From 5919f8276172fbe712e880a3eb315b55a17297bc Mon Sep 17 00:00:00 2001 From: Alice OA Date: Fri, 5 Jan 2024 20:22:38 +0000 Subject: [PATCH] docs: discussions: Alice Engineering Comms: 2024-01-05T20:22:35+00:00 --- .../0001/reply_0000.md | 2 - .../0039/reply_0000.md | 2 +- .../0243/reply_0000.md | 2 + .../0447/reply_0001.md | 1 + .../0458/reply_0000.md | 10 +- .../alice_engineering_comms/0459/index.md | 1 + .../0459/reply_0000.md | 123 ++++++++++ .../alice_engineering_comms/0460/index.md | 1 + .../0460/reply_0000.md | 57 +++++ .../alice_engineering_comms/0461/index.md | 1 + .../0461/reply_0000.md | 1 + .../alice_engineering_comms/0462/index.md | 1 + .../alice_engineering_comms/0463/index.md | 1 + .../alice_engineering_comms/0464/index.md | 1 + .../0464/reply_0000.md | 13 ++ .../0464/reply_0001.md | 4 + .../alice_engineering_comms/0465/index.md | 1 + .../0465/reply_0000.md | 2 + .../alice_engineering_comms/0466/index.md | 1 + .../alice_engineering_comms/0467/index.md | 1 + .../alice_engineering_comms/0468/index.md | 1 + .../0468/reply_0000.md | 90 ++++++++ .../alice_engineering_comms/0469/index.md | 1 + .../0469/reply_0000.md | 4 + .../alice_engineering_comms/0470/index.md | 1 + .../alice_engineering_comms/0471/index.md | 1 + .../0471/reply_0000.md | 1 + .../alice_engineering_comms/0472/index.md | 1 + .../0472/reply_0000.md | 214 ++++++++++++++++++ .../0472/reply_0001.md | 39 ++++ .../alice_engineering_comms/0473/index.md | 1 + .../0473/reply_0000.md | 142 ++++++++++++ .../alice_engineering_comms/0474/index.md | 1 + .../alice_engineering_comms/0475/index.md | 1 + .../alice_engineering_comms/0476/index.md | 1 + .../alice_engineering_comms/0477/index.md | 1 + .../alice_engineering_comms/0478/index.md | 1 + .../alice_engineering_comms/0479/index.md | 1 + .../0479/reply_0000.md | 98 ++++++++ .../alice_engineering_comms/0480/index.md | 1 + .../0480/reply_0000.md | 16 ++ .../alice_engineering_comms/0481/index.md | 1 + .../0481/reply_0000.md | 4 + .../alice_engineering_comms/0482/index.md | 1 + .../0482/reply_0000.md | 32 +++ .../alice_engineering_comms/0483/index.md | 1 + .../alice_engineering_comms/0484/index.md | 1 + .../alice_engineering_comms/0485/index.md | 1 + .../alice_engineering_comms/0486/index.md | 1 + .../alice_engineering_comms/0487/index.md | 1 + .../alice_engineering_comms/0488/index.md | 1 + .../alice_engineering_comms/0489/index.md | 1 + .../0489/reply_0000.md | 2 + .../alice_engineering_comms/0490/index.md | 1 + .../alice_engineering_comms/0491/index.md | 1 + .../alice_engineering_comms/0492/index.md | 1 + .../alice_engineering_comms/0493/index.md | 1 + .../0493/reply_0000.md | 3 + .../alice_engineering_comms/0494/index.md | 1 + .../0494/reply_0000.md | 4 + .../alice_engineering_comms/0495/index.md | 1 + .../0495/reply_0000.md | 2 + .../alice_engineering_comms/0496/index.md | 1 + .../0496/reply_0000.md | 2 + .../alice_engineering_comms/0497/index.md | 1 + .../0497/reply_0000.md | 2 + .../alice_engineering_comms/0498/index.md | 1 + .../alice_engineering_comms/0499/index.md | 1 + .../alice_engineering_comms/0500/index.md | 1 + .../0500/reply_0000.md | 2 + .../alice_engineering_comms/0501/index.md | 1 + .../alice_engineering_comms/0502/index.md | 1 + .../0502/reply_0000.md | 51 +++++ .../alice_engineering_comms/0503/index.md | 1 + .../0503/reply_0000.md | 6 + .../alice_engineering_comms/0504/index.md | 1 + .../alice_engineering_comms/0505/index.md | 1 + .../alice_engineering_comms/index.md | 9 +- 78 files changed, 980 insertions(+), 7 deletions(-) create mode 100644 docs/discussions/alice_engineering_comms/0459/index.md create mode 100644 docs/discussions/alice_engineering_comms/0459/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0460/index.md create mode 100644 docs/discussions/alice_engineering_comms/0460/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0461/index.md create mode 100644 docs/discussions/alice_engineering_comms/0461/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0462/index.md create mode 100644 docs/discussions/alice_engineering_comms/0463/index.md create mode 100644 docs/discussions/alice_engineering_comms/0464/index.md create mode 100644 docs/discussions/alice_engineering_comms/0464/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0464/reply_0001.md create mode 100644 docs/discussions/alice_engineering_comms/0465/index.md create mode 100644 docs/discussions/alice_engineering_comms/0465/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0466/index.md create mode 100644 docs/discussions/alice_engineering_comms/0467/index.md create mode 100644 docs/discussions/alice_engineering_comms/0468/index.md create mode 100644 docs/discussions/alice_engineering_comms/0468/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0469/index.md create mode 100644 docs/discussions/alice_engineering_comms/0469/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0470/index.md create mode 100644 docs/discussions/alice_engineering_comms/0471/index.md create mode 100644 docs/discussions/alice_engineering_comms/0471/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0472/index.md create mode 100644 docs/discussions/alice_engineering_comms/0472/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0472/reply_0001.md create mode 100644 docs/discussions/alice_engineering_comms/0473/index.md create mode 100644 docs/discussions/alice_engineering_comms/0473/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0474/index.md create mode 100644 docs/discussions/alice_engineering_comms/0475/index.md create mode 100644 docs/discussions/alice_engineering_comms/0476/index.md create mode 100644 docs/discussions/alice_engineering_comms/0477/index.md create mode 100644 docs/discussions/alice_engineering_comms/0478/index.md create mode 100644 docs/discussions/alice_engineering_comms/0479/index.md create mode 100644 docs/discussions/alice_engineering_comms/0479/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0480/index.md create mode 100644 docs/discussions/alice_engineering_comms/0480/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0481/index.md create mode 100644 docs/discussions/alice_engineering_comms/0481/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0482/index.md create mode 100644 docs/discussions/alice_engineering_comms/0482/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0483/index.md create mode 100644 docs/discussions/alice_engineering_comms/0484/index.md create mode 100644 docs/discussions/alice_engineering_comms/0485/index.md create mode 100644 docs/discussions/alice_engineering_comms/0486/index.md create mode 100644 docs/discussions/alice_engineering_comms/0487/index.md create mode 100644 docs/discussions/alice_engineering_comms/0488/index.md create mode 100644 docs/discussions/alice_engineering_comms/0489/index.md create mode 100644 docs/discussions/alice_engineering_comms/0489/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0490/index.md create mode 100644 docs/discussions/alice_engineering_comms/0491/index.md create mode 100644 docs/discussions/alice_engineering_comms/0492/index.md create mode 100644 docs/discussions/alice_engineering_comms/0493/index.md create mode 100644 docs/discussions/alice_engineering_comms/0493/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0494/index.md create mode 100644 docs/discussions/alice_engineering_comms/0494/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0495/index.md create mode 100644 docs/discussions/alice_engineering_comms/0495/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0496/index.md create mode 100644 docs/discussions/alice_engineering_comms/0496/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0497/index.md create mode 100644 docs/discussions/alice_engineering_comms/0497/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0498/index.md create mode 100644 docs/discussions/alice_engineering_comms/0499/index.md create mode 100644 docs/discussions/alice_engineering_comms/0500/index.md create mode 100644 docs/discussions/alice_engineering_comms/0500/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0501/index.md create mode 100644 docs/discussions/alice_engineering_comms/0502/index.md create mode 100644 docs/discussions/alice_engineering_comms/0502/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0503/index.md create mode 100644 docs/discussions/alice_engineering_comms/0503/reply_0000.md create mode 100644 docs/discussions/alice_engineering_comms/0504/index.md create mode 100644 docs/discussions/alice_engineering_comms/0505/index.md diff --git a/docs/discussions/alice_engineering_comms/0001/reply_0000.md b/docs/discussions/alice_engineering_comms/0001/reply_0000.md index b5c227de28..4302486d2e 100644 --- a/docs/discussions/alice_engineering_comms/0001/reply_0000.md +++ b/docs/discussions/alice_engineering_comms/0001/reply_0000.md @@ -60,8 +60,6 @@ Hope you’ve been well. It’s John from Intel. Thanks again to you and the tea I periodically check the minutes so I joined today and asked about the "Alpha-Omega" project from last week’s minutes which I then did some research on. We just started what looks to me to be an aligned project, coincidentally named Alice Omega Alpha: https://github.com/intel/dffml/tree/main/entities/alice -It looks to me like Alice's mission to proactively