling (HARD RULE)" subsection under Non-Negotiables — Vault as SSOT, ESO bridge as default, Direct-Vault opt-in only, forbidden ${VAR:-default} for required values, forbidden .env in prod, required startup schema validation - VAULT-SECRETS.md: add four new sections — architecture decision matrix (ESO vs Direct-Vault), full ESO bridge worked example (Vault path + ExternalSecret + Deployment YAML + zod/pydantic/Go validators), Direct-Vault opt-in pattern (AppRole provisioning + ESO bootstrap for chicken-and-egg), and forbidden patterns CI lint targets - BOOTSTRAP.md: add "Secrets Bootstrap" required subsection with checklist for new apps (Vault path, README docs, ExternalSecret, secretKeyRef, schema validator, Direct-Vault justification) All duplicate file paths kept in sync (md5-equal pairs): guides/ <-> packages/mosaic/framework/guides/ packages/mosaic/framework/defaults/STANDARDS.md (single copy in repo) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 11:58:27 -05:00
Jason Woltje	026382325c	feat(framework): superpowers enforcement, typecheck hook, file-ownership rules (#451 ) All checks were successful ci/woodpecker/manual/ci Pipeline was successful Details ci/woodpecker/manual/publish Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-04-07 00:44:22 +00:00
Mos (Agent)	10689a30d2	feat: monorepo consolidation — forge pipeline, MACP protocol, framework plugin, profiles/guides/skills Some checks failed ci/woodpecker/push/ci Pipeline failed Details ci/woodpecker/pr/ci Pipeline failed Details Work packages completed: - WP1: packages/forge — pipeline runner, stage adapter, board tasks, brief classifier, persona loader with project-level overrides. 89 tests, 95.62% coverage. - WP2: packages/macp — credential resolver, gate runner, event emitter, protocol types. 65 tests, 96.24% coverage. Full Python-to-TS port preserving all behavior. - WP3: plugins/mosaic-framework — OC rails injection plugin (before_agent_start + subagent_spawning hooks for Mosaic contract enforcement). - WP4: profiles/ (domains, tech-stacks, workflows), guides/ (17 docs), skills/ (5 universal skills), forge pipeline assets (48 markdown files). Board deliberation: docs/reviews/consolidation-board-memo.md Brief: briefs/monorepo-consolidation.md Consolidates mosaic/stack (forge, MACP, bootstrap framework) into mosaic/mosaic-stack. 154 new tests total. Zero Python — all TypeScript/ESM.	2026-03-30 19:43:24 +00:00

4 Commits