From 6d34cbe33c87c2aa875e857dc5209855e344a594 Mon Sep 17 00:00:00 2001 From: Snider Date: Sat, 31 Jan 2026 22:44:17 +0000 Subject: [PATCH] docs: add contributor onboarding for distributed compute network MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Host UK CIC mission: aggregate free tier compute to benefit OSS commons Added: - CONTRIBUTING.md: 5-minute contributor onboarding guide - scripts/contribute.sh: One-command setup for new contributors - Updated free-tier-services.md: Mission context, economics explained The model: - 100 contributors × free tiers = enterprise-scale compute - core monitor aggregates findings from all sources - Tasks routed to Host UK packages AND unfunded OSS projects - LLMs learned from OSS, we give back Who pays: Microsoft, Google, Groq (marketing budgets) Who benefits: Open source commons Co-Authored-By: Claude Opus 4.5 --- CONTRIBUTING.md | 139 +++++++++++++++++++++ doc/free-tier-services.md | 252 +++++++++++++++++++++----------------- scripts/contribute.sh | 83 +++++++++++++ 3 files changed, 362 insertions(+), 112 deletions(-) create mode 100644 CONTRIBUTING.md create mode 100755 scripts/contribute.sh diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..26bd503 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,139 @@ +# Contributing Compute to Host UK + +**Host UK is a UK Community Interest Company (CIC)** - a social enterprise legally required to use our work for community benefit. Our assets are locked for public good, not shareholders. + +## The Mission + +1. **Build tools** that make development easier (core CLI, modules) +2. **Aggregate free compute** from community members' unused allowances +3. **Give back** by fixing security issues in unfunded OSS projects + +The LLMs learned to code from open source. We're directing resources back to those projects. + +--- + +## Contribute Compute (5 minutes) + +You don't need to write code. Your unused free tier allowances become part of a distributed network that fixes OSS. + +### Step 1: Fork this repo + +```bash +gh repo fork host-uk/core-devops --clone +cd core-devops +``` + +### Step 2: Add your free API keys + +```bash +# Gemini (1500 req/day free) +# Get key: https://aistudio.google.com/apikey +gh secret set GEMINI_API_KEY + +# Groq (14,400 req/day free) +# Get key: https://console.groq.com/keys +gh secret set GROQ_API_KEY + +# Optional: More services +gh secret set MISTRAL_API_KEY # https://console.mistral.ai/ +gh secret set COHERE_API_KEY # https://dashboard.cohere.com/ +``` + +### Step 3: Enable GitHub Actions + +Go to your fork → Actions tab → Enable workflows + +### Step 4: Done! + +Your fork now: +- Runs security scans (Semgrep, Trivy, Gitleaks) - **free, no keys needed** +- Runs AI analysis when you work on PRs - **uses your free tier** +- Contributes to the distributed verification network + +--- + +## Contribute Verification (10 min/week) + +Help verify other agents' work (human or AI). No agent can verify their own work. + +### Find tasks: + +```bash +# Install core CLI +make install-core + +# Find tasks needing verification +core issues --label agent:review + +# Or browse: https://github.com/orgs/host-uk/projects/2 +``` + +### Verify: + +1. Review the implementation +2. Check tests pass +3. Add `verified` or `verify-failed` label + +--- + +## Contribute Code + +Standard PR workflow: + +```bash +# Create branch +git checkout -b fix/issue-42 + +# Make changes, commit +git add . && git commit -m "fix: description" + +# Push (CI runs on YOUR allowance, not ours) +git push origin fix/issue-42 + +# Create PR +gh pr create +``` + +Your PR will be: +- Analyzed by AI (Gemini, Groq) - your free tier +- Scanned for security issues - free +- Reviewed by CodeRabbit - free +- Verified by a different contributor + +--- + +## The Economics + +| Who | Pays For | +|-----|----------| +| Microsoft | GitHub Actions (2000 min/month per user) | +| Google | Gemini API (1500 req/day per user) | +| Groq | Llama 3 inference (14,400 req/day per user) | +| Contributors | Nothing ($0) | +| Host UK | Nothing ($0) | +| OSS Projects | Get free security fixes | + +**100 contributors × free tiers = enterprise-scale compute for public good** + +--- + +## Where the Work Goes + +1. **Host UK packages** - Our tools and modules +2. **Unfunded OSS** - Popular