►
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
Let's
check
out
the
json
source
yeah,
I
don't
think
I
don't
really
like
the
spdx
stuff
within
the
files
I
feel
like
you
know,
the
license
is
the
license
and
with
with,
unless
there's
an
exception
right.
This
is
why
context
matters
if
we
know
the
context
what
repo
came
from
them,
we
don't
need
to
care
okay,
open
architecture
based
source
from
the
file
social
memory
source.
A
A
A
A
A
A
A
A
A
A
A
Okay,
so
detailed
diagrams
okay,
so
this
source
has
a
single
record
as
a
single
record
source
right,
because
it's
a
single
threat
model
and
remember:
we
can
always
have
multiple
sources
and
multiple
threat
models.
So
title
web
application.
Okay,
so
title
owner
description,
okay.
So
what
is
the
record?
So,
let's
make
it
unique
based
on
the
contents
right.
So
I
believe
we
have
a
secure
hash
function.
A
All
right,
so
we
have
secure
hash
and
entity
cure
hash,
and
why
do
we
have
these
helper
functions?
Well
because
we
don't
want
to
end
up
oh
open
there.
I
went
and
I
broke
that
no.
I
used
it
okay,
great
because
this
is
it's
easier
for
us
to
audit
right.
So
if
we
always
see
usages
of
secure
hash
and
insecure
hash,
it's
very
easy
for
us
to
audit
our
code
base
to
see
you
know
whether
we're
using
the
right
thing
or
not
right.
A
A
A
A
Threat
dragon
source
and
blank
okay,
all
right
dropped
our
shot
there
and
right
so
github
will
link
sha's
across
forks
because
internally,
it
stores
it
all
in
basically
the
same
way:
okay,
so
great
great,
great,
great,
great,
okay,
so
key
web
application,
all
right,
okay!
So
now
let
us,
let's
see
what
was
our
proposal
here?
A
A
Okay,
so
yes,
now
we
need
to
produce
the
open
architecture.
Well,
the
open
architecture
is
just
the
data
flow.
Oh
duh,
oh
my
god,
wow.
Sometimes
I
create
a
lot
more
work
for
myself
than
I
know
what
I'm
doing.
Okay,
oh
wow,
glad
I
had
that
realization
holy
that
almost
got
really
complicated,
wow
wow
wow.
A
Source,
okay,
so
let's
just
make
a
note
before
I
forget
data
flow,
and
this
is
why
everything
is
everything
we're
recording
everything
right.
So
then
everybody
else
if
you're,
if
you're
curious
you
want
to
follow
along,
you
want
to
contribute
everything
is
recorded
so
and
if
you
want
to
also
stream
your
work,
that
would
be
great
because
then
you
know
that
the
goal
is
for
us
to
have
completely
asynchronous
communication
or
well
actually
to
have
synchronous
communication
via
asynchronous
communication
right.
A
So
if
we
can,
all
so
say,
we're
all
and
stream,
so
so
streaming
right
now
like
I'm
streaming
right,
but
the
goal
is
to
have
alice
and
alice
will
basically
be
streaming
whatever
events
that
are
pertinent
to
your
co-developers
right
on
whatever
efforts,
you're
you're,
looking
at
or
whatever
line
of
projects
right.
And
so,
if
you
look
in
the
thread
about
the
let's
see
the
build
tree
inner
source
stuff,
let's
see.
A
Right
so
this
is
from
sarcoma,
yes,
nice
meeting
back
in
january,
so
I
updated
this
recently
with
you
know
some
some
thoughts.
You
know
maybe
looking
at
the
upstream,
the
overlay
in
the
orchestrator-
and
I
was
thinking
I
was
thinking
I
was
thinking
actually
data
flow
is
our
current
open
architecture.
A
Okay,
airflow
serialization
is
our
current
open
architecture.
Now
we
will
evolve
over
time.
Okay.
So,
let's,
let's
make
sure
that
we
include
all
the
items
which
we
would
like
to
see
in
a
manifest
okay,
oh
my
god,
the
merge
command.
Oh
my
god.
The
merge
command:
okay,
okay,
okay,
wow,
okay,
oh
my
god,
okay!
So
the!
What
does
the
merge
command?
Do
it
converts
data
from
one
format
to
another
effectively
right,
so
so
it
takes
takes
yeah
yeah.
So.
A
A
A
A
All
right,
so,
what's
the
train
of
thought?
Okay,
so,
let's
see
state
of
the
art.
Okay,
so
let's
say
date.
How
are
we
to
do
this
date?
State-Of-The-Art
time,
travel,
comma
system
context.
Okay,
so
here
is
the
date
here
is
we're
saying
this
is
the
state
of
the
art
so
on
six,
so
on
june,
11th
of
2022,
the
state
of
the
art
train
of
thought
for
both
trains
of
thought,
of
align
trains
of
dot,
time,
travel
and
system
context
right,
so
tags
separated
by
commas.
