Post-Incident-Proofs

Post-Incident-Proofs is a Lean 4 repository focused on verifiable post-incident evidence workflows. It provides executable checks for logging integrity, rate-limit behavior, version transitions, bundle validation, and operational readiness.

Why This Repository

Incident workflows are often hard to trust when verification is manual or inconsistent. This project makes verification explicit and repeatable through Lean modules plus executable gates that run both locally and in CI.

Current Capability Snapshot

Area	What exists today	How to validate
Build integrity	Lean package and library compile	`lake build`
Logging checks	Log verifier and integrity checks	`lake exe log_verifier`
Rate checks	Rate model verifier	`lake exe rate_verifier`
Version checks	Version roundtrip verifier	`lake exe version_verifier`
Bundle checks	Bundle validation command	`lake exe verify_bundle <path>`
Ops checks	Security, observability, full validation executables	`lake exe security`, `lake exe observability`, `lake exe validate`
Delivery quality	CI gates, hygiene checks, release artifacts	`.github/workflows/`

Quick Start

lake build
lake exe tests
lake exe security
lake exe observability
lake exe validate

Command Reference

Lake executables

lake exe verify_bundle <path>
lake exe log_verifier
lake exe rate_verifier
lake exe version_verifier
lake exe tests
lake exe benchmarks
lake exe security
lake exe observability
lake exe validate

Make targets

make build
make test
make security
make observability
make validate
make benchmark
make ci
make release

Environment and Secrets

Copy .env.example to .env.
Set strong values for:
- GF_SECURITY_ADMIN_USER
- GF_SECURITY_ADMIN_PASSWORD
- APP_HMAC_KEY
Never commit .env files or private key material.
Optional helper for local generation: python scripts/generate_secrets.py.

Quality and Release Pipeline

CI includes verification, benchmark, dependency review, policy lint, and repository hygiene workflows.
Release automation publishes:
- source tarball
- source checksum
- release notes
Scheduled SLO checks run through slo-gate.

Documentation Map

API surface: docs/API.md
Security policy: SECURITY.md
Assurance mapping: docs/ASSURANCE_MATRIX.md
SLOs: docs/SLOS.md
Definition of done: docs/DEFINITION_OF_DONE.md
Contributing guide: CONTRIBUTING.md
Architecture decisions: docs/adr/

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.github		.github
docs		docs
policies		policies
scripts		scripts
src		src
.editorconfig		.editorconfig
.env.example		.env.example
.gitignore		.gitignore
.markdownlint-cli2.yaml		.markdownlint-cli2.yaml
.pre-commit-config.yaml		.pre-commit-config.yaml
.yamllint.yml		.yamllint.yml
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
SECURITY.md		SECURITY.md
docker-compose.yml		docker-compose.yml
lakefile.lean		lakefile.lean
lean-toolchain		lean-toolchain
requirements-dev.txt		requirements-dev.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Post-Incident-Proofs

Why This Repository

Current Capability Snapshot

Quick Start

Command Reference

Lake executables

Make targets

Environment and Secrets

Quality and Release Pipeline

Documentation Map

About

Uh oh!

Releases 1

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Post-Incident-Proofs

Why This Repository

Current Capability Snapshot

Quick Start

Command Reference

Lake executables

Make targets

Environment and Secrets

Quality and Release Pipeline

Documentation Map

About

Resources

License

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 1

Contributors

Uh oh!

Languages