Merge branch 'main' into codex/develop-agi/asi-governance-roadmap-20262035

Signed-off-by: 𝐎𝐧𝐞 𝐅𝐢𝐧𝐞 𝐒𝐭𝐚𝐫𝐬𝐭𝐮𝐟𝐟 <onefinestarstuff@gmail.com>

Author: OneFineStarstuff

.github/workflows/daily-gsifi-governance-validation.yml

@@ -0,0 +1,86 @@
+name: daily-gsifi-governance-validation
+
+on:
+  workflow_dispatch:
+
+  pull_request:
+    paths:
+      - 'DAILY_GSIFI_AGI_ASI_GOVERNANCE_2026_2030.md'
+      - 'artifacts/daily_governance_report.example.json'
+      - 'artifacts/daily_governance_report.schema.json'
+      - 'policies/sentinel_governance.rego'
+      - 'test_governance_snippets.py'
+      - 'GOVERNANCE_ARTIFACTS_README.md'
+      - 'Makefile'
+      - 'tools/generate_gsifi_governance_report.py'
+      - 'tools/run_gsifi_governance_checks.py'
+      - 'test_run_gsifi_governance_checks.py'
+      - 'test_daily_gsifi_governance_workflow.py'
+      - 'test_generate_gsifi_governance_report.py'
+      - 'test_validate_governance_artifacts.py'
+      - 'tools/validate_governance_artifacts.py'
+      - '.github/workflows/daily-gsifi-governance-validation.yml'
+      - 'requirements-governance-checks.txt'
+  push:
+    branches: [main, master]
+    paths:
+      - 'DAILY_GSIFI_AGI_ASI_GOVERNANCE_2026_2030.md'
+      - 'artifacts/daily_governance_report.example.json'
+      - 'artifacts/daily_governance_report.schema.json'
+      - 'policies/sentinel_governance.rego'
+      - 'test_governance_snippets.py'
+      - 'GOVERNANCE_ARTIFACTS_README.md'
+      - 'Makefile'
+      - 'tools/generate_gsifi_governance_report.py'
+      - 'tools/run_gsifi_governance_checks.py'
+      - 'test_run_gsifi_governance_checks.py'
+      - 'test_daily_gsifi_governance_workflow.py'
+      - 'test_generate_gsifi_governance_report.py'
+      - 'test_validate_governance_artifacts.py'
+      - 'tools/validate_governance_artifacts.py'
+      - '.github/workflows/daily-gsifi-governance-validation.yml'
+      - 'requirements-governance-checks.txt'
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install test dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements-governance-checks.txt
+
+      - name: Run Python syntax checks
+        run: make daily-gsifi-governance-pycompile
+
+      - name: Run governance checks with JUnit output
+        run: make daily-gsifi-governance-ci
+
+      - name: Generate governance markdown summary
+        run: make daily-gsifi-governance-report
+
+      - name: Append governance summary to job summary
+        if: always()
+        run: cat artifacts/test-results/gsifi-governance-run-summary.md >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Upload governance test report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: gsifi-governance-test-report
+          path: |
+            artifacts/test-results/gsifi-governance-tests.xml
+            artifacts/test-results/gsifi-governance-run-summary.json
+            artifacts/test-results/gsifi-governance-run-summary.md

.github/workflows/governance-artifacts-ci.yml

@@ -1,44 +1,36 @@
-name: governance-artifacts-ci
+name: Governance Artifacts CI
 
 on:
-  push:
+  pull_request:
     paths:
       - 'docs/schemas/**'
       - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - 'G_STACK_GOVERNANCE_BLUEPRINT_2026_2030.md'
+      - 'docs/reports/G_STACK_GOVERNANCE_BLUEPRINT_2026_2030.md'
+      - 'gstack_artifacts/**'
+      - 'tests/test_validate_artifacts.py'
+      - 'tests/__init__.py'
       - '.github/workflows/governance-artifacts-ci.yml'
       - 'Makefile'
       - '.yamllint'
-  pull_request:
+  push:
+    branches: [ main, master ]
     paths:
       - 'docs/schemas/**'
       - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - 'G_STACK_GOVERNANCE_BLUEPRINT_2026_2030.md'
+      - 'docs/reports/G_STACK_GOVERNANCE_BLUEPRINT_2026_2030.md'
+      - 'gstack_artifacts/**'
+      - 'tests/test_validate_artifacts.py'
+      - 'tests/__init__.py'
       - '.github/workflows/governance-artifacts-ci.yml'
       - 'Makefile'
       - '.yamllint'
-name: Governance Artifacts CI
-
-on:
-  pull_request:
-    paths:
-      - 'ENTERPRISE_AGI_ASI_GOVERNANCE_BLUEPRINT_2026_2030.md'
-      - 'governance_blueprint/**'
-      - '.github/workflows/governance-artifacts-ci.yml'
-  push:
-    branches: [ main, master ]
-    paths:
-      - 'ENTERPRISE_AGI_ASI_GOVERNANCE_BLUEPRINT_2026_2030.md'
-      - 'governance_blueprint/**'
-      - '.github/workflows/governance-artifacts-ci.yml'
 
 jobs:
-  validate-governance-artifacts:
+  validate-existing-governance-stack:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    env:
-      PYTHONUNBUFFERED: '1'
-    timeout-minutes: 10
-
+    timeout-minutes: 12
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -50,15 +42,15 @@ jobs:
           cache: 'pip'
           cache-dependency-path: docs/schemas/requirements-governance.txt
 
-      - name: Install Python deps (pinned)
+      - name: Install governance schema dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r docs/schemas/requirements-governance.txt
 
       - name: Validate governance YAML/JSON artifacts
         run: make governance-validate
 
