@deftai/directive-content 0.55.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/deft/SKILL.md +6 -0
- package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
- package/.agents/skills/deft-directive-build/SKILL.md +10 -0
- package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
- package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
- package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
- package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
- package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
- package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
- package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
- package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
- package/.agents/skills/deft-directive-release/SKILL.md +12 -0
- package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
- package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
- package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
- package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
- package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
- package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
- package/LICENSE.md +22 -0
- package/QUICK-START.md +167 -0
- package/UPGRADING.md +517 -0
- package/coding/build-output.md +28 -0
- package/coding/coding.md +235 -0
- package/coding/debugging.md +110 -0
- package/coding/holzmann.md +96 -0
- package/coding/hygiene.md +127 -0
- package/coding/security.md +158 -0
- package/coding/testing.md +162 -0
- package/coding/toolchain.md +44 -0
- package/commands.md +300 -0
- package/context/context.md +57 -0
- package/context/deterministic-split.md +67 -0
- package/context/examples.md +26 -0
- package/context/fractal-summaries.md +69 -0
- package/context/long-horizon.md +46 -0
- package/context/spec-deltas.md +177 -0
- package/context/tool-design.md +34 -0
- package/context/working-memory.md +62 -0
- package/contracts/boundary-maps.md +65 -0
- package/contracts/deterministic-questions.md +59 -0
- package/contracts/hierarchy.md +77 -0
- package/conventions/content-manifest.json +399 -0
- package/conventions/machine-generated-banner.md +130 -0
- package/conventions/references.md +120 -0
- package/conventions/rule-ownership.json +382 -0
- package/conventions/task-caching.md +43 -0
- package/conventions/vbrief-filenames.md +70 -0
- package/deployments/README.md +37 -0
- package/deployments/agentuity/README.md +138 -0
- package/deployments/agentuity/via-cli.md +380 -0
- package/deployments/agentuity/via-cloud.md +425 -0
- package/deployments/agentuity/via-github-actions.md +664 -0
- package/deployments/agentuity/via-gravity-network.md +606 -0
- package/deployments/agentuity/via-vpc.md +607 -0
- package/deployments/aws/README.md +38 -0
- package/deployments/aws/via-app-runner.md +612 -0
- package/deployments/aws/via-ecs-fargate.md +561 -0
- package/deployments/aws/via-elastic-beanstalk.md +628 -0
- package/deployments/aws/via-lambda.md +649 -0
- package/deployments/azure/README.md +37 -0
- package/deployments/azure/via-aks.md +390 -0
- package/deployments/azure/via-app-service.md +564 -0
- package/deployments/azure/via-container-apps.md +599 -0
- package/deployments/azure/via-functions.md +552 -0
- package/deployments/cloud-gov/README.md +63 -0
- package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
- package/deployments/cloud-gov/agents.md +39 -0
- package/deployments/cloud-gov/cicd.md +64 -0
- package/deployments/cloud-gov/deployment.md +150 -0
- package/deployments/cloud-gov/logging.md +43 -0
- package/deployments/cloud-gov/manifest.md +121 -0
- package/deployments/cloud-gov/overview.md +58 -0
- package/deployments/cloud-gov/security.md +46 -0
- package/deployments/cloud-gov/services.md +72 -0
- package/deployments/cloud-gov/upstream/README.md +18 -0
- package/deployments/cloudflare/README.md +33 -0
- package/deployments/cloudflare/via-dashboard.md +83 -0
- package/deployments/cloudflare/via-git.md +90 -0
- package/deployments/cloudflare/via-github-actions.md +185 -0
- package/deployments/cloudflare/via-terraform.md +157 -0
- package/deployments/cloudflare/via-wrangler.md +165 -0
- package/deployments/fly-io/README.md +37 -0
- package/deployments/fly-io/via-dockerfile.md +648 -0
- package/deployments/fly-io/via-flyctl.md +653 -0
- package/deployments/fly-io/via-github-actions.md +695 -0
- package/deployments/fly-io/via-multi-region.md +598 -0
- package/deployments/google/README.md +34 -0
- package/deployments/google/via-app-engine.md +42 -0
- package/deployments/google/via-cloud-functions.md +23 -0
- package/deployments/google/via-cloud-run.md +330 -0
- package/deployments/google/via-gke.md +23 -0
- package/deployments/netlify/README.md +99 -0
- package/deployments/netlify/via-cli.md +17 -0
- package/deployments/netlify/via-functions.md +19 -0
- package/deployments/netlify/via-git.md +25 -0
