Skip to content

hyperpolymath/k9-pre-commit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.machine_readable
.machine_readable
 
 
.well-known
.well-known
 
 
container
container
 
 
docs
docs
 
 
examples
examples
 
 
features
features
 
 
hooks
hooks
 
 
src
src
 
 
tests/fuzz
tests/fuzz
 
 
verification
verification
 
 
.editorconfig
.editorconfig
 
 
.envrc
.envrc
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.guix-channel
.guix-channel
 
 
.pre-commit-hooks.yaml
.pre-commit-hooks.yaml
 
 
.tool-versions
.tool-versions
 
 
0-AI-MANIFEST.a2ml
0-AI-MANIFEST.a2ml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.adoc
CONTRIBUTING.adoc
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Containerfile
Containerfile
 
 
EXPLAINME.adoc
EXPLAINME.adoc
 
 
Justfile
Justfile
 
 
LICENSE
LICENSE
 
 
README.adoc
README.adoc
 
 
ROADMAP.adoc
ROADMAP.adoc
 
 
SECURITY.md
SECURITY.md
 
 
contractile.just
contractile.just
 
 
flake.nix
flake.nix
 
 
guix.scm
guix.scm
 
 
selur-compose.toml
selur-compose.toml
 
 

Repository files navigation

k9-pre-commit

Overview

Pre-commit hook for validating K9 configuration files.

K9 is a Nickel-based configuration contract format used for deployment validation and policy enforcement. This hook validates .k9 and .k9.ncl files on commit.

Checks Performed

  1. K9! magic number — First non-empty line must be exactly K9!

  2. SPDX headerSPDX-License-Identifier in the first 10 lines

  3. Pedigree blockpedigree = { …​ } with name and version fields

  4. Security levelleash/security_level must be kennel, yard, or hunt

  5. Hunt-level signature — Hunt files must include signature or signature_required

Installation

Add to your .pre-commit-config.yaml:

repos:
  - repo: https://github.com/hyperpolymath/k9-pre-commit
    rev: v1.0.0
    hooks:
      - id: validate-k9

Then install:

pre-commit install

Manual Usage

You can also run the hook script directly:

./hooks/validate-k9.sh path/to/file.k9.ncl [more-files.k9 ...]

Security Levels

Level Trust Requirements

kennel

Data-only

No signature required

yard

Validated

Nickel contracts enforced

hunt

Full access

Signature required

Author

Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>

License

SPDX-License-Identifier: PMPL-1.0-or-later

See LICENSE for details.

About

Pre-commit hook for K9 configuration validation

Topics

validation linting pre-commit nickel k9 rsr palimpsest hyperpolymath

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages