diff --git a/catalog/fogstack-packs-v0.1.yaml b/catalog/fogstack-packs-v0.1.yaml index 52fef145..d7230444 100644 --- a/catalog/fogstack-packs-v0.1.yaml +++ b/catalog/fogstack-packs-v0.1.yaml @@ -31,6 +31,21 @@ packs: - "apps/eval-fabric-api" - "docs/PLATFORM_EVAL_FABRIC.md" notes: "Real platform surface, but still more internal than packaged." + - id: "fogstack.office" + label: "Fog Stack Office / Collaboration" + category: "product_surface" + readiness_pct: 55 + repo_split_now: false + substrate_anchors: + - "services/office-collaboration" + - "schemas/office" + - "docs/OFFICE_COLLABORATION_RUNTIME.md" + notes: > + Executable collaboration runtime added via PRs #314–#319: thread creation, messages, + version-aware suggestion status, thread resolution, event history, and suggestion event + history are all in place with behavior tests. Schemas exist for collaboration thread and + suggestion records. Not yet hardened for production auth, durable persistence, or external + identity. Surface is at executable-demo posture, not production deployment. - id: "fogstack.security" label: "Fog Stack Security / Trust" category: "shared_capability" @@ -40,21 +55,51 @@ packs: - "schemas/release/*" - "tools/*fogstack*" notes: "Strong platform capability, but not yet an independently packaged product surface." + - id: "fogstack.registry" + label: "Fog Stack Registry / Release Distribution" + category: "product_surface" + readiness_pct: 60 + repo_split_now: false + substrate_anchors: + - "registry" + - "tools/promote_fogstack_manifest_publication_set.py" + - "tools/check_fogstack_manifest_promotion_policy.py" + - "tools/build_fogstack_registry_root_metadata.py" + - "tools/check_fogstack_registry_revocation_index.py" + notes: > + Gated, CI-backed artifact publication pipeline with filesystem registry adapter, + registry-root metadata, rollback/revocation lifecycle index, and local registry metadata + signature-verification support across PRs #211–#215, #224, #237, #248, and #324. + Known gaps: network registry publication, production KMS/HSM-backed signing, external + identity binding, client-side rollback/revocation enforcement, and operator-facing + release-distribution UX. No external registry or production deployment exists. - id: "fogstack.data" - label: "Fog Stack Data" - category: "packaging_view" - readiness_pct: 30 + label: "Fog Stack Data / GovernAI" + category: "product_surface" + readiness_pct: 50 repo_split_now: false substrate_anchors: + - "apps/lattice-studio" - "knowledge + evaluation surfaces" - notes: "Better treated as a packaging view over Knowledge + Evaluation than as a separate repo." + notes: > + Upgraded from 30% (packaging view) to 50% (fixture-ready product surface) following the + Lattice Studio/Data/GovernAI vertical slice in PRs #299–#308. Full deterministic fixture + path now covers product-spine, annotation-to-training, active metadata, trust/reputation, + and GovernAI routing consumers. Still fixture/demo-only; no live data backend, external + data contracts, or production data pipeline exists on main. - id: "fogstack.ai" - label: "Fog Stack AI" - category: "future_pack" - readiness_pct: 20 + label: "Fog Stack AI / Lattice Studio" + category: "product_surface" + readiness_pct: 45 repo_split_now: false - substrate_anchors: [] - notes: "Not enough independent runtime/product surface yet." + substrate_anchors: + - "apps/lattice-studio" + notes: > + Upgraded from 20% (conceptual future pack) to 45% (fixture-ready product surface) following + the Lattice Studio vertical slice in PRs #299–#308: model zoo, prompt/RAG/evaluation lab, + publication review, runtime profile catalog (three Lattice Forge runtimes), demo readiness + report, and runtime release readiness fixture. All surfaces are fixture/demo-only; no live + inference, model training, serving infrastructure, or production ML pipeline exists on main. - id: "fogstack.automation" label: "Fog Stack Automation" category: "future_pack" diff --git a/docs/FOGSTACK_PACKS.md b/docs/FOGSTACK_PACKS.md index c477989b..12edfc4c 100644 --- a/docs/FOGSTACK_PACKS.md +++ b/docs/FOGSTACK_PACKS.md @@ -28,23 +28,35 @@ The shared trust/release graph is still the dominant implementation concern, and - Repo split now: no - Why: real platform surface, but still more internal than packaged. +### Fog Stack Office / Collaboration +- Type: real product surface (executable-demo posture) +- Readiness: 55% +- Repo split now: no +- Why: an executable collaboration runtime landed via PRs #314–#319 with thread creation, messages, version-aware suggestion status, thread and suggestion resolution, and full event-history behaviors, all covered by behavior