feat: add k9iser.toml and generate K9 contracts

hyperpolymath · claude · hyperpolymath · commit 67b9b0f91152 · 2026-04-04T15:57:07.000+01:00
Adds k9iser manifest for conflow (hunt tier). Sources: Cargo.toml,
Justfile, Containerfile, CI workflows. Config flow orchestrator CLI.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/k9iser.toml b/k9iser.toml
@@ -0,0 +1,51 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+#
+# k9iser manifest for conflow
+# Generates K9 contracts from repo configuration files.
+# conflow is a configuration flow orchestrator for CUE, Nickel, and config validation
+
+[project]
+name = "conflow"
+safety_tier = "hunt"
+
+[[source]]
+path = "Cargo.toml"
+type = "cargo"
+output = "generated/k9iser/cargo-manifest.k9"
+
+[[source]]
+path = "Justfile"
+type = "justfile"
+output = "generated/k9iser/justfile-recipes.k9"
+
+[[source]]
+path = "Containerfile"
+type = "containerfile"
+output = "generated/k9iser/container-build.k9"
+
+[[source]]
+path = ".github/workflows/hypatia-scan.yml"
+type = "workflow"
+output = "generated/k9iser/ci-security.k9"
+
+[[source]]
+path = ".github/workflows/codeql.yml"
+type = "workflow"
+output = "generated/k9iser/ci-codeql.k9"
+
+[[constraint]]
+rule = "build.dependencies has no banned_packages"
+severity = "error"
+
+[[constraint]]
+rule = "build.features does not include debug_assertions in release profile"
+severity = "warn"
+
+[[constraint]]
+rule = "workflows includes hypatia-scan"
+severity = "error"
+
+[[constraint]]
+rule = "cue.schemas validate against nickel.contracts"
+severity = "warn"
