@grainulation/silo 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CODE_OF_CONDUCT.md +25 -0
- package/CONTRIBUTING.md +103 -0
- package/README.md +67 -59
- package/bin/silo.js +212 -86
- package/lib/analytics.js +26 -11
- package/lib/confluence.js +343 -0
- package/lib/graph.js +414 -0
- package/lib/import-export.js +29 -24
- package/lib/index.js +15 -9
- package/lib/packs.js +60 -36
- package/lib/search.js +24 -16
- package/lib/serve-mcp.js +391 -95
- package/lib/server.js +205 -110
- package/lib/store.js +34 -18
- package/lib/templates.js +28 -17
- package/package.json +7 -3
- package/packs/adr.json +219 -0
- package/packs/api-design.json +67 -14
- package/packs/architecture-decision.json +152 -0
- package/packs/architecture.json +45 -9
- package/packs/ci-cd.json +51 -11
- package/packs/compliance.json +70 -14
- package/packs/data-engineering.json +57 -12
- package/packs/frontend.json +56 -12
- package/packs/hackathon-best-ai.json +179 -0
- package/packs/hackathon-business-impact.json +180 -0
- package/packs/hackathon-innovation.json +210 -0
- package/packs/hackathon-most-innovative.json +179 -0
- package/packs/hackathon-most-rigorous.json +179 -0
- package/packs/hackathon-sprint-boost.json +173 -0
- package/packs/incident-postmortem.json +219 -0
- package/packs/migration.json +45 -9
- package/packs/observability.json +57 -12
- package/packs/security.json +61 -13
- package/packs/team-process.json +64 -13
- package/packs/testing.json +20 -4
- package/packs/vendor-eval.json +219 -0
- package/packs/vendor-evaluation.json +148 -0
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "Vendor Evaluation (Enterprise)",
|
|
3
|
+
"description": "Extended enterprise vendor due diligence framework. Covers security posture, compliance, pricing, integration, operational risk, and exit planning. Use for vendor assessment sprints alongside the base vendor-eval pack.",
|
|
4
|
+
"version": "1.0.0",
|
|
5
|
+
"extends": "vendor-eval",
|
|
6
|
+
"claims": [
|
|
7
|
+
{
|
|
8
|
+
"id": "veval-001",
|
|
9
|
+
"type": "constraint",
|
|
10
|
+
"topic": "enterprise procurement checklist",
|
|
11
|
+
"content": "Enterprise vendor evaluation must cover 7 pillars: (1) Security posture (SOC 2, pen tests), (2) Compliance alignment (GDPR, HIPAA, industry-specific), (3) Integration capabilities (API, SSO, SCIM), (4) Financial viability (funding, revenue, customer base), (5) Total cost of ownership (3-year projection), (6) Exit strategy (data portability, contract termination), (7) Operational resilience (SLA, disaster recovery, incident response).",
|
|
12
|
+
"source": {
|
|
13
|
+
"origin": "best-practice",
|
|
14
|
+
"artifact": null,
|
|
15
|
+
"connector": null
|
|
16
|
+
},
|
|
17
|
+
"evidence": "documented",
|
|
18
|
+
"status": "active",
|
|
19
|
+
"phase_added": "define",
|
|
20
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
21
|
+
"conflicts_with": [],
|
|
22
|
+
"resolved_by": null,
|
|
23
|
+
"tags": ["vendor", "enterprise", "procurement", "checklist"]
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
"id": "veval-002",
|
|
27
|
+
"type": "constraint",
|
|
28
|
+
"topic": "security questionnaire",
|
|
29
|
+
"content": "Send the vendor a standardized security questionnaire (SIG Lite or CAIQ v4) before technical evaluation. Require responses within 10 business days. Red flags: vendor refuses to complete, gives evasive answers, or lacks basic controls (MFA, encryption, logging).",
|
|
30
|
+
"source": {
|
|
31
|
+
"origin": "best-practice",
|
|
32
|
+
"artifact": "Shared Assessments SIG",
|
|
33
|
+
"connector": null
|
|
34
|
+
},
|
|
35
|
+
"evidence": "documented",
|
|
36
|
+
"status": "active",
|
|
37
|
+
"phase_added": "define",
|
|
38
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
39
|
+
"conflicts_with": [],
|
|
40
|
+
"resolved_by": null,
|
|
41
|
+
"tags": ["vendor", "security-questionnaire", "sig", "caiq"]
|
|
42
|
+
},
|
|
43
|
+
{
|
|
44
|
+
"id": "veval-003",
|
|
45
|
+
"type": "risk",
|
|
46
|
+
"topic": "contract auto-renewal traps",
|
|
47
|
+
"content": "Many enterprise SaaS contracts auto-renew 60-90 days before expiration with price escalation clauses (3-7% annual increase typical). Mitigation: set calendar reminders 120 days before renewal, negotiate caps on annual increases, and require written opt-in for renewal rather than opt-out.",
|
|
48
|
+
"source": {
|
|
49
|
+
"origin": "best-practice",
|
|
50
|
+
"artifact": null,
|
|
51
|
+
"connector": null
|
|
52
|
+
},
|
|
53
|
+
"evidence": "documented",
|
|
54
|
+
"status": "active",
|
|
55
|
+
"phase_added": "define",
|
|
56
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
57
|
+
"conflicts_with": [],
|
|
58
|
+
"resolved_by": null,