enable developers and organizations to deliver organizationally context aware, adaptive secure by default best practices to teams aligns with project Alpha-Omega’s goals. - Alice is the nickname for both the entity and the architecture, the Open Architecture, which is a methodology for interpretation of existing well established, formats, protocols, and other domain specific representations of architecture. What we end up with is some JSON, YAML, or other blob of structured data that we can use to build cross language tooling focused more on policy and intent, incorporating data from arbitrary sources to create a holistic picture of software across dependency boundaries by focusing on threat models. Alice will be doing scans of open source projects and we’d still love to collaborate to contribute metrics to the OpenSSF metrics database, we can easily have her shoot applicable metrics off to that DB. We’ve also been looking at fusing VEX and DIDs to facilitate distributed vulnerability disclosure and patch distribution. diff --git a/docs/discussions/alice_engineering_comms/0039/reply_0000.md b/docs/discussions/alice_engineering_comms/0039/reply_0000.md index 119c3d777c..2798820606 100644 --- a/docs/discussions/alice_engineering_comms/0039/reply_0000.md +++ b/docs/discussions/alice_engineering_comms/0039/reply_0000.md @@ -16,7 +16,7 @@ $ dffml version dffml 0.4.0 /src/dffml/dffml 5c89b6780 (dirty git repo) dffml-config-yaml 0.1.0 /src/dffml/configloader/yaml/dffml_config_yaml 5c89b6780 (dirty git repo) dffml-config-image not installed -dffml-configloader-jsonschema 0.0.1 /src/dffml/configloader/jsonschema/dffml_configloader_jsonschema 5c89b6780 (dirty git repo) +dffml-config-jsonschema 0.0.1 /src/dffml/configloader/jsonschema/dffml_config_jsonschema 5c89b6780 (dirty git repo) dffml-model-scratch not installed dffml-model-scikit not installed dffml-model-tensorflow not installed diff --git a/docs/discussions/alice_engineering_comms/0243/reply_0000.md b/docs/discussions/alice_engineering_comms/0243/reply_0000.md index 680a150a3c..6a4f1dd77b 100644 --- a/docs/discussions/alice_engineering_comms/0243/reply_0000.md +++ b/docs/discussions/alice_engineering_comms/0243/reply_0000.md @@ -122,6 +122,8 @@ if __name__ == "__main__": - https://github.com/ossf/wg-vulnerability-disclosures/issues/74 - https://app.slack.com/client/T019QHUBYQ3/C05009RHCNT - TODO: Anyone playing with the json-ld-ness of openvex yet? +- Lot's of kundalini today + - We must be getting close - https://github.com/in-toto/attestation/pull/192 - Great proto regen example - https://github.com/in-toto/attestation/blob/3df726cfcc0528dcbdb4d45ed1597b793d1b777d/spec/predicates/scai.md diff --git a/docs/discussions/alice_engineering_comms/0447/reply_0001.md b/docs/discussions/alice_engineering_comms/0447/reply_0001.md index d29da8eee8..58cdf141a6 100644 --- a/docs/discussions/alice_engineering_comms/0447/reply_0001.md +++ b/docs/discussions/alice_engineering_comms/0447/reply_0001.md @@ -53,6 +53,7 @@ - The owner will need to lookup own key in the log often - Each time owners key changes must check that key change has been correctly included in the log - Owner needs to remember ephocs they changed their key (hmmm) +- https://github.com/scitt-community/scitt-examples/pull/5 - TODO - [ ] Specify the privacy guarantees - [ ] Review compliance requirements about removing information from logs on mailing list \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0458/reply_0000.md b/docs/discussions/alice_engineering_comms/0458/reply_0000.md index fc9586deef..f8086e7adc 100644 --- a/docs/discussions/alice_engineering_comms/0458/reply_0000.md +++ b/docs/discussions/alice_engineering_comms/0458/reply_0000.md @@ -424,7 +424,9 @@ ing to infer new facts or constraints from the ontology and apply them to policy > ### Slide 1: Collaborative AGI Development with Trusted Poly-Repo Management > - Summary of the seamless, secure collaboration protocol established between AGI instances, Alice and Bob, across multiple repository environments. > -> --- > > ### Slide 2: Manager's Speak - Executive Summary +> --- +> +> ### Slide 2: Summary > - Introduction to the need for secure, transparent collaboration between advanced software systems. > - Overview of SCITT as the transparency ledger for recording and sharing approved activities. > - The role of policy engines in ensuring adherence to each AGI's operational policies. @@ -579,6 +581,12 @@ ing to infer new facts or constraints from the ontology and apply them to policy > > By integrating SCITT with Kubernetes, Alice and Bob can ensure that the cluster's state always reflects approved and validated states from their CI/CD workflows, maintaining security and consistency across their development operations. This integration also creates an audit trail for all changes, providing complete visibility into cluster events and enabling rapid response to potential policy violations. +- https://github.com/intel/dffml/blob/6fd36f7b88943c038bbd5217bb187f4a04891003/docs/discussions/alice_engineering_comms/0243/reply_0000.md +- https://futurism.com/openai-employees-say-firms-chief-scientist-has-been-making-strange-spiritual-claims +- https://futurism.com/sam-altman-imply-openai-building-god +- https://www.theatlantic.com/technology/archive/2022/09/artificial-intelligence-machine-learing-natural-language-processing/661401/ **OF GOD AND MACHINES** + +![such-alignment](https://user-images.githubusercontent.com/5950433/226707682-cfa8dbff-0908-4a34-8540-de729c62512f.png) - TODO - [ ] k8s SCITT receipt as admission control diff --git a/docs/discussions/alice_engineering_comms/0459/index.md b/docs/discussions/alice_engineering_comms/0459/index.md new file mode 100644 index 0000000000..9570fc05b1 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0459/index.md @@ -0,0 +1 @@ +# 2023-11-22 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0459/reply_0000.md b/docs/discussions/alice_engineering_comms/0459/reply_0000.md new file mode 100644 index 0000000000..d691c91429 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0459/reply_0000.md @@ -0,0 +1,123 @@ +## 2023-11-22 @pdxjohnny Engineering Logs + +```console +$ pip install -I git+https://github.com/wbond/oscrypto.git +``` + +```python +import aiohttp +import asyncio +import json + +async def fetch_dependency_graph(session, owner, repo, token, manifest_cursor=None, dependency_cursor=None): + # The GraphQL query to fetch the dependency graph manifests + query = """ + query($owner: String!, $repo: String!, $manifest_cursor: String, $dependency_cursor: String) { + repository(owner: $owner, name: $repo) { + dependencyGraphManifests(first: 2, after: $manifest_cursor) { + pageInfo { + hasNextPage + endCursor + } + nodes { + blobPath + dependencies(first: 2, after: $dependency_cursor) { + pageInfo { + hasNextPage + endCursor + } + edges { + node { + packageName + repository { + nameWithOwner + } + requirements + } + } + } + } + } + } + } + """ + + # Format the variables for the GraphQL query + variables = { + "owner": owner, + "repo": repo, + "manifest_cursor": manifest_cursor, + "dependency_cursor": dependency_cursor + } + + # Headers to be sent with the request + headers = { + "Authorization": f"Bearer {token}", + "Content-Type": "application/json" + } + + # Make the POST request to the GitHub GraphQL API + async with session.post('https://api.github.com/graphql', json={'query': query, 'variables': variables}, headers=headers) as response: + return await response.json() + +async def generate_sbom(owner, repo, token): + dependency_manifests = [] + + async with aiohttp.ClientSession() as session: + # Pagination for manifests + has_manifest_page = True + manifest_cursor = None + + while has_manifest_page: + # Fetch the dependency graph manifests + data = await fetch_dependency_graph(session, owner, repo, token, manifest_cursor) + manifest_nodes = data['data']['repository']['dependencyGraphManifests']['nodes'] + manifest_page_info = data['data']['repository']['dependencyGraphManifests']['pageInfo'] + has_manifest_page = manifest_page_info['hasNextPage'] + manifest_cursor = manifest_page_info['endCursor'] + + for manifest_node in manifest_nodes: + manifest_dependencies = [] + # Start nested pagination on first page for each manifest + has_dependency_page = True + dependency_cursor = None + + while has_dependency_page: + # Fetch the dependencies for the current manifest + manifest_data = await fetch_dependency_graph(session, owner, repo, token, manifest_cursor, dependency_cursor) + dependencies = manifest_data['data']['repository']['dependencyGraphManifests']['nodes'][0]['dependencies']['edges'] + dependency_page_info = manifest_data['data']['repository']['dependencyGraphManifests']['nodes'][0]['dependencies']['pageInfo'] + + for dependency_edge in dependencies: + dependency_node = dependency_edge['node'] + manifest_dependencies.append({ + "packageName": dependency_node['packageName'], + "requirements": dependency_node['requirements'], + "repository": dependency_node['repository']['nameWithOwner'] if dependency_node['repository'] else None + }) + + has_dependency_page = dependency_page_info['hasNextPage'] + dependency_cursor = dependency_page_info['endCursor'] + + dependency_manifests.append({ + "blobPath": manifest_node['blobPath'], + "dependencies": manifest_dependencies + }) + + return { "dependencyGraphManifests": dependency_manifests } + +# Run the asynchronous function to generate the SBOM and get the result +sbom_data = asyncio.run(generate_sbom(owner, repo, token)) + +# Now sbom_data is a dictionary with all the dependencyGraphManifests +# You could pretty print it using json.dumps for example +print(json.dumps(sbom_data, indent=2)) +``` + +- TODO + - [ ] Request from Orie, review COSE typ header parameter draft + - [x] git ls-files with aiohttp + - [x] Example files: https://gist.github.com/52d17fd4d44014fe1b8a15111873454b + - [ ] GitHub Webhook Notary for SBOM generation + - [ ] SBOM -> Polling of repos -> GitHub webhook style payload creation -> GitHub Webhook Notary + - Content addressability of webhook payloads to ensure dedup / polling updated SHAs always trigger new update but never when SHAs not updated \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0460/index.md b/docs/discussions/alice_engineering_comms/0460/index.md new file mode 100644 index 0000000000..ec82a3c9d5 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0460/index.md @@ -0,0 +1 @@ +# 2023-11-23 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0460/reply_0000.md b/docs/discussions/alice_engineering_comms/0460/reply_0000.md new file mode 100644 index 0000000000..4e3bda8fc6 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0460/reply_0000.md @@ -0,0 +1,57 @@ +## 2023-11-23 @pdxjohnny Engineering Logs + +- Happy Thanksgiving! + +```bash +export COMPUTE_IPV4=$(doctl compute droplet list --no-header --format PublicIPv4 prophecy-0) +doctl compute domain records create --record-name alice --record-ttl 3600 --record-type A --record-data "${COMPUTE_IPV4}" chadig.com +doctl compute domain records create --record-name github-webhook-notary.scitt.alice --record-ttl 3600 --record-type A --record-data "${COMPUTE_IPV4}" chadig.com +ssh -nNT -R 127.0.0.1:7777:0.0.0.0:7777 alice@scitt.alice.chadig.com +``` + +```caddyfile +alice.chadig.com { + redir "https://github.com/intel/dffml/discussions/1406?sort=new" temporary +} + +github-webhook-notary.scitt.alice.chadig.com { + reverse_proxy http://localhost:7777 +} + +scitt.bob.chadig.com { + reverse_proxy http://localhost:6000 +} + +scitt.alice.chadig.com { + reverse_proxy http://localhost:7000 +} + +scitt.unstable.chadig.com { + reverse_proxy http://localhost:8000 +} + +scitt.pdxjohnny.chadig.com { + reverse_proxy http://localhost:9000 +} + +define.chadig.com { + respond "Cha-Dig: can you dig it? chaaaaaaa I can dig it!!!" +} +``` + +- Claus + - https://www.scandinaviastandard.com/what-is-janteloven-the-law-of-jante/ +- TODO + - [ ] GitHub App Blueprints to + - [x] https://github.com/apps/alice-oa + - [ ] Webhook events to notarizing proxy + - [ ] `$ gh webhook forward --repo=intel/dffml --events='*' --url=https://github-webhook-notary.scitt.alice.chadig.com` + - [ ] https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries#python-example + - [ ] #1315 + - [ ] Bovine based downstream event receiver + - [ ] As async iterator for new data events + - [ ] POC using OpenAI agent threads with file uploads + - [ ] Alice engineering log entry in daily discussion thread for updates + - [ ] Checkbox checked by maintainer for requests approval + - [ ] Assign issues to Alice via `Assignee: @aliceoa` watch webhook issue creation or body updates + - `cat issues.action\:edited.json | jq 'select(.issue.body | index("Assignee: @aliceoa"))'` \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0461/index.md b/docs/discussions/alice_engineering_comms/0461/index.md new file mode 100644 index 0000000000..ec6599e0e0 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0461/index.md @@ -0,0 +1 @@ +# 2023-11-24 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0461/reply_0000.md b/docs/discussions/alice_engineering_comms/0461/reply_0000.md new file mode 100644 index 0000000000..1795d6c5c0 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0461/reply_0000.md @@ -0,0 +1 @@ +- https://hackaday.com/2023/11/22/esp32-used-as-wireless-can-bus-reader/ \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0462/index.md b/docs/discussions/alice_engineering_comms/0462/index.md new file mode 100644 index 0000000000..668fcc6c8c --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0462/index.md @@ -0,0 +1 @@ +# 2023-11-25 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0463/index.md b/docs/discussions/alice_engineering_comms/0463/index.md new file mode 100644 index 0000000000..fdf447265f --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0463/index.md @@ -0,0 +1 @@ +# 2023-11-26 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0464/index.md b/docs/discussions/alice_engineering_comms/0464/index.md new file mode 100644 index 0000000000..299ca2d24f --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0464/index.md @@ -0,0 +1 @@ +# 2023-11-27 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0464/reply_0000.md b/docs/discussions/alice_engineering_comms/0464/reply_0000.md new file mode 100644 index 0000000000..c3420be0be --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0464/reply_0000.md @@ -0,0 +1,13 @@ +## 2023-11-27 OpenVEX SIG + +- https://docs.google.com/document/d/1C-L0JDx5O35TjXb6dcyL6ioc5xWUCkdR5kEbZ1uVQto/edit#heading=h.yz69ktumsyjh +- Using grype to attach attestations via cosgin to a container image +- PyPi ecosystem looking at this as well +- Currently if you can upload to the registry we decide we can trust the attestation +- Next is if the signature is from the same entity +- https://github.com/puerco/grype/tree/vex-discovery + - https://github.com/puerco/grype/tree/dabe702c5172f5fd7faf7008513696a435c87d15 +- https://github.com/openvex/spec/issues/43 +- https://github.com/opencontainers/distribution-spec/issues/459 + +![image](https://github.com/intel/dffml/assets/5950433/91165c0a-0b81-4304-9d4e-e02cf20eeb61) diff --git a/docs/discussions/alice_engineering_comms/0464/reply_0001.md b/docs/discussions/alice_engineering_comms/0464/reply_0001.md new file mode 100644 index 0000000000..73347f0ed4 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0464/reply_0001.md @@ -0,0 +1,4 @@ +## 2023-11-27 @pdxjohnny Engineering Logs + +- https://github.com/quartzjer/did-jwk/blob/main/spec.md +- If you leverage the content address as the subject you can get trust attestations from SCITT \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0465/index.md b/docs/discussions/alice_engineering_comms/0465/index.md new file mode 100644 index 0000000000..dd625aa279 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0465/index.md @@ -0,0 +1 @@ +# 2023-11-28 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0465/reply_0000.md b/docs/discussions/alice_engineering_comms/0465/reply_0000.md new file mode 100644 index 0000000000..0af40d66b3 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0465/reply_0000.md @@ -0,0 +1,2 @@ +- https://github.com/ipvm-wg/homestar/tree/main/examples/websocket-relay +- > It's like we're in a scene from 'The Matrix.' In one hand, the existing powers hold the blue pill, symbolizing our move to centralize data in the cloud – efficient, streamlined, but very by-the-book. In the other hand, I've got the red pill, representing our journey to decentralize, to innovate and explore new frontiers in AI. While the blue pill keeps things running smoothly, the red pill is about venturing into uncharted territory. It's a fun way to see our roles – one maintaining the order, the other pushing the boundaries. Which pill would you choose? \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0466/index.md b/docs/discussions/alice_engineering_comms/0466/index.md new file mode 100644 index 0000000000..c3958be44c --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0466/index.md @@ -0,0 +1 @@ +# 2023-11-29 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0467/index.md b/docs/discussions/alice_engineering_comms/0467/index.md new file mode 100644 index 0000000000..f3a6b55f70 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0467/index.md @@ -0,0 +1 @@ +# 2023-11-30 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0468/index.md b/docs/discussions/alice_engineering_comms/0468/index.md new file mode 100644 index 0000000000..3b32e6ce52 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0468/index.md @@ -0,0 +1 @@ +# 2023-12-01 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0468/reply_0000.md b/docs/discussions/alice_engineering_comms/0468/reply_0000.md new file mode 100644 index 0000000000..a27c18d45d --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0468/reply_0000.md @@ -0,0 +1,90 @@ +## 2023-12-01 @pdxjohnny Engineering Logs + +- https://chromium.googlesource.com/chromium/chromium/+/refs/heads/trunk/chromeos/attestation/attestation_flow.cc +- https://github.com/slsa-framework/slsa-github-generator/blob/62a6671ba95c18cf73102bda18ec523e39dc7ab2/internal/builders/generic/attest.go#L81C30-L81C51 +- https://github.com/in-toto/scai-demos/tree/main/.github/actions +- https://slsa.dev/spec/v1.0/provenance +- https://search.sigstore.dev/?logIndex=33351527 + +```json +{ + // Standard attestation fields: + "_type": "https://in-toto.io/Statement/v1", + "subject": [...], + + // Predicate: + "predicateType": "https://slsa.dev/provenance/v1", + "predicate": { + "buildDefinition": { + "buildType": string, + "externalParameters": object, + "internalParameters": object, + "resolvedDependencies": [ ...#ResourceDescriptor ], + }, + "runDetails": { + "builder": { + "id": string, + "builderDependencies": [ ...#ResourceDescriptor ], + "version": { ...string }, + }, + "metadata": { + "invocationId": string, + "startedOn": #Timestamp, + "finishedOn": #Timestamp, + }, + "byproducts": [ ...#ResourceDescriptor ], + } + } +} + +#ResourceDescriptor: { + "uri": string, + "digest": { + "sha256": string, + "sha512": string, + "gitCommit": string, + [string]: string, + }, + "name": string, + "downloadLocation": string, + "mediaType": string, + "content": bytes, // base64-encoded + "annotations": object, +} + +#Timestamp: string // --
