Keystone assimilation tooling for forward-only governance

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for djh00t from gravatar.com djh00t

Unverified details

These details have not been verified by PyPI
Meta
  • License: Proprietary
  • Author: Keystone
  • Requires: Python >=3.10
  • Provides-Extra: dev
Report project as malware

Project description

Keystone Assimilation System

1.0 📄 Overview

This directory contains the central, authoritative implementation of Keystone’s assimilation system.

The assimilation system is responsible for:

  • understanding external repositories
  • enforcing forward-only governance
  • generating machine-readable signals
  • feeding governance decisions
  • enabling IP Bank extraction

Assimilation is non-destructive, incremental, and inevitable. Legacy code is never rewritten; governance applies forward-only.

1.1 📜 Core Principles

  • Read-only analysis of external repositories
  • Forward-only enforcement
  • Pull-based ingestion
  • No autonomous mutation
  • Governance decides truth

If a change is not ratified via governance, it does not exist.

1.2 📜 Assimilation States

The assimilation system defines five explicit states for external repositories:

  • observed
  • catalogued
  • governed
  • canonical
  • ipbanked

State is declared in .keystone/assimilation.yaml inside the target repository.

State controls:

  • what CI enforces
  • what signals are collected
  • what promotion is allowed
stateDiagram-v2
    [*] --> observed
    observed --> catalogued
    catalogued --> governed
    governed --> canonical
    canonical --> ipbanked

1.3 🧠 What This Code Does

  • Reads .keystone/assimilation.yaml
  • Runs AST / static analysis
  • Collects dependency and coverage signals
  • Enforces rules only when state ≥ governed
  • Emits structured, machine-readable reports
  • Produces governance-ready evidence

1.4 🚫 What This Code Never Does

  • Rewrite git history
  • Auto-promote IP
  • Modify external repositories
  • Bypass governance
  • Guess intent
  • Invent structure

1.5 🔁 How It’s Used

In external (assimilated) repositories

A GitHub Action runs on PRs, merges, and a schedule:

uv run keystone-assimilation-run

This produces artifacts only. No state changes occur. Artifacts are uploaded to GitHub Actions.

In Keystone (central repo)

Keystone pulls assimilation evidence using a scheduled collector:

uv run keystone-assimilation-collect

This stages evidence for governance review and opens a PR containing facts, not decisions.

Authority

  • Constitution: .specify/memory/constitution.md
  • Enforcement rules: AGENTS.md
  • Process: docs/process.md
  • Assimilation doctrine: docs/assimilation.md

1.6 🧭 End-to-End Assimilation Flow

flowchart TD
    Repo[External Repo]
    Watcher[Assimilation Watcher Action]
    Artifacts[GitHub Artifacts]

    Collector[Keystone Collector Action]
    Evidence[Assimilation Evidence Store]
    Governance[Monthly Governance]
    IPBank[IP Bank]

    Repo --> Watcher
    Watcher --> Artifacts
    Artifacts --> Collector
    Collector --> Evidence
    Evidence --> Governance
    Governance --> IPBank

2.0 ⚙️ Implementation Details

2.1 📁 Directory Layout (Keystone repo)

keystone/
  tools/
    assimilation/
      README.md
      Makefile
      assimilation.default.yaml
      pyproject.toml
      src/keystone_assimilation/
        __init__.py
        analysis/
          __init__.py
          python_ast.py
          dependency_graph.py
          coverage_map.py
        cli.py
        collect.py
        config.py
        ingest.py
        models.py
        states.py
      tests/
      workflows/
      uv.lock

2.2 📄 Default Assimilation Configuration

This file lives in Keystone and is copied into new repositories.

Location: keystone/tools/assimilation/assimilation.default.yaml

keystone:
  project_id: "<REPLACE_ME>"
  owner: "<REPLACE_ME>"

  state: observed
  target_state: null

  assimilated_at: null
  last_reviewed: null

  metadata:
    role: unknown
    description: ""
    maturity: unknown
    primary_language: unknown
    secondary_languages: []
    active: true

  analysis:
    enabled: true
    languages:
      - python
    tools:
      - python_ast
      - dependency_graph
      - coverage_map
    last_run: null

  enforcement:
    forward_only: true
    require_make_check: false
    min_coverage: 80

    commit_discipline: true
    one_file_per_commit: true
    conventional_commits: true
    require_footer_refs: true

  ip_candidates: []
  notes: []

2.3 🔎 keystone-assimilation-run — Assimilation Watcher (External Repos)

Executed inside the assimilated repository.

Responsibilities:

  • read config
  • run analysis
  • enforce forward-only rules
  • emit reports

It never mutates the repo.

2.4 🧲 keystone-assimilation-collect — Central Keystone Collector

Executed only in Keystone.

Responsibilities:

  • pull artifacts from GitHub
  • store evidence immutably
  • prepare governance review
  • never mutate external repos
  • never auto-promote state or IP

3.0 🔌 How Other Repositories Integrate

Minimal steps for any repo (including kcmt):

  1. Add .keystone/assimilation.yaml
  2. Add GitHub Action:
- name: Run Keystone Assimilation
  run: uv run keystone-assimilation-run
  1. Upload artifacts
  2. Done

No refactors. No rewrites. No coupling.

4.0 🏛 Governance & Enforcement

  • Assimilation state changes require a written governance decision
  • Evidence is reviewed monthly
  • CI enforcement ratchets forward
  • IP extraction is deliberate and reviewed

If a decision is not written, it did not happen.

5.0 🎯 Why This Works

This system makes management easy and dropping balls hard:

  • State is explicit
  • Enforcement is forward-only
  • Evidence is machine-generated
  • Decisions are written
  • IP extraction is intentional
  • Nothing moves silently

Assimilation turns legacy into leverage — without disruption.

6.0 📦 Packaging & Quality Gates

  • Install locally: uv sync --extra dev
  • Run quality gates: make check (format check, lint, tests with coverage >=80%)
  • Build artifacts: make build

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for djh00t from gravatar.com djh00t

Unverified details

These details have not been verified by PyPI
Meta
  • License: Proprietary
  • Author: Keystone
  • Requires: Python >=3.10
  • Provides-Extra: dev

Release history Release notifications | RSS feed

This version

0.1.14

0.1.13

0.1.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keystone_assimilation-0.1.14.tar.gz (7.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

keystone_assimilation-0.1.14-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file keystone_assimilation-0.1.14.tar.gz.

File metadata

  • Download URL: keystone_assimilation-0.1.14.tar.gz
  • Upload date:
  • Size: 7.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for keystone_assimilation-0.1.14.tar.gz
Algorithm Hash digest
SHA256 d2388e3296a8cf11104906f15d2be593f8ccae2da641a5220e27d58ba4fba535
MD5 a5ce989f8ac532aa9971a9efd00f161a
BLAKE2b-256 4fee83007f873897520bff7bccee75df332d18900f0e9b45a93dfc5ed107f4de

See more details on using hashes here.

File details

Details for the file keystone_assimilation-0.1.14-py3-none-any.whl.

File metadata

File hashes

Hashes for keystone_assimilation-0.1.14-py3-none-any.whl
Algorithm Hash digest
SHA256 50213852ec1a9a0d5fd7d53f5b65c31f4b1ffd1c355d27fa1c7d8be4f56fe7e0
MD5 ab3933803c495724bdb7ea6e3fbe69ff
BLAKE2b-256 8500c0e25cdafe25db453a0eef08e57e57747aba046e25aee4a275620f8686d4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page