Overview Compatibility

This compatibility page is generated from canonical repo-owned source material in JaddaHelpifyr/jhf-web.

Documentation Map

• Overview

• Quick Start

• Installation

• Configuration

• Operations

• Troubleshooting

• Release Notes

• Compatibility

• Channel: latest

• Source repo: JaddaHelpifyr/jhf-web

Compatibility Sources

• docs/OSS_INVENTORY_VERSION_TRUTH.md
• docs/STACK_RUNTIME_CONTRACT.md
• docs/RUNTIME_AND_SURFACES.md
• docs/FABRIC_CONTRACT_CONSUMPTION.md
• docs/FABRIC_CONSUMER_CONTRACT.md

Derived from OSS Inventory Version Truth

OSS Inventory Version Truth

This document defines the canonical repo-owned OSS version truth for jhf-web.

It exists so the repository can prove three things without guessing from ad-hoc files:

1. which repo-owned OSS surfaces are version-relevant here
2. where the canonical version truth lives
3. how drift is verified locally, in CI, and after deploy

Scope

This truth is intentionally narrow and repo-owned.

It covers:

• the repo Docker builder image
• the repo Docker runtime image
• the optional observability helper image
• the optional Stripe CLI devtools helper image

It does not create shadow truth for upstream module stacks such as Fabric, Loom, Heddle, or Shuttle. Those remain owned by their respective repositories.

Canonical Machine-Truth

• Machine-readable contract: contracts/oss-version-inventory-readiness.json
• Validator: scripts/validate-oss-version-truth.py
• CI gate: .gitea/workflows/ci.yml via npm run check:oss-version-truth

Repo-Owned Component Table

component_id	surface	declared_reference	human_version	pin_posture	truth_source
docker.builder.node	Dockerfile builder stage	node:22-alpine@sha256:8ea2348b068a9544dae7317b4f3aafcdc032df1647bb7d768a05a5cad1a7683f	v22.22.2	digest-pinned	Dockerfile
docker.runtime.nginx	Dockerfile runtime stage	nginx:alpine@sha256:5616878291a2eed594aee8db4dade5878cf7edcb475e59193904b198d9b830de	nginx/1.29.8	digest-pinned	Dockerfile
compose.monitor.nginx_prometheus_exporter	optional observability profile	nginx/nginx-prometheus-exporter:0.11.0	0.11.0	exact-tag	docker-compose.yml
compose.devtools.stripe_cli	optional devtools helper	stripe/stripe-cli@sha256:3daa717082efbbff67e05a122462ca01c6db4bfe91dcfe1105f35794fea0fdc2	1.40.9	digest-pinned	stripe/docker-compose.stripe-cli.yml

Floating-Tag Policy

• Repo-owned runtime and helper surfaces must not use floating latest.
• Repo-owned runtime and helper surfaces should prefer exact digests or exact tags.
• The only allowed exception in this repo is the central runner label ubuntu-latest in Gitea CI, because that label is platform-owned rather than a repo-owned OSS package pin.

Verify Path

Repo-local

python ./scripts/validate-oss-version-truth.py
npm run check:oss-version-truth

CI

npm run check:oss-version-truth

Optional live follow-through after deploy

npm run check:stack-runtime -- --live-host
bash ./scripts/verify-standalone-openclaw.sh --with-host

Maintenance Rule

Whenever one of the repo-owned surfaces above changes, update all of the following in the same slice:

1. contracts/oss-version-inventory-readiness.json
2. docs/OSS_INVENTORY_VERSION_TRUTH.md
3. the concrete repo surface (Dockerfile, compose file, helper script, or CI file)
4. the validator if the contract shape changed

Secret Boundary

For evidence retrieval and Gitea API reads, the local operator hint is:

• path: C:/CodexTest/.env
• key: GITEA_TOKEN

Only the path and key name may be documented here. Never commit or print the token value.

License

AGPLv3. See LICENSE (LICENSE).

Learn more at helpifyr.com.