By jctanner
Consensus-based security review for RHOAI strategy documents (STRATs). An orchestrator spawns three independent reviewers to identify security risks, then synthesizes findings with confidence tagging based on cross-reviewer agreement. Covers 39 catalog patterns across auth, data protection, cryptographic compliance, network security, supply chain, and infrastructure.
Score bug report completeness (0-100)
Map bug to available architecture context
Attempt to produce a fix for a bug
Generate a comprehensive test plan for a bug
Write QE tests for opendatahub-tests based on a fix attempt and test plan
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Integration and deployment repository for the RHOAI (Red Hat OpenShift AI) AI-first engineering platform. It combines an active Python pipeline for bug, RFE, and strategy work with a K3s-hosted suite of workflow, CI simulation, observability, and trace-analysis services.
This repository owns the integration layer: the Python CLI/dashboard, workflow
definitions, container assembly, Kubernetes manifests, and operational scripts.
Several deployed applications are independent repositories checked out under
the gitignored deploy/repos/ directory. The manifests and deployment script,
not the contents of every local checkout, define the component stack.
The platform is designed to define, run, observe, evaluate, and govern AI-native software-engineering workflows against realistic but isolated services. It can connect business intent to planning, investigation, code, CI, and evidence while preserving the execution history needed to understand and compare the result.
Its central goal is continuous improvement: turn execution traces and generated artifacts into evidence-backed feedback for skills, context, retrieval, workflows, models, tools, and policies. Findings from one run become targeted changes and regression cases for the next, creating a measurable engineering quality loop rather than a collection of one-off agent prompts.
Skills + context + models + policy
|
v
Workflow execution
|
v
Artifacts + traces + claims
|
v
Evidence-based verification
|
v
Root-cause attribution
|
v
Targeted change + regression replay
The reference scenario in var/demos/end-to-end/
demonstrates the current platform arc:
RFE -> quality gate -> strategy -> review -> epic decomposition
-> investigation and code generation
It resets the local service environment, imports source and skill repositories, seeds Jira, launches instrumented agent jobs through the dashboard, fans work out through Markov, and records artifacts and telemetry. The scenario is destructive by design, which makes complete runs reproducible and suitable for workflow, skill, model, harness, and policy comparisons.
graph TB
subgraph host["Host Machine"]
proxy["Go Reverse Proxy<br/>*.local TLS routing"]
end
subgraph k3s["K3s Cluster"]
direction TB
subgraph core["Core Services"]
dashboard["Pipeline Dashboard<br/>dashboard.local"]
markov["markovd + Markov Jobs<br/>markov.local<br/>Workflow Control Plane"]
mlflow["MLflow<br/>mlflow.local<br/>Experiment Tracking"]
es["Elasticsearch<br/>Trace Indexing"]
observatory["Observatory<br/>observatory.local<br/>Claim Verification"]
end
subgraph emulators["Service Emulators"]
github["GitHub Emulator<br/>github.local"]
gitlab["GitLab Emulator<br/>gitlab.local"]
jira["Jira Emulator<br/>jira.local"]
runner["GitLab Runner<br/>K8s Executor"]
end
subgraph infra["Infrastructure"]
certmgr["cert-manager<br/>Internal CA"]
traefik["Traefik<br/>Ingress Controller"]
end
jobs["Pipeline / Workflow Jobs<br/>Claude SDK · OpenCode · agentic-ci"]
end
proxy --> traefik
traefik --> dashboard & mlflow & markov & observatory
traefik --> github & gitlab & jira
runner --> gitlab
dashboard --> jira & mlflow & markov
markov --> jobs
jobs --> jira & github & gitlab & mlflow
mlflow -.->|trace sync| es
observatory --> github & gitlab & jira
certmgr -.->|TLS certs| traefik
The pipeline uses a .context/ directory (gitignored) for external reference data:
.context/architecture-context/ — architecture docs for RHOAI components (read-only reference for agents).context/odh-tests-context/ — test context files (.json + .md) describing how to lint/test each repo in a containerRFE and strategy skills live in an external repo:
remote_skills/rfe-creator/ — cloned repo with RFE/strategy skill definitions, scripts, and its own CLAUDE.mdThese are gitignored and must be cloned or populated separately.
npx claudepluginhub ikredhat/skills-registry --plugin rhoai-security-reviewerComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Harness-native ECC operator layer - 60 agents, 232 skills, 75 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
UI/UX design intelligence. Searchable local database with 84 styles, 192 palettes, 74 font pairings, 25 charts, and 22 stacks (React, Next.js, Vue, Nuxt.js, Nuxt UI, Svelte, Astro, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui, Jetpack Compose, Angular, Laravel, JavaFX, WPF, WinUI, Avalonia, Uno Platform, UWP, Three.js). Use when designing, building, or reviewing UI: pages, components, color schemes, typography, layout, accessibility, animation, or data visualization.
A growing collection of Claude-compatible academic workflow bundles. Covers scientific figures, manuscript writing and polishing, reviewer assessment, citation retrieval, data availability, paper reading, literature search, response letters, paper-to-PPTX conversion, and evidence-grounded Chinese invention patent drafting. Rules are organized as reusable skill folders with explicit workflows and quality checks.
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security