tests. JSON schemas exist for thread and suggestion records. Not yet hardened for production auth, durable persistence, or external identity; surface is at executable-demo posture, not production deployment. + ### Fog Stack Security / Trust - Type: strong shared capability - Readiness: 80% as platform capability / 35% as standalone pack - Repo split now: no - Why: the shared trust/release graph is still the dominant engineering concern. -### Fog Stack Data -- Type: emerging packaging view -- Readiness: 30% +### Fog Stack Registry / Release Distribution +- Type: real product surface (demo/CI posture) +- Readiness: 60% - Repo split now: no -- Why: better treated as a packaging view over Knowledge + Evaluation than as an independent engineering island. +- Why: the registry/release-distribution lane now includes gated publication, filesystem registry export, registry publication indexes, registry-root metadata, rollback/revocation lifecycle indexes, and local registry metadata signature-verification support across PRs #211–#215, #224, #237, #248, and #324. It is no longer just a future release-plumbing concept. Remaining gaps are network registry publication, production KMS/HSM-backed signing, external identity binding, client-side rollback/revocation enforcement, and operator-facing release-distribution UX. No external registry or production deployment exists on main. -### Fog Stack AI -- Type: conceptual future pack -- Readiness: 20% +### Fog Stack Data / GovernAI +- Type: fixture-ready product surface +- Readiness: 50% +- Repo split now: no +- Why: upgraded from 30% (packaging view over Knowledge + Evaluation) to 50% following the Lattice Studio/Data/GovernAI vertical slice merged in PRs #299–#308. The full deterministic fixture path now covers product-spine, annotation-to-training, active metadata, trust/reputation signals, and GovernAI routing consumers. Still fixture/demo-only; no live data backend, external data contracts, or production data pipeline exists on main. + +### Fog Stack AI / Lattice Studio +- Type: fixture-ready product surface +- Readiness: 45% - Repo split now: no -- Why: not enough independent runtime/product surface yet. +- Why: upgraded from 20% (conceptual future pack) to 45% following the Lattice Studio vertical slice in PRs #299–#308. The surface now includes model zoo, prompt/RAG/evaluation lab, publication review/reproduction, runtime profile catalog (three Lattice Forge runtimes), a demo readiness report, and a runtime release readiness fixture. All surfaces are fixture/demo-only; no live inference, model training, serving infrastructure, or production ML pipeline exists on main. ### Fog Stack Automation - Type: conceptual future pack diff --git a/docs/FOGSTACK_STATUS.md b/docs/FOGSTACK_STATUS.md index d3ebc8bb..d94aab9f 100644 --- a/docs/FOGSTACK_STATUS.md +++ b/docs/FOGSTACK_STATUS.md @@ -28,6 +28,9 @@ The following initial offering slices are already merged into `main`: - **Fog Stack Access** — initial upstream offering slice via PR #25 - **Fog Stack Knowledge** — governed ingress + local daemon offering slice via PR #26 - **Fog Stack Evaluation** — evaluation fabric offering slice via PR #27 +- **Fog Stack Office / Collaboration** — office collaboration runtime schema and service slice via PRs #314–#319 +- **Fog Stack Data / GovernAI** — Lattice Studio/Data/GovernAI product-surface fixtures (product-spine, annotation-to-training, active metadata, trust/reputation, runtime profile catalog, demo readiness report, runtime release readiness) via PRs #299–#308 +- **Fog Stack AI / Lattice Studio** — Lattice Studio AI product-surface fixtures (model zoo, prompt/RAG/eval lab, publication review, runtime profile catalog, demo readiness report, runtime release readiness) via PRs #299–#308 ## Merged validation and release-engineering slices @@ -66,10 +69,15 @@ The following supporting slices are already merged into `main`: - release publication gate via PR #211 - registry publication index via PR #212 - filesystem registry adapter via PR #215 +- filesystem registry root builder/checker via PR #224 +- registry rollback/revocation lifecycle index via PR #237 +- local OpenSSL-backed registry metadata signature verification via PR #248 +- registry-root metadata and rollback/revocation tranche via PR #324 +- tightened registry root and revocation schemas via PR #330 ## Current active frontier -Fog Stack is past initial offering definition and past local trust-graph construction. The active frontier is now release publication and registry hardening. +Fog Stack is past initial offering definition, local trust-graph construction, first-generation filesystem registry