SHA256

Consortium starter pipeline — ceremony orchestrator + governance UI

Find a file

Tyler J King 7730bf3818 fix(deploy): add releases: config for umbrella release The Dockerfile's `mix release --overwrite` step failed because the umbrella's root mix.exs lacked an explicit `releases:` block. Umbrella projects cannot infer a default release — `mix release` requires the operator to name which umbrella children go into each release and their startup order. Adds a single `:guildhall` release bundling all five umbrella apps as :permanent, with startup order respecting the dep graph: guildhall_ops_db (Repo — nothing else here starts without it) guildhall_chronicle guildhall_orchestrator guildhall_graph_bridge guildhall_web (HTTP endpoint last, after Repo + contexts) Each app's own `in_umbrella` deps in apps/*/mix.exs will back-stop the ordering via OTP's dependency graph regardless, but the explicit list is clearer and matches standard Phoenix-umbrella release idiom. Mistake was in the prior Dockerfile commit (`c6f1d07`) planning — the Dockerfile comment claimed the release name could be inferred from the umbrella, which is true for single-app projects but not umbrellas. No Dockerfile change needed; the fix is entirely in mix.exs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Tyler J King <tking@guildhouse.dev>		2026-04-22 09:39:49 -04:00
.forgejo/workflows	docs: README, runtime config, CI placeholder	2026-04-18 07:23:08 -04:00
apps	feat(deploy): Dockerfile + k8s manifests for Talos deployment	2026-04-22 04:00:40 -04:00
config	feat: scaffold guildhall Elixir umbrella	2026-04-18 07:09:20 -04:00
k8s	feat(deploy): Dockerfile + k8s manifests for Talos deployment	2026-04-22 04:00:40 -04:00
.dockerignore	feat(deploy): Dockerfile + k8s manifests for Talos deployment	2026-04-22 04:00:40 -04:00
.formatter.exs	feat: scaffold guildhall Elixir umbrella	2026-04-18 07:09:20 -04:00
.gitignore	feat: scaffold guildhall Elixir umbrella	2026-04-18 07:09:20 -04:00
AGENTS.md	feat: scaffold guildhall Elixir umbrella	2026-04-18 07:09:20 -04:00
DEPLOY-EXPLORATORY-2026-04-21.md	docs(deploy): capture exploratory reports for Talos + Forgejo registry	2026-04-22 09:01:20 -04:00
DEPLOY-RUNBOOK.md	feat(deploy): Dockerfile + k8s manifests for Talos deployment	2026-04-22 04:00:40 -04:00
Dockerfile	feat(deploy): Dockerfile + k8s manifests for Talos deployment	2026-04-22 04:00:40 -04:00
FORGEJO-REGISTRY-INVESTIGATION-2026-04-21.md	docs(deploy): capture exploratory reports for Talos + Forgejo registry	2026-04-22 09:01:20 -04:00
mix.exs	fix(deploy): add releases: config for umbrella release	2026-04-22 09:39:49 -04:00
mix.lock	feat: scaffold guildhall Elixir umbrella	2026-04-18 07:09:20 -04:00
README.md	docs: README, runtime config, CI placeholder	2026-04-18 07:23:08 -04:00

README.md

Guildhall

Ceremony orchestrator and governance UI — Elixir/Phoenix umbrella over substrate CRDs.

guildhall presents and coordinates; substrate decides and enforces. The ceremony engine is a Rust Kubernetes operator with CRDs and etcd-backed state. guildhall is the orchestrator: it coordinates humans around those CRDs — notifying witnesses, collecting signatures via LiveView, tracking status, rendering dashboards.

┌────────────────────────────────────────────────────────┐
│ SUBSTRATE (Rust, K8s operators) — decides + enforces    │
│   CeremonyEngine (CRD), AccordEvaluator (CRD),          │
│   CorpusReconciler (CRD), PostureEvaluator (CRD),       │
│   Chronicle collector (agent)                           │
└────────────────────┬───────────────────────────────────┘
                     │ watches CRDs + emits Chronicle events
                     ▼
┌────────────────────────────────────────────────────────┐
│ GUILDHALL (Elixir/Phoenix) — orchestrates + presents    │
│   CeremonyOrchestrator (workflow coordinator)           │
│   AccordComposer (UI + submission)                      │
│   ArtifactBrowser (UI + lifecycle)                      │
│   PostureDashboard (visualization)                      │
│   ChronicleConsumer (projector + UI)                    │
└────────────────────────────────────────────────────────┘

Naming discipline: guildhall components are orchestrators (workflow, coordination, presentation). The substrate components are engines and reconcilers (enforcement, state-machine advancement). Never call a guildhall component by a substrate name.

Umbrella apps

App	Role
`guildhall_web`	Phoenix LiveView UI — dashboards, ceremonies, artifacts, posture
`guildhall_orchestrator`	Watches substrate CRDs (future), notifies witnesses, broadcasts ceremony status over PubSub
`guildhall_ops_db`	Ecto schemas for the five Ops DB tables (per DESIGN-OPS-DB-CHAIN-OF-CUSTODY-0001)
`guildhall_graph_bridge`	Microsoft Graph API reconciler — Intune deployment (stub)
`guildhall_chronicle`	Chronicle event consumer + Ops DB projector (stub)

Local development

Prerequisites

Elixir 1.17.x + OTP 27 (via mise or asdf)
Postgres 14+ running on localhost:5432 with a postgres superuser (password postgres for dev)

First-time setup

mix deps.get
mix ecto.create
mix ecto.migrate
mix run apps/guildhall_ops_db/priv/repo/seeds.exs

Run the server

mix phx.server

Then visit:

http://localhost:4000/ — governance dashboard
http://localhost:4000/ceremonies — open ceremonies
http://localhost:4000/artifacts — governed artifacts registry

Run tests

mix test

Configuration

Development defaults are in config/dev.exs (Postgres at localhost:5432 as postgres/postgres, database guildhall_dev). Production runtime configuration reads from environment variables in config/runtime.exs:

Env var	Purpose
`DATABASE_URL`	Postgres connection (required in prod)
`SECRET_KEY_BASE`	Phoenix cookie/session signing (required in prod)
`PHX_HOST`	Public hostname (default `guildhall.guildhouse.dev`)
`PHX_SERVER`	Set to `true` to run the HTTP server under `mix release`
`POOL_SIZE`	DB pool size (default 10)
`ECTO_IPV6`	Set to `true` for IPv6 DB connections

Commented placeholders exist for future sprints: KUBECONFIG (substrate CRD watcher) and OIDC_ISSUER / OIDC_CLIENT_ID / OIDC_CLIENT_SECRET (Keycloak auth).

Relationship to the rest of the stack

guildhall is one of the PaaS components (ROADMAP WS1). It sits alongside:

substrate — the governance Rust crates + K8s operators
bxnet-ops — the org-ops CLI framework (reference fork: BXNet)
guildhouse-mcp — MCP server for LLM mediator context
guildhouse-specs — the FFC specifications

See the design docs for the full picture:

DESIGN-OPS-DB-CHAIN-OF-CUSTODY-0001 — Ops DB schema + self-hosted FFC threat model
DESIGN-HFL-DB-ENFORCEMENT-0001 — BPF map ABI for DB governance
DESIGN-ORG-OPS-FRAMEWORK-0001 — governed full-stack framework
DESIGN-FORGE-WORKSPACE-0001 — governed workspace staging
SPEC-CEREMONY-0001 — ceremony protocol

License

Apache 2.0.