added ai prompt to gitignore file
This commit is contained in:
@@ -4,7 +4,7 @@
|
||||
|
||||
ForgeBucket is a self-hosted, federated developer operations platform. Where other Git platforms show you a list of files, ForgeBucket surfaces deployments, pipeline health, environment drift, and operational context directly alongside your code. Repositories are runtime systems. The dashboard is a command center.
|
||||
|
||||
**Status:** Active development. Phase 3F (ActivityPub federation) complete. Phase 4 (AI diagnostics + signed artifacts) is next.
|
||||
**Status:** Active development. Phase 4 (signed artifacts, SBOM, secret/dependency scanning, OCI registry) complete. Phase 5 (AI diagnostics) is next.
|
||||
|
||||
---
|
||||
|
||||
@@ -69,7 +69,9 @@ ForgeBucket is a self-hosted, federated developer operations platform. Where oth
|
||||
| Pipeline DAG visualization (frontend) | Done |
|
||||
| Dashboard CI command center | Done |
|
||||
| Pipeline log viewer (collapsible, per-step) | Done |
|
||||
| Kubernetes / Firecracker runner backends | Planned (Phase 2D) |
|
||||
| SBOM auto-generation on pipeline success | Done |
|
||||
| Per-run SBOM download on pipeline detail page | Done |
|
||||
| Kubernetes / Firecracker runner backends | Planned |
|
||||
| Matrix builds + reusable workflow templates | Planned |
|
||||
| Flaky test detection | Planned |
|
||||
|
||||
@@ -81,9 +83,9 @@ ForgeBucket is a self-hosted, federated developer operations platform. Where oth
|
||||
| Unified operational timeline | Done |
|
||||
| Secret management (Global → Workspace → Repo → Env) | Done |
|
||||
| GitOps controller (drift detection + auto-sync) | Done |
|
||||
| Deployment promotion workflows | Planned (Phase 4) |
|
||||
| Rollback visualization | Planned (Phase 4) |
|
||||
| Canary / blue-green support | Planned (Phase 4) |
|
||||
| Deployment promotion workflows | Planned |
|
||||
| Rollback visualization | Planned |
|
||||
| Canary / blue-green support | Planned |
|
||||
|
||||
### Observability + Security
|
||||
| Feature | Status |
|
||||
@@ -93,10 +95,13 @@ ForgeBucket is a self-hosted, federated developer operations platform. Where oth
|
||||
| HTTP instrumentation middleware (latency histogram, request counter) | Done |
|
||||
| Per-repo operational health summary (`GET /repos/.../health`) | Done |
|
||||
| NATS-driven pipeline + deployment counters | Done |
|
||||
| Health sparklines in repo/env pages (frontend) | Planned (Phase 4) |
|
||||
| Secret scanning | Planned (Phase 4) |
|
||||
| Dependency scanning | Planned (Phase 4) |
|
||||
| Signed artifacts (Sigstore/Cosign) | Planned (Phase 4) |
|
||||
| SBOM generation (CycloneDX 1.4, auto on pipeline success) | Done |
|
||||
| Secret scanning (15 regex patterns, push-triggered) | Done |
|
||||
| Dependency vulnerability scanning (OSV API backed) | Done |
|
||||
| Signed artifacts (ECDSA P-256, self-verifying bundles) | Done |
|
||||
| OCI Distribution Spec v1.1 registry | Done |
|
||||
| Unified repo Security page (SBOM + leaks + vulns) | Done |
|
||||
| Health sparklines in repo/env pages (frontend) | Planned |
|
||||
|
||||
### Federation
|
||||
| Feature | Status |
|
||||
@@ -110,7 +115,7 @@ ForgeBucket is a self-hosted, federated developer operations platform. Where oth
|
||||
| HTTP signatures (draft-cavage-http-signatures) | Done |
|
||||
| Follow / Accept auto-accept flow | Done |
|
||||
| RSA-2048 key pair lazy generation | Done |
|
||||
| Cross-instance pull requests (ForgeFed) | Planned (Phase 4) |
|
||||
| Cross-instance pull requests (ForgeFed) | Planned |
