core/php-devops
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

docs: add contributor onboarding for distributed compute network

Browse source 
Host UK CIC mission: aggregate free tier compute to benefit OSS commons

Added:
- CONTRIBUTING.md: 5-minute contributor onboarding guide
- scripts/contribute.sh: One-command setup for new contributors
- Updated free-tier-services.md: Mission context, economics explained

The model:
- 100 contributors × free tiers = enterprise-scale compute
- core monitor aggregates findings from all sources
- Tasks routed to Host UK packages AND unfunded OSS projects
- LLMs learned from OSS, we give back

Who pays: Microsoft, Google, Groq (marketing budgets)
Who benefits: Open source commons

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Snider 2026-01-31 22:44:17 +00:00
parent 9c10ff9b1c
commit 6d34cbe33c
3 changed files with 362 additions and 112 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,139 @@
# Contributing Compute to Host UK
**Host UK is a UK Community Interest Company (CIC)** - a social enterprise legally required to use our work for community benefit. Our assets are locked for public good, not shareholders.
## The Mission
1. **Build tools** that make development easier (core CLI, modules)
2. **Aggregate free compute** from community members' unused allowances
3. **Give back** by fixing security issues in unfunded OSS projects
The LLMs learned to code from open source. We're directing resources back to those projects.
---
## Contribute Compute (5 minutes)
You don't need to write code. Your unused free tier allowances become part of a distributed network that fixes OSS.
### Step 1: Fork this repo
```bash
gh repo fork host-uk/core-devops --clone
cd core-devops
```
### Step 2: Add your free API keys
```bash
# Gemini (1500 req/day free)
# Get key: https://aistudio.google.com/apikey
gh secret set GEMINI_API_KEY
# Groq (14,400 req/day free)
# Get key: https://console.groq.com/keys
gh secret set GROQ_API_KEY
# Optional: More services
gh secret set MISTRAL_API_KEY # https://console.mistral.ai/
gh secret set COHERE_API_KEY # https://dashboard.cohere.com/
```
### Step 3: Enable GitHub Actions
Go to your fork → Actions tab → Enable workflows
### Step 4: Done!
Your fork now:
- Runs security scans (Semgrep, Trivy, Gitleaks) - **free, no keys needed**
- Runs AI analysis when you work on PRs - **uses your free tier**
- Contributes to the distributed verification network
---
## Contribute Verification (10 min/week)
Help verify other agents' work (human or AI). No agent can verify their own work.
### Find tasks:
```bash
# Install core CLI
make install-core
# Find tasks needing verification
core issues --label agent:review
# Or browse: https://github.com/orgs/host-uk/projects/2
```
### Verify:
1. Review the implementation
2. Check tests pass
3. Add `verified` or `verify-failed` label
---
## Contribute Code
Standard PR workflow:
```bash
# Create branch
git checkout -b fix/issue-42
# Make changes, commit
git add . && git commit -m "fix: description"
# Push (CI runs on YOUR allowance, not ours)
git push origin fix/issue-42
# Create PR
gh pr create
```
Your PR will be:
- Analyzed by AI (Gemini, Groq) - your free tier
- Scanned for security issues - free
- Reviewed by CodeRabbit - free
- Verified by a different contributor
---
## The Economics
| Who | Pays For |
|-----|----------|
| Microsoft | GitHub Actions (2000 min/month per user) |
| Google | Gemini API (1500 req/day per user) |
| Groq | Llama 3 inference (14,400 req/day per user) |
| Contributors | Nothing ($0) |
| Host UK | Nothing ($0) |
| OSS Projects | Get free security fixes |
**100 contributors × free tiers = enterprise-scale compute for public good**
---
## Where the Work Goes
1. **Host UK packages** - Our tools and modules
2. **Unfunded OSS** - Popular packages with no security budget
3. **Community requests** - Projects our members depend on
We're not hoarding. We're redistributing tech resources to the commons.
---
## Questions?
- Discord: https://discord.gg/host-uk
- Issues: https://github.com/host-uk/core-devops/issues
**License:** EUPL-1.2 (copyleft, EU-recognized, compatible with GPL)
---
*Host UK CIC - Building ethical infrastructure for the open source community*

