stack

mosaicstack/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Hermes Agent	373e4558a3	chore(framework): canonize Vault-as-SSOT + ESO-default secrets policy Some checks failed ci/woodpecker/push/ci Pipeline failed Details ci/woodpecker/pr/ci Pipeline failed Details Encodes operator-approved (Jason, 2026-05-22) secrets policy as binding framework rules across all Mosaic agent sessions and projects. Changes: - STANDARDS.md: add "Secrets handling (HARD RULE)" subsection under Non-Negotiables — Vault as SSOT, ESO bridge as default, Direct-Vault opt-in only, forbidden ${VAR:-default} for required values, forbidden .env in prod, required startup schema validation - VAULT-SECRETS.md: add four new sections — architecture decision matrix (ESO vs Direct-Vault), full ESO bridge worked example (Vault path + ExternalSecret + Deployment YAML + zod/pydantic/Go validators), Direct-Vault opt-in pattern (AppRole provisioning + ESO bootstrap for chicken-and-egg), and forbidden patterns CI lint targets - BOOTSTRAP.md: add "Secrets Bootstrap" required subsection with checklist for new apps (Vault path, README docs, ExternalSecret, secretKeyRef, schema validator, Direct-Vault justification) All duplicate file paths kept in sync (md5-equal pairs): guides/ <-> packages/mosaic/framework/guides/ packages/mosaic/framework/defaults/STANDARDS.md (single copy in repo) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 11:58:27 -05:00
Jason Woltje	b38cfac760	feat: integrate framework files into monorepo under packages/mosaic/framework/ All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details Moves all Mosaic framework runtime files from the separate bootstrap repo into the monorepo as canonical source. The @mosaic/mosaic npm package now ships the complete framework — bin scripts, runtime configs, tools, and templates — enabling standalone installation via npm install. Structure: packages/mosaic/framework/ ├── bin/ 28 CLI scripts (mosaic, mosaic-doctor, mosaic-sync-skills, etc.) ├── runtime/ Runtime adapters (claude, codex, opencode, pi, mcp) ├── tools/ Shell tooling (git, prdy, orchestrator, quality, etc.) ├── templates/ Agent and repo templates ├── defaults/ Default identity files (AGENTS.md, STANDARDS.md, SOUL.md, etc.) ├── install.sh Legacy bash installer └── remote-install.sh One-liner remote installer Key files with Pi support and recent fixes: - bin/mosaic: launch_pi() with skills-local loop - bin/mosaic-doctor: --fix auto-wiring for all 4 harnesses - bin/mosaic-sync-skills: Pi as 4th link target, symlink-aware find - bin/mosaic-link-runtime-assets: Pi settings.json patching - bin/mosaic-migrate-local-skills: Pi skill roots, symlink find - runtime/pi/RUNTIME.md + mosaic-extension.ts Package ships 251 framework files in the npm tarball (278KB compressed).	2026-04-01 21:19:21 -05:00

Author

SHA1

Message

Date

Hermes Agent

373e4558a3

chore(framework): canonize Vault-as-SSOT + ESO-default secrets policy

ci/woodpecker/push/ci Pipeline failed

Details

ci/woodpecker/pr/ci Pipeline failed

Details

Encodes operator-approved (Jason, 2026-05-22) secrets policy as binding
framework rules across all Mosaic agent sessions and projects.

Changes:
- STANDARDS.md: add "Secrets handling (HARD RULE)" subsection under
  Non-Negotiables — Vault as SSOT, ESO bridge as default, Direct-Vault
  opt-in only, forbidden ${VAR:-default} for required values, forbidden
  .env in prod, required startup schema validation
- VAULT-SECRETS.md: add four new sections — architecture decision matrix
  (ESO vs Direct-Vault), full ESO bridge worked example (Vault path +
  ExternalSecret + Deployment YAML + zod/pydantic/Go validators),
  Direct-Vault opt-in pattern (AppRole provisioning + ESO bootstrap
  for chicken-and-egg), and forbidden patterns CI lint targets
- BOOTSTRAP.md: add "Secrets Bootstrap" required subsection with
  checklist for new apps (Vault path, README docs, ExternalSecret,
  secretKeyRef, schema validator, Direct-Vault justification)

All duplicate file paths kept in sync (md5-equal pairs):
  guides/ <-> packages/mosaic/framework/guides/
  packages/mosaic/framework/defaults/STANDARDS.md (single copy in repo)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-22 11:58:27 -05:00

Jason Woltje

b38cfac760

feat: integrate framework files into monorepo under packages/mosaic/framework/

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

Moves all Mosaic framework runtime files from the separate bootstrap repo
into the monorepo as canonical source. The @mosaic/mosaic npm package now
ships the complete framework — bin scripts, runtime configs, tools, and
templates — enabling standalone installation via npm install.

Structure:
  packages/mosaic/framework/
  ├── bin/          28 CLI scripts (mosaic, mosaic-doctor, mosaic-sync-skills, etc.)
  ├── runtime/      Runtime adapters (claude, codex, opencode, pi, mcp)
  ├── tools/        Shell tooling (git, prdy, orchestrator, quality, etc.)
  ├── templates/    Agent and repo templates
  ├── defaults/     Default identity files (AGENTS.md, STANDARDS.md, SOUL.md, etc.)
  ├── install.sh    Legacy bash installer
  └── remote-install.sh  One-liner remote installer

Key files with Pi support and recent fixes:
- bin/mosaic: launch_pi() with skills-local loop
- bin/mosaic-doctor: --fix auto-wiring for all 4 harnesses
- bin/mosaic-sync-skills: Pi as 4th link target, symlink-aware find
- bin/mosaic-link-runtime-assets: Pi settings.json patching
- bin/mosaic-migrate-local-skills: Pi skill roots, symlink find
- runtime/pi/RUNTIME.md + mosaic-extension.ts

Package ships 251 framework files in the npm tarball (278KB compressed).

2026-04-01 21:19:21 -05:00

2 Commits