packages with no security budget +3. **Community requests** - Projects our members depend on + +We're not hoarding. We're redistributing tech resources to the commons. + +--- + +## Questions? + +- Discord: https://discord.gg/host-uk +- Issues: https://github.com/host-uk/core-devops/issues + +**License:** EUPL-1.2 (copyleft, EU-recognized, compatible with GPL) + +--- + +*Host UK CIC - Building ethical infrastructure for the open source community* diff --git a/doc/free-tier-services.md b/doc/free-tier-services.md index 93cc8cf..28b96fd 100644 --- a/doc/free-tier-services.md +++ b/doc/free-tier-services.md @@ -1,131 +1,159 @@ # Free Tier Services Integration -All these services provide free input that `core` CLI can monitor and feed into the Agentic system. +> **Host UK CIC** is a UK Community Interest Company. Our assets are legally locked for community benefit - we can't extract value for shareholders. This page documents how we aggregate free compute to benefit the open source commons. -## AI/LLM APIs +## The Model -| Service | Free Tier | Use Case | -|---------|-----------|----------| -| **Gemini 2.0** | 1500 req/day, 1M tokens/min | Code review, analysis | -| **Groq** | 14,400 req/day (Llama/Mixtral) | Fast inference, triage | -| **Mistral** | 1M tokens/month | Code generation | -| **Cohere** | 1000 req/month | Embeddings, classification | -| **Together.ai** | $5 free credit | Multi-model access | -| **Cloudflare AI** | 10,000 neurons/day | Edge inference | -| **Hugging Face** | Rate limited free | Open models | -| **Fireworks.ai** | 600 req/min free | Fast inference | -| **Cerebras** | Free tier | Ultra-fast inference | -| **SambaNova** | Free tier | Enterprise models | +``` +┌─────────────────────────────────────────────────────────────────┐ +│ 100 CONTRIBUTORS │ +│ │ +│ Each contributes their FREE tier allowances: │ +│ • GitHub Actions: 2000 min/month │ +│ • Gemini: 1500 req/day │ +│ • Groq: 14,400 req/day │ +│ • Copilot: Free for OSS │ +│ │ +│ Total daily capacity: │ +│ • 150,000 Gemini requests │ +│ • 1,440,000 Groq requests │ +│ • 6,666 GitHub Actions hours │ +│ • Unlimited security scans │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ core monitor │ +│ │ +│ Aggregates findings → Creates tasks → Routes to agents │ +└─────────────────────────────────────────────────────────────────┘ + │ + ┌───────────────┴───────────────┐ + ▼ ▼ +┌─────────────────────────┐ ┌─────────────────────────────────┐ +│ HOST UK PACKAGES │ │ UNFUNDED OSS PROJECTS │ +│ │ │ │ +│ Our tools, modules │ │ Popular packages with no │ +│ │ │ security budget - we find │ +│ │ │ and fix vulns, submit PRs │ +└─────────────────────────┘ └─────────────────────────────────┘ +``` -## Code Analysis (All Free for Public Repos) +**The LLMs learned from open source. We're giving back.** -| Service | Provides | GitHub Integration | -|---------|----------|-------------------| -| **CodeQL** | Security vulnerabilities | Native | -| **Snyk** | Deps + code vulnerabilities | ✅ App | -| **SonarCloud** | Code quality + bugs | ✅ App | -| **Codacy** | Code quality + patterns | ✅ App | -| **DeepSource** | Code health + autofix | ✅ App | -| **CodeClimate** | Maintainability | ✅ App | -| **Semgrep** | SAST + custom rules | ✅ Action | -| **GitGuardian** | Secret detection | ✅ App | -| **Socket.dev** | Supply chain security | ✅ App | -| **Aikido Security** | Full security suite | ✅ App | -| **Qodana** | JetBrains code analysis | ✅ Action | -| **Trunk.io** | Meta-linter (50+ tools) | ✅ App | +--- -## Dependency Management (Free) +## AI/LLM APIs (Contributor Keys) -| Service | Features | -|---------|----------| -| **Dependabot** | Auto-update PRs | -| **Renovate** | Smart dependency updates | -| **Socket.dev** | Malicious package detection | -| **Snyk** | Vulnerability database | -| **deps.dev** | Google's dep analysis | +| Service | Free Tier | Speed | Best For | +|---------|-----------|-------|----------| +| **Groq** | 14,400 req/day | ⚡ Fastest | Quick triage, bulk analysis | +| **Gemini 2.0** | 1500 req/day | Fast | Code review, deep analysis | +| **Mistral** | 1M tokens/month | Fast | Code generation | +| **Cohere** | 1000 req/month | Medium | Classification, embeddings | +| **Cloudflare AI** | 10K neurons/day | Edge | Low latency | +| **Together.ai** | $5 