zspin is a compliance-ready automation starter kit (2026-oriented) focused on deterministic operations, reproducible releases, and security-first diagnostics.
- Deterministic config loading + execution plans
- Structured JSON logging and metadata extraction
- Stepwise diagnostics for host/container/cloud preflight checks
- Compliance validation hooks (GDPR, ISO-style controls, Zero Trust posture)
- Reproducible release packaging and SBOM generation
- CI-ready validation scripts
CLI (src/zspin/cli.py)
-> Installer Workflow (src/zspin/installer.py)
-> Diagnostics Engine (src/zspin/diagnostics.py)
-> Compliance Engine (src/zspin/compliance.py)
-> Audit Reporter (src/zspin/audit.py)
-> SBOM Generator (src/zspin/sbom.py)
Artifacts:
reports/*.json
dist/zspin-<version>.zip
See full notes in docs/architecture.md and docs/workflow.md.
A buildable monorepo example (NestJS + Next.js + React admin + WebSocket wiring) is available at examples/betting-platform-mvp/.
For the production-grade backend/design/infrastructure blueprint (Kafka, double-entry accounting, Terraform scaffold, and design tokens), see docs/enterprise_platform_blueprint.md and examples/enterprise-blueprint/.
For the next-layer operating model (data lake/ML, regulatory reporting, Customer 360, real-time ML controls, CQRS evolution), see docs/platform_kernel_blueprint.md.
For a dedicated reliability + intelligence runbook (observability, chaos engineering, and MLOps lifecycle), see docs/reliability_intelligence_backbone.md and the corresponding assets under examples/enterprise-blueprint/{observability,chaos,mlops}.
python3 -m venv .venv
source .venv/bin/activate
pip install -e .zspin run --config examples/config.json --dry-runpython scripts/validate.pypython scripts/deep_audit.pybash scripts/build_release.shzspin master-meta --config examples/config.json --output-dir reports/master_metaThis command emits deterministic audit + SBOM + AI analytics metadata in one bundle and can be used as a CI/CD gate.
zspin go-live-installer --config examples/config.json --output-dir dist/go_live_installer --dry-runThis command emits cross-platform installer scripts (install_go_live.sh and install_go_live.ps1), a full source snapshot, compliance artifacts, and a deterministic go-live report.
zspin scaling-plan --input examples/scaling_input.json --output reports/scaling_plan.jsonLOAD config deterministically
VALIDATE required controls
FOR each stage in [diagnostics, hardening, compliance, reporting, packaging]:
EXECUTE stage with strict error boundaries
WRITE structured logs + metadata
IF failure AND autoheal enabled:
RUN bounded remediation
RETRY stage once
IF failure persists:
GENERATE rollback plan
EXIT non-zero
EMIT audit report + SBOM + checksums
- Input validation for all external config and CLI arguments
- No shell interpolation from untrusted input
- Explicit timeout and failure semantics for commands
- Data minimization in reports (no secrets, no PII dumps)
- Immutable audit timestamps + host metadata
- Dependency manifest and SBOM output
- Code implementation:
src/zspin/* - Documentation:
README.md,docs/* - Release artifacts:
CHANGELOG.md,VERSION,dist/*.zip - Validation scripts:
scripts/validate.py - Diagram/workflow:
docs/workflow.md - Audit report:
reports/audit_report.json(generated) - Security checklist: this README section + compliance module controls
MIT (see LICENSE).
- HPA based on CPU
- Argo Rollouts
- Prometheus + Grafana
- Node labeling strategy
- Secure public access without exposing ingress