Tags

Tags give the ability to mark specific points in history as being important

  • v1.1.0

    f353b999 · ci: bump catalog pin v3.0.0 -> v3.3.0 across includes + templates · 
    v1.1.0 -- paper template, build-time previews, agent surface expansion.

Second release of the Public Sector reference. Substantive additions
across templates, build system, agent surface, and the reference site
itself. No breaking schema changes; consumer .reference.yaml files
keep working.

Templates:
- templates/paper/ -- third project template alongside lab/ and docs/.
  Two-column academic LaTeX with design/typeset/gitlab.sty (slate/steel
  palette, preprint watermark, amsmath/amssymb/cleveref/tikz preloaded).
  `make new-project TEMPLATE=paper` stamps a working paper repo wired
  to the paper@~latest catalog component.

Build system:
- Ephemeral build-time template-preview capture
  (site/scripts/capture-template-previews.mjs). Stamps each template,
  screenshots lab + docs via Playwright Chromium, renders paper via
  tectonic + pdftoppm. Decoupled from `make build` so contributors
  without TeX + Playwright + python3 can still build the site locally.
- New CI job capture-template-previews using the catalog's ci-latex
  image (pinned to the SHA that baked Node + Chromium runtime libs
  via gitlab-com/public-sector/pipeline!53). Pages job picks up the
  three PNG artifacts via stage-cascade.
- design/chrome/docs/ as single source of truth for docs-template
  tokens + chrome CSS. The reference's own site @imports from this
  directory; `make new-project TEMPLATE=docs` vendors a copy into
  the consumer's site/public/design/.
- sync-versions.sh and validate-versions.sh now sweep every
  .reference.yaml in the tree, not just the root one. Architectural
  fix: prior behavior silently downgraded every newly-stamped project
  to the predecessor reference version.

Agent surface:
- Root-level .ai/*.md and template-level authoring guides
  (templates/docs/.ai/docs-authoring.md, templates/lab/.ai/
  lab-authoring.md) publish as /agents/<topic>/ via the llms-txt
  integration. Tools that consume llms.txt get a complete dispatch
  table out of the box. llms-full.txt expanded to ~330 KB.
- site/src/lib/url.ts withBase() helper propagated into the docs
  template; every internal link goes through it so projects
  deploying under a path prefix resolve correctly.

Site:
- Start section restructured: /start/ is a landing page; /start/adopt/
  and /start/contribute/ are first-class pages.
- Nine-capability home page replaces the prior five-card layout.
- README \"Paths\" section replacing the prior \"Pick a door\"
  phrasing for a professional tone consistent with the rest of the
  voice.

Standards:
- standards/repository/SKILL.md codifies the brand-artifact
  discipline: heroes and avatars do not track versions, never depict
  a layout tree, prefer SVG over mermaid, prefer principles over
  instance-specific labels.

Catalog pin:
- Pipeline catalog bumped v3.0.0 -> v3.3.0 across includes
  (vale, pages) and template starters
  (standards/pipeline/templates/.gitlab-ci.yml,
  standards/provenance/templates/release-pipeline-include.yml).

Deferred to a follow-up release:
- pipeline/reference-check catalog component. Until it lands,
  consumers run `make check REPO=\$CI_PROJECT_DIR` in a project-side
  CI job. The .reference.yaml schema this release stabilizes is
  forward-compatible.
- Sector-specific control subsets (NIST 800-171 for DoD, HIPAA
  Security Rule for Health, etc.). The unified matrix already lists
  every framework; the subset bundles for one-line
  applicable_frameworks: dod selection ship in a later minor.
- Standard-status flips on the v1.0.0 schedule (security-md,
  agents-md to enforcing at +30 days). Statuses remain at their
  v1.0.0 values in this release.

  • v1.0.0

    04167837 · ci(pages): subshell install/build commands so cwd survives between steps · 
    v1.0.0 -- Initial release of the Public Sector reference.

A conformance contract published as Markdown: 17 standards under
standards/, each with prose (SKILL.md), executable assertions
(check.sh) restricted to a closed 9-primitive set, and
lift-and-replace templates. The Astro site serves both human pages
and an agent surface (llms.txt + per-standard Markdown).

Schema:
- One exemptions: list in .reference.yaml keyed by until: date
  (replaces the earlier deferred: + deviations: split).
- Standards declare project-shape preconditions via applies_when_file
  (the 9th primitive added at v1.0.0): a standard that does not
  apply to a project's shape SKIPs rather than FAILs.

The reference's own pipeline dogfoods the catalog (pages@v3.0.0,
vale@v3.0.0). Pre-push CI lint via glab; in-pipeline parallelism
via needs: []; xlarge SaaS runners for tight wallclock.

Out of scope at v1.0.0:
- reference-check catalog component (planned for catalog v3.1.0).
- Live release verification (signature, SBOM, SLSA freshness) --
  owned by GitLab's Compliance product downstream.