Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

zircote Platform Documentation

Documentation for the centralized tooling this repository provides to every zircote/* repository: the attested-delivery workflows, reusable CI/CD workflows, and shared automation.

The docs follow the Diátaxis framework — four kinds of documentation for four kinds of need:

You want to... Read
Learn the system hands-on Tutorials
Get a specific task done How-to guides
Look up exact inputs, outputs, and behavior Reference
Understand why it works this way Explanation

Tutorials

How-to guides

For coding agents (Claude Code, Copilot, gh-aw), the attested-delivery skill packages all of the above — architecture, platform constraints, caller recipes with baked-in workflow templates, rollout checklist, and verification — as an executable, fully self-contained onboarding protocol for any org or repo.

Reference

  • Reusable workflows — every centralized attested-delivery workflow: inputs, outputs, secrets, permissions.
  • Quality-gate workflows — the SAST, SCA, Trivy, Scorecard, VEX, k6, ZAP, seam, and verify-gates workflows: role, key inputs, evidence, predicate type, signer.
  • Attestation predicate definitions — the custom predicate types the quality gates sign: URI, body format, verdict rule, JSON Schema.
  • Language CI, release, security, and docs workflows are summarized in CLAUDE.md and the repo README.

Explanation

  • Why attested delivery — the promotion invariant, the signing-isolation boundary, admission-time enforcement, and the change-record gate.
  • Why attested quality gates — the verdict-as-attestation model, signer pinning, custom predicate types, and the "signed ≠ passed" caveat.

Project plans

Plans are working project artifacts, not user documentation, and sit outside the Diátaxis quadrants:

Other content

Coverage matrix

Tool / component Tutorial How-to Reference Explanation
build-attest.yml Yes Yes Yes Yes
sign-and-attest.yml Yes Yes Yes Yes
verify-attestation.yml Yes Yes Yes Yes
promote.yml / promote-prod.yml Yes Yes Yes
sbom-and-scan.yml Yes Yes
dora-emit.yml Yes Yes Yes
pin-check.yml Yes Yes
Admission enforcement (Kyverno / pre-deploy gate) Yes Yes
Attested quality gates (SAST/SCA/Trivy/Scorecard/VEX/k6/ZAP) Yes (SAST) Yes Yes Yes
Attestation seam (reusable-attest-scan.yml) Yes Yes Yes Yes