|
|
59
|
+
"tags": ["vendor", "contract", "auto-renewal", "risk", "negotiation"]
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
"id": "veval-004",
|
|
63
|
+
"type": "constraint",
|
|
64
|
+
"topic": "proof of concept evaluation",
|
|
65
|
+
"content": "Run a structured POC with top 2 vendor candidates before signing. POC must cover: (1) integration with existing stack, (2) performance under realistic load, (3) admin/user experience with real users, (4) support responsiveness during evaluation. Define pass/fail criteria before POC starts.",
|
|
66
|
+
"source": {
|
|
67
|
+
"origin": "best-practice",
|
|
68
|
+
"artifact": null,
|
|
69
|
+
"connector": null
|
|
70
|
+
},
|
|
71
|
+
"evidence": "documented",
|
|
72
|
+
"status": "active",
|
|
73
|
+
"phase_added": "define",
|
|
74
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
75
|
+
"conflicts_with": [],
|
|
76
|
+
"resolved_by": null,
|
|
77
|
+
"tags": ["vendor", "poc", "evaluation", "enterprise"]
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
"id": "veval-005",
|
|
81
|
+
"type": "recommendation",
|
|
82
|
+
"topic": "reference check process",
|
|
83
|
+
"content": "Request 3 customer references at similar scale and industry. Ask references: (1) What surprised you after purchase? (2) How responsive is support for P1 issues? (3) Have you had data migration or integration issues? (4) Would you renew at current pricing? (5) What would you change about the product?",
|
|
84
|
+
"source": {
|
|
85
|
+
"origin": "best-practice",
|
|
86
|
+
"artifact": null,
|
|
87
|
+
"connector": null
|
|
88
|
+
},
|
|
89
|
+
"evidence": "documented",
|
|
90
|
+
"status": "active",
|
|
91
|
+
"phase_added": "define",
|
|
92
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
93
|
+
"conflicts_with": [],
|
|
94
|
+
"resolved_by": null,
|
|
95
|
+
"tags": ["vendor", "references", "due-diligence", "enterprise"]
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"id": "veval-006",
|
|
99
|
+
"type": "risk",
|
|
100
|
+
"topic": "AI vendor data usage",
|
|
101
|
+
"content": "For AI/ML vendors: verify data usage policy. Key questions: (1) Is customer data used to train models? (2) Can you opt out of training data contribution? (3) Where is data processed — on-prem option available? (4) What happens to prompts/inputs after processing? (5) Is there a DPA that covers AI-specific data flows?",
|
|
102
|
+
"source": {
|
|
103
|
+
"origin": "best-practice",
|
|
104
|
+
"artifact": null,
|
|
105
|
+
"connector": null
|
|
106
|
+
},
|
|
107
|
+
"evidence": "documented",
|
|
108
|
+
"status": "active",
|
|
109
|
+
"phase_added": "define",
|
|
110
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
111
|
+
"conflicts_with": [],
|
|
112
|
+
"resolved_by": null,
|
|
113
|
+
"tags": ["vendor", "ai", "data-usage", "privacy", "risk"]
|
|
114
|
+
},
|
|
115
|
+
{
|
|
116
|
+
"id": "veval-007",
|
|
117
|
+
"type": "estimate",
|
|
118
|
+
"topic": "vendor evaluation timeline",
|
|
119
|
+
"content": "Typical enterprise vendor evaluation timeline: Week 1-2: requirements gathering and RFP. Week 3-4: vendor demos and shortlisting. Week 5-8: POC with top 2. Week 9-10: reference checks and security review. Week 11-14: contract negotiation and legal review. Total: 3-4 months for a thorough evaluation.",
|
|
120
|
+
"source": { "origin": "research", "artifact": null, "connector": null },
|
|
121
|
+
"evidence": "web",
|
|
122
|
+
"status": "active",
|
|
123
|
+
"phase_added": "research",
|
|
124
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
125
|
+
"conflicts_with": [],
|
|
126
|
+
"resolved_by": null,
|
|
127
|
+
"tags": ["vendor", "timeline", "enterprise", "planning"]
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
"id": "veval-008",
|
|
131
|
+
"type": "factual",
|
|
132
|
+
"topic": "negotiation leverage points",
|
|
133
|
+
"content": "Enterprise negotiation leverage: (1) End of quarter/year — vendors discount 20-40% to hit targets. (2) Multi-year commitment — 15-30% discount typical. (3) Case study participation — 5-10% discount for logo rights. (4) Early adopter pricing — lock in lower rates before GA. (5) Competitive bake-off — having a credible alternative is the strongest lever.",
|
|
134
|
+
"source": {
|
|
135
|
+
"origin": "best-practice",
|
|
136
|
+
"artifact": null,
|
|
137
|
+
"connector": null
|
|
138
|
+
},
|
|
139
|
+
"evidence": "web",
|
|
140
|
+
"status": "active",
|
|
141
|
+
"phase_added": "research",
|
|
142
|
+
"timestamp": "2026-03-21T00:00:00.000Z",
|
|
143
|
+
"conflicts_with": [],
|
|
144
|
+
"resolved_by": null,
|
|
145
|
+
"tags": ["vendor", "negotiation", "pricing", "enterprise"]
|
|
146
|
+
}
|
|
147
|
+
]
|
|
148
|
+
}
|