-      - name: Setup OPA (pinned)
+      - name: Setup OPA
         uses: open-policy-agent/setup-opa@v2
         with:
           version: v1.15.2
@@ -69,42 +61,44 @@ jobs:
       - name: Validator and evidence bundle unit tests
         run: make governance-validator-test
 
-      - name: Build evidence manifest
-        run: make governance-evidence-manifest
-
-      - name: Verify evidence manifest integrity
-        run: make governance-evidence-verify
-
-      - name: Validate evidence manifest schema
-        run: make governance-evidence-schema
-
-      - name: Generate machine-readable validation report
-        run: make governance-report
-
-      - name: Validate run report schema
-        run: make governance-report-schema
+      - name: Build and verify evidence artifacts
+        run: |
+          make governance-evidence-manifest
+          make governance-evidence-verify
+          make governance-evidence-schema
+          make governance-report
+          make governance-report-schema
+          make governance-check-generated
+
+  validate-gstack-artifacts:
+    runs-on: ubuntu-latest
+    timeout-minutes: 8
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
 
-      - name: Check generated artifacts are up to date
-        run: make governance-check-generated
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.11'
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: requirements-dev.txt
 
-      - name: Run governance validation suite
-        run: python3 governance_blueprint/validation/run_validation_suite.py --quiet --json-report governance-artifact-validation-report.json --suite-report governance-validation-suite-report.json
+      - name: Run G-Stack CI composite target
+        run: make gstack-ci
 
-      - name: Show validation report
-        run: |
-          cat governance-artifact-validation-report.json
-          cat governance-validation-suite-report.json
+      - name: Upload G-Stack test artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: gstack-test-results
+          path: artifacts/test-results
+          if-no-files-found: ignore
 
-      - name: Upload validation report
+      - name: Upload G-Stack validation report
+        if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: governance-validation-report
-          path: docs/schemas/validation_run_report.json
-          name: governance-validation-reports
-          path: |
-            governance-artifact-validation-report.json
-            governance-validation-suite-report.json
+          name: gstack-validation-report
+          path: artifacts/validation/gstack-validation.json
+          if-no-files-found: warn

.github/workflows/governance-artifacts-validate.yml

@@ -0,0 +1,46 @@
+name: Governance Artifacts Validate
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'governance_artifacts/**'
+      - '.github/workflows/governance-artifacts-validate.yml'
+  pull_request:
+    paths:
+      - 'governance_artifacts/**'
+      - '.github/workflows/governance-artifacts-validate.yml'
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pyyaml
+
+      - name: Validate governance artifacts
+        run: python3 governance_artifacts/validate_artifacts.py --quiet
+
+      - name: Validate governance artifacts JSON output file
+        run: |
+          mkdir -p artifacts
+          python3 governance_artifacts/validate_artifacts.py --quiet --output artifacts/validator-output.json
+          python3 -c "import json; p=json.load(open('artifacts/validator-output.json')); assert p.get('status')=='PASS', p; print('validator-output.json status=PASS')"
+
+      - name: Validate CLI metadata contracts
+        run: |
+          python3 -c "import json,subprocess; out=subprocess.check_output(['python3','governance_artifacts/validate_artifacts.py','--version','--json'], text=True); p=json.loads(out); assert 'version' in p and isinstance(p['version'], str), p; print('version contract OK')"
+          python3 -c "import json,subprocess; out=subprocess.check_output(['python3','governance_artifacts/validate_artifacts.py','--list-checks','--json'], text=True); p=json.loads(out); assert isinstance(p.get('checks'), list) and p['checks'], p; print('list-checks contract OK')"
+
+      - name: Run validator unit tests
+        run: python3 -m unittest discover -s tests -p "test_validate_artifacts.py"

.github/workflows/governance-artifacts.yml

@@ -0,0 +1,37 @@
+name: Governance Artifact Validation
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  validate-governance-artifacts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: python -m pip install -r requirements-governance.txt pytest
+
+      - name: Validate BBOM/ARRE artifacts
+        run: python tools/validate_ai_governance_artifacts.py --report-file .reports/governance-validation.json
+
+      - name: Run validator tests
+        run: pytest -q tests/test_governance_validator.py
+
+      - name: Upload governance validation report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: governance-validation-report
+          path: .reports/governance-validation.json
+          if-no-files-found: ignore

.github/workflows/governance-docs-lint.yml

@@ -0,0 +1,59 @@
+name: Governance Docs Lint
+
+on:
+  pull_request:
+    paths:
+      - 'docs/**/*.md'
+      - '.markdownlint.json'
+      - '.markdownlintignore'
+      - 'scripts/lint_governance_docs.sh'
+      - 'tests/test_lint_governance_docs.sh'
+      - 'Makefile'
+      - 'tests/test_lint_governance_docs.sh'
+      - 'Makefile'
+      - '.github/workflows/governance-docs-lint.yml'
+  push:
+    branches: [ main ]
+    paths:
+      - 'docs/**/*.md'
+      - '.markdownlint.json'
+      - '.markdownlintignore'
+      - 'scripts/lint_governance_docs.sh'
+      - 'tests/test_lint_governance_docs.sh'
+      - 'Makefile'
+      - '.github/workflows/governance-docs-lint.yml'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: governance-docs-lint-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint-governance-docs:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Validate lint script syntax
+        run: bash -n scripts/lint_governance_docs.sh
+
+      - name: Validate test script syntax
+        run: bash -n tests/test_lint_governance_docs.sh
+
+      - name: Shellcheck lint scripts
+        uses: ludeeus/action-shellcheck@2.0.0
+        with:
+          scandir: "scripts tests"
+          severity: warning
+
+      - name: Run governance docs check target
+        run: make governance-docs-check