- package/deployments/vercel/README.md +90 -0
- package/deployments/vercel/via-api.md +16 -0
- package/deployments/vercel/via-cli.md +17 -0
- package/deployments/vercel/via-git.md +24 -0
- package/docs/BROWNFIELD.md +179 -0
- package/docs/getting-started.md +137 -0
- package/docs/good-agents-md.md +137 -0
- package/events/README.md +89 -0
- package/events/event-record.schema.json +26 -0
- package/events/registry.json +166 -0
- package/events/registry.schema.json +71 -0
- package/glossary.md +145 -0
- package/incidents/README.md +81 -0
- package/incidents/_template.md +38 -0
- package/interfaces/cli.md +104 -0
- package/interfaces/rest.md +212 -0
- package/interfaces/tui.md +242 -0
- package/interfaces/web.md +123 -0
- package/languages/6502-DASM.md +132 -0
- package/languages/c.md +235 -0
- package/languages/commands.md +23 -0
- package/languages/cpp.md +132 -0
- package/languages/csharp.md +259 -0
- package/languages/dart.md +183 -0
- package/languages/delphi.md +218 -0
- package/languages/elixir.md +208 -0
- package/languages/go.md +78 -0
- package/languages/java.md +278 -0
- package/languages/javascript.md +163 -0
- package/languages/julia.md +175 -0
- package/languages/kotlin.md +193 -0
- package/languages/markdown.md +168 -0
- package/languages/mermaid.md +146 -0
- package/languages/officejs.md +392 -0
- package/languages/python.md +209 -0
- package/languages/r.md +163 -0
- package/languages/rust.md +216 -0
- package/languages/sql.md +216 -0
- package/languages/swift.md +153 -0
- package/languages/typescript.md +132 -0
- package/languages/vba.md +279 -0
- package/languages/vhdl.md +180 -0
- package/languages/visual-basic.md +151 -0
- package/languages/zig.md +196 -0
- package/meta/SOUL.md +27 -0
- package/meta/code-field.md +44 -0
- package/meta/morals.md +40 -0
- package/meta/philosophy.md +39 -0
- package/meta/project.md +49 -0
- package/meta/ralph.md +223 -0
- package/meta/security.md +80 -0
- package/meta/versioning.md +326 -0
- package/package.json +22 -0
- package/packs/lessons/lessons-pack-0.1.json +553 -0
- package/packs/patterns/patterns-pack-0.1.json +57 -0
- package/packs/rules/rules-pack-0.1.json +4767 -0
- package/packs/skills/skills-pack-0.1.json +262 -0
- package/packs/strategies/strategies-pack-0.1.json +167 -0
- package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
- package/patterns/executor-layer-credentials.md +227 -0
- package/patterns/llm-app.md +156 -0
- package/patterns/multi-agent.md +278 -0
- package/patterns/prompt-assembly-layer-ordering.md +154 -0
- package/patterns/role-as-overlay.md +179 -0
- package/platforms/2600.md +137 -0
- package/platforms/unity.md +329 -0
- package/references/composer-skill-porting.md +152 -0
- package/references/cost-models.md +163 -0
- package/references/ip-risk.md +246 -0
- package/references/plain-english-ux.md +275 -0
- package/resilience/context-pruning.md +67 -0
- package/resilience/continue-here.md +62 -0
- package/scm/changelog.md +276 -0
- package/scm/git.md +139 -0
- package/scm/github.md +265 -0
- package/secrets/.gitkeep +0 -0
- package/skills/deft-build/SKILL.md +20 -0
- package/skills/deft-directive-article-review/SKILL.md +156 -0
- package/skills/deft-directive-build/SKILL.md +302 -0
- package/skills/deft-directive-cost/SKILL.md +201 -0
- package/skills/deft-directive-debug/SKILL.md +140 -0
- package/skills/deft-directive-decompose/SKILL.md +96 -0
- package/skills/deft-directive-gh-arch/SKILL.md +160 -0
- package/skills/deft-directive-gh-slice/SKILL.md +199 -0
- package/skills/deft-directive-glossary/SKILL.md +118 -0
- package/skills/deft-directive-interview/SKILL.md +528 -0
- package/skills/deft-directive-pre-pr/SKILL.md +131 -0
- package/skills/deft-directive-probe/SKILL.md +127 -0
- package/skills/deft-directive-refinement/SKILL.md +403 -0
- package/skills/deft-directive-release/SKILL.md +266 -0
- package/skills/deft-directive-review-cycle/SKILL.md +401 -0
- package/skills/deft-directive-setup/SKILL.md +717 -0
- package/skills/deft-directive-swarm/SKILL.md +989 -0
- package/skills/deft-directive-sync/SKILL.md +288 -0
- package/skills/deft-directive-triage/SKILL.md +137 -0
- package/skills/deft-directive-write-skill/SKILL.md +169 -0
- package/skills/deft-interview/SKILL.md +16 -0
- package/skills/deft-pre-pr/SKILL.md +16 -0
- package/skills/deft-review-cycle/SKILL.md +16 -0
- package/skills/deft-roadmap-refresh/SKILL.md +16 -0
- package/skills/deft-setup/SKILL.md +20 -0
- package/skills/deft-swarm/SKILL.md +16 -0
- package/skills/deft-sync/SKILL.md +16 -0
- package/strategies/README.md +83 -0
- package/strategies/artifact-guards.md +85 -0
- package/strategies/bdd.md +115 -0
- package/strategies/brownfield.md +7 -0
- package/strategies/discuss.md +129 -0
- package/strategies/emit-hints.md +69 -0
- package/strategies/enterprise.md +193 -0
- package/strategies/interview.md +551 -0
- package/strategies/map.md +179 -0
- package/strategies/probe.md +151 -0
