From 41b9dd776c7fa2a5b6d9e4a1c7b7713a6c56ed39 Mon Sep 17 00:00:00 2001 From: "MONTREAL.AI" Date: Mon, 8 Jun 2026 17:33:35 -0400 Subject: [PATCH] Harden GoalOS institutional catalog validation --- docs/GOALOS_REPO_AUDIT.md | 17 ++++++ docs/data/goalos_catalog.yml | 17 ++++++ scripts/validate_docs_tables_figures.py | 4 +- scripts/validate_goalos_catalog.py | 80 ++++++++++++++++++++++++- 4 files changed, 114 insertions(+), 4 deletions(-) diff --git a/docs/GOALOS_REPO_AUDIT.md b/docs/GOALOS_REPO_AUDIT.md index db282a55..26aad755 100644 --- a/docs/GOALOS_REPO_AUDIT.md +++ b/docs/GOALOS_REPO_AUDIT.md @@ -168,3 +168,20 @@ Commands run in this verification pass: - `node site/app/goalos-cloud-mvp/tests/enterprise-core.test.mjs` — passed; GoalOS Cloud MVP v0.2 enterprise-core proof remains intact. Merge risk after this pass is low if future edits continue to update `docs/data/goalos_catalog.yml` first, preserve the autonomous website release path, and avoid committing paid buyer deliverables. + +## 31. Catalog validator hardening — 2026-06-08 + +The repository was rechecked on the requested feature branch and the catalog validator was tightened so drift is caught earlier. `scripts/validate_goalos_catalog.py` now requires every institutional table, all required figure `.mmd`/`.svg` pairs, every static badge, and the exact names of the three repository-governance workflows. `scripts/validate_docs_tables_figures.py` now also treats `docs/tables/goalos_badge_inventory.csv` as a required table. `docs/data/goalos_catalog.yml` was updated with an explicit `badge_inventory` and the badge inventory table entry so the source of truth covers docs, tables, figures, badges, scripts, workflows, validation status, public/private artifact rules, and release policy. + +Commands run in this hardening pass: + +- `python scripts/validate_goalos_catalog.py` — intentionally failed before the catalog was updated, proving the new badge/table inventory checks were active. +- `python scripts/check_no_paid_artifacts.py` — passed after changes. +- `python scripts/validate_goalos_public_site.py` — passed after changes; 207 public HTML pages validated. +- `python scripts/validate_docs_tables_figures.py` — passed after changes, including the badge inventory table requirement. +- `python scripts/validate_goalos_catalog.py` — passed after catalog alignment with expanded table, figure, badge, and workflow checks. +- `pytest` — initially failed because `httpx2`/`httpx` were not installed; passed after `python -m pip install httpx2 httpx` with 85 tests and 2 FastAPI deprecation warnings. +- `make test` — passed with 56 unittest tests. +- `node site/app/goalos-cloud-mvp/tests/enterprise-core.test.mjs` — passed. + +No useful code, tests, schemas, AEP standards, public proof pages, public microsites, scripts, assets, autonomous website workflows, public AEP package allowlists, QUEBEC.AI assets, or production foundation code were deleted in this pass. No paid buyer product, private delivery bundle, workshop ZIP, implementation bundle, enterprise pilot bundle, or commercialization pack was added. diff --git a/docs/data/goalos_catalog.yml b/docs/data/goalos_catalog.yml index 0a11a4cd..57d9ab02 100644 --- a/docs/data/goalos_catalog.yml +++ b/docs/data/goalos_catalog.yml @@ -181,6 +181,7 @@ table_inventory: - "docs/tables/goalos_aep_standards.csv" - "docs/tables/goalos_document_inventory.csv" - "docs/tables/goalos_figure_inventory.csv" + - "docs/tables/goalos_badge_inventory.csv" - "docs/tables/goalos_asset_manifest.csv" - "docs/tables/goalos_validation_rules.csv" - "docs/tables/goalos_workflow_actions.csv" @@ -188,6 +189,22 @@ table_inventory: - "docs/tables/goalos_professional_firm_packages.csv" - "docs/tables/goalos_autonomous_website_actions.csv" - "docs/tables/goalos_public_standard_strategy.csv" +badge_inventory: + - "badges/goalos.svg" + - "badges/proof-gradient.svg" + - "badges/aep-standards.svg" + - "badges/no-paid-artifacts.svg" + - "badges/validation-v14.svg" + - "badges/public-site-release-v8.svg" + - "badges/cloud-mvp-0-2.svg" + - "badges/quebec-ai.svg" + - "badges/proof-bounded.svg" + - "badges/no-model-self-modification.svg" + - "badges/website-via-github-actions.svg" + - "badges/proof-card-001-next.svg" + - "badges/enterprise-rsi-boundary.svg" + - "badges/recursive-workflow-os.svg" + - "badges/aep-public-standard.svg" validation_scripts: - "scripts/check_no_paid_artifacts.py" - "scripts/validate_goalos_public_site.py" diff --git a/scripts/validate_docs_tables_figures.py b/scripts/validate_docs_tables_figures.py index e72f6fef..ef5aae04 100755 --- a/scripts/validate_docs_tables_figures.py +++ b/scripts/validate_docs_tables_figures.py @@ -45,8 +45,8 @@ REQUIRED_TABLES = [ "goalos_product_ladder.csv", "goalos_offer_status.csv", "goalos_claim_boundaries.csv", "goalos_public_site_pages.csv", "goalos_paid_file_policy.csv", "goalos_aep_standards.csv", - "goalos_document_inventory.csv", "goalos_figure_inventory.csv", "goalos_asset_manifest.csv", - "goalos_validation_rules.csv", "goalos_workflow_actions.csv", "goalos_proof_card_001_fields.csv", + "goalos_document_inventory.csv", "goalos_figure_inventory.csv", "goalos_badge_inventory.csv", + "goalos_asset_manifest.csv", "goalos_validation_rules.csv", "goalos_workflow_actions.csv", "goalos_proof_card_001_fields.csv", "goalos_professional_firm_packages.csv", "goalos_autonomous_website_actions.csv", "goalos_public_standard_strategy.csv", ] diff --git a/scripts/validate_goalos_catalog.py b/scripts/validate_goalos_catalog.py index e054b0e9..e111affd 100755 --- a/scripts/validate_goalos_catalog.py +++ b/scripts/validate_goalos_catalog.py @@ -26,14 +26,67 @@ "docs/GOALOS_INSTITUTIONAL_POSITIONING.md", "docs/GOALOS_PUBLIC_STANDARD_STRATEGY.md", "docs/GOALOS_PROOF_GRAPH_CONCEPT.md", "docs/GOALOS_AEP_STANDARDS_INDEX.md", ] -REQUIRED_TABLES = ["goalos_product_ladder.csv", "goalos_offer_status.csv", "goalos_claim_boundaries.csv", "goalos_autonomous_website_actions.csv", "goalos_public_standard_strategy.csv"] -REQUIRED_FIGURES = ["goalos_recursive_workflow_loop", "goalos_product_ladder", "goalos_validation_architecture", "goalos_institutional_stack", "goalos_aep_standards_map"] +REQUIRED_TABLES = [ + "goalos_product_ladder.csv", + "goalos_offer_status.csv", + "goalos_claim_boundaries.csv", + "goalos_public_site_pages.csv", + "goalos_paid_file_policy.csv", + "goalos_aep_standards.csv", + "goalos_document_inventory.csv", + "goalos_figure_inventory.csv", + "goalos_badge_inventory.csv", + "goalos_asset_manifest.csv", + "goalos_validation_rules.csv", + "goalos_workflow_actions.csv", + "goalos_proof_card_001_fields.csv", + "goalos_professional_firm_packages.csv", + "goalos_autonomous_website_actions.csv", + "goalos_public_standard_strategy.csv", +] +REQUIRED_FIGURES = [ + "goalos_recursive_workflow_loop", + "goalos_product_ladder", + "goalos_proof_led_revenue_loop", + "goalos_institutional_stack", + "goalos_public_site_architecture", + "goalos_autonomous_github_actions_website_flow", + "goalos_validation_architecture", + "goalos_cloud_mvp_architecture", + "goalos_enterprise_safety_boundary", + "goalos_web3_hybrid_architecture", + "goalos_proof_graph_concept", + "goalos_aep_standards_map", +] OBSOLETE_CURRENT_PATTERNS = [ r"v12[^\n]{0,40}is current", r"v13[^\n]{0,40}is current", r"old v8[^\n]{0,80}is current", r"Use goalos-public-site-release-v12\.yml for deployment", ] MANUAL_BYPASS_PATTERNS = [r"manually bypass", r"manual public-site edits as the release path", r"upload paid buyer products to the public site"] +REQUIRED_BADGES = [ + "goalos.svg", + "proof-gradient.svg", + "aep-standards.svg", + "no-paid-artifacts.svg", + "validation-v14.svg", + "public-site-release-v8.svg", + "cloud-mvp-0-2.svg", + "quebec-ai.svg", + "proof-bounded.svg", + "no-model-self-modification.svg", + "website-via-github-actions.svg", + "proof-card-001-next.svg", + "enterprise-rsi-boundary.svg", + "recursive-workflow-os.svg", + "aep-public-standard.svg", +] +REQUIRED_WORKFLOWS = { + ".github/workflows/validate-docs-tables-figures.yml": "Validate GoalOS Docs, Tables, Figures", + ".github/workflows/check-no-paid-artifacts.yml": "Check No Paid Artifacts", + ".github/workflows/validate-goalos-catalog.yml": "Validate GoalOS Catalog", +} + def read(path: Path) -> str: return path.read_text(encoding="utf-8", errors="ignore") @@ -100,6 +153,29 @@ def main() -> int: for fig in REQUIRED_FIGURES: if not (ROOT / "docs" / "figures" / f"{fig}.mmd").exists() or not (ROOT / "docs" / "figures" / f"{fig}.svg").exists(): errors.append(f"missing required figure source/export for {fig}") + for badge in REQUIRED_BADGES: + if not (ROOT / "badges" / badge).exists(): + errors.append(f"missing required badge: badges/{badge}") + for workflow, expected_name in REQUIRED_WORKFLOWS.items(): + workflow_path = ROOT / workflow + if not workflow_path.exists(): + errors.append(f"missing required workflow: {workflow}") + elif f"name: {expected_name}" not in read(workflow_path): + errors.append(f"{workflow}: missing exact workflow name {expected_name}") + + for rel in REQUIRED_DOCS: + if rel not in cat: + errors.append(f"catalog documentation_inventory missing {rel}") + for table in REQUIRED_TABLES: + if f"docs/tables/{table}" not in cat: + errors.append(f"catalog table_inventory missing docs/tables/{table}") + for fig in REQUIRED_FIGURES: + for ext in (".mmd", ".svg"): + if f"docs/figures/{fig}{ext}" not in cat: + errors.append(f"catalog figure_inventory missing docs/figures/{fig}{ext}") + for badge in REQUIRED_BADGES: + if f"badges/{badge}" not in cat: + errors.append(f"catalog badge_inventory missing badges/{badge}") product_csv = ROOT / "docs" / "tables" / "goalos_product_ladder.csv" if product_csv.exists():