OSS Inventory Version Truth

Documentation Map

• Overview

• Quick Start

• Installation

• Configuration

• Operations

• Troubleshooting

• Release Notes

• Compatibility

• Architecture

• API Reference

• Security

• Integrations

• Capabilities

• Data Model

• Roadmap

• OSS Inventory

• OSS Version Truth

• Channel: latest

• Source repo: JaddaHelpifyr/jhf-tenter

OSS Inventory Version Truth

This companion document describes how the repo-owned machine-readable OSS truth is verified, evidenced, and rolled back.

Owner-Repo Posture

jhf-tenter uses the Fabric owner-repo role. That means the repository must publish machine-readable owner truth for its own OSS families, not only prose and not only upstream readback.

Required owner fields per repo-owned component:

• current_version
• target_version
• allowed_version_range
• pinning_posture
• compatibility_window_ref
• preflight_assertion_refs
• postdeploy_assertion_refs
• rollback_contract_ref
• evidence_contract_ref

Current Version Truth

Current admitted repo-owned versions:

• runtime.asterisk_ari.image: andrius/asterisk@sha256:e1f8d413975b6634bcc27479b6d821f76e2edae89652121ec5240f945a5a977c
• runtime.softphone_agent_bridge.image: python:3.12-alpine@sha256:236173eb74001afe2f60862de935b74fcbd00adfca247b2c27051a70a6a39a2d
• runtime.asterisk_gui.image: python:3.12-alpine@sha256:236173eb74001afe2f60862de935b74fcbd00adfca247b2c27051a70a6a39a2d
• ci.actions.checkout: actions/[email protected]
• ci.actions.upload_artifact: actions/[email protected]
• ci.smoke.python_dependencies: PyYAML==6.0.3,jsonschema==4.26.0

Current target posture is intentionally conservative:

• target_version == current_version
• allowed_version_range == current_version

This keeps the owner truth explicit without claiming an unverified upgrade.

Verify Path

Repo-local verification:

python3 scripts/ci/verify_oss_version_truth.py
python -m pytest tests/test_oss_version_truth.py -q
python3 scripts/ci/verify_repo.py

Live governance/readback verification:

python3 scripts/ci/verify_oss_version_truth.py --fabric-base-url http://<internal-runtime-redacted>:28080

The live path reads:

• /api/v1/platform/version-truth
• /api/v1/platform/projection-catalog
• /api/v1/platform/tool-oss-inventory-directory
• /api/v1/updates/compatibility-matrix
• /api/v1/tools/versioning-contracts
• /api/v1/tools/release-contracts/jhf-tenter
• /api/v1/docs/module-inventory

Rollback Contract

If this owner truth drifts or a newly pinned source proves incompatible:

1. restore the last known-good repo commit for the OSS-truth slice
2. rerun:
   • python3 scripts/ci/verify_oss_version_truth.py
   • python -m pytest tests/test_oss_version_truth.py -q
   • python3 scripts/ci/verify_repo.py
3. if runtime-bearing sources were changed, rerun live Fabric readback:
   • python3 scripts/ci/verify_oss_version_truth.py --fabric-base-url http://<internal-runtime-redacted>:28080

Rollback is not optional evidence. Missing rollback truth is a fail-closed condition.

Evidence Contract

Canonical machine-readable evidence source:

• maintenance/oss-upgrade-evidence-truth.json

Evidence must include:

• successful preflight verification
• successful repo tests
• successful CI smoke lane
• live Fabric readback when runtime-bearing sources or shared governance bindings were touched

Forbidden Patterns

• latest
• major-only action refs
• prose-only upgrade completion claims
• missing evidence refs treated as non-blocking
• missing rollback truth treated as informational only

License

AGPLv3. Learn more at helpifyr.com.