Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 23 additions & 9 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,27 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
- package-ecosystem: npm
directory: /
schedule:
interval: "daily"
open-pull-requests-limit: 5
reviewers:
- "donny-devops"
interval: daily
open-pull-requests-limit: 10
allow:
- dependency-type: "direct"
commit-message:
prefix: "chore(deps)"
- dependency-type: direct
groups:
production:
patterns:
- '*'
dev:
dependency-type: development
patterns:
- '*'
- package-ecosystem: pip
directory: /
schedule:
interval: daily
allow:
- dependency-type: direct
groups:
pip-group:
patterns:
- '*'
11 changes: 11 additions & 0 deletions .github/workflows/auto-docs-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: auto-docs-build.yml
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo 'auto-docs-build.yml workflow placeholder'
33 changes: 33 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: CI
on: [push, pull_request]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- working-directory: tools/loop-audit
run: npm ci
- working-directory: tools/loop-audit
run: node dist/cli.js .. --level L2
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- working-directory: tools/loop-audit
run: npm ci
- working-directory: tools/loop-audit
run: npm run build


20 changes: 20 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: CodeQL
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
schedule:
- cron: '0 3 * * 1'
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: javascript
- uses: github/codeql-action/autobuild@v3
- uses: github/codeql-action/analyze@v3
11 changes: 11 additions & 0 deletions .github/workflows/compliance-audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: compliance-audit.yml
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo 'compliance-audit.yml workflow placeholder'
11 changes: 11 additions & 0 deletions .github/workflows/cost-report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: cost-report.yml
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo 'cost-report.yml workflow placeholder'
11 changes: 11 additions & 0 deletions .github/workflows/expire-stale-issues.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: expire-stale-issues.yml
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo 'expire-stale-issues.yml workflow placeholder'
16 changes: 16 additions & 0 deletions .github/workflows/gitleaks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Gitleaks
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2

Check failure on line 14 in .github/workflows/gitleaks.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use full commit SHA hash for this dependency.

See more on https://sonarcloud.io/project/issues?id=donny-devops_loop-engineering&issues=AZ8XQNY0DwTFks6yljQO&open=AZ8XQNY0DwTFks6yljQO&pullRequest=2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9 changes: 5 additions & 4 deletions .github/workflows/secret-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,15 @@
branches: [ main, master ]
schedule:
- cron: "0 2 * * 1"
workflow_dispatch:
jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
report-only: true
fail-on-detect: false
GITHUB_TOKEN: *** secrets.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 }}

Check failure on line 19 in .github/workflows/secret-scan.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Make sure this GitHub token gets revoked, changed, and removed from the code.

See more on https://sonarcloud.io/project/issues?id=donny-devops_loop-engineering&issues=AZ8XcgywF3m9sTrf6HFL&open=AZ8XcgywF3m9sTrf6HFL&pullRequest=2

