{"id":50407120,"url":"https://github.com/tas50/cinc-zero","last_synced_at":"2026-05-31T02:03:36.721Z","repository":{"id":361495512,"uuid":"1254660676","full_name":"tas50/cinc-zero","owner":"tas50","description":"Fully in-memory Chef Infra Server in Go for test pipelines — real Mixlib auth, Policyfiles \u0026 policy groups first-class","archived":false,"fork":false,"pushed_at":"2026-05-30T23:18:39.000Z","size":103,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-30T23:19:22.295Z","etag":null,"topics":["chef","chef-infra","golang","in-memory","policyfile","testing"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tas50.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-30T21:12:38.000Z","updated_at":"2026-05-30T23:18:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/tas50/cinc-zero","commit_stats":null,"previous_names":["tas50/cinc-zero"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/tas50/cinc-zero","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tas50%2Fcinc-zero","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tas50%2Fcinc-zero/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tas50%2Fcinc-zero/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tas50%2Fcinc-zero/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tas50","download_url":"https://codeload.github.com/tas50/cinc-zero/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tas50%2Fcinc-zero/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33716342,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","chef-infra","golang","in-memory","policyfile","testing"],"created_at":"2026-05-31T02:03:36.067Z","updated_at":"2026-05-31T02:03:36.707Z","avatar_url":"https://github.com/tas50.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cinc-zero\n\nA fully in-memory [Chef Infra Server](https://docs.chef.io/server/) implemented\nin Go, for use in test pipelines. It speaks the real Chef Infra Server API and\nauthenticates real `chef-client` / `knife` / `cinc` clients using genuine\n[Mixlib::Authentication](https://github.com/chef/mixlib-authentication) signed\nrequests — but keeps everything in memory, so it starts instantly and leaves\nnothing behind.\n\nCompared to [chef-zero](https://github.com/chef/chef-zero), cinc-zero treats\n**Policyfiles and policy groups** as first-class.\n\n## Status\n\n| Area | State |\n|------|-------|\n| In-memory store (org-scoped + global) | ✅ |\n| Mixlib auth v1.0 / 1.1 / 1.3 (verified against the real gem) | ✅ |\n| Nodes, roles, environments | ✅ |\n| Clients, users (with key generation) | ✅ |\n| Data bags + items | ✅ |\n| Policyfiles, policy revisions, policy groups (deploy/pull) | ✅ |\n| Multi-org + organization management API | ✅ |\n| Embeddable library, standalone binary, Docker image | ✅ |\n| Cookbooks + sandboxes + file store (upload/download, `_latest`, `_recipes`) | ✅ |\n| Cookbook artifacts + `/universe` | ✅ |\n| Search (in-process Solr query engine + Chef document expander) | ✅ |\n| Authz groups / containers (structural) | ✅ |\n| ACL endpoints (`_acl`, permissive/structural) | ✅ |\n| Key management API (client/user named keys, v1) | ✅ |\n| `authenticate_user`, user↔org association + invite flow (`association_requests`) | ✅ |\n| Environment/role sub-endpoints (cookbook filtering, depsolve, recipes, nodes, run lists) | ✅ |\n| Server endpoints (`_stats`, `required_recipe`, `principals`, API-version negotiation) | ✅ |\n| chef-repo loader (JSON objects, data bags, cookbook dirs) | ✅ |\n\nSee [`docs/superpowers/specs`](docs/superpowers/specs) for the full design.\n\n## Use as a Go library\n\n```go\nimport \"github.com/tas50/cinc-zero/server\"\n\nsrv, _ := server.New(server.Options{Orgs: []string{\"test\"}})\n_ = srv.Start()\ndefer srv.Stop(context.Background())\n\nbaseURL  := srv.URL()                 // http://127.0.0.1:NNNNN\nadminKey := srv.AdminKey()            // PEM private key for the admin user\nadminID  := srv.AdminName()           // \"pivotal\"\n// Sign requests with auth.SignRequest, or point knife/chef-client at baseURL.\n```\n\nFor tests that don't want to sign requests, set `Options{DisableAuth: true}`.\n\n## Use as a binary\n\n```sh\ngo build -o cinc-zero ./cmd/cinc-zero\n./cinc-zero --addr 127.0.0.1:8889 --orgs test --key-out admin.pem\n```\n\nPass `--repo ./chef-repo` to preload an on-disk chef-repo (its `nodes/`,\n`roles/`, `environments/`, `clients/`, `policies/`, `policy_groups/`,\n`data_bags/`, and `cookbooks/`) into the first org at startup, mirroring\n`knife upload`. Files under `policies/` are Policyfile locks (named\n`\u003cname\u003e-\u003crevision\u003e.json`); each loads as a policy revision keyed by its\n`revision_id`, and `policy_groups/\u003cgroup\u003e.json` pins policies to a group.\nCookbook directories are checksummed into the blob store and served with a\nsynthesized manifest.\n\n## Docker\n\n```sh\ndocker build -t cinc-zero .\ndocker run -p 8889:8889 cinc-zero\n```\n\n## Development\n\n```sh\ngo test ./... -race -cover\n```\n\nAuthentication golden vectors under `internal/auth/testdata` are generated from\nthe real `mixlib-authentication` gem via `ruby gen_vectors.rb`, guaranteeing\nbyte-for-byte compatibility with Chef clients.\n\n### Conformance\n\nA build-tagged suite drives the real **`knife` CLI** (from Cinc Workstation)\nagainst an in-process cinc-zero server, exercising signed reads/writes, search,\nand the cookbook sandbox/upload flow:\n\n```sh\nmake conformance        # needs knife from Cinc Workstation: https://omnitruck.cinc.sh/install.sh\n```\n\nIt skips automatically when no runnable `knife` is present, and runs in CI\n(`.github/workflows/conformance.yml`) after installing Cinc Workstation via\nomnitruck.\n\n## License\n\ncinc-zero is licensed under the [Business Source License 1.1](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftas50%2Fcinc-zero","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftas50%2Fcinc-zero","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftas50%2Fcinc-zero/lists"}