publication, registry-root metadata, rollback/revocation lifecycle indexing, local registry metadata signature verification, and strict registry schema hardening. The active frontier is now Office / Collaboration service hardening, Lattice Studio/Data/GovernAI live-backend readiness, network registry publication, production signing/identity integration, and operator-facing release-distribution UX. The current release path is: @@ -82,10 +90,25 @@ The current release path is: 7. emit a release publication gate record 8. build a registry publication index 9. publish the gated index and referenced artifacts to a filesystem registry layout +10. emit registry-root metadata and rollback/revocation lifecycle indexes +11. locally verify registry metadata signatures where fixture OpenSSL signing is present +12. validate registry root and revocation metadata against tightened schemas ## Product-pack readiness matrix -The detailed matrix and pack taxonomy live in: +| Pack | Readiness | Category | Notes | +|---|---|---|---| +| Fog Stack Access | 70% | product_surface | Most mature customer-facing surface | +| Fog Stack Knowledge | 55% | product_surface | Composition-heavy, operationally mixed | +| Fog Stack Evaluation | 55% | product_surface | More internal than packaged | +| Fog Stack Office / Collaboration | 55% | product_surface | Executable-demo posture; PRs #314–#319 | +| Fog Stack Security / Trust | 35% (standalone) | shared_capability | 80% as platform capability | +| Fog Stack Registry / Release Distribution | 60% | product_surface | Filesystem registry, root metadata, lifecycle index, local signature verification, and strict schemas; PRs #211–#215, #224, #237, #248, #324, #330 | +| Fog Stack Data / GovernAI | 50% | product_surface | Fixture-ready; upgraded from 30%; PRs #299–#308 | +| Fog Stack AI / Lattice Studio | 45% | product_surface | Fixture-ready; upgraded from 20%; PRs #299–#308 | +| Fog Stack Automation | 20% | future_pack | No distinct surface yet | + +The detailed taxonomy and per-pack notes live in: - `docs/FOGSTACK_PACKS.md` - `catalog/fogstack-packs-v0.1.yaml` @@ -112,18 +135,23 @@ The release/trust/publication graph now consists of these machine-readable artif - release publication gate record - registry publication index - filesystem registry publication/check artifacts +- filesystem registry root metadata +- registry-root metadata +- rollback/revocation lifecycle index +- registry metadata signature-verification evidence +- tightened registry root and revocation schemas ## Known gaps and next tranches The next release-engineering tranche should focus on: 1. **Network registry publication** beyond filesystem registry export. -2. **Signed registry root metadata** so registry consumers can verify the registry root, not just individual artifact records. -3. **Rollback and revocation indexes** for promoted or published artifact sets. +2. **Production signing and identity binding**: KMS/HSM-backed registry and release signing, external identity-provider binding, and policy-managed key lifecycle. +3. **Client-side rollback/revocation enforcement** so consumers act on lifecycle indexes rather than merely validating their shape. 4. **Signature verification pipeline exit-code hygiene** so digest mismatch and malformed input fail hard at the CLI layer. -5. **Status and registry docs kept current** whenever publication gates or registry adapters land. -6. **External identity-provider / KMS / HSM integration** for release identity and signing keys when the workflow moves beyond local demo-grade keys. +5. **Operator-facing release-distribution UX** including one-command local demo, release-readiness dashboards, and pack-specific smoke deployments. +6. **Status and registry docs kept current** whenever publication gates, registry adapters, lifecycle indexes, signing tranches, or schema hardening land. ## Position in the maturity ladder -Fog Stack in `prophet-platform` is now in release-publication hardening. It has moved from offering taxonomy and local trust records into gated, CI-backed, registry-ready artifact publication surfaces. The immediate risk is stale status documentation or weak CLI semantics causing operators to misread publication readiness. +Fog Stack in `prophet-platform` is now in registry-backed release-distribution hardening. It has moved from offering taxonomy and local trust records into gated, CI-backed, filesystem-registry artifact publication with root metadata, lifecycle index, local signature-verification support, and tightened registry schemas. The immediate risk is stale status documentation or weak CLI semantics causing operators to misread publication readiness.