Skip to main content

Helpifyr Dobby Compatibility

This compatibility page is generated from canonical repo-owned source material in JaddaHelpifyr/jhf-dobby.

Documentation Map

Compatibility Sources

  • docs/OSS_INVENTORY.md

Derived from OSS Inventory And Version Truth

OSS Inventory And Version Truth

Tool / Contract Summary

This document is the repo-owned OSS inventory and version-truth spine for jhf-dobby. It describes pinned versions, expected runtime materialization, upgrade posture, and owner boundaries.

Business Value

  • gives Beam/Fabric/CI a single repo-owned version truth
  • prevents scattered compose/docs parsing for upgrade planning
  • makes upgrade drift detectable with deterministic checks

Current Verified State

Available now:

  • Python base image pinned to python:3.12-slim in Dockerfile (Dockerfile)
  • Postgres runtime image pinned to postgres:16-alpine in deploy/compose/jhf-dobby.stack.yml (deploy/compose/jhf-dobby.stack.yml)
  • Python package constraints bounded in pyproject.toml (pyproject.toml)
  • runtime materialization and guardrail verifiers are active

Planned / not in current scope:

  • automatic dependency bumping
  • automatic CVE policy waivers

Repo-Owned OSS Inventory

component_keytypesource_of_truthdeclared_versionruntime_expectedpin_postureowner
python_base_imagecontainer base imageDockerfilepython:3.12-slimapi/worker image build parentpinned tagjhf-dobby
postgres_runtime_imageruntime imagedeploy/compose/jhf-dobby.stack.ymlpostgres:16-alpinejhf-dobby-postgres containerpinned tagjhf-dobby
python_runtimelanguage runtimepyproject.toml>=3.11CI and runtime build toolchainbounded rangejhf-dobby
fastapipython dependencypyproject.toml>=0.115,<1.0API runtimebounded rangejhf-dobby
uvicornpython dependencypyproject.toml>=0.30,<1.0API runtimebounded rangejhf-dobby
pydanticpython dependencypyproject.toml>=2.7,<3.0model validation runtimebounded rangejhf-dobby
sqlalchemypython dependencypyproject.toml>=2.0,<3.0persistence runtimebounded rangejhf-dobby
psycopg_binarypython dependencypyproject.tomlpsycopg[binary]>=3.2,<4.0postgres connectivitybounded rangejhf-dobby
pytestdev dependencypyproject.toml>=8.0,<9.0repo test runtimebounded rangejhf-dobby
httpxdev dependencypyproject.toml>=0.27,<1.0test client runtimebounded rangejhf-dobby
pyyamldev dependencypyproject.toml>=6.0,<7.0verifier scriptsbounded rangejhf-dobby
jsonschemadev dependencypyproject.toml>=4.0,<5.0docs/schema validationbounded rangejhf-dobby

Upgrade Policy

  • no latest or floating image tags for repo-owned runtime images
  • Python dependencies must remain upper-bounded
  • runtime image major changes require:
    • docs truth update in this file and docs/MODULE_FEATURES.md
    • repo verifier green
    • live materialization verifier green

Drift And Verify

Repo verify path:

python scripts/validate_oss_inventory_version_truth.py
python scripts/validate_contract_conformance.py
python scripts/validate_fabric_consumer_contract.py
python scripts/verify_runtime_guardrails.py
python scripts/verify_runtime_materialization.py
python -m pytest -q

Optional bounded live extension:

set JHF_DOBBY_OSS_INVENTORY_LIVE=1
set JHF_DOBBY_RUNTIME_HOST=<internal-runtime-redacted>
python scripts/validate_oss_inventory_version_truth.py

The live extension checks repo/runtime alignment for container image references and compose project ownership using bounded host reads.

Producer/Consumer Boundaries

  • Fabric, Warp, Shuttle, Bobbin, Deployment are external-owner truth domains.
  • This inventory only declares Dobby-owned version truth and expected consumption boundaries.
  • No shadow truth is created for governance/admission/projection owners.

Known Limits

  • this inventory validates declared pins and bounded ranges; it does not perform full CVE analysis
  • live check is opt-in and environment-dependent
  • jhf-dobby#50
  • helpifyr-fabric#289
  • jhf-openclaw-env#209
  • jhf-deployment#270
  • jhf-warp#257
  • jhf-shuttle#138
  • jhf-bobbin#80

License: AGPLv3. See ../LICENSE (LICENSE).
Learn more at helpifyr.com.