credit | Fast | Multi-model | +| **Fireworks.ai** | 600 req/min | ⚡ Fast | High throughput | +| **Cerebras** | Free tier | ⚡⚡ Fastest | Bulk inference | + +### Setup (2 minutes) + +```bash +# In your fork +gh secret set GEMINI_API_KEY # https://aistudio.google.com/apikey +gh secret set GROQ_API_KEY # https://console.groq.com/keys +gh secret set MISTRAL_API_KEY # https://console.mistral.ai/ +``` + +--- + +## Security Scanners (No Keys Needed) + +All free, unlimited, run automatically: + +| Scanner | Finds | Output | +|---------|-------|--------| +| **Semgrep** | SAST vulns, code patterns | SARIF → GitHub Security | +| **Trivy** | Container vulns, IaC issues | SARIF → GitHub Security | +| **Gitleaks** | Leaked secrets, API keys | SARIF → GitHub Security | +| **OSV-Scanner** | Known CVEs (Google DB) | SARIF → GitHub Security | +| **Checkov** | IaC misconfigs | SARIF → GitHub Security | +| **CodeQL** | Deep semantic analysis | Native GitHub | +| **Dependabot** | Outdated deps | Native GitHub | + +--- + +## Code Analysis Apps (Free for Public Repos) + +Install these on your fork for extra coverage: + +| App | Install | Provides | +|-----|---------|----------| +| **Snyk** | [Install](https://github.com/apps/snyk-io) | Deps + code vulns | +| **SonarCloud** | [Install](https://github.com/apps/sonarcloud) | Code quality | +| **CodeClimate** | [Install](https://github.com/apps/codeclimate) | Maintainability | +| **DeepSource** | [Install](https://github.com/apps/deepsource-io) | Autofix suggestions | +| **Codacy** | [Install](https://github.com/apps/codacy-production) | Multi-language | +| **Socket.dev** | [Install](https://github.com/apps/socket-security) | Supply chain | +| **GitGuardian** | [Install](https://github.com/apps/gitguardian) | Secret detection | +| **Aikido** | [Install](https://github.com/apps/aikido-security) | Full security suite | +| **Trunk.io** | [Install](https://github.com/apps/trunk-io) | Meta-linter (50+ tools) | + +--- + +## AI Code Assistants (Free Tiers) + +| Service | Free Access | Trigger | +|---------|-------------|---------| +| **Jules/Copilot** | OSS maintainers, students | `@jules fix this bug` | +| **Codeium** | Free forever | IDE extension | +| **Cody** | Free tier | IDE extension | +| **Amazon Q** | Free tier | IDE/CLI | +| **Continue.dev** | Free, open source | IDE extension | + +--- ## CI/CD Free Tiers -| Service | Free Allowance | -|---------|----------------| -| **GitHub Actions** | 2000 min/month | -| **CircleCI** | 6000 min/month | -| **GitLab CI** | 400 min/month | -| **Travis CI** | Unlimited for OSS | -| **Buildkite** | Free for OSS | -| **Semaphore** | 1300 min/month | -| **Buddy** | 5 projects free | +| Service | Free Allowance | Notes | +|---------|----------------|-------| +| **GitHub Actions** | 2000 min/month | Per user, public repos | +| **CircleCI** | 6000 min/month | Good for heavy builds | +| **GitLab CI** | 400 min/month | Alternative to GH | +| **Semaphore** | 1300 min/month | Fast builds | +| **Buildkite** | Free for OSS | Self-hosted option | -## Testing & Coverage (Free for OSS) +--- -| Service | Features | -|---------|----------| -| **Codecov** | Coverage reports | -| **Coveralls** | Coverage tracking | -| **Percy** | Visual regression | -| **Chromatic** | Storybook visual tests | -| **BrowserStack** | Free for OSS | -| **LambdaTest** | Free tier | +## Who Pays For All This? -## Error & Performance (Free Tiers) +| Provider | Why Free? | +|----------|-----------| +| **Microsoft** | GitHub market dominance, AI training data | +| **Google** | Gemini adoption, developer mindshare | +| **Groq** | Hardware showcase, market entry | +| **Others** | Developer ecosystem, future enterprise sales | -| Service | Free Tier | -|---------|-----------| -| **Sentry** | 5K errors/month | -| **LogRocket** | 1K sessions/month | -| **Highlight.io** | 500 sessions/month | -| **Grafana Cloud** | 10K metrics | -| **Datadog** | 1 host free | +**They need OSS developers. We need compute. Fair trade.