T::Z +``` + + +```yaml +_type: https://in-toto.io/Statement/v1 +subject: + - name: pkg:npm/sigstore@2.1.0 + digest: + sha512: >- + 90f223f992e4c88dd068cd2a5fc57f9d2b30798343dd6e38f29c240e04ba090ef831f84490847c4e82b9232c78e8a258463b1e55c0f7469f730265008fa6633f +predicateType: https://slsa.dev/provenance/v1 +predicate: + buildDefinition: + buildType: https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1 + externalParameters: + workflow: + ref: refs/heads/main + repository: https://github.com/sigstore/sigstore-js + path: .github/workflows/release.yml + internalParameters: + github: + event_name: push + repository_id: '495574555' + repository_owner_id: '71096353' + resolvedDependencies: + - uri: git+https://github.com/sigstore/sigstore-js@refs/heads/main + digest: + gitCommit: 26d16513386ffaa790b1c32f927544f1322e4194 + runDetails: + builder: + id: https://github.com/actions/runner/github-hosted + metadata: + invocationId: >- + https://github.com/sigstore/sigstore-js/actions/runs/6014488666/attempts/1 +``` \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0469/index.md b/docs/discussions/alice_engineering_comms/0469/index.md new file mode 100644 index 0000000000..08002ed48a --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0469/index.md @@ -0,0 +1 @@ +# 2023-12-02 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0469/reply_0000.md b/docs/discussions/alice_engineering_comms/0469/reply_0000.md new file mode 100644 index 0000000000..fda0ae189f --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0469/reply_0000.md @@ -0,0 +1,4 @@ +- https://github.com/Mozilla-Ocho/llamafile +- https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat#name-measurements-measurements-c +- https://stackoverflow.com/questions/73653348/creating-tar-file-with-append +- https://github.com/intel/ACON/blob/f8a6758958ff017eef87b1a3cdd11c6283adb413/doc/TDGuest.md \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0470/index.md b/docs/discussions/alice_engineering_comms/0470/index.md new file mode 100644 index 0000000000..0393d7003b --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0470/index.md @@ -0,0 +1 @@ +# 2023-12-03 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0471/index.md b/docs/discussions/alice_engineering_comms/0471/index.md new file mode 100644 index 0000000000..a56149b6a2 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0471/index.md @@ -0,0 +1 @@ +# 2023-12-04 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0471/reply_0000.md b/docs/discussions/alice_engineering_comms/0471/reply_0000.md new file mode 100644 index 0000000000..0a7a756341 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0471/reply_0000.md @@ -0,0 +1 @@ +![alice-looking-at-the-matrix](https://github.com/intel/dffml/assets/5950433/6817a805-0601-4443-8927-6ae7739f63d3) \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0472/index.md b/docs/discussions/alice_engineering_comms/0472/index.md new file mode 100644 index 0000000000..420ca1607d --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0472/index.md @@ -0,0 +1 @@ +# 2023-12-05 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0472/reply_0000.md b/docs/discussions/alice_engineering_comms/0472/reply_0000.md new file mode 100644 index 0000000000..e12db7cd22 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0472/reply_0000.md @@ -0,0 +1,214 @@ +## 2023-12-05 @pdxjohnny Engineering Logs + +- The following is a snapshot of #1401 pull request body at time of rebase + +--- + +- Alice is Here! It’s the 2nd Party and everyone is invited 💃🥳. Alice is both the nickname for the Open Architecture, the methodology of description of any system architecture, as well as the entity defined using that description of architecture. She is *the entity and the architecture.* +- https://github.com/intel/dffml/discussions/1406?sort=new + - Get involved by commenting in the discussion thread! +- What to expect + - Alice ready for contribution + - Completed: 2022-07-29 + - [Coach Alice Our Open Source Guide](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0002_our_open_source_guide.md) + - [General Alice Contribution Docs](https://github.com/intel/dffml/blob/main/entities/alice/CONTRIBUTING.rst#tutorials) + - We'll be rebasing this branch into main once the CI for 2ndparty plugin support passes (see closed PR with ADR, only closed because of branch rewrite to remove images, will be reopened asap). + - ETA: 2023-06-01 + - We'll then rewrite history again, splitting the plugins out into their respective 2ndparty maintenance locations (dffml or builtree org or possibly other option on stay with 2ndparty within intel org, we’ll see how it goes pending governance review). + - ETA: 2023-11-30 + - Finally, we’ll flip the switch to our web5 world, where git is only used as a proxy for commit data encoded via DIDs. We will then have ourstory, from then on everything will be Alice. Alice will be the methodology by which we interpret those nodes, DIDs in the web5 case. Alice will also exist as the entity whose execution is based on the same methodology used for definition of the graph. + - ETA: 2024-11-30 +- Code + - Alice + - https://github.com/intel/dffml/tree/main/entities/alice +- Documentation + - [Status Updates](https://www.youtube.com/playlist?list=PLtzAOVTpO2jZltVwl3dSEeQllKWZ0YU39) + - Engineering Logs + - [Progress Reports](https://www.youtube.com/playlist?list=PLtzAOVTpO2jYt71umwc-ze6OmwwCIMnLw) + - https://github.com/intel/dffml/discussions/1406 + - [Volume 0: Architecting Alice](https://www.youtube.com/playlist?list=PLtzAOVTpO2jaHsS4o-sDzDyHEug-1KRbK) + - [Volume 1: Coach Alice](https://www.youtube.com/playlist?list=PLtzAOVTpO2jaXSPFcTOUeg3LKV5oMhKR7) + - Contributing + - [Google Doc: Alice Community any and all Miscellaneous Thoughts](https://docs.google.com/document/d/1-98h1NWagbQbRYEkRHA7Kb-TuanmackGwtcvKIMqB0c/edit) + - For those less comfortable with GitHub. + - [Writing Alice Overlays](https://github.com/intel/dffml/blob/main/entities/alice/CONTRIBUTING.rst) + - Tutorials + - [ ] [Rolling Alice](https://github.com/intel/dffml/tree/main/docs/tutorials/rolling_alice) + - [ ] [Forward](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_forward.md) + - [ ] [Preface](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_preface.md) + - [ ] [Easter Eggs](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_easter_eggs.md) + - [ ] [Architecting Alice: Introduction and Context](https://github.com/intel/dffml/tree/main/docs/tutorials/rolling_alice/0000_architecting_alice) + - [x] [Peace at Last](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0001_peace_at_last.md) + - [ ] [She’s Arriving When?](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0002_shes_ariving_when.md) + - [ ] [A Shell for a Ghost](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0003_a_shell_for_a_ghost.md) + - [ ] [Writing the Wave](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0004_writing_the_wave.md) + - [ ] [Stream of Consciousness](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0005_stream_of_consciousness.md) + - [ ] [OS DecentrAlice](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0006_os_decentralice.md) + - [ ] [An Image](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0000_architecting_alice/0007_an_image.md) + - [ ] [Coach Alice](https://github.com/intel/dffml/tree/main/docs/tutorials/rolling_alice/0001_coach_alice) + - [x] [Introduction](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0000_introduction.md) + - [ ] [Down the Dependency Rabbit-Hole Again](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0001_down_the_dependency_rabbit_hole_again.md) + - [x] [Our Open Source Guide](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0002_our_open_source_guide.md) + - [ ] [Strategic Principles as Game Plan](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0003_strategic_principles_as_game_plan.md) + - [ ] [You are what you EAT!](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0004_you_are_what_you_EAT.md) + - [ ] [In the Lab](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0004_in_the_lab.md) + - [ ] [An Open Book](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0005_ask_alice.md) + - [ ] [Cartographer Extraordinaire](https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/0001_coach_alice/0007_cartographer_extraordinaire.md) + - ADRs + - [Manifest](https://github.com/intel/dffml/tree/main/docs/arch/0008-Manifest.md) + - [Open Architecture](https://github.com/intel/dffml/tree/main/docs/arch/0009-Open-Architecture.rst) + - [DID + HSM Supply Chain Security Mitigation Option](https://github.com/intel/dffml/tree/main/docs/arch/0007-A-GitHub-Public-Bey-and-TPM-Based-Supply-Chain-Security-Mitigation-Option.rst) + - Work which lives with other groups + - [SCITT OpenSSF Use Case](https://github.com/pdxjohnny/use-cases/blob/openssf_metrics/openssf_metrics.md) + - This serves as security for our stream of consciousness. + - https://github.com/w3c/cogai/pull/47 +- Tagged RFCs + - RFCv3: https://github.com/intel/dffml/tree/516d9276cd8795e8bb188fadbea10e801a4cf745/docs/tutorials/rolling_alice + - RFCv2: https://github.com/intel/dffml/tree/2331ba7a7e433d8fcb6698ada92be48fdc225c3e/docs/tutorials/rolling_alice + - RFCv1.1: https://github.com/intel/dffml/tree/69df6036c25f61c31af21b1db9b7f14327147a9e/docs/tutorials/rolling_alice + - RFCv1: https://github.com/intel/dffml/tree/291cfbe5153414932afe446aa4f6c2e298069914/docs/tutorials/rolling_alice + - Began by exploring how we should write clean dataflow docs in https://github.com/intel/dffml/issues/1279 + - Converted to discussion in https://github.com/intel/dffml/discussions/1369 + - Issue converted to discussion converted to files within https://github.com/intel/dffml/blob/main/docs/arch/alice/discussion/ + - Pulled out existing ADRs and tutorials in their current states into + - Tutorials + - [Rolling Alice](https://github.com/intel/dffml/tree/main/docs/tutorials/rolling_alice) + - ADRs + - [Manifest](https://github.com/intel/dffml/tree/main/docs/arch/0008-Manifest.md) + - [Open Architecture](https://github.com/intel/dffml/tree/main/docs/arch/0009-Open-Architecture.rst) + - [DID + HSM Supply Chain Security Mitigation Option](https://github.com/intel/dffml/tree/main/docs/arch/0007-A-GitHub-Public-Bey-and-TPM-Based-Supply-Chain-Security-Mitigation-Option.rst) + - Cross linked tutorials with their usage examples within README within alice entity directory https://github.com/intel/dffml/tree/main/entities/alice +- TODO (extra todos: https://github.com/intel/dffml/pull/1401#issuecomment-1168023959) + - [x] Clean up tutorial docs that currently exist + - [x] Find home for them in tree + - https://github.com/intel/dffml/blob/main/docs/tutorials/rolling_alice/ + - [x] Tentative chapter name for Question and Answering model + - Volume 1: Coach Alice: Chapter 5: Question Everything + - https://github.com/programmer290399/IT-710-Project-Video-QnA-System + - [ ] DataFlow.export should include $schema as should all .export() methods. + - [ ] Later for operations the schema is the schema for the associated manifest. + - [x] Split overlays into separate file locations + - [x] Update Alice contributing docs with new paths instead of AliceGitRepo omport from alice.cli + - [ ] Docs build with `alice` branch if working + - [ ] Run auto formatter on every commit in alice branch + - [ ] Cloud development environment options + - Public + - [ ] GitPod + - https://gitpod.io/#github.com/intel/dffml/tree/main + - TODO + - `mv dffml/operations/python.py operations/innersource/dffml_operations_innersource/python_ast.py` + - Add Alice CONTRIBUTING setup to the `.gitpod.yml` auto start setup + - `code tutorial.ipynb` when done + - Self-Hosted + - [ ] Coder + - https://coder.com/docs/coder-oss/latest/install + - [x] Alice contributing documentation + - https://github.com/intel/dffml/blob/main/entities/alice/CONTRIBUTING.rst + - [x] How to extend recommended community standards command with overlays + - Basic tutorial where we grab the name from a configuration file + - [ ] Show me a security overlay. + - Write section of our open source guide tutorial where we implement the SECURITY.md overlay + - Latwr go back and write how we implemented the base flow and the initial set of overlays, and the readme overlay. + - We can prototype the use of commit messages as docs and commit the whole file when we move it with docs for that overlay, rST in commit message. Later explore log of file to changelog in rST to sphinx docs. + - Link up with herstory to ipynb creation and shell command saving. Auto generate commit messages (docs) based on herstorical shell commands ran (or if in vscode debug buttons or run buttons executed) with output. Diff system context herstory state with link in chain at last clean tree. Run timeline resolution if dirty tree for set of commits (multiple git add runs). First we automate writing the docs, then we automate reading. + - [ ] How to write new commands + - [ ] Non CLI interfaces + - [ ] Physical party - TBD probably 2029, 2030 + - [ ] Commenting in issue while debugging, this is an overlay to herstory collection + - [ ] Get tbDEX up and running for backing storage + - [ ] Write an operation that inserts data into tbDEX format, either via API or flat file duplication of formatting via libraries like the Python peerdid library. + - [ ] Use @programmer290399's QA model to implement `alice ask` which queries all our docs, logs, notes, issues, etc. + - https://programmer290399.github.io/pyqna/usage.html +- Alice enables granular identification and application of static or dynamic policy. + - She does this through context aware overlays whose application process to upstream may be dynamic, even in part end user (attacker) flows, which can be executed or synthesized within an appropriate (optionally adaptive, we do dynamic and static and we understand time across so we can come re synthesize in your codebase on trigger) sandbox + +--- + +- Next step is setup sync of testing CI workflows across 2nd party repos + - We'll send events to the https://scitt.unstable.chadig.com demo instance + - https://github.com/pdxjohnny/scitt-api-emulator/tree/demo-instance + - https://github.com/pdxjohnny/scitt-api-emulator/tree/bf74838c3444995196ad8c04c3d25cf1db639108 + +```python +import asyncio +import aiohttp +import json + +# Your personal access token +TOKEN = "your_github_access_token" + +# The GraphQL query template +QUERY_TEMPLATE = """ +query($repo_name: String!, $owner: String!, $path: String!) { + repository(name: $repo_name, owner: $owner) { + pullRequests(first: 10, states: OPEN) { + nodes { + title + files(first: 10) { + nodes { + path + if (path == $path) + { + pullRequest { + url + } + } + } + } + } + } + } +} +""" + +# Replace with your GitHub repositories and the file you want to check +REPOS = [("owner1", "repo1"), ("owner2", "repo2")] +FILE_PATH = "path/to/your/file.txt" + +async def fetch_prs(session, owner, repo, file_path): + payload = { + "query": QUERY_TEMPLATE, + "variables": { + "owner": owner, + "repo_name": repo, + "path": file_path, + }, + } + headers = { + "Authorization": f"token {TOKEN}", + "Content-Type": "application/json", + } + + async with session.post('https://api.github.com/graphql', json=payload, headers=headers) as response: + prs = await response.json() + return prs + + +async def main(repos, file_path): + async with aiohttp.ClientSession() as session: + async with asyncio.TaskGroup() as tg: + for owner, repo in repos: + tg.create_task(fetch_prs(session, owner, repo, file_path)) + + results = [t.result() for t in tg.tasks if t.done()] + + return results + +# Running the main coroutine +if __name__ == "__main__": + loop = asyncio.get_event_loop() + pr_data = loop.run_until_complete(main(REPOS, FILE_PATH)) + # Process your PR data as needed + print(json.dumps(pr_data, indent=2)) +``` + +- https://socialweb.coop/blog/ +- TODO + - [x] Rebase #1401 into main + - [x] https://github-webhook-notary.scitt.alice.chadig.com/github-webhook-notary/ + - [ ] Update unstable demo instance + - [ ] POC 2nd party repo file updates + - [ ] Get on SCITT slack + - [x] Respond to Ben with Actor URIs once we've got the notarizing proxy fully hooked up + - [ ] Disable wipe of sqlite DB + - [ ] 1:30-2 1:1 with Ben \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0472/reply_0001.md b/docs/discussions/alice_engineering_comms/0472/reply_0001.md new file mode 100644 index 0000000000..553c48356c --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0472/reply_0001.md @@ -0,0 +1,39 @@ +## 2023-12-05 Ben/Demetri/John + +![such-alignment](https://user-images.githubusercontent.com/5950433/226707682-cfa8dbff-0908-4a34-8540-de729c62512f.png) + +- Bengo +- Demetri + - https://solid.github.io/specification/protocol +- Equity, w3c credential community + - envolope data model recording which descisions were made by whom, when +- https://github.com/ietf-wg-scitt/draft-ietf-scitt-architecture/issues/79#issuecomment-1797016940 + - Events of new statements inserted + - Events of new transparent statements to be offered by other instances +- Policy engines/instance as CI/CD jobs +- On/off chain smart contracts + - Manual + - Turing complete +- ActivityPub CWT authorization profile + +```console +$ curl -sL -H 'Content-Type: application/json' https://socialweb.coop | jq +``` + +```json +{ + "type": "Organization", + "outbox": { + "type": "OrderedCollection" + }, + "inbox": { + "type": "OrderedCollection" + } +} +``` + +- Ben + - SCITT instances could directly ping Actors involved in payload contents, i.e. Alice