Helpifyr Heddle Compatibility

This compatibility page is generated from canonical repo-owned source material in JaddaHelpifyr/jhf-heddle.

Documentation Map

• Overview

• Quick Start

• Installation

• Configuration

• Operations

• Troubleshooting

• Release Notes

• Compatibility

• Channel: latest

• Source repo: JaddaHelpifyr/jhf-heddle

Compatibility Sources

• docs/OSS_INVENTORY.md

Derived from OSS Inventory Version Truth

OSS Inventory Version Truth

This page records the repo-owned OSS inventory, version truth, and upgrade readiness posture for jhf-heddle.

The canonical machine-readable sources are:

• maintenance/oss-inventory.json
• maintenance/oss-version-truth.json
• maintenance/oss-upgrade-policy.json
• maintenance/verify-oss-version-truth.py

Purpose

This slice exists so the repository can answer three questions without guessing:

• which upgrade-relevant OSS components are actually repo-owned here
• which refs are pinned versus only externally classified
• how to detect drift between repo truth, CI truth, and bounded live runtime readback

Repo-Owned Inventory

Repo-owned pinned components currently include:

• Keycloak runtime image
• Postgres runtime image
• Python base images for Plane bridge, Loom bridge, agent-reconcile API, and agent-reconcile worker
• Gitea CI action refs for checkout and setup-python
• Gitea CI Python runtime patch version
• Gitea CI PyYAML dependency pin

External classification remains explicit where this repo is not the owner:

• ubuntu-latest runner label materialization belongs to JaddaHelpifyr/jhf-deployment#270
• stackwide OSS/version governance alignment remains referenced via JaddaHelpifyr/helpifyr-fabric#289
• host rollout/materialization alignment remains referenced via JaddaHelpifyr/jhf-openclaw-env#209

Pinning Rules

• no :latest for repo-owned runtime/base images
• no unpinned repo-owned runtime images
• no unpinned repo-owned base images
• no major-only action refs in repo-owned workflow definitions
• no floating repo-owned CI package pins
• exact CI Python patch version required

Verify Path

Repo-only:

python maintenance/verify-oss-version-truth.py
python -m unittest tests.test_verify_oss_version_truth

Bounded live verify on the canonical host:

python maintenance/verify-oss-version-truth.py \
  --live-host <internal-runtime-redacted> \
  --ssh-user administrator

CI fail-closed check:

• .gitea/workflows/ci.yml step: Validate OSS inventory and version truth

The live verifier checks:

• running Keycloak and Postgres image IDs against pinned immutable refs
• Python version and OS release readback from the repo-built bridge/API/worker containers
• repo-owned workflow refs and package pins remain aligned with machine-readable truth

Scope Notes

• this contract does not invent stackwide version truth for Fabric, deployment, or host-runner surfaces
• external ownership is referenced explicitly instead of mirrored locally
• live verification is read-only and does not redeploy or mutate runtime

---

License: AGPLv3
Project: https://helpifyr.com