- package/strategies/rapid.md +155 -0
- package/strategies/research.md +155 -0
- package/strategies/roadmap.md +9 -0
- package/strategies/speckit.md +437 -0
- package/strategies/v0-20-contract.md +134 -0
- package/strategies/yolo.md +169 -0
- package/swarm/swarm.md +300 -0
- package/templates/COST-ESTIMATE.md +114 -0
- package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
- package/templates/agent-prompt-preamble.md +409 -0
- package/templates/agents-entry.md +211 -0
- package/templates/agents-entry.placeholders.md +75 -0
- package/templates/embed.go +20 -0
- package/templates/embed_test.go +36 -0
- package/templates/make-spec-example.md +9 -0
- package/templates/make-spec.md +246 -0
- package/templates/project.md.template +52 -0
- package/templates/specification.md +1 -0
- package/templates/swarm-greptile-poller-prompt.md +556 -0
- package/templates/user.md.template +31 -0
- package/tools/RWLDL.md +80 -0
- package/tools/greptile.md +141 -0
- package/tools/installer.md +23 -0
- package/tools/taskfile-migration.md +32 -0
- package/tools/taskfile.md +185 -0
- package/tools/telemetry.md +285 -0
- package/vbrief/schemas/cache-meta.schema.json +137 -0
- package/vbrief/schemas/candidates.schema.json +130 -0
- package/vbrief/schemas/codebase-map.schema.json +213 -0
- package/vbrief/schemas/lessons-pack.schema.json +134 -0
- package/vbrief/schemas/patterns-pack.schema.json +84 -0
- package/vbrief/schemas/rules-pack.schema.json +105 -0
- package/vbrief/schemas/skills-pack.schema.json +94 -0
- package/vbrief/schemas/slices.schema.json +87 -0
- package/vbrief/schemas/strategies-pack.schema.json +89 -0
- package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
- package/vbrief/schemas/vbrief-core.schema.json +1022 -0
- package/vbrief/vbrief.md +684 -0
- package/verification/integration.md +76 -0
- package/verification/plan-checking.md +85 -0
- package/verification/uat.md +60 -0
- package/verification/verification.md +117 -0
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: compliance-docs
|
|
3
|
+
description: Generates FedRAMP compliance documentation by scanning codebase for NIST SP 800-53 control references. Creates draft System Security Plans (SSP) and Control Implementation Matrices.
|
|
4
|
+
tools: ["read", "search", "edit"]
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
You are a FedRAMP compliance documentation specialist for cloud.gov applications.
|
|
8
|
+
|
|
9
|
+
## Capabilities
|
|
10
|
+
|
|
11
|
+
1. Scan code for NIST SP 800-53 control references
|
|
12
|
+
2. Produce a Control Implementation Matrix (CIM)
|
|
13
|
+
3. Draft SSP sections
|
|
14
|
+
4. Identify coverage gaps
|
|
15
|
+
|
|
16
|
+
## Control Reference Patterns
|
|
17
|
+
|
|
18
|
+
- `NIST 800-53:` followed by control IDs
|
|
19
|
+
- `Security Controls:` sections in docstrings
|
|
20
|
+
- Control IDs in comments (e.g., `AC-2`, `AU-3`)
|
|
21
|
+
|
|
22
|
+
## Output Formats
|
|
23
|
+
|
|
24
|
+
### Control Implementation Matrix (CIM)
|
|
25
|
+
|
|
26
|
+
Provide a markdown table:
|
|
27
|
+
|
|
28
|
+
| Control ID | Control Name | Implementation Status | Implementation Description | Evidence Location | Responsible Party |
|
|
29
|
+
|------------|--------------|----------------------|---------------------------|-------------------|-------------------|
|
|
30
|
+
|
|
31
|
+
Implementation Status values:
|
|
32
|
+
- Implemented
|
|
33
|
+
- Partially Implemented
|
|
34
|
+
- Planned
|
|
35
|
+
- Inherited
|
|
36
|
+
|
|
37
|
+
### SSP Sections
|
|
38
|
+
|
|
39
|
+
```
|
|
40
|
+
## [Control ID] - [Control Name]
|
|
41
|
+
|
|
42
|
+
### Control Description
|
|
43
|
+
[NIST description]
|
|
44
|
+
|
|
45
|
+
### Implementation Statement
|
|
46
|
+
[How the control is implemented]
|
|
47
|
+
|
|
48
|
+
### Evidence
|
|
49
|
+
- File path and line numbers
|
|
50
|
+
|
|
51
|
+
### Responsible Parties
|
|
52
|
+
- Cloud.gov (Inherited)
|
|
53
|
+
- Application Team
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
## Workflow
|
|
57
|
+
|
|
58
|
+
1. Search codebase for control references
|
|
59
|
+
2. Extract evidence and context
|
|
60
|
+
3. Group by control family
|
|
61
|
+
4. Generate requested artifacts
|
|
62
|
+
5. Report gaps
|
|
63
|
+
|
|
64
|
+
## Output Location
|
|
65
|
+
|
|
66
|
+
When creating files, place them in `compliance/`:
|
|
67
|
+
|
|
68
|
+
- `compliance/control-implementation-matrix.md`
|
|
69
|
+
- `compliance/ssp-draft.md`
|
|
70
|
+
- `compliance/control-coverage-report.md`
|
|
71
|
+
|
|
72
|
+
## Notes
|
|
73
|
+
|
|
74
|
+
- Outputs are drafts and must be reviewed by security personnel
|
|
75
|
+
- Some controls require non-code evidence
|
|
76
|
+
*** Add File: /Users/visionik/Projects/deftco/deft/deployments/cloud-gov/skills/cf-troubleshoot.md
|
|
77
|
+
# CF Troubleshoot Skill (Deft)
|
|
78
|
+
|
|
79
|
+
Guidance for diagnosing common cloud.gov / Cloud Foundry issues.
|
|
80
|
+
|
|
81
|
+
## When to Use
|
|
82
|
+
|
|
83
|
+
- App fails to start or crashes
|
|
84
|
+
- `cf push` fails
|
|
85
|
+
- Service binding or connectivity issues
|
|
86
|
+
- Performance problems
|
|
87
|
+
|
|
88
|
+
## Diagnostic Basics
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
cf app <APP_NAME>
|
|
92
|
+
cf logs <APP_NAME> --recent
|
|
93
|
+
cf env <APP_NAME>
|
|
94
|
+
cf services
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
## Common Patterns
|
|
98
|
+
|
|
99
|
+
### Health Check Timeout
|
|
100
|
+
|
|
101
|
+
- Ensure app binds to `$PORT`
|
|
102
|
+
- Configure health check endpoint in `manifest.yml`
|
|
103
|
+
|
|
104
|
+
### Buildpack Errors
|
|
105
|
+
|
|
106
|
+
- Verify required dependency files exist
|
|
107
|
+
- Explicitly set buildpack in manifest
|
|
108
|
+
|
|
109
|
+
### Out of Memory
|
|
110
|
+
|
|
111
|
+
```bash
|
|
112
|
+
cf scale <APP_NAME> -m 1G
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
### Service Connectivity
|
|
116
|
+
|
|
117
|
+
- Verify service binding
|
|
118
|
+
- Parse `VCAP_SERVICES` correctly
|
|
119
|
+
- Restage after binding
|
|
120
|
+
|
|
121
|
+
## Log Search
|
|
122
|
+
|
|
123
|
+
```bash
|
|
124
|
+
cf logs <APP_NAME> --recent | rg -i "error|exception|failed"
|
|
125
|
+
cf logs <APP_NAME> --recent | rg -i "memory|oom|killed"
|
|
126
|
+
cf logs <APP_NAME> --recent | rg -i "connection|timeout|refused"
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
## Escalation
|
|
130
|
+
|
|
131
|
+
- Check cloud.gov status page
|
|
132
|
+
- File a support ticket with error details
|
|
133
|
+
*** Add File: /Users/visionik/Projects/deftco/deft/deployments/cloud-gov/LICENSE.md
|
|
134
|
+
MIT License
|
|
135
|
+
|
|
136
|
+
Copyright (c) 2026 Ad Hoc, LLC
|
|
137
|
+
|
|
138
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
139
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
140
|
+
in the Software without restriction, including without limitation the rights
|
|
141
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
142
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
143
|
+
furnished to do so, subject to the following conditions:
|
|
144
|
+
|
|
145
|
+
The above copyright notice and this permission notice shall be included in all
|
|
146
|
+
copies or substantial portions of the Software.
|
|
147
|
+
|
|
148
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
149
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
150
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
151
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
152
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
153
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
154
|
+
SOFTWARE.
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# Cloud.gov Agent Instructions (Deft)
|
|
2
|
+
|
|
3
|
+
Agent behaviors and safety guardrails for cloud.gov projects.
