Library Tools Roadmap
Dependencies
- Phase 0: Local development + Git-based CI workflows.
- Phase 1: Metadata server delivered by end of Phase 1; upstream publishing capabilities unlocked.
- Phase 2: Remote server integration features that depend on Phase 1 delivery.
Gate: Phase 2 starts only after the upstream metadata server is delivered at the end of Phase 1.
Phase 0: Local Development and CI
Contexts
- Local repositories.
- Git-based CI/CD (GitHub, GitLab, etc.).
Commands
library initlibrary lintlibrary buildlibrary scanlibrary refurbish
Capabilities
- Manifest-canonical metadata model.
library builduses buildx passthrough with guardrails.
Out of scope
- Metadata server integration.
- Remote discovery/search.
- Non-repo local directory mode.
library curateandlibrary push.
Phase 1: Curate and Push
New Commands
library curate.library pushphase separation:library push imagelibrary push metadatalibrary push all
New Capabilities
library curateandlibrary pushare implemented.- Metadata server integration for publishing curated metadata.
Improvements
- Expand
library refurbishto support multiple backends (e.g.,apt,pip).
Acceptance Criteria
- Metadata server delivered and stable.
- End-to-end publish + search flow validated.
Phase 2: Remote Server Integration
Policy and Provenance
- Policy profile management and overrides:
default,strict,expert+ tool-level override support.library set policy <profile>library get policylibrary list policy- Provenance workflows:
library searchfor discovery.library attestlibrary verifylibrary pushphase separation additions:library push attestations
Quality of Life
- Improve
library curatewith import/suggestion flow from Dockerfile or image during curation. - Remote metadata workflows:
library pull(fetch image + metadata)library diff(compare local vs remote)library tag(tag local image + metadata)library deprecate(deprecate image + metadata)