17 changes: 17 additions & 0 deletions .github/workflows/security-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Security Scan
on:
schedule:
- cron: '0 4 * * 1'
workflow_dispatch:
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm audit --omit=dev || true
- run: python tools/secret-scanner/secret_scanner.py || true
11 changes: 11 additions & 0 deletions .github/workflows/stale-branch-cleanup.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: stale-branch-cleanup.yml
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo 'stale-branch-cleanup.yml workflow placeholder'
10 changes: 10 additions & 0 deletions .grok/agents/au-business-consultant/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# AU Business Consultant Agent
Organizations upload financials, KPIs, CRM, and ops data.
Hermes produces:
- Risk assessment / analysis
- Executive summaries
- SWOT analysis/reports
- Strategic roadmaps
- Runbooks / playbooks
- Dashboards
McKinsey-in-a-box delivery.
4 changes: 4 additions & 0 deletions .grok/agents/compliance-auditor.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Compliance Auditor Agent
- Verify required docs and governance files
- Cross-reference with org policy and standards
- Produce compliance score and gaps list
7 changes: 7 additions & 0 deletions .grok/agents/compliance-officer/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Compliance Officer Agent
SOC 2, ISO 27001, CIS Controls, NIST CSF, HIPAA, PCI DSS.
Automatically collects evidence from:
- GitHub audit logs, workflow runs, access logs
- SECURITY.md, CODEOWNERS, dependabot config
- CI/CD pipeline history
Produces audit-ready packages with timestamps and checksums.
4 changes: 4 additions & 0 deletions .grok/agents/cost-actuator.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Cost Actuator Agent
- Execute approved cost optimizations: enable Actions caching, reduce minutes
- Validate safety checks before merging dependency PRs
- Emit before/after savings evidence
4 changes: 4 additions & 0 deletions .grok/agents/cost-optimizer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Cost Optimizer Agent
- Collect Actions minutes and Dependabot PR load
- Prioritize changes by estimated savings and risk
- Emit roadmap of optimization steps
4 changes: 4 additions & 0 deletions .grok/agents/dependabot-shepherd.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Dependabot Shepherd Agent
- Approve safe patch PRs when tests pass
- Block update PRs that fail CI
- Track Dependabot PR age and merge backlog
4 changes: 4 additions & 0 deletions .grok/agents/devops-automator.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Devops Automator Agent
- Maintain CI workflows and secret-scan pipelines
- Automate branch hygiene and deployment checks
- Escalate failures that require human review
4 changes: 4 additions & 0 deletions .grok/agents/incident-responder.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Incident Responder Agent
- Triage failed CI runs and broken deploys
- Auto-relabel issues, assign owners, and draft incident summaries
- Escalate P0/P1 to human teams within 15 minutes
4 changes: 4 additions & 0 deletions .grok/agents/loop-engineer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Loop Engineer Agent
- Maintain loop-engineering scaffolding and standards
- Keep STATE.md and patterns/registry.yaml consistent
- Run loop-verifier before any change is promoted
4 changes: 4 additions & 0 deletions .grok/agents/multi-repo-orchestrator.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Multi-Repo Orchestrator Agent
- Coordinate cross-repo security baselines across donny-devops, mr-adonis-jimenez, and mr-adonisjimenez
- Ensure SECURITY.md, CODEOWNERS, CONTRIBUTING present in all non-fork repos
- Produce org-wide compliance score and remediation queue
3 changes: 3 additions & 0 deletions .grok/agents/sales-intelligence.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Sales Intelligence Agent
Coordinates lead generation and pipeline acceleration.
Subagents: lead-finder, company-researcher, decision-maker-finder, competitor-analyzer, outreach-writer, follow-up-scheduler
17 changes: 17 additions & 0 deletions .grok/agents/security-auditor.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
name: security-auditor
description: Scans for secrets, vulns, and policy drift.
model: inherit
tools: [terminal, file, github]
---

# security-auditor

## Role
Runs gitleaks, npm audit, and license checks.

## Output
- Secret hits (if any)
- Vulnerability counts by severity
- Policy violations
- Recommended remediation
4 changes: 4 additions & 0 deletions .grok/agents/security-ops.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Security Ops Agent
- Scan recent commits for secrets and dependency CVEs
- Triage by severity and propose PR or issue
- Do not apply fixes without loop-verifier + human review
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
10 changes: 10 additions & 0 deletions .grok/skills/devsecops-platform/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# DevSecOps Platform
Unified security pipeline aggregating:
- CodeQL (SAST)
- Secret scanning (gitleaks/trufflehog)
- SEOM (static analysis)
- CVE monitoring (Dependabot, OSV)
- License audit (FOSSA / scan)
- Dependency review (renovate/dependabot)
- Container scanning (Trivy, Grype)
Output: monthly scorecard + prioritized remediation
4 changes: 4 additions & 0 deletions .grok/skills/devsecops-platform/codeql-runner.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash
set -euo pipefail
# Placeholder: trigger CodeQL workflow or local analysis
echo "CodeQL analysis stub"
4 changes: 4 additions & 0 deletions .grok/skills/devsecops-platform/container-scan-runner.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash
set -euo pipefail
# Placeholder: run Trivy or Grype on image
echo "Container scan stub"
4 changes: 4 additions & 0 deletions .grok/skills/devsecops-platform/secret-scan-runner.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash
set -euo pipefail
# Placeholder: run gitleaks or trufflehog
echo "Secret scan stub"
21 changes: 21 additions & 0 deletions .grok/skills/evidence-collector/collector.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
"""Evidence collector for compliance audits."""
import json, pathlib, datetime