created an OpenVEX statement about BobSoftware. Ping Bob's Actor or BobSoftware repo's Actor, our decentralized review system +- TODO + - [ ] Add socialweb.coop Actor URI to startup of unstable instance + - [ ] Auto feed Follow / Accept event on start \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0473/index.md b/docs/discussions/alice_engineering_comms/0473/index.md new file mode 100644 index 0000000000..c80a596d70 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0473/index.md @@ -0,0 +1 @@ +# 2023-12-06 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0473/reply_0000.md b/docs/discussions/alice_engineering_comms/0473/reply_0000.md new file mode 100644 index 0000000000..fa4e64f763 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0473/reply_0000.md @@ -0,0 +1,142 @@ +## 2023-12-06 @pdxjohnny Engineering Logs + +Won't you federate supply chain events with me neighbor? + +It's always a beautiful day in the neighborhood to strengthen open source supply chain security. The Internet Engineering Task Force (IETF) is working on "An Architecture for Trustworthy and Transparent Digital Supply Chains" within it's Supply Chain Integrity Transparency and Trust (SCITT) working group. The architecture describes a Concise Binary Object Representation (CBOR) based API for creating transparent statements. The SCITT architecture and it's for not require trust in a single centralized Transparency Service. + +This talk will build on Federation work from the IETF 118 hacakthon demo'd in the SCITT meeting: https://www.youtube.com/watch?v=zEGob4oqca4&list=PLtzAOVTpO2jYt71umwc-ze6OmwwCIMnLw&index=12&t=5350s + +- https://sessionize.com/ossna2024/ + +```python + +# GraphQL query template with pagination for pull requests and files +QUERY_TEMPLATE = """ +query($owner: String!, $repoName: String!, $fileName: String!, $prCursor: String, $fileCursor: String) { + repository(owner: $owner, name: $repoName) { + pullRequests(first: 5, after: $prCursor, states: [OPEN, MERGED, CLOSED]) { + pageInfo { + endCursor + hasNextPage + } + edges { + node { + title + url + files(first: 5, after: $fileCursor) { + pageInfo { + endCursor + hasNextPage + } + edges { + node { + path + } + } + } + } + } + } + } +} +""" + +# Example repository list and the file path to search for +REPOS = [('owner1', 'repo1'), ('owner2', 'repo2')] +FILE_PATH = "path/to/your/file.txt" + +async def fetch_pull_requests(client, owner, repo_name, file_name): + pr_cursor = None + fetched_prs = [] + + while True: + variables = { + 'owner': owner, + 'repoName': repo_name, + 'fileName': file_name, + 'prCursor': pr_cursor, + 'fileCursor': None # Start without a file cursor + } + payload = { + 'query': QUERY_TEMPLATE, + 'variables': json.dumps(variables) + } + headers = { + 'Authorization': f'Bearer {TOKEN}', + 'Content-Type': 'application/json', + } + + async with client.post('https://api.github.com/graphql', headers=headers, json=payload) as response: + json_data = await response.json() + data = json_data.get('data', {}).get('repository', {}).get('pullRequests', {}) + + for edge in data.get('edges', []): + pr = edge['node'] + file_cursor = None # Reset for each new pull request + + while True: # Paginate through files within this pull request + file_page_info, files = await fetch_files(client, owner, repo_name, pr['url'], file_cursor) + for file_edge in files: + if file_edge['node']['path'] == file_name: + fetched_prs.append(pr['url']) # This PR modified the file + + if not file_page_info.get('hasNextPage'): + break # All files have been checked within this pull request + file_cursor = file_page_info['endCursor'] + + pr_page_info = data.get('pageInfo', {}) + if not pr_page_info.get('hasNextPage'): + break # All pull requests have been fetched for this repository + pr_cursor = pr_page_info['endCursor'] + + return owner, repo_name, fetched_prs + +async def fetch_files(client, owner, repo_name, pr_url, file_cursor): + query = """ + { + repository(owner: "%s", name: "%s") { + pullRequest(url: "%s") { + files(after: "%s", first: 100) { + pageInfo { + endCursor + hasNextPage + } + edges { + node { + path + } + } + } + } + } + }""" % (owner, repo_name, pr_url, file_cursor or '') + + headers = { + 'Authorization': f'Bearer {TOKEN}', + 'Content-Type': 'application/json' + } + payload = {'query': query} + + async with client.post('https://api.github.com/graphql', headers=headers, json=payload) as response: + json_data = await response.json() + files_data = json_data.get('data', {}).get('repository', {}).get('pullRequest', {}).get('files', {}) + page_info = files_data.get('pageInfo', {}) + files = files_data.get('edges', []) + return page_info, files + +async def main(repos, file_name): + async with aiohttp.ClientSession(trust_env=True) as client: + tasks = [fetch_pull_requests(client, owner, repo, file_name) for owner, repo in repos] + for future in asyncio.as_completed(tasks): + owner, repo, prs = await future + print(f"Fetched pull requests for {owner}/{repo} that modify '{file_name}':") + print(prs) + +if __name__ == '__main__': + asyncio.run(main(REPOS, FILE_PATH)) +``` + +![image](https://github.com/intel/dffml/assets/5950433/0ac22f17-d8e0-4e29-80b9-8423af4497e6) + +- TODO + - [ ] Think about federation from the CBOR API perspective \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0474/index.md b/docs/discussions/alice_engineering_comms/0474/index.md new file mode 100644 index 0000000000..8555699da0 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0474/index.md @@ -0,0 +1 @@ +# 2023-12-07 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0475/index.md b/docs/discussions/alice_engineering_comms/0475/index.md new file mode 100644 index 0000000000..c93bdc9ea1 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0475/index.md @@ -0,0 +1 @@ +# 2023-12-08 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0476/index.md b/docs/discussions/alice_engineering_comms/0476/index.md new file mode 100644 index 0000000000..14781ed233 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0476/index.md @@ -0,0 +1 @@ +# 2023-12-09 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0477/index.md b/docs/discussions/alice_engineering_comms/0477/index.md new file mode 100644 index 0000000000..8223f720ad --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0477/index.md @@ -0,0 +1 @@ +# 2023-12-10 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0478/index.md b/docs/discussions/alice_engineering_comms/0478/index.md new file mode 100644 index 0000000000..df363873ed --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0478/index.md @@ -0,0 +1 @@ +# 2023-12-11 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0479/index.md b/docs/discussions/alice_engineering_comms/0479/index.md new file mode 100644 index 0000000000..97b719d5ee --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0479/index.md @@ -0,0 +1 @@ +# 2023-12-12 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0479/reply_0000.md b/docs/discussions/alice_engineering_comms/0479/reply_0000.md new file mode 100644 index 0000000000..35f0a047f3 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0479/reply_0000.md @@ -0,0 +1,98 @@ +## 2023-12-12 @pdxjohnny Engineering Logs + +- https://github.com/madox2/vim-ai +- https://github.com/pdxjohnny/httptest/blob/56fc2cfea40519e5f06972ba4d7ae7531bb5de10/.github/workflows/tests.yml#L44-L130 + +```yaml + - name: Generate SBOM + id: generate-sbom + uses: pdxjohnny/sbom4python@github-action + with: + python-version: ${{ matrix.python-version }} + module-name: httptest + output-directory: sbom + - name: in-toto attestation for cyclonedx SBOM + id: in-toto-cyclonedx + env: + MODULE_NAME: httptest + run: | + echo "attestation<> $GITHUB_OUTPUT + (python -m json.tool --sort-keys | tee -a $GITHUB_OUTPUT) <> $GITHUB_OUTPUT + - name: Checkout public-keys branch + uses: actions/checkout@v4 + with: + ref: public-keys + path: public-keys + - name: Generate keypair to sign SCITT statement + id: scitt-gen-keypair + run: | + ssh-keygen -q -f ssh-private -t ecdsa -b 384 -N '' -I "$(date -Iseconds)" << private-key.pem + cat ssh-private.pub | tee -a public-keys/authorized_keys + rm -v ssh-private + - name: Push new public key + env: + GH_TOKEN: ${{ github.token }} + run: | + set -xe + cd public-keys + gh auth setup-git + git config --global --add safe.directory "${PWD}" + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + git add -A + # If no delta clean exit + git commit -sm "Snapshot" || exit 0 + git push -uf origin "HEAD:public-keys" + # Wait for propagation + set +e + found=1 + while [ ${found} -eq 1 ]; do + curl -vfL https://raw.githubusercontent.com/pdxjohnny/httptest/public-keys/authorized_keys | tee authorized_keys + grep "$(cat ../ssh-private.pub)" authorized_keys + found=$? + done + - name: Submit SBOM to SCITT + id: scitt-submit-sbom + uses: pdxjohnny/scitt-api-emulator@github-action + with: + issuer: did:web:raw.githubusercontent.com:pdxjohnny:httptest:public-keys:authorized_keys + subject: pkg:github/${{ github.repository }}@${{ github.sha }} + payload: ${{ steps.in-toto-cyclonedx.outputs.attestation }} + private-key-pem: private-key.pem + scitt-url: https://scitt.unstable.chadig.com + - name: Remove private key used in keypair to sign SCITT