docs: adrs: governance: Policies

[johnandersen777]

Matthew 6:24 DAO - peer to peer with purely with policy doc enforced by signers and verifiers on pull. Remember that we have local directory copy of repo, local federation sync (offline/online) and then federated servers (online).

We may not need KERI's crypto based duplicity detection if we use receipts from each index for those involved in transaction.

It's policy updating code updating policy (using cue bindings for typescript via deno within exec from policy)

Then you're Federating that

---

Pull Requests

• https://docs.gitlab.com/ee/topics/git/commit.html#push-options-for-merge-requests

CI/CD

Indexes

• Indexes used for per-project ING-4
  • Policy file generation and modification don't have to used pinned posts, can create index per project or per policy file (branch scoped)

---

Look into cue modules to see if they assist as they are already ORAS for registry (then add SCITT to secure the modules in ad-hoc registries)

• Considerations
  • actions: write
    • Ideally we leverage uses and so forth to keep as much out of the workflows as possible, as their updates are more difficult to modify in an automated fashion.
    • We should be following the fork + pull request model for all contributions. This means we can leverage @liceoa with a GitHub app installed on those repos to automate updates to them when needed.
    • with/inputs can be taken from files (YAML -> yq -> step.step-id-name.outputs.selected-value(s) -> optionally toJSON)
• References
  • 1f05cd3
• TODO
  • Notes from notebook
    • https://github.com/publicdomainrelay/reference-implementation/blob/main/docs/adrs/governance.md
  • https://github.com/cue-labs/cue-by-example/blob/main/001_github_actions_importing_workflows/README.md
    • https://github.com/publicdomainrelay/reference-implementation/blob/main/docs/notes/cue_github_actions_example.md
  • https://cuelang.org/docs/howto/use-your-first-cue-workflow-command/
    • https://cuelang.org/docs/concept/how-cue-works-with-go/#using-cues-go-api
  • https://cuelang.org/docs/tutorial/working-with-a-custom-module-registry/
    • https://cuelang.org/docs/concept/modules/
  • https://github.com/bytecodealliance/wasmtime-py
    • deno rust wasm target for policy engine embed (uses)
    • cuelang golang wasm target for policy engine embed (uses)
      • CUE package wasm allows users to write their own functions and make them available to CUE via Wasm modules.
        • Cannot run the WASM demos cue-lang/cue#2924 (comment)
          • Removed for now, must be used with packages / modules, not individual files
      • is there an NPM wrapper? cue-lang/cue#86
        • https://github.com/dclareio/cue-wasm
  • Proof Of Concept (POC)
    • No moving ADRs to accepted status without POC!
      • Similar to how this itself is no moving to maintainers / owners without policy OK / ClearForTakeOff. Referenced in notebook notes.
    • git ls-remote polling
• Future
  • Hook up ideation uses generation of new modules, policy, modifications to policy
  • https://github.com/cue-labs/cue-by-example/blob/main/003_kubernetes_tutorial/README.md
  • https://codeberg.org/forgejo/forgejo/pulls?q=&type=all&sort=&labels=79349&state=open&milestone=0&project=0&assignee=0&poster=0&fuzzy=true