Skip to main content

Helpifyr Spindle Compatibility

This compatibility page is generated from canonical repo-owned source material in JaddaHelpifyr/jhf-spindle.

Documentation Map

Compatibility Sources

  • docs/OSS_INVENTORY.md

Derived from OSS Inventory Version Truth

OSS Inventory / Version Truth / Upgrade Readiness

This document defines the canonical repo-owned truth for OSS components used by jhf-spindle.

Canonical Sources

  • Inventory: maintenance/oss-inventory.json
  • Version truth: maintenance/oss-version-truth.json
  • Upgrade policy: maintenance/oss-upgrade-policy.json
  • Verifier: maintenance/verify_oss_inventory_version_truth.py

Scope Boundary

jhf-spindle owns the ERP-/Identity-near OSS truth for this repository.

Allowed:

  • repo-owned, machine-readable inventory and version truth
  • fail-closed drift checks in local verify and CI
  • explicit classification of external-owner surfaces

Forbidden:

  • local workaround for foreign-owner runtime drift
  • shadow truth outside the canonical JSON files listed above
  • storing secrets/tokens in docs, evidence, or contracts

Verify Path

Local:

python maintenance/verify_oss_inventory_version_truth.py --output test-results/oss-version-truth.verify.json

Optional bounded live check:

python maintenance/verify_oss_inventory_version_truth.py --check-live --ssh-target <internal-runtime-redacted><internal-runtime-redacted> --output artifacts/evidence/oss-version-truth.live.json

CI:

  • python maintenance/verify_oss_inventory_version_truth.py --output test-results/oss-version-truth.verify.ci.json
  • smoke test lane also executes:
    • apps/jhf_spindle_core/tests/test_verify_oss_inventory_version_truth_script.py

Guardrail On Floating Versions

  • latest and floating refs must fail verification unless owner policy declares an explicit external-owner exception.
  • Runtime image refs should be digest-pinned (@sha256:...) or explicit stable tags per policy.
  • CI action refs must be pinned to approved stable refs per version truth.

License notice: AGPLv3 (GNU Affero General Public License v3.0)
Website: https://helpifyr.com