Sync OSS code

Author: Symbiont OSS Sync

.dockerignore

@@ -0,0 +1,93 @@
+# Git and GitHub files
+.git/
+.github/
+
+# Rust build artifacts - be very explicit
+**/target/
+target/
+crates/runtime/target/
+crates/dsl/target/
+debug/
+release/
+
+# Examples and documentation not needed for build
+crates/runtime/examples/
+examples/
+crates/runtime/docs/
+docs/
+*.md
+README*
+CHANGELOG*
+LICENSE*
+
+# Test files
+tests/
+crates/runtime/tests/
+crates/dsl/tests/
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*.vim
+
+# OS files
+.DS_Store
+Thumbs.db
+._*
+
+# Logs and temporary files
+*.log
+*.tmp
+*.temp
+*.bak
+
+# Environment files
+.env
+.env.*
+!/.env.example
+
+# Cache directories
+.cache/
+tmp/
+temp/
+
+# Large data files
+*.db
+*.sqlite
+*.sqlite3
+data/
+
+# Compiled binaries and libraries
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Archive files
+*.zip
+*.tar.gz
+*.tgz
+*.rar
+
+# Tree-sitter generated files (keep only what's needed)
+crates/dsl/tree-sitter-symbiont/node_modules/
+crates/dsl/tree-sitter-symbiont/package-lock.json
+
+# Roo mode files
+.roomodes
+.roo
+
+# Enterprise (excluded for OSS builds)
+enterprise/
+
+# Additional Rust-specific exclusions
+**/*.orig
+**/*.rej
+**/Cargo.lock.bak
+**/.cargo/
+.rustup/
+**/coverage/
+**/flamegraph.svg
+**/*.profraw

.github/workflows/docker-build.yml

@@ -0,0 +1,48 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: thirdkeyai/symbi
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha
+          type=raw,value=latest,enable={{is_default_branch}}
+    
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docs.yml

@@ -0,0 +1,121 @@
+name: Deploy OSS Documentation
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'docs/**'
+      - '.github/workflows/docs.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  security-check:
+    name: Security Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Verify no enterprise content
+        run: |
+          echo "🔍 Verifying documentation contains no enterprise content..."
+          
+          # Check for enterprise folder
+          if [[ -d "enterprise" ]]; then
+            echo "❌ ERROR: Enterprise folder found in public repo!"
+            exit 1
+          fi
+          
+          # Check for sensitive patterns in docs
+          sensitive_patterns=("password" "secret" "private_key" "api_key")
+          for pattern in "${sensitive_patterns[@]}"; do
+            if grep -r -i "$pattern" docs/ --exclude-dir=_site 2>/dev/null | grep -v "example" | grep -v "placeholder"; then
+              echo "⚠️  WARNING: Potential sensitive content found for pattern: $pattern"
+              grep -r -i "$pattern" docs/ --exclude-dir=_site | grep -v "example" | grep -v "placeholder"
+            fi
+          done
+          
+          echo "✅ Documentation security check passed"
+
+  build:
+    name: Build Documentation
+    runs-on: ubuntu-latest
+    needs: security-check
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.1'
+          bundler-cache: true
+          working-directory: docs
+
+      - name: Setup Pages
+        id: pages
+        uses: actions/configure-pages@v4
+
+      - name: Install dependencies
+        run: |
+          cd docs
+          bundle install
+
+      - name: Build with Jekyll
+        run: |
+          cd docs
+          bundle exec jekyll build
+        env:
+          JEKYLL_ENV: production
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: docs/_site
+
+  deploy:
+    name: Deploy to GitHub Pages
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    outputs:
+      page_url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
+
+  validate-deployment:
+    name: Validate Deployment
+    runs-on: ubuntu-latest
+    needs: deploy
+    if: success()
+    steps:
+      - name: Check deployment
+        run: |
+          echo "🌐 Validating deployed documentation..."
+          
+          # Wait for deployment to be available
+          sleep 30
+          
+          # Basic connectivity check
+          if curl -s -f "${{ needs.deploy.outputs.page_url }}" > /dev/null; then
+            echo "✅ Documentation site is accessible"
+          else
+            echo "❌ Documentation site is not accessible"
+            exit 1
+          fi
+          
+          echo "📖 Documentation deployed successfully"
+          echo "URL: ${{ needs.deploy.outputs.page_url }}"

.github/workflows/security-check.yml

@@ -0,0 +1,54 @@
+name: Security Check
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: thirdkeyai/symbi
+
+jobs:
+  security-check:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha,prefix={{branch}}-
+    
+    - name: Run security check
+      run: |
+        # Get the current commit SHA
+        COMMIT_SHA=$(git rev-parse HEAD)
+        
+        # Try to pull and run the image with version check
+        if docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_SHA} 2>/dev/null; then
+          echo "Found existing image for commit ${COMMIT_SHA}"
+          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_SHA} --version
+        else
+          echo "Image not found for commit ${COMMIT_SHA}, building locally..."
+          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_SHA} .
+          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_SHA} --version
+        fi