Distributed intelligence infrastructure for autonomous AI constellation systems.
| Repository | Role | Entry Point |
|---|---|---|
Cursor-Governance |
Policy SSOT — CANONICAL_LAW.md §1–§9, symlink wiring, GlobalCommands | CANONICAL_LAW.md |
l9-ci-core |
Reusable CI kernel library — 8 workflow_call kernels |
.github/workflows/pr-pipeline.yml@v1 |
l9-assurance |
51-package TypeScript governance assurance monorepo | packages/ |
.github |
Org backbone — health files, starter templates, workflow registry | workflow-interface-registry.yml |
All repositories consume l9-ci-core kernels via thin caller workflows.
See workflow-interface-registry.yml for the machine-readable CI API contract.
| Kernel | Purpose |
|---|---|
pr-pipeline.yml@v1 |
Lint, type-check, test, security gates on every PR |
release-publish.yml@v1 |
Versioned release build and publish |
nightly.yml@v1 |
Scheduled nightly validation |
pre-commit-ci.yml@v1 |
Pre-commit hook enforcement |
trio-governance.yml@v1 |
Three-tier separation governance check |
security.yml@v1 |
Gitleaks, Bandit/Semgrep, pip-audit/npm audit |
scorecard.yml@v1 |
OpenSSF Scorecard analysis |
sbom.yml@v1 |
SBOM generation (SPDX-JSON via Syft) |
- Read
CONTRIBUTING.md— governance setup checklist is mandatory. - Clone
Cursor-Governanceand runsetup_workspace_symlinks.shbefore committing to any repo. - All PRs require CI green + CODEOWNERS approval (2 reviewers for blast-radius files).
See SECURITY.md to report vulnerabilities.
Security packages: l9-agent-security-testkit, l9-security-testkit.