Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions docs/GOALOS_REPO_AUDIT.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,3 +168,20 @@ Commands run in this verification pass:
- `node site/app/goalos-cloud-mvp/tests/enterprise-core.test.mjs` — passed; GoalOS Cloud MVP v0.2 enterprise-core proof remains intact.

Merge risk after this pass is low if future edits continue to update `docs/data/goalos_catalog.yml` first, preserve the autonomous website release path, and avoid committing paid buyer deliverables.

## 31. Catalog validator hardening — 2026-06-08

The repository was rechecked on the requested feature branch and the catalog validator was tightened so drift is caught earlier. `scripts/validate_goalos_catalog.py` now requires every institutional table, all required figure `.mmd`/`.svg` pairs, every static badge, and the exact names of the three repository-governance workflows. `scripts/validate_docs_tables_figures.py` now also treats `docs/tables/goalos_badge_inventory.csv` as a required table. `docs/data/goalos_catalog.yml` was updated with an explicit `badge_inventory` and the badge inventory table entry so the source of truth covers docs, tables, figures, badges, scripts, workflows, validation status, public/private artifact rules, and release policy.

Commands run in this hardening pass:

- `python scripts/validate_goalos_catalog.py` — intentionally failed before the catalog was updated, proving the new badge/table inventory checks were active.
- `python scripts/check_no_paid_artifacts.py` — passed after changes.
- `python scripts/validate_goalos_public_site.py` — passed after changes; 207 public HTML pages validated.
- `python scripts/validate_docs_tables_figures.py` — passed after changes, including the badge inventory table requirement.
- `python scripts/validate_goalos_catalog.py` — passed after catalog alignment with expanded table, figure, badge, and workflow checks.
- `pytest` — initially failed because `httpx2`/`httpx` were not installed; passed after `python -m pip install httpx2 httpx` with 85 tests and 2 FastAPI deprecation warnings.
- `make test` — passed with 56 unittest tests.
- `node site/app/goalos-cloud-mvp/tests/enterprise-core.test.mjs` — passed.

No useful code, tests, schemas, AEP standards, public proof pages, public microsites, scripts, assets, autonomous website workflows, public AEP package allowlists, QUEBEC.AI assets, or production foundation code were deleted in this pass. No paid buyer product, private delivery bundle, workshop ZIP, implementation bundle, enterprise pilot bundle, or commercialization pack was added.
17 changes: 17 additions & 0 deletions docs/data/goalos_catalog.yml
Original file line number Diff line number Diff line change
Expand Up @@ -181,13 +181,30 @@ table_inventory:
- "docs/tables/goalos_aep_standards.csv"
- "docs/tables/goalos_document_inventory.csv"
- "docs/tables/goalos_figure_inventory.csv"
- "docs/tables/goalos_badge_inventory.csv"
- "docs/tables/goalos_asset_manifest.csv"
- "docs/tables/goalos_validation_rules.csv"
- "docs/tables/goalos_workflow_actions.csv"
- "docs/tables/goalos_proof_card_001_fields.csv"
- "docs/tables/goalos_professional_firm_packages.csv"
- "docs/tables/goalos_autonomous_website_actions.csv"
- "docs/tables/goalos_public_standard_strategy.csv"
badge_inventory:
- "badges/goalos.svg"
- "badges/proof-gradient.svg"
- "badges/aep-standards.svg"
- "badges/no-paid-artifacts.svg"
- "badges/validation-v14.svg"
- "badges/public-site-release-v8.svg"
- "badges/cloud-mvp-0-2.svg"
- "badges/quebec-ai.svg"
- "badges/proof-bounded.svg"
- "badges/no-model-self-modification.svg"
- "badges/website-via-github-actions.svg"
- "badges/proof-card-001-next.svg"
- "badges/enterprise-rsi-boundary.svg"
- "badges/recursive-workflow-os.svg"
- "badges/aep-public-standard.svg"
validation_scripts:
- "scripts/check_no_paid_artifacts.py"
- "scripts/validate_goalos_public_site.py"
Expand Down
4 changes: 2 additions & 2 deletions scripts/validate_docs_tables_figures.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@
REQUIRED_TABLES = [
"goalos_product_ladder.csv", "goalos_offer_status.csv", "goalos_claim_boundaries.csv",
"goalos_public_site_pages.csv", "goalos_paid_file_policy.csv", "goalos_aep_standards.csv",
"goalos_document_inventory.csv", "goalos_figure_inventory.csv", "goalos_asset_manifest.csv",
"goalos_validation_rules.csv", "goalos_workflow_actions.csv", "goalos_proof_card_001_fields.csv",
"goalos_document_inventory.csv", "goalos_figure_inventory.csv", "goalos_badge_inventory.csv",
"goalos_asset_manifest.csv", "goalos_validation_rules.csv", "goalos_workflow_actions.csv", "goalos_proof_card_001_fields.csv",
"goalos_professional_firm_packages.csv", "goalos_autonomous_website_actions.csv",
"goalos_public_standard_strategy.csv",
]
Expand Down
80 changes: 78 additions & 2 deletions scripts/validate_goalos_catalog.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,67 @@
"docs/GOALOS_INSTITUTIONAL_POSITIONING.md", "docs/GOALOS_PUBLIC_STANDARD_STRATEGY.md",
"docs/GOALOS_PROOF_GRAPH_CONCEPT.md", "docs/GOALOS_AEP_STANDARDS_INDEX.md",
]
REQUIRED_TABLES = ["goalos_product_ladder.csv", "goalos_offer_status.csv", "goalos_claim_boundaries.csv", "goalos_autonomous_website_actions.csv", "goalos_public_standard_strategy.csv"]
REQUIRED_FIGURES = ["goalos_recursive_workflow_loop", "goalos_product_ladder", "goalos_validation_architecture", "goalos_institutional_stack", "goalos_aep_standards_map"]
REQUIRED_TABLES = [
"goalos_product_ladder.csv",
"goalos_offer_status.csv",
"goalos_claim_boundaries.csv",
"goalos_public_site_pages.csv",
"goalos_paid_file_policy.csv",
"goalos_aep_standards.csv",
"goalos_document_inventory.csv",
"goalos_figure_inventory.csv",
"goalos_badge_inventory.csv",
"goalos_asset_manifest.csv",
"goalos_validation_rules.csv",
"goalos_workflow_actions.csv",
"goalos_proof_card_001_fields.csv",
"goalos_professional_firm_packages.csv",
"goalos_autonomous_website_actions.csv",
"goalos_public_standard_strategy.csv",
]
REQUIRED_FIGURES = [
"goalos_recursive_workflow_loop",
"goalos_product_ladder",
"goalos_proof_led_revenue_loop",
"goalos_institutional_stack",
"goalos_public_site_architecture",
"goalos_autonomous_github_actions_website_flow",
"goalos_validation_architecture",
"goalos_cloud_mvp_architecture",
"goalos_enterprise_safety_boundary",
"goalos_web3_hybrid_architecture",
"goalos_proof_graph_concept",
"goalos_aep_standards_map",
]
OBSOLETE_CURRENT_PATTERNS = [
r"v12[^\n]{0,40}is current", r"v13[^\n]{0,40}is current", r"old v8[^\n]{0,80}is current",
r"Use goalos-public-site-release-v12\.yml for deployment",
]
MANUAL_BYPASS_PATTERNS = [r"manually bypass", r"manual public-site edits as the release path", r"upload paid buyer products to the public site"]

