guildhall

gh-claude/guildhall

SHA256

Fork 0

Commit graph

Author	SHA256	Message	Date
Tyler J King	50c488b92b	feat(orchestrator): harden consortium starter pipeline — FfcSchematic RPCs, validation, wire encoding Rewrites the schematic deployment pipeline from dead SchematicsService RPCs (ForkSchematic/CreateDeploymentBinding) to the actual FfcSchematicService flow (Create→Validate→Approve→Publish→Realize). Adds template schema validation, variable resolution hardening, wire encoding, and centralized realization status. New modules: - SchematicTemplate.Schema — 7-section structural + cross-section validation - SchematicTemplate.VariableResolver — placeholder resolution with param checks - SchematicTemplate.WireEncoder — resolved template → FfcSchematic wire format - SchematicClient.Behaviour — callback definitions for testability - FfcPipeline — 12-step deploy orchestrator with step-level error reporting - RealizationStatus — centralized status classification and display helpers Changes: - SchematicClient: removed fork/bind RPCs, added FfcSchematic RPCs - RealizationPoller: delegates to RealizationStatus, persists snapshots to DB - GuildSchematic: expanded status enum, added founding_override_expires_at - Realization LiveView: uses RealizationStatus for all status logic - Schematic LiveView: replaced dead flow with FfcPipeline.deploy/2 52 tests, 0 failures. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Tyler J King <tking@guildhouse.dev>	2026-05-16 10:33:13 -04:00
Tyler J King	c0959a5376	feat(guildhall): minimum viable guildhall — OIDC, guilds, schematics, members Implements the full founding-guild onboarding stack across four phases: Phase A — Keycloak OIDC auth pipeline (oidcc) + guild registration with ceremony-engine approval (SingleApproval, hub operator approves via gRPC). Phase B — Founding schematic templates (MSP/ISV/NSP TOML), gRPC clients for ceremony-service and ffc-schematic-server, schematic fork/bind/realize LiveView with DB audit trail in guild_schematics. Phase C — RealizationPoller GenServer polling realization status every 5s, PubSub broadcast, live realization dashboard showing 7 reconciler sections. Phase D — Self-service member onboarding (join request → guild master approval via ceremony), member management LiveView, auto-create guild master on guild approval via Ecto.Multi transaction. Includes K8s manifests for ceremony-service (port 50053) and ffc-schematic-server (port 9091) as ClusterIP services, plus updated guildhall deployment with OIDC and gRPC service URL env vars. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Tyler J King <tking@guildhouse.dev>	2026-05-15 15:03:50 -04:00
Tyler J King	4d9acf96d8	feat(ops_db): Ecto schemas for five Ops DB tables Direct translation of DESIGN-OPS-DB-CHAIN-OF-CUSTODY-0001 §2.2: - AccordBinding: governance context per artifact - GovernedArtifact: registry with JSONB content + content_schema - CustodyTransition: append-only chain of custody - DeploymentState: current deployment per (artifact, target) - VerificationResult: continuous attestation records - ProjectorCheckpoint: Chronicle projector resume state All JSONB fields use Ecto :map type (Postgres JSONB). GIN indexes (jsonb_path_ops) on accord_terms and content columns. Partitioning notes for time-series tables (DBA applies in prod). Migrations renumbered to enforce FK dependency order (accord_bindings → governed_artifacts → dependents). Dev seed data (priv/repo/seeds.exs) creates nine governed artifacts matching the JSONB content examples in the design doc §2.3 (Intune profile, DNS zone, DSC MOF, YANG config, Helm values, JEA role, Conditional Access, TLS cert, OCI image) plus custody transitions, deployment states, and verification results. Verified: mix ecto.create + mix ecto.migrate + mix run seeds all pass; 9 artifacts in governed_artifacts table. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Tyler J King <tking@guildhouse.dev>	2026-04-18 07:17:51 -04:00

Author

SHA256

Message

Date

Tyler J King

50c488b92b

feat(orchestrator): harden consortium starter pipeline — FfcSchematic RPCs, validation, wire encoding

Rewrites the schematic deployment pipeline from dead SchematicsService RPCs
(ForkSchematic/CreateDeploymentBinding) to the actual FfcSchematicService flow
(Create→Validate→Approve→Publish→Realize). Adds template schema validation,
variable resolution hardening, wire encoding, and centralized realization status.