252
doc/free-tier-services.md
View file

@ -1,131 +1,159 @@
# Free Tier Services Integration
All these services provide free input that `core` CLI can monitor and feed into the Agentic system.
> **Host UK CIC** is a UK Community Interest Company. Our assets are legally locked for community benefit - we can't extract value for shareholders. This page documents how we aggregate free compute to benefit the open source commons.
## AI/LLM APIs
## The Model
| Service | Free Tier | Use Case |
|---------|-----------|----------|
| **Gemini 2.0** | 1500 req/day, 1M tokens/min | Code review, analysis |
| **Groq** | 14,400 req/day (Llama/Mixtral) | Fast inference, triage |
| **Mistral** | 1M tokens/month | Code generation |
| **Cohere** | 1000 req/month | Embeddings, classification |
| **Together.ai** | $5 free credit | Multi-model access |
| **Cloudflare AI** | 10,000 neurons/day | Edge inference |
| **Hugging Face** | Rate limited free | Open models |
| **Fireworks.ai** | 600 req/min free | Fast inference |
| **Cerebras** | Free tier | Ultra-fast inference |
| **SambaNova** | Free tier | Enterprise models |
```
┌─────────────────────────────────────────────────────────────────┐
│ 100 CONTRIBUTORS │
│ │
│ Each contributes their FREE tier allowances: │
│ • GitHub Actions: 2000 min/month │
│ • Gemini: 1500 req/day │
│ • Groq: 14,400 req/day │
│ • Copilot: Free for OSS │
│ │
│ Total daily capacity: │
│ • 150,000 Gemini requests │
│ • 1,440,000 Groq requests │
│ • 6,666 GitHub Actions hours │
│ • Unlimited security scans │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ core monitor │
│ │
│ Aggregates findings → Creates tasks → Routes to agents │
└─────────────────────────────────────────────────────────────────┘
┌───────────────┴───────────────┐
▼ ▼
┌─────────────────────────┐ ┌─────────────────────────────────┐
│ HOST UK PACKAGES │ │ UNFUNDED OSS PROJECTS │
│ │ │ │
│ Our tools, modules │ │ Popular packages with no │
│ │ │ security budget - we find │
│ │ │ and fix vulns, submit PRs │
└─────────────────────────┘ └─────────────────────────────────┘
```
## Code Analysis (All Free for Public Repos)
**The LLMs learned from open source. We're giving back.**
| Service | Provides | GitHub Integration |
|---------|----------|-------------------|
| **CodeQL** | Security vulnerabilities | Native |
| **Snyk** | Deps + code vulnerabilities | ✅ App |
| **SonarCloud** | Code quality + bugs | ✅ App |
| **Codacy** | Code quality + patterns | ✅ App |
| **DeepSource** | Code health + autofix | ✅ App |
| **CodeClimate** | Maintainability | ✅ App |
| **Semgrep** | SAST + custom rules | ✅ Action |
| **GitGuardian** | Secret detection | ✅ App |
| **Socket.dev** | Supply chain security | ✅ App |
| **Aikido Security** | Full security suite | ✅ App |
| **Qodana** | JetBrains code analysis | ✅ Action |
| **Trunk.io** | Meta-linter (50+ tools) | ✅ App |
---
## Dependency Management (Free)
## AI/LLM APIs (Contributor Keys)
| Service | Features |
|---------|----------|
| **Dependabot** | Auto-update PRs |
| **Renovate** | Smart dependency updates |
| **Socket.dev** | Malicious package detection |
| **Snyk** | Vulnerability database |
| **deps.dev** | Google's dep analysis |
| Service | Free Tier | Speed | Best For |
|---------|-----------|-------|----------|
| **Groq** | 14,400 req/day | ⚡ Fastest | Quick triage, bulk analysis |
| **Gemini 2.0** | 1500 req/day | Fast | Code review, deep analysis |
| **Mistral** | 1M tokens/month | Fast | Code generation |
| **Cohere** | 1000 req/month | Medium | Classification, embeddings |
| **Cloudflare AI** | 10K neurons/day | Edge | Low latency |
| **Together.ai** | $5 credit | Fast | Multi-model |
| **Fireworks.ai** | 600 req/min | ⚡ Fast | High throughput |
| **Cerebras** | Free tier | ⚡⚡ Fastest | Bulk inference |
### Setup (2 minutes)
```bash
# In your fork
gh secret set GEMINI_API_KEY # https://aistudio.google.com/apikey