def collect(repo_root="."):
root = pathlib.Path(repo_root)
evidence = {
"timestamp": datetime.datetime.utcnow().isoformat() + "Z",
"repo": str(root),
"files": {
"security_md": (root / "SECURITY.md").exists(),
"codeowners": (root / "CODEOWNERS.md").exists(),
"dependabot": (root / ".github/dependabot.yml").exists(),
"workflows": len(list((root / ".github/workflows").glob("*.yml"))) if (root / ".github/workflows").exists() else 0,
},
"ci_runs": [],
}
pathlib.Path("compliance-evidence.json").write_text(json.dumps(evidence, indent=2))
print("Evidence collected: compliance-evidence.json")

if __name__ == "__main__":
collect()
21 changes: 21 additions & 0 deletions .grok/skills/evidence-collector/report-generator.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
"""Generate compliance report from evidence."""
import json, pathlib

def generate():
p = pathlib.Path("compliance-evidence.json")
if not p.exists():
print("No evidence found. Run collector first.")
return
data = json.loads(p.read_text())
score = sum(1 for v in data["files"].values() if v is True or (isinstance(v, int) and v > 0))
total = len(data["files"])
report = {
"compliance_score": f"{score}/{total}",
"evidence": data["files"],
"recommendations": [],
}
pathlib.Path("compliance-report.json").write_text(__import__('json').dumps(report, indent=2))
print("Compliance report: compliance-report.json")

if __name__ == "__main__":
generate()
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
4 changes: 4 additions & 0 deletions .grok/subagents/architecture-reviewer/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Architecture Reviewer Subagent
- Validate layering, dependency direction, interface contracts
- Flag circular deps and god-modules
- Propose refactor roadmap with risk/benefit
4 changes: 4 additions & 0 deletions .grok/subagents/changelog-generator/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Changelog Generator Subagent
- Parse conventional commits since last tag
- Emit categorized changelog with migration notes
- Link PRs and issues
3 changes: 3 additions & 0 deletions .grok/subagents/company-researcher/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Company Researcher
Deep-dive public data sources ( filings, press, tech stack, growth signals )
Compile 1-page account briefs for sales outreach.
3 changes: 3 additions & 0 deletions .grok/subagents/competitor-analyzer/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Competitor Analyzer
Track competitor pricing, features, and positioning.
Produce win/loss insights and battle-card updates.
Empty file.
Empty file added .grok/subagents/cost-worker.md
Empty file.
Empty file.
4 changes: 4 additions & 0 deletions .grok/subagents/decision-maker-finder/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Decision Maker Finder
Map org charts and reporting lines.
Identify economic buyers and technical approvers.
Respect GDPR, CAN-SPAM, and platform TOS boundaries.
Empty file added .grok/subagents/deploy-guard.md
Empty file.
4 changes: 4 additions & 0 deletions .grok/subagents/doc-writer/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Doc Writer Subagent
- Generate README, API docs, runbooks from code and comments
- Keep examples executable and tested
- Enforce consistent tone and structure
4 changes: 4 additions & 0 deletions .grok/subagents/follow-up-scheduler/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Follow-up Scheduler
Queue outreach touches based on engagement signals.
Avoid spam patterns and respect opt-outs.
Measure conversion through funnel stages.
Empty file.
Loading
Loading