A
A
A
Version
right,
so
these
are
the
things
that
we
care
about
all
right.
So
these
are
the
things
which
we
agreed
upon
right.
We
all
met,
so
not
all
of
us,
obviously
all
is
a
lot
that
would
be
like
what
7.8
billion
or
something
so
so
we
met
a
few
of
us
met
in
back
in
into
2021,
and
we
aligned
on
this
idea
of
a
manifest
right
and
the
manifest.
What
is
it
and
it
was
it-
was
it
was
jeremy,
jeremy,
jeremy?
What's
his
last
name,
er
ir
yeah
jeremy?
A
He
he
enlightened
a
lot
of
us
to
this
concept
of
of
well.
We
were
already
playing
it
with
the
second
party
stuff,
but
he
gave
it
a
little
more
structure.
You
know
we
had
talked
about
this
idea
of
like
the
manifest
this
list
of
artifacts
and
then
he
was
like.
You
know.
There's
orchestration
involved
and
I
was
like
whoa
light
bulb
so
great.
Thank
you,
jeremy,
okay,
so
and
then
we
started
said
well,
you
know,
okay.
So
if
we're
all
writing
these
things
called
manifests.
A
What
are
some
properties
of
them
that
we
could
use
to
tell
them
apart
right,
and
so
we
said
well,
a
manifest
should
have
a
schema,
a
format
name
and
a
format
version
right.
So
if
I
look
at
any
blob
of
data,
I
should
be
able
to
tell
the
schema
the
format
name
and
the
version
of
that
blob
of
data.
If
I
can
tell
the
schema
the
format
name
and
the
version,
then
it's
a
you
know,
then
then
it's
much
easier
to
work
with
right.
A
So
as
long
as
we
include
these
items,
then
it's
much
easier
to
parse
right.
So
now,
so
we
understand
that
this
is
a
threat.
Dragon
threat
model
right,
so
we've
explicitly
said
format.
Name
is
threat,
model
threat,
dragon
right
by
effectively
instantiating
the
source
as
a
a
threat.
Dragon
threat
model
right.
So
this
actually
would
be
a
good
thing
for
us
to
put
in
extras.
A
So
let's
take
a
look
at
this.
Let's
take
a
look
at
what
we
have
here
right.
So
if
I
look
at
this
record,
I
don't
know
how
to
save
it
back
to
an
appropriate
format.
Right,
I
just
know:
there's
some
features
throughout
model
dict,
great,
okay,
all
right!
This
is
what
this
is
just
a
giant
blob
of
data
right,
it's
meaningless
to
me
right
now,
right
now,
the
point
of
the
open
architecture
and
the
manifest
and
all
this
is
that
we
need
to
figure
out
what
the
hell
does.
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
And
what's
the
format
name,
it's
the
entry
point
name
right
and
the
format
version
is
well
we're
not
sure
what
the
format
version
is
right
now
right,
so
I'm
going
to
put
a
url
right.
So
maybe
this
is
oh,
let's
start
right
down
json.
So
maybe
this
is
like
this
is
the
shima
url
right.
So
this
is
raw
and
says
format.
Version
right,
we
might
say,
excuse
me
url,
okay,
so,
okay,
so
to
do
what
time
check?
Okay,
I
gotta
go
fast
on
this.
Okay,
so
you
know,
I
think,
we're
okay.
A
A
A
A
A
A
A
A
Oh
yeah,
I
guess
it
runs
it
right
away.
Isn't
that
great
all
right!
So
now
we
see
so
extra
os
threat,
dragon
open
architecture,
feature
name
thread,
model
format,
name
thread,
dragon
format,
version
1.0.0
schema
and
then
the
link
to
the
schema
right
if
there
could
be
a
okay.
So
let's
jump
back
to
our
issue
right,
so
we
would
like
them
to
please
please
please,
please,
please
add
this
additional
context.
A
A
A
A
A
A
A
A
A
A
Open
architecture,
all
right,
so
a
record
is
a
dfml
specific
object.
So
that's
okay
for
us
to
be
throwing
stuff
in
here
in
random
ways,
and
we
can
say:
okay
within
dfml
record
extra.
If
you
see
the
open
architecture
field,
then
this
is
the
way
you
should
treat
it.
Okay.
So,
within
that
you
look
at
the
features
you
can
see.
The
threat
model
feature
is
here's
the
manifest
manifest
metadata.
A
All
right,
so
I'm
going
to
post
metadata
all
right,
so
the
manifest
is
our
domain
specific
format
right.
So
the
open
architecture
is
the
general
format.
I
guess
you
can
have
a
manifest
for
the
the
the
the
you
know.
The
open
architectures
itself
has
a
manifest
and
the
manifest
is
sort
of
the
individual
document
right.