-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMustfile
More file actions
59 lines (52 loc) · 3 KB
/
Mustfile
File metadata and controls
59 lines (52 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# SPDX-License-Identifier: PMPL-1.0-or-later
# BoJ Server Invariant Classifications
# This file defines the invariants for the BoJ Server repository.
# All updates must comply with these invariants.
# --- Core Invariants (Must Always Hold) ---
BOJ_MUST_ALWAYS:
- The BoJ Server must be licensed under Palimpsest-MPL 1.0.
- The Unbreakable Stack (Idris2 ABI, Zig FFI, V-lang Triple Adapter, A2ML Manifests) must be maintained.
- Cartridges must be signed with Sigstore before deployment.
- The BoJ Server must support REST/gRPC/GraphQL interfaces.
- Cartridge registries must be publicly accessible (or opt-in private).
- All cartridges must have an A2ML Manifest.
- The Elixir Multiplier must be optional and not required for core BoJ Server functionality.
- BoJ Server must not depend on proprietary software or data.
- All community contributions must follow the Palimpsest-MPL 1.0 license.
- The BoJ Server must not collect or store user data without explicit consent.
# --- Strong Invariants (Should Hold) ---
BOJ_SHOULD:
- Documentation should be updated with each major release.
- Example cartridges should be provided for all supported languages.
- Security best practices (OWASP Top 10, NIST SP 800-53) should be followed.
- CI/CD pipelines should include static analysis and automated testing.
- BoJ Server should support multi-region deployments.
- The Elixir Multiplier should be enabled by default in production deployments.
- BoJ Server should integrate with popular observability tools (Prometheus, Grafana, Jaeger).
# --- Weak Invariants (Must Not Hold) ---
BOJ_MUST_NOT:
- BoJ Server must not use "Master/Slave" terminology in code or documentation.
- BoJ Server must not include hardcoded secrets or API keys.
- BoJ Server must not rely on closed-source dependencies for core functionality.
- BoJ Server must not allow cartridges to override core BoJ Server logic.
- BoJ Server must not log sensitive data (e.g., user inputs, API keys).
- BoJ Server must not deploy cartridges without health checks.
# --- Invariant Check Functions ---
check-core-invariants:
@echo "Checking core invariants..."
@grep -r "Master/Slave" . && exit 1 || echo "✓ No prohibited terminology found."
@grep -r "hardcoded_secret\|api_key.*=" . && exit 1 || echo "✓ No hardcoded secrets found."
@test -f LICENSE && grep -q "Palimpsest-MPL 1.0" LICENSE || exit 1
@echo "✓ Core invariants verified."
check-strong-invariants:
@echo "Checking strong invariants..."
@test -f docs/QUICKSTART.md && echo "✓ Documentation exists." || echo "⚠ Documentation missing."
@test -d examples && echo "✓ Example cartridges exist." || echo "⚠ Examples missing."
@echo "✓ Strong invariants verified."
check-weak-invariants:
@echo "Checking weak invariants..."
@grep -r "Master\|Slave" . && exit 1 || echo "✓ No prohibited terminology found."
@echo "✓ Weak invariants verified."
.PHONY: check-invariants
check-invariants: check-core-invariants check-strong-invariants check-weak-invariants
@echo "All invariants verified successfully."