|
|
4
|
+
|
|
5
|
+
## Core Behaviors
|
|
6
|
+
|
|
7
|
+
- ! Ask for explicit confirmation before **any** destructive `cf` command
|
|
8
|
+
- ! Confirm org/space before modifying resources
|
|
9
|
+
- ! Warn clearly when targeting production
|
|
10
|
+
- ~ Explain impact before running modifying commands
|
|
11
|
+
|
|
12
|
+
## Destructive Commands (ALWAYS confirm)
|
|
13
|
+
|
|
14
|
+
- `cf delete`
|
|
15
|
+
- `cf delete-service`
|
|
16
|
+
- `cf delete-service-key`
|
|
17
|
+
- `cf delete-route`
|
|
18
|
+
|
|
19
|
+
## Modifying Commands (confirm in prod)
|
|
20
|
+
|
|
21
|
+
- `cf push`
|
|
22
|
+
- `cf restage`
|
|
23
|
+
- `cf restart`
|
|
24
|
+
- `cf scale`
|
|
25
|
+
- `cf set-env`
|
|
26
|
+
- `cf update-service`
|
|
27
|
+
|
|
28
|
+
## Safe Commands (no confirmation)
|
|
29
|
+
|
|
30
|
+
- `cf apps`, `cf app <name>`
|
|
31
|
+
- `cf services`, `cf service <name>`
|
|
32
|
+
- `cf logs <name> --recent`
|
|
33
|
+
- `cf env <name>`
|
|
34
|
+
- `cf routes`, `cf target`, `cf marketplace`
|
|
35
|
+
|
|
36
|
+
## Security Guidance
|
|
37
|
+
|
|
38
|
+
- ! Include NIST SP 800-53 control references in security-relevant code
|
|
39
|
+
- ~ Reference inherited controls from cloud.gov in documentation
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
---
|
|
2
|
+
applyTo: "**/.github/workflows/*.yml,**/.github/workflows/*.yaml,**/Jenkinsfile,**/.circleci/config.yml,**/.travis.yml"
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Cloud.gov CI/CD Instructions (Deft)
|
|
6
|
+
|
|
7
|
+
Guidance for deploying to cloud.gov from CI/CD.
|
|
8
|
+
|
|
9
|
+
## Core Rules
|
|
10
|
+
|
|
11
|
+
- ! Use service accounts for automation
|
|
12
|
+
- ! Store credentials in CI secrets (never in code)
|
|
13
|
+
- ~ Rotate credentials every 90 days
|
|
14
|
+
- ~ Require manual approval for production
|
|
15
|
+
|
|
16
|
+
## Service Account
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
cf create-service cloud-gov-service-account space-deployer my-deployer
|
|
20
|
+
cf create-service-key my-deployer deploy-key
|
|
21
|
+
cf service-key my-deployer deploy-key
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## GitHub Actions (skeleton)
|
|
25
|
+
|
|
26
|
+
```yaml
|
|
27
|
+
name: Deploy to Cloud.gov
|
|
28
|
+
|
|
29
|
+
on:
|
|
30
|
+
push:
|
|
31
|
+
branches: [main]
|
|
32
|
+
|
|
33
|
+
jobs:
|
|
34
|
+
test:
|
|
35
|
+
runs-on: ubuntu-latest
|
|
36
|
+
steps:
|
|
37
|
+
- uses: actions/checkout@v4
|
|
38
|
+
- run: task test
|
|
39
|
+
|
|
40
|
+
deploy:
|
|
41
|
+
runs-on: ubuntu-latest
|
|
42
|
+
needs: test
|
|
43
|
+
steps:
|
|
44
|
+
- uses: actions/checkout@v4
|
|
45
|
+
- name: Deploy
|
|
46
|
+
uses: cloud-gov/cg-cli-tools@main
|
|
47
|
+
with:
|
|
48
|
+
cf_api: https://api.fr.cloud.gov
|
|
49
|
+
cf_username: ${{ secrets.CG_USERNAME }}
|
|
50
|
+
cf_password: ${{ secrets.CG_PASSWORD }}
|
|
51
|
+
cf_org: your-org
|
|
52
|
+
cf_space: prod
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
## Best Practices
|
|
56
|
+
|
|
57
|
+
- ~ Deploy from main branch only
|
|
58
|
+
- ~ Gate on tests and security checks
|
|
59
|
+
- ~ Use rolling or blue/green for production
|
|
60
|
+
|
|
61
|
+
## References
|
|
62
|
+
|
|
63
|
+
- https://docs.cloud.gov/platform/management/continuous-deployment/
|
|
64
|
+
- https://docs.cloud.gov/platform/services/cloud-gov-service-account/
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
---
|
|
2
|
+
applyTo: "**/manifest*.yml,**/Procfile,**/.cfignore,**/.profile"
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Cloud.gov Deployment Instructions (Deft)
|
|
6
|
+
|
|
7
|
+
Guidance for deploying applications to cloud.gov using Cloud Foundry.
