feat(spec): add providers repository split specification#474
Open
marcusburghardt wants to merge 2 commits intocomplytime:mainfrom
Open
feat(spec): add providers repository split specification#474marcusburghardt wants to merge 2 commits intocomplytime:mainfrom
marcusburghardt wants to merge 2 commits intocomplytime:mainfrom
Conversation
Add spec 004 for extracting the OpenSCAP and AMPEL providers from the complyctl repository into the standalone complytime-providers repository. The spec covers the full scope of the migration including: provider source code relocation, terminology rename from 'plugin' to 'provider' across all complyctl surfaces, complytime-providers monorepo layout (single go.mod), CI workflow updates (ci_compliance.yml to download provider binary from complytime-providers releases), and the pkg/plugin → pkg/provider SDK directory rename. RPM spec and testing-farm configuration updates are explicitly deferred to a follow-up specification. Assisted-by: OpenCode (claude-sonnet-4-6@default) Signed-off-by: Marcus Burghardt <[email protected]>
jpower432
reviewed
Apr 16, 2026
jpower432
previously approved these changes
Apr 16, 2026
- Downgrade handshake constant identifier rename from MUST to SHOULD in FR-013 and the related Assumptions entry; the go-plugin framework does not require identifier names to follow any convention, so renaming them is a stylistic preference with no functional impact, left to the implementer's discretion. - Remove local filesystem path from the Dependencies section; the path was developer-machine-specific and irrelevant to other contributors. Assisted-by: OpenCode (claude-sonnet-4-6@default) Signed-off-by: Marcus Burghardt <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add specification 004 for migrating the OpenSCAP and AMPEL provider implementations out of the complyctl repository and into the standalone
complytime-providersrepository.The spec defines the full scope of the migration:
cmd/openscap-plugin/andcmd/ampel-plugin/move tocomplytime-providersas a monorepo with a single rootgo.mod.hashicorp/go-pluginlibrary name and the proto package (complyctl.plugin.v1, deferred to a future major version).pkg/plugin/is renamed topkg/provider/; all internal import paths updated.ci_compliance.ymlis updated to download thecomplyctl-provider-ampelbinary fromcomplytime-providersrelease artifacts instead of building it from source.complytime-providersmay use a temporaryreplacedirective during development; it must be replaced with a published versioned reference before merging.RPM spec and testing-farm / Packit configuration updates are explicitly out of scope and will be addressed in a follow-up specification.
Related Issues
Review Hints
This PR contains only the specification (
specs/004-providers-repository-split/spec.md) and its quality checklist (checklists/requirements.md). No source code changes are included.Risks to consider when reviewing:
pkg/plugin/→pkg/provider/rename changes the published Go import path for the provider SDK. Any external consumer importinggithub.com/complytime/complyctl/pkg/pluginwill break — this must be coordinated with a tagged complyctl release that providers consume via a versionedrequirestatement."COMPLYCTL_PLUGIN"magic cookie and UUID) are preserved byte-for-byte. Only Go identifier names change. Verify this distinction is clearly understood before implementation begins, as getting it wrong silently breaks all provider connections at runtime.ci_compliance.ymldaily workflow has a new hard dependency oncomplytime-providerspublishing release artifacts. Ifcomplytime-providershas no release yet when the complyctl CI is updated, the daily compliance check will fail. The sequencing assumption (providers repo publishes a release first) should be validated before implementation.Improvements unlocked after migration:
complytime-providerswithout any changes to the complyctl repository, eliminating cross-repo PR dependencies for provider lifecycle events.complytime-providersmonorepo layout makes it trivial to add a third provider in the future — just a newcmd/<name>/directory under the existinggo.mod.Flexibility for follow-up changes:
complyctl.plugin.v1→complyctl.provider.v1) is explicitly deferred. The spec documents the rationale (wire compatibility) and leaves a clean decision record for a future major version bump.complytime-providersdoes not preclude splitting providers into separate modules later — the singlego.modis a starting point, not a permanent constraint.