Merge branch 'main' into codex/develop-comprehensive-agi-governance-blueprint

Signed-off-by: 𝐎𝐧𝐞 𝐅𝐢𝐧𝐞 𝐒𝐭𝐚𝐫𝐬𝐭𝐮𝐟𝐟 <onefinestarstuff@gmail.com>

Author: OneFineStarstuff

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -47,14 +47,14 @@ body:
       label: Steps to Reproduce
       description: How can we reproduce the bug?
       placeholder: |
-        Example: 
+        Example:
         1. Go to "Upload"
         2. Click on "Select File"
         3. Choose a large file (over 100MB)
         4. Click "Upload"
         5. See error
       value: |
-        1. 
+        1.
     validations:
       required: true
 

.github/workflows/artifact-validation.yml

@@ -0,0 +1,38 @@
+name: Artifact Validation
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - 'artifacts/**'
+      - 'unit_tests/**'
+      - 'pytest.ini'
+      - '.github/workflows/artifact-validation.yml'
+  pull_request:
+    paths:
+      - 'artifacts/**'
+      - 'unit_tests/**'
+      - 'pytest.ini'
+      - '.github/workflows/artifact-validation.yml'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install deps
+        run: make -C artifacts deps
+
+      - name: Run artifact validation via Makefile
+        run: make -C artifacts all

.github/workflows/blueprint-artifacts-validation.yml

@@ -0,0 +1,44 @@
+name: Blueprint Artifact Validation
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - 'docs/reports/blueprint_artifacts/**'
+      - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - 'scripts/validate_blueprint_artifacts.py'
+      - 'scripts/__init__.py'
+      - 'scripts/requirements-blueprint-validator.txt'
+      - 'scripts/run_blueprint_artifact_checks.sh'
+      - 'tests/test_validate_blueprint_artifacts.py'
+      - 'tests/test_run_blueprint_artifact_checks.py'
+      - '.github/workflows/blueprint-artifacts-validation.yml'
+  pull_request:
+    paths:
+      - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - 'docs/reports/blueprint_artifacts/**'
+      - 'scripts/validate_blueprint_artifacts.py'
+      - 'scripts/__init__.py'
+      - 'scripts/requirements-blueprint-validator.txt'
+      - 'scripts/run_blueprint_artifact_checks.sh'
+      - 'tests/test_validate_blueprint_artifacts.py'
+      - 'tests/test_run_blueprint_artifact_checks.py'
+      - '.github/workflows/blueprint-artifacts-validation.yml'
+
+jobs:
+  validate-artifacts:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: scripts/requirements-blueprint-validator.txt
+      - name: Run consolidated artifact check script
+        run: bash scripts/run_blueprint_artifact_checks.sh --list-checks
+      - name: Runner interface smoke checks
+        run: |
+          bash scripts/run_blueprint_artifact_checks.sh --help
+          bash scripts/run_blueprint_artifact_checks.sh --skip-install --skip-pytest --output-json /tmp/blueprint-validation-alt.json
+          python -m json.tool /tmp/blueprint-validation-alt.json > /dev/null

.github/workflows/cmake-single-platform.yml

@@ -36,4 +36,3 @@ jobs:
       # Execute tests defined by the CMake configuration.
       # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
       run: ctest -C ${{env.BUILD_TYPE}}
-

.github/workflows/datadog-synthetics.yml

@@ -34,5 +34,3 @@ jobs:
         api_key: ${{secrets.DD_API_KEY}}
         app_key: ${{secrets.DD_APP_KEY}}
         test_search_query: 'tag:e2e-tests' #Modify this tag to suit your tagging strategy
-
-

.github/workflows/go-ossf-slsa3-publish.yml

@@ -35,4 +35,3 @@ jobs:
       # =============================================================================================================
       #     Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects
       # =============================================================================================================
-

.github/workflows/governance-artifacts-ci.yml

@@ -0,0 +1,110 @@
+name: governance-artifacts-ci
+
+on:
+  push:
+    paths:
+      - 'docs/schemas/**'
+      - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - '.github/workflows/governance-artifacts-ci.yml'
+      - 'Makefile'
+      - '.yamllint'
+  pull_request:
+    paths:
+      - 'docs/schemas/**'
+      - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - '.github/workflows/governance-artifacts-ci.yml'
+      - 'Makefile'
+      - '.yamllint'
+name: Governance Artifacts CI
+
+on:
+  pull_request:
+    paths:
+      - 'ENTERPRISE_AGI_ASI_GOVERNANCE_BLUEPRINT_2026_2030.md'
+      - 'governance_blueprint/**'
+      - '.github/workflows/governance-artifacts-ci.yml'
+  push:
+    branches: [ main, master ]
+    paths:
+      - 'ENTERPRISE_AGI_ASI_GOVERNANCE_BLUEPRINT_2026_2030.md'
+      - 'governance_blueprint/**'
+      - '.github/workflows/governance-artifacts-ci.yml'
+
+jobs:
+  validate-governance-artifacts:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    env:
+      PYTHONUNBUFFERED: '1'
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: docs/schemas/requirements-governance.txt
+
+      - name: Install Python deps (pinned)
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r docs/schemas/requirements-governance.txt
+
+      - name: Validate governance YAML/JSON artifacts
+        run: make governance-validate
+
+      - name: Setup OPA (pinned)
+        uses: open-policy-agent/setup-opa@v2
+        with:
+          version: v1.15.2
+
+      - name: Rego format and tests
+        run: make governance-policy-test
+
+      - name: Validator and evidence bundle unit tests
+        run: make governance-validator-test
+
+      - name: Build evidence manifest
+        run: make governance-evidence-manifest
+
+      - name: Verify evidence manifest integrity
+        run: make governance-evidence-verify
+
+      - name: Validate evidence manifest schema
+        run: make governance-evidence-schema
+
+      - name: Generate machine-readable validation report
+        run: make governance-report
+
+      - name: Validate run report schema
+        run: make governance-report-schema
+
+      - name: Check generated artifacts are up to date
+        run: make governance-check-generated
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Run governance validation suite
+        run: python3 governance_blueprint/validation/run_validation_suite.py --quiet --json-report governance-artifact-validation-report.json --suite-report governance-validation-suite-report.json
+
+      - name: Show validation report
+        run: |
+          cat governance-artifact-validation-report.json
+          cat governance-validation-suite-report.json
+
+      - name: Upload validation report
+        uses: actions/upload-artifact@v4
+        with:
+          name: governance-validation-report
+          path: docs/schemas/validation_run_report.json
+          name: governance-validation-reports
+          path: |
+            governance-artifact-validation-report.json
+            governance-validation-suite-report.json

.github/workflows/governance-reports.yml

@@ -0,0 +1,54 @@
+name: Governance Reports Validation
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - 'docs/reports/**'
+      - 'docs/schemas/governance_reports_manifest.schema.json'
+      - 'tools/validate_governance_reports.py'
+      - 'tool_tests/**'
+      - 'Makefile'
+      - '.pre-commit-config.yaml'
+      - '.github/workflows/governance-reports.yml'
+  push:
+    paths:
+      - 'docs/reports/**'
+      - 'docs/schemas/governance_reports_manifest.schema.json'
+      - 'tools/validate_governance_reports.py'
+      - 'tool_tests/**'
+      - 'Makefile'
+      - '.pre-commit-config.yaml'
+      - '.github/workflows/governance-reports.yml'
+
+concurrency:
+  group: governance-reports-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  validate-governance-reports:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: Cache pre-commit environments
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
+
+      - name: Install pre-commit
+        run: python3 -m pip install --upgrade pre-commit
+
+      - name: Run pre-commit hooks
+        run: pre-commit run --all-files
+
+      - name: Run governance validation suite
+        run: make governance-check

.github/workflows/octopusdeploy.yml

@@ -1,5 +1,5 @@
 # This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by separate terms of service, 
+# They are provided by a third-party and are governed by separate terms of service,
 # privacy policy, and support documentation.
 #
 # This workflow will build and publish a Docker container which is then deployed through Octopus Deploy.
@@ -12,13 +12,13 @@
 #
 # To configure this workflow:
 #
-# 1. Decide where you are going to host your image. 
+# 1. Decide where you are going to host your image.
 #    This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below.
 #
-# 2. Create and configure an OIDC credential for a service account in Octopus. 
+# 2. Create and configure an OIDC credential for a service account in Octopus.
 #    This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository.
-#    https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions 
-#  
+#    https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions
+#
 # 3. Configure your Octopus project details below:
 #      OCTOPUS_URL: update to your Octopus Instance Url
 #      OCTOPUS_SERVICE_ACCOUNT: update to your service account Id
@@ -42,14 +42,14 @@ jobs:
       packages: write
       contents: read
     env:
-      DOCKER_REGISTRY: ghcr.io                                # TODO: Update to your docker registry uri 
+      DOCKER_REGISTRY: ghcr.io                                # TODO: Update to your docker registry uri
       DOCKER_REGISTRY_USERNAME: ${{ github.actor }}           # TODO: Update to your docker registry username
       DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}   # TODO: Update to your docker registry password
     outputs:
       image_tag: ${{ steps.meta.outputs.version }}
     steps:
       - uses: actions/checkout@v4
-      
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
 
@@ -64,7 +64,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} 
+          images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }}
           tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}}
 
       - name: Build and push Docker image
@@ -74,7 +74,7 @@ jobs:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}      
+          labels: ${{ steps.meta.outputs.labels }}
   deploy:
     name: Deploy
     permissions:
@@ -89,9 +89,9 @@ jobs:
       OCTOPUS_ENVIRONMENT: 'your-environment'             # TODO: update to the name of the environment to recieve the first deployment
 
     steps:
-      - name: Login to Octopus Deploy 
+      - name: Login to Octopus Deploy
         uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629  #v1.0.2
-        with: 
+        with:
           server: '${{ env.OCTOPUS_URL }}'
           service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}'
 
@@ -104,7 +104,7 @@ jobs:
           packages: '*:${{ needs.build.outputs.image_tag }}'
 
       - name: Deploy Release
-        uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 
+        uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1
         with:
           project: '${{ env.OCTOPUS_PROJECT }}'
           space: '${{ env.OCTOPUS_SPACE }}'