|
||||
|
||||
---
|
||||
|
||||
@@ -153,10 +158,15 @@ ForgeBucket
|
||||
├── Environment Service (environments, deployments — internal/api/handlers/environment.go)
|
||||
├── Secret Manager (scoped AES-256-GCM — internal/api/handlers/secret.go)
|
||||
├── Workspace Service (multi-tenant namespaces — internal/api/handlers/workspace.go)
|
||||
├── SBOM Generator (CycloneDX 1.4, auto on pipeline success — internal/domain/sbom/)
|
||||
├── Secret Scanner (15 push-triggered regex patterns — internal/domain/scanning/)
|
||||
├── Vulnerability Scanner (OSV API-backed dependency scanning — internal/domain/vulnscan/)
|
||||
├── Artifact Signing (ECDSA P-256 self-verifying bundles — internal/domain/signing/)
|
||||
├── OCI Registry (Distribution Spec v1.1 blob store — internal/domain/oci/)
|
||||
├── Event Bus (NATS core, NoOp fallback — internal/events/)
|
||||
├── Audit Log (every mutating request — internal/api/middleware/audit.go)
|
||||
├── Federation Layer (ActivityPub inbox/outbox, HTTP signatures — internal/domain/federation/)
|
||||
├── Database (PostgreSQL + XORM — internal/models/)
|
||||
├── Database (PostgreSQL + XORM 20 migrations — internal/models/)
|
||||
└── Web Frontend (React 18 + TypeScript, //go:embed — web/)
|
||||
```
|
||||
|
||||
@@ -184,6 +194,11 @@ Logger → RealIP → Recoverer → Metrics → CORS → CSRF → SessionAuth
|
||||
| Code editing | CodeMirror |
|
||||
| Container | Docker Compose (dev) |
|
||||
| Federation | ActivityPub / ForgeFed (WebFinger, actor, inbox/outbox, HTTP signatures) |
|
||||
| SBOM format | CycloneDX 1.4 (JSON) |
|
||||
| Vulnerability data | OSV API (`api.osv.dev`) |
|
||||
| Secret detection | Regex-based (15 patterns, push-triggered) |
|
||||
| Artifact signing | ECDSA P-256 (ASN.1 DER, self-verifying bundles) |
|
||||
| OCI storage | On-disk content-addressable blob store (Distribution Spec v1.1) |
|
||||
|
||||
---
|
||||
|
||||
@@ -214,6 +229,8 @@ ForgeBucket has its own design language — intentionally distinct from GitHub a
|
||||
| `ARTIFACT_ROOT` | No | Artifact storage path, defaults to `../artifacts` relative to `REPO_ROOT` |
|
||||
| `NATS_URL` | No | NATS connection URL (e.g. `nats://localhost:4222`). If unset, event bus is no-op |
|
||||
| `GITOPS_RECONCILE_INTERVAL` | No | Seconds between periodic drift checks, default `300`. `0` disables the ticker |
|
||||
| `OCI_ROOT` | No | Root directory for OCI Distribution Spec blob and upload storage, defaults to `../oci` relative to `REPO_ROOT` |
|
||||
| `ARTIFACT_SIGNING_KEY` | No | Path to ECDSA P-256 PEM for artifact signing; auto-generates ephemeral key if unset (warns on restart) |
|
||||
| `INSTANCE_URL` | Yes | Public URL of this instance (no trailing slash) |
|
||||
| `INSTANCE_NAME` | No | Display name, default `ForgeBucket` |
|
||||
| `OIDC_ISSUER` | No | OIDC provider URL |
|
||||
@@ -250,7 +267,8 @@ ForgeBucket has its own design language — intentionally distinct from GitHub a
|
||||
| Phase 3D | GitOps controller + drift detection + auto-sync | Done |
|
||||
| Phase 3E | Observability (Prometheus `/metrics`, structured `/health`, repo health API) | Done |
|
||||
| Phase 3F | Federation handlers (ActivityPub WebFinger, actor, inbox/outbox, HTTP signatures) | Done |
|
||||
| Phase 4 | AI diagnostics, signed artifacts, OCI registry, secret/dep scanning | Next |
|
||||
| Phase 4 | Signed artifacts, SBOM, OCI registry, secret/dep scanning, security page | Done |
|
||||
| Phase 5 | AI diagnostics, deployment promotions, rollback visualization | Next |
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user