REQUIRED_BADGES = [
"goalos.svg",
"proof-gradient.svg",
"aep-standards.svg",
"no-paid-artifacts.svg",
"validation-v14.svg",
"public-site-release-v8.svg",
"cloud-mvp-0-2.svg",
"quebec-ai.svg",
"proof-bounded.svg",
"no-model-self-modification.svg",
"website-via-github-actions.svg",
"proof-card-001-next.svg",
"enterprise-rsi-boundary.svg",
"recursive-workflow-os.svg",
"aep-public-standard.svg",
]
REQUIRED_WORKFLOWS = {
".github/workflows/validate-docs-tables-figures.yml": "Validate GoalOS Docs, Tables, Figures",
".github/workflows/check-no-paid-artifacts.yml": "Check No Paid Artifacts",
".github/workflows/validate-goalos-catalog.yml": "Validate GoalOS Catalog",
}


def read(path: Path) -> str:
return path.read_text(encoding="utf-8", errors="ignore")
Expand Down Expand Up @@ -100,6 +153,29 @@ def main() -> int:
for fig in REQUIRED_FIGURES:
if not (ROOT / "docs" / "figures" / f"{fig}.mmd").exists() or not (ROOT / "docs" / "figures" / f"{fig}.svg").exists():
errors.append(f"missing required figure source/export for {fig}")
for badge in REQUIRED_BADGES:
if not (ROOT / "badges" / badge).exists():
errors.append(f"missing required badge: badges/{badge}")
for workflow, expected_name in REQUIRED_WORKFLOWS.items():
workflow_path = ROOT / workflow
if not workflow_path.exists():
errors.append(f"missing required workflow: {workflow}")
elif f"name: {expected_name}" not in read(workflow_path):
errors.append(f"{workflow}: missing exact workflow name {expected_name}")

for rel in REQUIRED_DOCS:
if rel not in cat:
errors.append(f"catalog documentation_inventory missing {rel}")
for table in REQUIRED_TABLES:
if f"docs/tables/{table}" not in cat:
errors.append(f"catalog table_inventory missing docs/tables/{table}")
for fig in REQUIRED_FIGURES:
for ext in (".mmd", ".svg"):
if f"docs/figures/{fig}{ext}" not in cat:
errors.append(f"catalog figure_inventory missing docs/figures/{fig}{ext}")
for badge in REQUIRED_BADGES:
if f"badges/{badge}" not in cat:
errors.append(f"catalog badge_inventory missing badges/{badge}")
Comment on lines +176 to +178

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Require badge entries inside badge_inventory

In this new badge catalog check, the code searches the entire YAML text instead of the badge_inventory list, so a catalog can delete or rename badge_inventory: or leave these paths in comments/another section and still pass. Since this hardening is meant to make the catalog's badge inventory authoritative, validate the section itself (or parse YAML) before accepting these paths.

Useful? React with 👍 / 👎.


product_csv = ROOT / "docs" / "tables" / "goalos_product_ladder.csv"
if product_csv.exists():
Expand Down
Loading