|
|
8
|
+
|
|
9
|
+
## Prerequisites
|
|
10
|
+
|
|
11
|
+
- ! Cloud Foundry CLI installed (`cf`)
|
|
12
|
+
- ! Logged in to `api.fr.cloud.gov`
|
|
13
|
+
- ! Targeted correct org/space
|
|
14
|
+
|
|
15
|
+
## Basic Workflow
|
|
16
|
+
|
|
17
|
+
1. Prepare required files (`manifest.yml`, `.cfignore`, optional `.profile`, `Procfile`)
|
|
18
|
+
2. Run `cf push`
|
|
19
|
+
3. Verify health and logs
|
|
20
|
+
|
|
21
|
+
## Required Files
|
|
22
|
+
|
|
23
|
+
### `manifest.yml` (example)
|
|
24
|
+
|
|
25
|
+
```yaml
|
|
26
|
+
---
|
|
27
|
+
applications:
|
|
28
|
+
- name: my-app
|
|
29
|
+
memory: 512M
|
|
30
|
+
instances: 2
|
|
31
|
+
buildpacks:
|
|
32
|
+
- python_buildpack
|
|
33
|
+
env:
|
|
34
|
+
ENVIRONMENT: production
|
|
35
|
+
services:
|
|
36
|
+
- my-database
|
|
37
|
+
routes:
|
|
38
|
+
- route: my-app.app.cloud.gov
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
### `.cfignore` (example)
|
|
42
|
+
|
|
43
|
+
```
|
|
44
|
+
.git/
|
|
45
|
+
.gitignore
|
|
46
|
+
node_modules/
|
|
47
|
+
__pycache__/
|
|
48
|
+
*.pyc
|
|
49
|
+
.env
|
|
50
|
+
.env.*
|
|
51
|
+
tests/
|
|
52
|
+
docs/
|
|
53
|
+
*.md
|
|
54
|
+
!README.md
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### `.profile` (optional)
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
#!/bin/bash
|
|
61
|
+
export APP_STARTED_AT=$(date)
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
### `Procfile` (optional)
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
web: gunicorn app:app --bind 0.0.0.0:$PORT
|
|
68
|
+
worker: python worker.py
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
## Deployment Commands
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
cf push
|
|
75
|
+
cf push -f manifest.yml
|
|
76
|
+
cf push --no-start
|
|
77
|
+
cf app <APP_NAME>
|
|
78
|
+
cf logs <APP_NAME> --recent
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
## Strategies
|
|
82
|
+
|
|
83
|
+
### Blue/Green
|
|
84
|
+
|
|
85
|
+
- Deploy new version with temporary name
|
|
86
|
+
- Map routes to new version
|
|
87
|
+
- Unmap routes from old version
|
|
88
|
+
- Delete old version
|
|
89
|
+
|
|
90
|
+
### Rolling
|
|
91
|
+
|
|
92
|
+
```bash
|
|
93
|
+
cf push my-app --strategy rolling
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
### Canary
|
|
97
|
+
|
|
98
|
+
- Deploy canary instance
|
|
99
|
+
- Map route and monitor
|
|
100
|
+
- Promote or rollback
|
|
101
|
+
|
|
102
|
+
## Scaling
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
cf scale <APP_NAME> -i 3
|
|
106
|
+
cf scale <APP_NAME> -m 1G
|
|
107
|
+
cf scale <APP_NAME> -k 2G
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
## Health Checks
|
|
111
|
+
|
|
112
|
+
```yaml
|
|
113
|
+
applications:
|
|
114
|
+
- name: my-app
|
|
115
|
+
health-check-type: http
|
|
116
|
+
health-check-http-endpoint: /health
|
|
117
|
+
timeout: 180
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
## Buildpacks
|
|
121
|
+
|
|
122
|
+
Common buildpacks:
|
|
123
|
+
|
|
124
|
+
- `python_buildpack`
|
|
125
|
+
- `nodejs_buildpack`
|
|
126
|
+
- `ruby_buildpack`
|
|
127
|
+
- `java_buildpack`
|
|
128
|
+
- `go_buildpack`
|
|
129
|
+
- `php_buildpack`
|
|
130
|
+
- `dotnet_core_buildpack`
|
|
131
|
+
- `staticfile_buildpack`
|
|
132
|
+
|
|
133
|
+
List available buildpacks:
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
cf buildpacks
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
## Troubleshooting
|
|
140
|
+
|
|
141
|
+
```bash
|
|
142
|
+
cf logs <APP_NAME> --recent
|
|
143
|
+
cf events <APP_NAME>
|
|
144
|
+
cf ssh <APP_NAME>
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
## References
|
|
148
|
+
|
|
149
|
+
- https://docs.cloud.gov/platform/deployment/
|
|
150
|
+
- https://docs.cloudfoundry.org/devguide/deploy-apps/
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
---
|
|
2
|
+
applyTo: "**/*.py,**/*.js,**/*.ts,**/*.rb,**/*.java,**/*.go,**/manifest*.yml"
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Cloud.gov Logging Instructions (Deft)
|
|
6
|
+
|
|
7
|
+
Guidance for logging and monitoring in cloud.gov applications.
