Diablo_Rain/synos-public-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e870d388cb
synos-public-docs/CONTRIBUTING.md
ShellDiablo33 e870d388cb
docs: refresh for v60.0.0 "Sun & Salt" — public release run-up 
Wholesale refresh of the public-facing documentation for the GRIMOIRE
Public + Goodlife ISO release run-up. The repo had been frozen at
v10.3.2 / Debian-base / "Awakening"-era content; everything has shifted
since (Arch base, custom 6.19 kernel, 17 syscalls, 100 labs, three-image
strategy, v44–v60 codesprint, post-quantum integration, Stoneglass mesh,
Sigstore + SLSA-3 supply chain, the Sovereign Operator Path).

Refreshed root-level files:
- README.md — v60 hero, codesprint summary, three-image table, what we
  promise, what's coming
- GRIMOIRE.md (NEW) — focused page on the gamified training platform:
  100 labs / 13 categories breakdown, faction system (Crimson Spire,
  Ashen Veil, the third house), boss contracts, economy, narrative
  quests, 5 competition modes, Sovereign Operator Path, first-boot
  wizard, lab integrity manifest enforcement
- ARCHITECTURE.md — synaptic gap framing, four pillars (kernel, ALFRED,
  GRIMOIRE, Arcanum Hive), three-image strategy, substrate, axioms
- FEATURES.md — capability inventory across kernel, ALFRED, GRIMOIRE,
  synos-bevy, Hive, post-quantum, supply chain, desktop, tooling,
  quality gates
- ROADMAP.md — v60 done, v44–v60 codesprint table, imminent public ISO
  releases, near-term + medium-term + long-term themes
- CONTRIBUTING.md — current-state honesty (private source tree, narrow
  contribution surface today), what we welcome (docs feedback, lab
  proposals, cohort partnerships), what's coming (public source on ISO
  release, lab marketplace, CVE channel, community calls)
- FOR_RECRUITERS.md — refreshed showcase with v60 numbers (160 crates,
  17 syscalls, 100 labs, 1,600+ tests, 100% pass rate, 41-stage
  pipeline, 83.54% Rust hot-path, post-quantum integration)

Master-only capabilities (RaaS engine, federation server, license gate,
C2 framework, Fragment Field IDS, Curtain enforcement internals) are
deliberately not described — those are part of the internal Operator
image and not public surface.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 13:45:41 -04:00

97 lines
5.0 KiB
Markdown
Raw Blame History

# Contributing
### *the long-arc community we're building, and how to join it.*
---
Syn_OS is built on the premise that **security is a craft**, and crafts are sustained by communities — not consumers. The community we want around this project is the kind that takes the craft seriously, that can hold a long arc, and that contributes from a place of mastery.
This document describes how to participate today, and what we're building toward.
---
## current state of contribution
The Syn_OS source tree is private. The boundaries between the three images (Operator, GRIMOIRE Public, Goodlife) are still being formalized in ways that affect how external contribution surfaces are exposed. We're being deliberate about opening doors.
That said, **doors are not closed**. They are narrower than they will be.
---
## what we welcome today
### feedback on public-facing documentation
The repository you're reading right now is the project's first impression on the world. If something here is unclear, misleading, or wrong, we want to know. **Open an issue on this repository.** Documentation issues are the one category of community contribution that we have an immediate place for.
### conversations with practitioners
If you're a cybersecurity practitioner, security researcher, kernel engineer, AI/ML systems engineer, or game/training designer — and Syn_OS resonates with the kind of work you'd want to do — we want to know who you are.
We are building a platform that lives or dies by the practitioners around it. The earliest conversations shape the work most.
### lab proposals for GRIMOIRE
GRIMOIRE's 100-lab corpus is hand-authored. As the cohort programs scale, we'll be running curated lab-contribution programs. If you have a specific lab — a real-world scenario, a teaching arc, a vulnerability reproduction with educational depth — we'd be glad to evaluate it.
Open an issue with the title `Lab proposal:` and a one-paragraph description. We'll respond.
### cohort partnerships
If you run a class, a security club, a CTF team, or a corporate training program, and you're interested in piloting GRIMOIRE in a cohort context — open an issue with the title `Cohort partnership:` or reach out through the channels that emerge as the program matures.
---
## what's coming
### public source release for the GRIMOIRE Public image
When the GRIMOIRE Public ISO ships, the source tree carrying the **public profile** will be open. The license is mixed Apache 2.0 + LicenseRef-GRIMOIRE-Public. At that point, full PR-and-issues contribution will be possible against the public surface.
### GRIMOIRE lab marketplace
We're building infrastructure for community-contributed labs to be reviewed, signed, and distributed. Authors get attribution. The integrity manifest enforces quality.
### public CVE / advisory channel
When the GRIMOIRE Public + Goodlife ISOs are publicly distributed, we will operate a coordinated disclosure channel. Until then, security issues found in pre-release artifacts can be reported through the channels noted below.
### community calls and roadmap input
As the cadence of public releases stabilizes, we will run regular community calls — roadmap walk-throughs, design discussions, lab clinics. Watch this repository for announcements.
---
## what we're not yet ready for
- **Forks-and-PRs against the source tree at scale.** The repository carrying the source is private, and the boundaries between what's public and what's internal are still being formalized. External contribution to source becomes available with the public ISO releases.
- **A general-purpose issue tracker for the source repo.** The private repo's issues are internal-only. Once the public ISOs ship, public issues attach to the public source.
None of this is permanent. All of it is "not yet."
---
## code of conduct
Crafts thrive in communities of mutual respect. Discussion in this project's spaces — issue trackers, future forums, future community calls — operates under a posture of: **assume good faith, push back hard on the work, never on the person.**
A formal code of conduct document will be published alongside the public source release. The norms above are the ones we're building toward.
---
## reporting security issues
If you've identified a security issue in any artifact released by this project, please **do not file a public issue**. Instead, open a coordinated disclosure: open a private security advisory through the GitHub interface (or through the channels published with each ISO release).
We respond. We coordinate. We credit researchers in our advisory pages.
---
## the long game
This project is built on multi-year time horizons. The community we want around it is one that operates on the same horizon. If that resonates — **stay close to the work**. The doors will open in their own time. We hope you're there when they do.
---
For the earliest possible signal as channels open: watch this repository. Star it if you're interested. The cadence of changes here tracks the cadence of the project.
Reference in New Issue View Git Blame Copy Permalink