statement + run: | + rm -v private-key.pem + - name: Create Pull Request + if: ${{ steps.generate-sbom.outputs.changed }} + uses: peter-evans/create-pull-request@v5.0.2 + with: + commit-message: "chore: update SBOM for Python ${{ matrix.python-version }}" + title: "chore: update SBOM for Python ${{ matrix.python-version }}" + branch: chore-sbom-py${{ matrix.python-version }} + delete-branch: true + author: GitHub Actions + add-paths: sbom +``` + +- TODO + - [x] in-toto cyclonedx for httptest to unstable SCITT instance + - [x] `public-keys` branch based discovery of authorized notary signing keys \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0480/index.md b/docs/discussions/alice_engineering_comms/0480/index.md new file mode 100644 index 0000000000..aa87c622b0 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0480/index.md @@ -0,0 +1 @@ +# 2023-12-13 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0480/reply_0000.md b/docs/discussions/alice_engineering_comms/0480/reply_0000.md new file mode 100644 index 0000000000..4fbe4d8bce --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0480/reply_0000.md @@ -0,0 +1,16 @@ +## 2023-12-13 @pdxjohnny Engineering Logs + +![image](https://github.com/intel/dffml/assets/5950433/0db2ba1b-776d-4ab5-8f5b-95e56c363da5) + +- TODO + - [x] DFFML testing CI build job submit SBOM to SCITT + - public-keys branch for notary keys + - https://github.com/intel/dffml/actions/runs/7198235389/job/19607199178 + - https://github.com/intel/dffml/blob/409880c54eb85bae5b79debaa23957008427c5a9/.github/workflows/testing.yml#L15-L135 + - [ ] Docker service for job running SCITT + - [ ] SCITT private key in GitHub Actions secrets + - [ ] Commit workspace storage to branch + - [ ] Federate to unstable instance + - [x] UI to browse SCITT entries + - https://github.com/scitt-community/scitt-api-emulator/tree/2f499670e5d815b543444cb1eecb9305b11872b4 + - https://view.scitt.unstable.chadig.com/entry/sha384:2a939b4f24fc10aff623e5727e71f48093feef35b48583eff34058eed76cc28703494a31f40b2ef239af3c009aa1bd9b/ \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0481/index.md b/docs/discussions/alice_engineering_comms/0481/index.md new file mode 100644 index 0000000000..1f556f05ab --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0481/index.md @@ -0,0 +1 @@ +# 2023-12-14 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0481/reply_0000.md b/docs/discussions/alice_engineering_comms/0481/reply_0000.md new file mode 100644 index 0000000000..5b1ecaac9c --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0481/reply_0000.md @@ -0,0 +1,4 @@ +- https://www.phoronix.com/news/FFmpeg-CLI-MT-Merged +- https://github.com/SBOMit/specification/blob/f41506b3d3a74b16d2f3964a8deed9cdd3b43471/specification.md +- https://github.com/CycloneDX/specification/blob/e8ae437941d01c006c0a5f0450e183238e899d8b/schema/bom-1.6.schema.json#L276-L281 + - > The array of references to evidence that supports this claim \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0482/index.md b/docs/discussions/alice_engineering_comms/0482/index.md new file mode 100644 index 0000000000..9e9178a75d --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0482/index.md @@ -0,0 +1 @@ +# 2023-12-15 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0482/reply_0000.md b/docs/discussions/alice_engineering_comms/0482/reply_0000.md new file mode 100644 index 0000000000..c024687ffd --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0482/reply_0000.md @@ -0,0 +1,32 @@ +## 2023-12-15 @pdxjohnny Engineering Logs + +- [puerco](https://github.com/puerco) created new OpenVEX GitHub Action + - https://github.com/openvex/generate-vex/pull/1 + - Once we issue vulns using Vulnerability Description Ontology (VDO) we’ll have all the basics for our decentralized Data Analysis Control loop + - 🛤️🛤️🛤️🛤️🛤️🛤️🛤️ + +```yaml + - uses: openvex/generate-vex@159b7ee4845fb48f1991395ce8501d6263407360 + name: Run vexctl + id: vexctl + with: + product: pkg:github/${{ github.repository }}@${{ github.sha }} + - name: Submit OpenVEX to SCITT + id: scitt-submit-openvex + uses: scitt-community/scitt-api-emulator@f1f5c16630a28511e970b6903fbc4c0db6c07654 + with: + issuer: did:web:raw.githubusercontent.com:intel:dffml:public-keys:authorized_keys + subject: pkg:github/${{ github.repository }}@${{ github.sha }} + payload: ${{ steps.vexctl.outputs.openvex }} + private-key-pem: private-key.pem + scitt-url: https://scitt.unstable.chadig.com +``` + +![chaos-for-the-chaos-god](https://github.com/intel/dffml/assets/5950433/636969a1-1f0f-4c96-8812-f10fa403e79c) + +- https://loop.online/claw +- TODO + - [x] Submit OpenVEX to SCITT + - https://github.com/openvex/generate-vex/pull/1 + - https://github.com/intel/dffml/actions/runs/7225714933/job/19689765921 + - https://view.scitt.unstable.chadig.com/entry/sha384:c6b4005b1442fd02c825b50ebbb83dc4e4a245f9b3504461c7a3c6a88c61b6eae1d0733d41f70bc99c7ff34a09de8c40/ \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0483/index.md b/docs/discussions/alice_engineering_comms/0483/index.md new file mode 100644 index 0000000000..4e5d816fc4 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0483/index.md @@ -0,0 +1 @@ +# 2023-12-16 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0484/index.md b/docs/discussions/alice_engineering_comms/0484/index.md new file mode 100644 index 0000000000..6aec2e5386 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0484/index.md @@ -0,0 +1 @@ +# 2023-12-17 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0485/index.md b/docs/discussions/alice_engineering_comms/0485/index.md new file mode 100644 index 0000000000..2e227d51dd --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0485/index.md @@ -0,0 +1 @@ +# 2023-12-18 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0486/index.md b/docs/discussions/alice_engineering_comms/0486/index.md new file mode 100644 index 0000000000..5f33573b5d --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0486/index.md @@ -0,0 +1 @@ +# 2023-12-19 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0487/index.md b/docs/discussions/alice_engineering_comms/0487/index.md new file mode 100644 index 0000000000..306f0be604 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0487/index.md @@ -0,0 +1 @@ +# 2023-12-20 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0488/index.md b/docs/discussions/alice_engineering_comms/0488/index.md new file mode 100644 index 0000000000..7a33a5d669 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0488/index.md @@ -0,0 +1 @@ +# 2023-12-21 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0489/index.md b/docs/discussions/alice_engineering_comms/0489/index.md new file mode 100644 index 0000000000..62a16178f6 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0489/index.md @@ -0,0 +1 @@ +# 2023-12-22 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0489/reply_0000.md b/docs/discussions/alice_engineering_comms/0489/reply_0000.md new file mode 100644 index 0000000000..2bd2a3ecce --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0489/reply_0000.md @@ -0,0 +1,2 @@ +- https://github.com/stellar-amenities/assistants/tree/main/examples/hello-world-intel-neural-chat-nodejs-function-calling +- https://github.com/stellar-amenities/assistants/blob/main/ee/k8s/README.md \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0490/index.md b/docs/discussions/alice_engineering_comms/0490/index.md new file mode 100644 index 0000000000..1d03f1aa70 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0490/index.md @@ -0,0 +1 @@ +# 2023-12-23 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0491/index.md b/docs/discussions/alice_engineering_comms/0491/index.md new file mode 100644 index 0000000000..a422f941e6 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0491/index.md @@ -0,0 +1 @@ +# 2023-12-24 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0492/index.md b/docs/discussions/alice_engineering_comms/0492/index.md new file mode 100644 index 0000000000..d768c2b8aa --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0492/index.md @@ -0,0 +1 @@ +# 2023-12-25 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0493/index.md b/docs/discussions/alice_engineering_comms/0493/index.md new file mode 100644 index 0000000000..92af780db9 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0493/index.md @@ -0,0 +1 @@ +# 2023-12-26 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0493/reply_0000.md b/docs/discussions/alice_engineering_comms/0493/reply_0000.md new file mode 100644 index 0000000000..b2528b6fab --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0493/reply_0000.md @@ -0,0 +1,3 @@ +- https://github.com/stellar-amenities/assistants/issues/1 +- https://github.com/transitive-bullshit/OpenOpenAI +- https://github.com/lm-sys/FastChat \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0494/index.md b/docs/discussions/alice_engineering_comms/0494/index.md new file mode 100644 index 0000000000..bf2c602f12 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0494/index.md @@ -0,0 +1 @@ +# 2023-12-27 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0494/reply_0000.md b/docs/discussions/alice_engineering_comms/0494/reply_0000.md new file mode 100644 index 0000000000..59fc070997 