** -## AI Code Assistants (Free/OSS) +--- -| Service | Access | -|---------|--------| -| **GitHub Copilot** | Free for OSS maintainers | -| **Jules** | Free with Copilot | -| **Amazon Q** | Free tier | -| **Codeium** | Free forever | -| **Tabnine** | Free tier | -| **Cursor** | Free tier | -| **Cody (Sourcegraph)** | Free tier | -| **Continue.dev** | Free, open source | - -## Data Flow Architecture +## Joining the Network +```bash +# Fork and setup (5 minutes) +gh repo fork host-uk/core-devops --clone +cd core-devops +./scripts/contribute.sh ``` -┌─────────────────────────────────────────────────────────────┐ -│ FREE TIER SERVICES │ -│ │ -│ Snyk ─────┐ │ -│ SonarCloud─┤ │ -│ CodeQL ────┼──→ GitHub Checks API ──→ ┌──────────────────┐ │ -│ Semgrep ───┤ │ │ │ -│ DeepSource─┘ │ core monitor │ │ -│ │ │ │ -│ Gemini ────┐ │ Watches for: │ │ -│ Groq ──────┼──→ PR Comments ─────────→│ - Check failures│ │ -│ Mistral ───┘ │ - Vulnerabilities│ -│ │ - Code smells │ │ -│ Dependabot─┐ │ - PR reviews │ │ -│ Renovate ──┼──→ PRs/Issues ──────────→│ - New deps │ │ -│ Socket.dev─┘ │ │ │ -└────────────────────────────────────────┴────────┬─────────┘ - │ - ▼ - ┌──────────────────────────┐ - │ core CLI │ - │ │ - │ Aggregates + filters │ - │ Creates actionable │ - │ tasks │ - └────────────┬─────────────┘ - │ - ▼ - ┌──────────────────────────┐ - │ Host UK Agentic API │ - │ │ - │ - Task queue │ - │ - Agent assignment │ - │ - Verification flow │ - └──────────────────────────┘ -``` + +Your unused free tier becomes part of a collective resource that: +1. Secures Host UK packages +2. Fixes vulnerabilities in unfunded OSS +3. Gives back to the projects that trained the AIs + +**Cost: $0. Impact: Massive.** + +--- + +*Host UK CIC - Ethical infrastructure for the open source commons* diff --git a/scripts/contribute.sh b/scripts/contribute.sh new file mode 100755 index 0000000..f93f1a0 --- /dev/null +++ b/scripts/contribute.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# Host UK CIC - Contributor Setup +# One command to join the distributed compute network + +set -e + +echo "╔══════════════════════════════════════════════════════════════╗" +echo "║ Host UK CIC - Contributor Setup ║" +echo "║ ║" +echo "║ Your free tier allowances will help fix unfunded OSS ║" +echo "║ projects. Cost to you: \$0. Impact: Massive. ║" +echo "╚══════════════════════════════════════════════════════════════╝" +echo "" + +# Check if this is a fork +REMOTE_URL=$(git remote get-url origin 2>/dev/null || echo "") +if [[ "$REMOTE_URL" == *"host-uk/core-devops"* ]]; then + echo "⚠️ This is the upstream repo, not your fork." + echo "" + echo "Run this instead:" + echo " gh repo fork host-uk/core-devops --clone" + echo " cd core-devops" + echo " ./scripts/contribute.sh" + exit 1 +fi + +echo "✓ Fork detected" +echo "" + +# Check gh auth +if ! gh auth status &>/dev/null; then + echo "⚠️ GitHub CLI not authenticated" + echo "Run: gh auth login" + exit 1 +fi + +echo "✓ GitHub CLI authenticated" +echo "" + +# Setup secrets +echo "═══════════════════════════════════════════════════════════════" +echo " OPTIONAL: Add API keys for AI-powered analysis" +echo " (Skip any you don't want - security scans work without them)" +echo "═══════════════════════════════════════════════════════════════" +echo "" + +read -p "Add Gemini API key? (1500 req/day free) [y/N] " -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]]; then + echo "Get key at: https://aistudio.google.com/apikey" + gh secret set GEMINI_API_KEY +fi + +read -p "Add Groq API key? (14,400 req/day free) [y/N] " -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]]; then + echo "Get key at: https://console.groq.com/keys" + gh secret set GROQ_API_KEY +fi + +read -p "Add Mistral API key? (1M tokens/month free) [y/N] " -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]]; then + echo "Get key at: https://console.mistral.ai/" + gh secret set MISTRAL_API_KEY +fi + +echo "" +echo "═══════════════════════════════════════════════════════════════" +echo " ✅ SETUP COMPLETE" +echo "═══════════════════════════════════════════════════════════════" +echo "" +echo "Your fork is now part of the distributed compute network!" +echo "" +echo "What happens now:" +echo " • Security scans run automatically (Semgrep, Trivy, Gitleaks)" +echo " • AI analysis runs on your PRs (using your free tier)" +echo " • You can verify others' work: core issues --label agent:review" +echo "" +echo "The compute you contribute helps fix security issues in" +echo "unfunded open source projects. Thank you! 🙏" +echo "" +echo "Questions? https://discord.gg/host-uk"