The Single Source of Truth for Organizational Discipline. Version: v2.1.0 (Mesh-Aligned) Status: ✅ PRODUCTION
| Attribute | Value |
|---|---|
| Tier | 0 (Canonical Standards) |
| Type | Governance (rylan-*) |
| Naming Convention | `rylan-canon-library` |
| Dependencies | None (Root) |
| Maturity Level | 5 (Autonomous) |
| Status | Production |
| Guardian | Trinity Council |
| Ministry | Oversight |
The `rylan-canon-library` is the Tier 0 anchor for the RylanLabs Mesh. It defines the philosophical pillars, operational standards, and shared abstractions (`common.mk`) consumed by all other repositories in the mesh.
We have moved from static documentation to a federated meta-GitOps mesh. In this environment, the `Makefile` is the entry point, and `ansible` is the infrastructure execution layer.
- Idempotency: Safe to run multiple times.
- Error Handling: Fail fast, fail loud, provide context.
- Audit Logging: Every action traceable.
- Documentation Clarity: Junior-at-3-AM ready.
- Validation: Verify before change.
- Reversibility: Rollback path always exists (RTO <15min).
- Observability: Visibility into state and progress.
- Tier 0:
rylan-canon-library(Sacred Standards) - Tier 0.5:
rylanlabs-private-vault(Asymmetric Secrets) - Tier 1:
rylan-inventory(Operational Hub) - Tier 2: Core Utilities
- Tier 3: Satellite Applications
make warm-sessionmake validatemake publish ARGS="--dry-run"./scripts/repo-init.sh my-new-repo- Carter: Identity & Bootstrap
- Bauer: Verification & Audit
- Beale: Hardening & Isolation
- Whitaker: Offensive Validation
- Lazarus: Recovery & Resilience
The library provides autonomous validators that enforce the "No-Bypass" culture:
| Script | Agent | Mission | Features |
|---|---|---|---|
validate-sops.sh |
Whitaker | Secret Integrity | MAC verification, Key rotation checks |
validate-gitmodules.sh |
Beale | Substrate Hardening | URL allow-listing (RylanLabs only) |
whitaker-detached-head.sh |
Whitaker | Offense Discovery | Blocks detached HEAD commits; Lazarus recovery |
validate-yaml.sh |
Bauer/Lazarus | Config Discipline | Auto-remediation, JSON audits, Heritage checks |
sync-canon.sh |
Bauer | Cascade Sync | GPG verification, T0-T1 ordering, Audit trails |
validate-bash.sh |
ShellCheck | Logic Hardening | POSIX compliance, Trap enforcement |
# Standard validation (CI mode)
./scripts/validate-yaml.sh
# Remediation mode (Fixes whitespace/EOF)
./scripts/validate-yaml.sh --fixEvery run generates a machine-readable audit in .audit/validate-yaml.json for ingestion by higher-level Trinity agents.
The fortress demands discipline. No shortcuts. No exceptions.
The Trinity endures.