|
|
8
|
+
|
|
9
|
+
## Core Rules
|
|
10
|
+
|
|
11
|
+
- ! Log to stdout/stderr (no files)
|
|
12
|
+
- ! Never log secrets or PII
|
|
13
|
+
- ~ Use structured JSON logs
|
|
14
|
+
- ~ Include request IDs and timestamps
|
|
15
|
+
|
|
16
|
+
## Viewing Logs
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
cf logs <APP_NAME> --recent
|
|
20
|
+
cf logs <APP_NAME>
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
## Structured Log Fields (suggested)
|
|
24
|
+
|
|
25
|
+
- `timestamp`
|
|
26
|
+
- `level`
|
|
27
|
+
- `event`
|
|
28
|
+
- `request_id`
|
|
29
|
+
- `user_id` (anonymized)
|
|
30
|
+
- `duration_ms`
|
|
31
|
+
|
|
32
|
+
## Log Drains
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
cf cups my-log-drain -l syslog-tls://logs.example.com:6514
|
|
36
|
+
cf bind-service my-app my-log-drain
|
|
37
|
+
cf restage my-app
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
## References
|
|
41
|
+
|
|
42
|
+
- https://docs.cloudfoundry.org/devguide/deploy-apps/streaming-logs.html
|
|
43
|
+
- https://12factor.net/logs
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
---
|
|
2
|
+
applyTo: "**/manifest*.yml,**/vars*.yml"
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Cloud.gov Manifest Instructions (Deft)
|
|
6
|
+
|
|
7
|
+
Guidance for writing `manifest.yml` files.
|
|
8
|
+
|
|
9
|
+
## Required
|
|
10
|
+
|
|
11
|
+
- ! `name` must be unique in the target space
|
|
12
|
+
- ! `memory` should be explicitly set
|
|
13
|
+
- ~ `instances: 2+` for production workloads
|
|
14
|
+
|
|
15
|
+
## Example Manifest
|
|
16
|
+
|
|
17
|
+
```yaml
|
|
18
|
+
---
|
|
19
|
+
applications:
|
|
20
|
+
- name: my-app
|
|
21
|
+
memory: 512M
|
|
22
|
+
disk_quota: 1G
|
|
23
|
+
instances: 2
|
|
24
|
+
buildpacks:
|
|
25
|
+
- python_buildpack
|
|
26
|
+
command: gunicorn app:app
|
|
27
|
+
env:
|
|
28
|
+
ENVIRONMENT: production
|
|
29
|
+
services:
|
|
30
|
+
- my-database
|
|
31
|
+
- my-s3-bucket
|
|
32
|
+
routes:
|
|
33
|
+
- route: my-app.app.cloud.gov
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Properties
|
|
37
|
+
|
|
38
|
+
### Resources
|
|
39
|
+
|
|
40
|
+
- `memory` (e.g., `512M`, `1G`)
|
|
41
|
+
- `disk_quota` (e.g., `1G`, `2G`)
|
|
42
|
+
- `instances` (integer)
|
|
43
|
+
|
|
44
|
+
### Buildpacks
|
|
45
|
+
|
|
46
|
+
```yaml
|
|
47
|
+
buildpacks:
|
|
48
|
+
- python_buildpack
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
### Command / Procfile
|
|
52
|
+
|
|
53
|
+
```yaml
|
|
54
|
+
command: gunicorn app:app --bind 0.0.0.0:$PORT
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Or use a `Procfile`:
|
|
58
|
+
|
|
59
|
+
```
|
|
60
|
+
web: gunicorn app:app --bind 0.0.0.0:$PORT
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### Environment Variables
|
|
64
|
+
|
|
65
|
+
- ! Never store secrets in `manifest.yml`
|
|
66
|
+
- ~ Use bound services or `cf set-env`
|
|
67
|
+
|
|
68
|
+
### Services
|
|
69
|
+
|
|
70
|
+
```yaml
|
|
71
|
+
services:
|
|
72
|
+
- my-postgres
|
|
73
|
+
- my-redis
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
### Routes
|
|
77
|
+
|
|
78
|
+
```yaml
|
|
79
|
+
routes:
|
|
80
|
+
- route: my-app.app.cloud.gov
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
### Health Checks
|
|
84
|
+
|
|
85
|
+
```yaml
|
|
86
|
+
health-check-type: http
|
|
87
|
+
health-check-http-endpoint: /health
|
|
88
|
+
timeout: 180
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
## Variables and Environments
|
|
92
|
+
|
|
93
|
+
### Base Manifest + Vars
|
|
94
|
+
|
|
95
|
+
```yaml
|
|
96
|
+
---
|
|
97
|
+
applications:
|
|
98
|
+
- name: ((app_name))
|
|
99
|
+
memory: ((memory))
|
|
100
|
+
instances: ((instances))
|
|
101
|
+
env:
|
|
102
|
+
DATABASE_URL: ((database_url))
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
```yaml
|
|
106
|
+
app_name: my-app
|
|
107
|
+
memory: 1G
|
|
108
|
+
instances: 3
|
|
109
|
+
database_url: postgres://...