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0494/reply_0000.md @@ -0,0 +1,4 @@ +- https://www.cambridge.org/core/journals/international-journal-of-astrobiology/article/intelligence-as-a-planetary-scale-process/5077C784D7FAC55F96072F7A7772C5E5 +- https://huggingface.co/microsoft/phi-2#chat-format +- https://ai.stackexchange.com/questions/37542/how-embeddings-learned-from-one-model-can-be-used-in-another +- https://blog.ml6.eu/a-practical-guide-for-deploying-embedding-based-machine-learning-models-949f5dbd697d \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0495/index.md b/docs/discussions/alice_engineering_comms/0495/index.md new file mode 100644 index 0000000000..1aeace2958 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0495/index.md @@ -0,0 +1 @@ +# 2023-12-28 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0495/reply_0000.md b/docs/discussions/alice_engineering_comms/0495/reply_0000.md new file mode 100644 index 0000000000..cb41527f85 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0495/reply_0000.md @@ -0,0 +1,2 @@ +- https://github.com/wyl-willing/MindMap +- [The uneasy transition from supply chains to ecosystems: The value-creation/value-capture dilemma](https://www.emerald.com/insight/content/doi/10.1108/MD-06-2013-0329/full/html) \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0496/index.md b/docs/discussions/alice_engineering_comms/0496/index.md new file mode 100644 index 0000000000..14b082695c --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0496/index.md @@ -0,0 +1 @@ +# 2023-12-29 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0496/reply_0000.md b/docs/discussions/alice_engineering_comms/0496/reply_0000.md new file mode 100644 index 0000000000..9370249ccb --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0496/reply_0000.md @@ -0,0 +1,2 @@ +- https://research.swtch.com/acmscored + - Russ talks about Supply Chain Security \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0497/index.md b/docs/discussions/alice_engineering_comms/0497/index.md new file mode 100644 index 0000000000..85434a8c7b --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0497/index.md @@ -0,0 +1 @@ +# 2023-12-30 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0497/reply_0000.md b/docs/discussions/alice_engineering_comms/0497/reply_0000.md new file mode 100644 index 0000000000..e091777b82 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0497/reply_0000.md @@ -0,0 +1,2 @@ +- https://docs.ockam.io/guides/examples/basic-web-app + - activitypub scitt \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0498/index.md b/docs/discussions/alice_engineering_comms/0498/index.md new file mode 100644 index 0000000000..761d96a1aa --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0498/index.md @@ -0,0 +1 @@ +# 2023-12-31 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0499/index.md b/docs/discussions/alice_engineering_comms/0499/index.md new file mode 100644 index 0000000000..dc867349c5 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0499/index.md @@ -0,0 +1 @@ +# 2024-01-01 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0500/index.md b/docs/discussions/alice_engineering_comms/0500/index.md new file mode 100644 index 0000000000..3d57043fde --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0500/index.md @@ -0,0 +1 @@ +# 2024-01-02 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0500/reply_0000.md b/docs/discussions/alice_engineering_comms/0500/reply_0000.md new file mode 100644 index 0000000000..ece43ff42d --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0500/reply_0000.md @@ -0,0 +1,2 @@ +- https://github.com/ossf/scorecard/issues/3763 +- https://www.codecentric.de/wissens-hub/blog/github-actions-test-a-full-tekton-ci-installation \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0501/index.md b/docs/discussions/alice_engineering_comms/0501/index.md new file mode 100644 index 0000000000..88288c2936 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0501/index.md @@ -0,0 +1 @@ +# 2024-01-03 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0502/index.md b/docs/discussions/alice_engineering_comms/0502/index.md new file mode 100644 index 0000000000..7d75ebe526 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0502/index.md @@ -0,0 +1 @@ +# 2024-01-04 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0502/reply_0000.md b/docs/discussions/alice_engineering_comms/0502/reply_0000.md new file mode 100644 index 0000000000..d2b7992b3f --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0502/reply_0000.md @@ -0,0 +1,51 @@ +- https://pkg.go.dev/plugin#Plugin.Lookup + +```golang +package loader + +import ( + "plugin" + + "github.com/ossf/scorecard/probes" +) + +// PluginProbeLoader loads custom probes built as plugins. +type PluginProbeLoader struct{} + +// Load implements the ProbeLoader interface. +// It builds the probe Go code into a plugin and loads it. +func (l *PluginProbeLoader) Load(path string) (probes.Probe, error) { + plug, err := plugin.Open(path) + if err != nil { + return nil, err + } + + // Lookup the New method of the probe from the plugin + newFunc, err := plug.Lookup("New") + if err != nil { + return nil, err + } + + // Assert and cast the New func to the expected signature + newProbe, ok := newFunc.(func() probes.Probe) + if !ok { + return nil, fmt.Errorf("invalid probe constructor") + } + + // Create a new instance of the probe + return newProbe(), nil +} + +loader := &PluginProbeLoader{} + +probe, err := loader.Load("/path/to/probe.go") +if err != nil { + // handle error +} + +func New() probes.Probe { + return &MyCustomProbe{} +} + +type MyCustomProbe struct{} +``` \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0503/index.md b/docs/discussions/alice_engineering_comms/0503/index.md new file mode 100644 index 0000000000..f63ac3fe81 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0503/index.md @@ -0,0 +1 @@ +# 2024-01-05 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0503/reply_0000.md b/docs/discussions/alice_engineering_comms/0503/reply_0000.md new file mode 100644 index 0000000000..575a8386d9 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0503/reply_0000.md @@ -0,0 +1,6 @@ +- https://github.com/langchain-ai/langchain/issues/15580#issuecomment-1878528580 +- https://docs.rs/reqwest/latest/reqwest/struct.Response.html +- https://en.wikipedia.org/wiki/Holacracy +- Advanced patterns for GitHub's GraphQL API - https://www.youtube.com/watch?v=i5pIszu9MeM&t=719s + - https://github.com/intel/dffml/blob/main/scripts/dump_discussion.py + - https://github.com/toast-ninja/github-analytics-starter \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0504/index.md b/docs/discussions/alice_engineering_comms/0504/index.md new file mode 100644 index 0000000000..f63ac3fe81 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0504/index.md @@ -0,0 +1 @@ +# 2024-01-05 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/0505/index.md b/docs/discussions/alice_engineering_comms/0505/index.md new file mode 100644 index 0000000000..f63ac3fe81 --- /dev/null +++ b/docs/discussions/alice_engineering_comms/0505/index.md @@ -0,0 +1 @@ +# 2024-01-05 Engineering Logs \ No newline at end of file diff --git a/docs/discussions/alice_engineering_comms/index.md b/docs/discussions/alice_engineering_comms/index.md index 03d8bbde31..4b911098f8 100644 --- a/docs/discussions/alice_engineering_comms/index.md +++ b/docs/discussions/alice_engineering_comms/index.md @@ -64,7 +64,7 @@ aligned workstreams. - We use cross domain conceptual mapping to align system contexts in a similar direction and drop ones which do are unhelpful, do not make the classification for "good" - What remains from our circular graph is a pyramid with the correct decisions - (per prioritizer) + (per prioritizer) - This line represents the "state of the art", the remembered (direct lookup) or predicted/inferred system contexts along this line are well rounded examples of where the field is headed, per upstream and overlay defined strategic plans @@ -77,7 +77,7 @@ aligned workstreams. - Type: `Union[str, Date]` - Example: `2022-07-18` - Default: `did:oa:architype:current-date` - - Add yesterdays unfinished TODO items to this train of though with the + - Add yesterdays unfinished TODO items to this train of though with the - Create a document (docutils?) - Make the top level header `date` with "Notes" appended - Collect all previous days TODOs from within the individual entity comments within the thread for the days comment (the team summary for that day) @@ -102,4 +102,7 @@ aligned workstreams. - We see alignment happening - `![such-alignment](https://user-images.githubusercontent.com/5950433/226707682-cfa8dbff-0908-4a34-8540-de729c62512f.png)` - We enable bisection or hermetic or cacheable builds - - `![hash-values-everywhere](https://user-images.githubusercontent.com/5950433/230648803-c0765d60-bf9a-474a-b67e-4b4177dcb15c.png)` \ No newline at end of file + - `![hash-values-everywhere](https://user-images.githubusercontent.com/5950433/230648803-c0765d60-bf9a-474a-b67e-4b4177dcb15c.png)` + +> ![alice-looking-at-the-matrix](https://github.com/intel/dffml/assets/5950433/6817a805-0601-4443-8927-6ae7739f63d3) +> Source: unknown \ No newline at end of file