added ai prompt to gitignore file

2026-05-13 00:56:41 +02:00
parent 77268e2302
commit 994570ca74
4 changed files with 135 additions and 49 deletions
@@ -36,6 +36,20 @@ internal/
      dag.go                  — topological sort, ReadyJobs
      parser.go               — .forgebucket/workflows/*.yml parser
      types.go                — WorkflowFile, WorkflowJob, WorkflowStep structs
+    sbom/                     — SBOM generator (fully built — Phase 4)
+      generator.go            — CycloneDX 1.4 generation, auto on pipeline success + on-demand
+      cyclonedx.go            — CycloneDX document model and helpers
+      parsers.go              — Manifest parsers: go.mod, package.json, requirements.txt, Cargo.toml, Gemfile.lock, pom.xml
+    scanning/                 — Secret scanner (fully built — Phase 4)
+      scanner.go              — Push-triggered regex scanning, listing, dismissal
+      secrets.go              — 15 high/medium severity secret patterns (AWS, GitHub, SSH, JWT, etc.)
+    vulnscan/                 — Vulnerability scanner (fully built — Phase 4)
+      scanner.go              — OSV API-backed dependency vulnerability scanning
+      osv.go                  — HTTP client for api.osv.dev/v1
+    signing/                  — Artifact signing (fully built — Phase 4)
+      keystore.go             — ECDSA P-256 signing and verification, self-verifying bundles
+    oci/                      — OCI registry (fully built — Phase 4)
+      registry.go             — Content-addressable blob store, upload sessions, OCI Distribution Spec v1.1
    gitops/                   — GitOps controller (fully built — Phase 3D)
      controller.go           — NATS subscriptions, startup, periodic ticker
      drift.go                — CheckDrift, handlePush, periodicCheck
@@ -49,7 +63,7 @@ internal/
  observability/              — Prometheus metrics + health (fully built — Phase 3E)
    metrics.go                — metric definitions, HTTP middleware, NATS watcher
    health.go                 — Check() returning HealthStatus (DB ping + NATS)
-  models/                     — XORM structs + 14 migration files
+  models/                     — XORM structs + 20 migration files
  config/                     — ENV-driven config, fails fast on missing secrets
  events/                     — NATS EventBus interface + NATSBus + NoOpBus (Healthy() bool)
 web/                          — //go:embed target for the built React SPA
@@ -84,7 +98,8 @@ Logger → RealIP → Recoverer → Metrics → CORS → CSRF → SessionAuth
 | 3D | GitOps controller + drift detection + auto-sync | **Complete** |
 | 3E | Observability (Prometheus `/metrics`, structured `/health`, repo health API) | **Complete** |
 | 3F | Federation handlers (ActivityPub WebFinger, actor, inbox/outbox, HTTP signatures, Follow/Accept) | **Complete** |
-| 4 | AI diagnostics, signed artifacts, OCI registry, dep/secret scanning | Planned |
+| 4 | SBOM generation, secret scanning, vuln scanning, signed artifacts, OCI registry, security page | **Complete** |
+| 5 | AI diagnostics, deployment promotions, rollback visualization | Planned |

 ---

@@ -111,7 +126,7 @@ This rule is non-negotiable. It prevents command injection.

 ### Database
 - XORM for all DB access. Structs in `internal/models/`.
- Migrations are numbered files in `internal/models/migrations/`. Always add a new file; never edit existing ones. Current highest: **014**.
+- Migrations are numbered files in `internal/models/migrations/`. Always add a new file; never edit existing ones. Current highest: **020**.
 - No raw SQL strings built from user input.

 ### Events
@@ -218,6 +233,16 @@ make lint     # go vet + ESLint
 | `internal/domain/federation/remote.go` | FetchActor (cached remote actors), DeliverActivity |
 | `internal/api/handlers/secret.go` | Scoped secret management |
 | `internal/api/handlers/workspace.go` | Workspace + member management |
+| `internal/api/handlers/secret.go` | Scoped secret management |
+| `internal/api/handlers/sbom.go` | SBOM generation + download endpoints |
+| `internal/api/handlers/scanning.go` | Secret leak list + dismiss endpoints |
+| `internal/api/handlers/vulnscan.go` | Vulnerability scan + dismiss endpoints |
+| `internal/api/handlers/oci.go` | OCI Distribution Spec v1.1 registry handler |
+| `internal/domain/sbom/generator.go` | SBOM generator (CycloneDX 1.4) |
+| `internal/domain/scanning/scanner.go` | Push-triggered secret scanner |
+| `internal/domain/vulnscan/scanner.go` | OSV API-backed vulnerability scanner |
+| `internal/domain/signing/keystore.go` | ECDSA P-256 artifact signing |
+| `internal/domain/oci/registry.go` | Content-addressable OCI blob store |
 | `internal/api/middleware/audit.go` | Audit log middleware |
 | `frontend/src/ui/tokens.ts` | Design token source of truth |
 | `frontend/src/components/AppShell.tsx` | Root layout wrapper |
@@ -232,7 +257,7 @@ make lint     # go vet + ESLint
 ```bash
 cp .env.example .env     # fill SESSION_SECRET and CSRF_SECRET
 make docker-up           # PostgreSQL + NATS via Docker Compose
-make migrate             # run XORM migrations (currently 014)
+make migrate             # run XORM migrations (currently 020)
 make dev                 # Go :8080 + Vite :5173
 ```