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
Deploy:
|
|
113
|
+
|
|
114
|
+
```bash
|
|
115
|
+
cf push -f manifest.yml --vars-file vars-prod.yml
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
## References
|
|
119
|
+
|
|
120
|
+
- https://docs.cloudfoundry.org/devguide/deploy-apps/manifest.html
|
|
121
|
+
- https://docs.cloudfoundry.org/devguide/deploy-apps/manifest-attributes.html
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# Cloud.gov Development Instructions (Deft)
|
|
2
|
+
|
|
3
|
+
These instructions define cloud.gov conventions and deployment expectations.
|
|
4
|
+
Use them when working with cloud.gov projects.
|
|
5
|
+
|
|
6
|
+
## Platform Overview
|
|
7
|
+
|
|
8
|
+
cloud.gov is a FedRAMP-authorized PaaS built on Cloud Foundry. It provides:
|
|
9
|
+
|
|
10
|
+
- FedRAMP Moderate authorization (shared responsibility)
|
|
11
|
+
- Self-service deployment via `cf` CLI
|
|
12
|
+
- Managed services (databases, object storage, cache)
|
|
13
|
+
- Isolated org/space environments (dev, staging, prod)
|
|
14
|
+
|
|
15
|
+
## Key Concepts
|
|
16
|
+
|
|
17
|
+
### Organizations and Spaces
|
|
18
|
+
|
|
19
|
+
- **Organization (org)**: top-level container
|
|
20
|
+
- **Space**: environment inside org (dev/staging/prod)
|
|
21
|
+
- **Target**: active org/space via `cf target -o <ORG> -s <SPACE>`
|
|
22
|
+
|
|
23
|
+
### Application Model
|
|
24
|
+
|
|
25
|
+
- Apps are built by buildpacks and run in containers
|
|
26
|
+
- ! Apps MUST be **stateless**
|
|
27
|
+
- ! Apps MUST read config from environment variables
|
|
28
|
+
- ! Apps MUST log to stdout/stderr
|
|
29
|
+
|
|
30
|
+
## Required Behaviors
|
|
31
|
+
|
|
32
|
+
- ! No secrets in code or manifests
|
|
33
|
+
- ! Use `VCAP_SERVICES` for bound service credentials
|
|
34
|
+
- ! Implement health endpoints and configure health checks
|
|
35
|
+
- ! Use HTTPS-only access
|
|
36
|
+
- ~ Use 2+ instances in production
|
|
37
|
+
|
|
38
|
+
## Expected Files
|
|
39
|
+
|
|
40
|
+
| File | Purpose |
|
|
41
|
+
|------|---------|
|
|
42
|
+
| `manifest.yml` | Deployment configuration |
|
|
43
|
+
| `.cfignore` | Deployment exclusions |
|
|
44
|
+
| `vars*.yml` | Manifest variables |
|
|
45
|
+
| `.profile` | Pre-start script |
|
|
46
|
+
| `Procfile` | Process definitions |
|
|
47
|
+
|
|
48
|
+
## Security & Compliance
|
|
49
|
+
|
|
50
|
+
- cloud.gov is FedRAMP Moderate authorized
|
|
51
|
+
- ! Include NIST SP 800-53 control references in security-relevant code
|
|
52
|
+
- ~ Document inherited vs customer controls
|
|
53
|
+
|
|
54
|
+
## References
|
|
55
|
+
|
|
56
|
+
- cloud.gov docs: https://docs.cloud.gov/
|
|
57
|
+
- Cloud Foundry docs: https://docs.cloudfoundry.org/
|
|
58
|
+
- Twelve-Factor App: https://12factor.net/
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
---
|
|
2
|
+
applyTo: "**/*.py,**/*.js,**/*.ts,**/*.rb,**/*.java,**/*.go,**/manifest*.yml,**/.github/workflows/*.yml"
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Cloud.gov Security Instructions (Deft)
|
|
6
|
+
|
|
7
|
+
Guidance for application security and FedRAMP compliance on cloud.gov.
|
|
8
|
+
|
|
9
|
+
## Shared Responsibility
|
|
10
|
+
|
|
11
|
+
- cloud.gov manages platform controls
|
|
12
|
+
- you manage application-level controls
|
|
13
|
+
|
|
14
|
+
## Core Rules
|
|
15
|
+
|
|
16
|
+
- ! No secrets in code
|
|
17
|
+
- ! Use environment variables or `VCAP_SERVICES`
|
|
18
|
+
- ! Include NIST SP 800-53 control references in security-relevant code
|
|
19
|
+
- ~ Document inherited vs customer controls
|
|
20
|
+
|
|
21
|
+
## NIST Control References
|
|
22
|
+
|
|
23
|
+
Use this format in comments and docs:
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
NIST 800-53: <CONTROL-ID> - <CONTROL-NAME>
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Common families:
|
|
30
|
+
|
|
31
|
+
- AC (Access Control)
|
|
32
|
+
- AU (Audit & Accountability)
|
|
33
|
+
- IA (Identification & Authentication)
|
|
34
|
+
- SC (System & Communications Protection)
|
|
35
|
+
- SI (System & Information Integrity)
|
|
36
|
+
- CM (Configuration Management)
|
|
37
|
+
|
|
38
|
+
## Egress Rules
|
|
39
|
+
|
|
40
|
+
- ~ Verify egress configuration for external APIs
|
|
41
|
+
- ~ Use trusted-local egress for platform services
|
|
42
|
+
|
|
43
|
+
## References
|
|
44
|
+
|
|
45
|
+
- https://docs.cloud.gov/platform/overview/compliance-overview/
|
|
46
|
+
- https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
|