gh secret set GROQ_API_KEY # https://console.groq.com/keys
gh secret set MISTRAL_API_KEY # https://console.mistral.ai/
```
---
## Security Scanners (No Keys Needed)
All free, unlimited, run automatically:
| Scanner | Finds | Output |
|---------|-------|--------|
| **Semgrep** | SAST vulns, code patterns | SARIF → GitHub Security |
| **Trivy** | Container vulns, IaC issues | SARIF → GitHub Security |
| **Gitleaks** | Leaked secrets, API keys | SARIF → GitHub Security |
| **OSV-Scanner** | Known CVEs (Google DB) | SARIF → GitHub Security |
| **Checkov** | IaC misconfigs | SARIF → GitHub Security |
| **CodeQL** | Deep semantic analysis | Native GitHub |
| **Dependabot** | Outdated deps | Native GitHub |
---
## Code Analysis Apps (Free for Public Repos)
Install these on your fork for extra coverage:
| App | Install | Provides |
|-----|---------|----------|
| **Snyk** | [Install](https://github.com/apps/snyk-io) | Deps + code vulns |
| **SonarCloud** | [Install](https://github.com/apps/sonarcloud) | Code quality |
| **CodeClimate** | [Install](https://github.com/apps/codeclimate) | Maintainability |
| **DeepSource** | [Install](https://github.com/apps/deepsource-io) | Autofix suggestions |
| **Codacy** | [Install](https://github.com/apps/codacy-production) | Multi-language |
| **Socket.dev** | [Install](https://github.com/apps/socket-security) | Supply chain |
| **GitGuardian** | [Install](https://github.com/apps/gitguardian) | Secret detection |
| **Aikido** | [Install](https://github.com/apps/aikido-security) | Full security suite |
| **Trunk.io** | [Install](https://github.com/apps/trunk-io) | Meta-linter (50+ tools) |
---
## AI Code Assistants (Free Tiers)
| Service | Free Access | Trigger |
|---------|-------------|---------|
| **Jules/Copilot** | OSS maintainers, students | `@jules fix this bug` |
| **Codeium** | Free forever | IDE extension |
| **Cody** | Free tier | IDE extension |
| **Amazon Q** | Free tier | IDE/CLI |
| **Continue.dev** | Free, open source | IDE extension |
---
## CI/CD Free Tiers
| Service | Free Allowance |
|---------|----------------|
| **GitHub Actions** | 2000 min/month |
| **CircleCI** | 6000 min/month |
| **GitLab CI** | 400 min/month |
| **Travis CI** | Unlimited for OSS |
| **Buildkite** | Free for OSS |
| **Semaphore** | 1300 min/month |
| **Buddy** | 5 projects free |
| Service | Free Allowance | Notes |
|---------|----------------|-------|
| **GitHub Actions** | 2000 min/month | Per user, public repos |
| **CircleCI** | 6000 min/month | Good for heavy builds |
| **GitLab CI** | 400 min/month | Alternative to GH |
| **Semaphore** | 1300 min/month | Fast builds |
| **Buildkite** | Free for OSS | Self-hosted option |
## Testing & Coverage (Free for OSS)
---
| Service | Features |
|---------|----------|
| **Codecov** | Coverage reports |
| **Coveralls** | Coverage tracking |
| **Percy** | Visual regression |
| **Chromatic** | Storybook visual tests |
| **BrowserStack** | Free for OSS |
| **LambdaTest** | Free tier |
## Who Pays For All This?
## Error & Performance (Free Tiers)
| Provider | Why Free? |
|----------|-----------|
| **Microsoft** | GitHub market dominance, AI training data |
| **Google** | Gemini adoption, developer mindshare |
| **Groq** | Hardware showcase, market entry |
| **Others** | Developer ecosystem, future enterprise sales |
| Service | Free Tier |
|---------|-----------|
| **Sentry** | 5K errors/month |
| **LogRocket** | 1K sessions/month |
| **Highlight.io** | 500 sessions/month |
| **Grafana Cloud** | 10K metrics |
| **Datadog** | 1 host free |
**They need OSS developers. We need compute. Fair trade.**
## AI Code Assistants (Free/OSS)
---
| Service | Access |
|---------|--------|
| **GitHub Copilot** | Free for OSS maintainers |
| **Jules** | Free with Copilot |
| **Amazon Q** | Free tier |
| **Codeium** | Free forever |
| **Tabnine** | Free tier |
| **Cursor** | Free tier |
