github.com/gemaraproj/gemara@v0.23.0

docs/adrs/0004-go-sdk-layer-4.md raw

 1---
 2layout: page
 3title: Extend Go SDK for "Layer 4" Based on the Privateer Project
 4---
 5
 6- **ADR:** 0004
 7- **Proposal Author(s):** @eddie-knight
 8- **Status:** Accepted; Modified by [ADR-0009](./0009-sensitive-activities) (numbering for layers 3+)
 9
10## Context
11
12_FINOS Common Cloud Controls (CCC)_ community maintains a custom tool, [Privateer](https://privateerproj.com), which uses our SDK to ingest CCC documents for the automatic generation of plugins designed to assess that "Layer 2" catalog's assessment requirements.
13
14The plugin generates an output which is designed to streamline the organization and presentation of evidence following an assessment. The Privateer schema has already served as the foundation for the "Layer 4" schema. We may be able to extract much of the Privateer logic into a shared SDK that can be used by Privateer or other tools seeking to be compatible with our schemas.
15
16## Action
17
18Identify and extract the relevant capabilities from Privateer into a new package within our Go SDK. Support Privateer in migrating to use the new SDK instead of its current internal logic.
19
20## Consequences
21
22Positive: Standardized tooling for "Layer 4" compatible documents
23Negative: Significantly increased maintenance requirements for the project
24
25## Alternatives Considered
26
27We could write a net-new independent SDK, or none at all.