New modules:
- SchematicTemplate.Schema — 7-section structural + cross-section validation
- SchematicTemplate.VariableResolver — placeholder resolution with param checks
- SchematicTemplate.WireEncoder — resolved template → FfcSchematic wire format
- SchematicClient.Behaviour — callback definitions for testability
- FfcPipeline — 12-step deploy orchestrator with step-level error reporting
- RealizationStatus — centralized status classification and display helpers

Changes:
- SchematicClient: removed fork/bind RPCs, added FfcSchematic RPCs
- RealizationPoller: delegates to RealizationStatus, persists snapshots to DB
- GuildSchematic: expanded status enum, added founding_override_expires_at
- Realization LiveView: uses RealizationStatus for all status logic
- Schematic LiveView: replaced dead flow with FfcPipeline.deploy/2

52 tests, 0 failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Tyler J King <tking@guildhouse.dev>

2026-05-16 10:33:13 -04:00

Tyler J King

c0959a5376

feat(guildhall): minimum viable guildhall — OIDC, guilds, schematics, members

Implements the full founding-guild onboarding stack across four phases:

Phase A — Keycloak OIDC auth pipeline (oidcc) + guild registration with
ceremony-engine approval (SingleApproval, hub operator approves via gRPC).
Phase B — Founding schematic templates (MSP/ISV/NSP TOML), gRPC clients
for ceremony-service and ffc-schematic-server, schematic fork/bind/realize
LiveView with DB audit trail in guild_schematics.
Phase C — RealizationPoller GenServer polling realization status every 5s,
PubSub broadcast, live realization dashboard showing 7 reconciler sections.
Phase D — Self-service member onboarding (join request → guild master
approval via ceremony), member management LiveView, auto-create guild
master on guild approval via Ecto.Multi transaction.

Includes K8s manifests for ceremony-service (port 50053) and
ffc-schematic-server (port 9091) as ClusterIP services, plus updated
guildhall deployment with OIDC and gRPC service URL env vars.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Tyler J King <tking@guildhouse.dev>

2026-05-15 15:03:50 -04:00

Tyler J King

4d9acf96d8

feat(ops_db): Ecto schemas for five Ops DB tables

Direct translation of DESIGN-OPS-DB-CHAIN-OF-CUSTODY-0001 §2.2:
- AccordBinding: governance context per artifact
- GovernedArtifact: registry with JSONB content + content_schema
- CustodyTransition: append-only chain of custody
- DeploymentState: current deployment per (artifact, target)
- VerificationResult: continuous attestation records
- ProjectorCheckpoint: Chronicle projector resume state

All JSONB fields use Ecto :map type (Postgres JSONB).
GIN indexes (jsonb_path_ops) on accord_terms and content columns.
Partitioning notes for time-series tables (DBA applies in prod).
Migrations renumbered to enforce FK dependency order
(accord_bindings → governed_artifacts → dependents).

Dev seed data (priv/repo/seeds.exs) creates nine governed artifacts
matching the JSONB content examples in the design doc §2.3
(Intune profile, DNS zone, DSC MOF, YANG config, Helm values,
JEA role, Conditional Access, TLS cert, OCI image) plus custody
transitions, deployment states, and verification results.

Verified: mix ecto.create + mix ecto.migrate + mix run seeds all
pass; 9 artifacts in governed_artifacts table.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Tyler J King <tking@guildhouse.dev>

2026-04-18 07:17:51 -04:00

3 commits