| **Cody (Sourcegraph)** | Free tier |
| **Continue.dev** | Free, open source |
## Data Flow Architecture
## Joining the Network
```bash
# Fork and setup (5 minutes)
gh repo fork host-uk/core-devops --clone
cd core-devops
./scripts/contribute.sh
```
┌─────────────────────────────────────────────────────────────┐
│ FREE TIER SERVICES │
│ │
│ Snyk ─────┐ │
│ SonarCloud─┤ │
│ CodeQL ────┼──→ GitHub Checks API ──→ ┌──────────────────┐ │
│ Semgrep ───┤ │ │ │
│ DeepSource─┘ │ core monitor │ │
│ │ │ │
│ Gemini ────┐ │ Watches for: │ │
│ Groq ──────┼──→ PR Comments ─────────→│ - Check failures│ │
│ Mistral ───┘ │ - Vulnerabilities│
│ │ - Code smells │ │
│ Dependabot─┐ │ - PR reviews │ │
│ Renovate ──┼──→ PRs/Issues ──────────→│ - New deps │ │
│ Socket.dev─┘ │ │ │
└────────────────────────────────────────┴────────┬─────────┘
┌──────────────────────────┐
│ core CLI │
│ │
│ Aggregates + filters │
│ Creates actionable │
│ tasks │
└────────────┬─────────────┘
┌──────────────────────────┐
│ Host UK Agentic API │
│ │
│ - Task queue │
│ - Agent assignment │
│ - Verification flow │
└──────────────────────────┘
```
Your unused free tier becomes part of a collective resource that:
1. Secures Host UK packages
2. Fixes vulnerabilities in unfunded OSS
3. Gives back to the projects that trained the AIs
**Cost: $0. Impact: Massive.**
---
*Host UK CIC - Ethical infrastructure for the open source commons*

83
scripts/contribute.sh Executable file
View file

@ -0,0 +1,83 @@
#!/bin/bash
# Host UK CIC - Contributor Setup
# One command to join the distributed compute network
set -e
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ Host UK CIC - Contributor Setup ║"
echo "║ ║"
echo "║ Your free tier allowances will help fix unfunded OSS ║"
echo "║ projects. Cost to you: \$0. Impact: Massive. ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
# Check if this is a fork
REMOTE_URL=$(git remote get-url origin 2>/dev/null || echo "")
if [[ "$REMOTE_URL" == *"host-uk/core-devops"* ]]; then
echo "⚠️ This is the upstream repo, not your fork."
echo ""
echo "Run this instead:"
echo " gh repo fork host-uk/core-devops --clone"
echo " cd core-devops"
echo " ./scripts/contribute.sh"
exit 1
fi
echo "✓ Fork detected"
echo ""
# Check gh auth
if ! gh auth status &>/dev/null; then
echo "⚠️ GitHub CLI not authenticated"
echo "Run: gh auth login"
exit 1
fi
echo "✓ GitHub CLI authenticated"
echo ""
# Setup secrets
echo "═══════════════════════════════════════════════════════════════"
echo " OPTIONAL: Add API keys for AI-powered analysis"
echo " (Skip any you don't want - security scans work without them)"
echo "═══════════════════════════════════════════════════════════════"
echo ""
read -p "Add Gemini API key? (1500 req/day free) [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Get key at: https://aistudio.google.com/apikey"
gh secret set GEMINI_API_KEY
fi
read -p "Add Groq API key? (14,400 req/day free) [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Get key at: https://console.groq.com/keys"
gh secret set GROQ_API_KEY
fi
read -p "Add Mistral API key? (1M tokens/month free) [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Get key at: https://console.mistral.ai/"
gh secret set MISTRAL_API_KEY
fi
echo ""
echo "═══════════════════════════════════════════════════════════════"
echo " ✅ SETUP COMPLETE"
echo "═══════════════════════════════════════════════════════════════"
echo ""
echo "Your fork is now part of the distributed compute network!"
echo ""
echo "What happens now:"
echo " • Security scans run automatically (Semgrep, Trivy, Gitleaks)"
echo " • AI analysis runs on your PRs (using your free tier)"
echo " • You can verify others' work: core issues --label agent:review"
echo ""
echo "The compute you contribute helps fix security issues in"
echo "unfunded open source projects. Thank you! 🙏"
echo ""
echo "Questions? https://discord.gg/host-uk"