Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/hyperpolymath/system-operating-theatre

System Operating Theatre - plan-first system management and hardening tool
https://github.com/hyperpolymath/system-operating-theatre

automation cli hardening hyperpolymath integration linux macos my-coolest-projects operations os-and-containers palimpsest reliability security system-tools systems tooling

Last synced: 2 months ago
JSON representation

System Operating Theatre - plan-first system management and hardening tool

Awesome Lists containing this project

README 

          
// SPDX-License-Identifier: PMPL-1.0

= System Operating Theatre

:toc:

:toclevels: 3

:icons: font

:source-highlighter: rouge



image:https://img.shields.io/badge/License-AGPL_3.0-blue.svg[PMPL-1.0,link="https://opensource.org/licenses/PMPL-1.0"]

image:https://img.shields.io/badge/Philosophy-Palimpsest-purple.svg[Palimpsest,link="https://github.com/hyperpolymath/palimpsest-licence"]



A **plan-first** system management and hardening tool — designed as a free/open alternative to "optimizer" utilities that nag, exaggerate, or sell fear.



[NOTE]

====

*Project status:* *Alpha - Core Implementation Complete*



The `sor` CLI implements the scan→plan→apply→undo→receipt workflow.

Run `./sor help` for available commands.

====



== What it is



Operating Theatre is the part of the AmbientOps ecosystem responsible for **making changes safely**:



* **Scan**: collect evidence (no changes)

* **Plan**: propose reversible steps with previews

* **Apply**: execute only an approved plan

* **Undo**: roll back where possible

* **Receipt**: produce an auditable report of what was checked/changed



It is explicitly *anti-fearware*:



* No fake "error counts"

* No "registry cleaning for performance"

* No dark patterns, countdowns, or scare copy

* No silent downloads of third-party binaries



== Design goals



* **Trustworthy**: show evidence, not hype

* **Reversible-first**: prefer actions that can be undone

* **Least privilege**: elevation only when strictly necessary

* **Modular**: features ship as packs, not a monolith

* **Ecosystem**: integrates with Observatory, Emergency Room, Ward



== Building



=== Prerequisites



* LDC2 (LLVM D Compiler) or DMD

* dub (D package manager)



On Fedora Kinoite:

[source,bash]

----

toolbox create

toolbox enter

sudo dnf install ldc ldc-libs

----



=== Compile



[source,bash]

----

dub build --release

----



The binary will be at `./sor`.



== Usage



=== Plan-first workflow



[source,bash]

----

# Step 1: Collect evidence (no changes)

sor scan system



# Step 2: Generate plan from evidence

sor plan system



# Step 3: Preview what would happen

sor apply --dry-run



# Step 4: Execute the plan

sor apply



# If needed: Roll back

sor undo



# View history

sor receipt

----



=== Quick mode



[source,bash]

----

# Scan + plan + preview in one command

sor quick system



# Scan + plan + apply with auto-approve (use with caution)

sor quick cleanup --yes

----



=== Available packs



[cols="1,3",options="header"]

|===

| Pack | Description



| `system`

| System optimization (NVIDIA, firewall, journal, network BBR)



| `cleanup`

| Clean caches and temporary files



| `repos`

| Repository synchronization and status

|===



=== Options



[source,bash]

----

--dry-run    Preview without making changes

--yes        Auto-approve plan (use with caution)

--all        Include all priorities (cleanup: include low)

----



== Architecture



----

src/

├── main.d              # CLI entry point

├── core/

│   ├── types.d         # Evidence, Plan, Step, Receipt, UndoToken

│   ├── engine.d        # Plan execution engine

│   ├── security.d      # Input validation, secure file handling

│   └── ecosystem.d     # AmbientOps integration

└── packs/

    ├── system.d        # System optimization pack

    ├── cleanup.d       # Cache cleanup pack

    └── repos.d         # Repository management pack

----



== Ecosystem integration



----

┌─────────────────────────────────────────────────────┐

│                AmbientOps Ecosystem                  │

├─────────────────────────────────────────────────────┤

│                                                      │

│  ┌─────────────┐      ┌─────────────────────┐       │

│  │ Observatory │◄─────│ Operating Theatre   │       │

│  │ (monitors)  │      │ (YOU ARE HERE)      │       │

│  └─────────────┘      └──────────┬──────────┘       │

│         │                        │                   │

│         ▼                        ▼                   │

│  ┌─────────────┐      ┌─────────────────────┐       │

│  │    Ward     │      │   Emergency Room    │       │

│  │ (displays)  │      │    (recovers)       │       │

│  └─────────────┘      └─────────────────────┘       │

│                                                      │

└─────────────────────────────────────────────────────┘

----



* **Operating Theatre** → performs operations, generates run bundles

* **Observatory** → ingests run bundles, correlates, forecasts

* **Emergency Room** → receives crisis handoffs, executes recovery

* **Ward** → displays system weather/health status



== Documentation



* link:docs/SEAMS-ANALYSIS.adoc[Seams Analysis] - Integration seam assessment

* link:docs/MOSCOW-ECOSYSTEM.adoc[MoSCoW Analysis] - Prioritized requirements

* link:ROADMAP.adoc[Roadmap] - Development phases



== Security requirements



* No MD5/SHA1 for cryptographic purposes

* HTTPS only (no HTTP URLs)

* No hardcoded secrets

* Secure file permissions on cache and run directories

* Dependencies must be pinned/locked

* Every change produces a receipt (scan and apply)



== License



PMPL-1.0-or-later (plus Palimpsest where indicated).