Zion Boggan
repos/Oversight/commits/f3413e6
zionboggan.com ↗
Code Commits Tags

Remove internal handoff cruft from the public tree

SESSION_RESUME.md and docs/RUNBOOK.md were internal operational
notes for the original author's homelab: CT numbers, Proxmox node
hostnames, private network IPs, and a step-by-step runbook for a
deployment that has nothing to do with the open protocol. They
have no place in a public repository and should not have shipped.

oversight_core/decoy.py: drop the homelab reference in the module
docstring and point the default OLLAMA_URL at loopback. Callers can
still override via the env var as documented.

docs/V05_REKOR_PLAN.md: replace a lingering "CT 222" reference with
neutral phrasing.
f3413e6   Zion Boggan committed on Apr 22, 2026 (2 months ago)
docs/V05_REKOR_PLAN.md +1 -1
@@ -43,7 +43,7 @@ v0.5 lands as a stretch goal if evaluation work comes together first.
## 2. Non-goals for v0.5
-- No self-hosted Rekor on [container]. Recorded as out-of-scope (revisit point 3).
+- No self-hosted Rekor for the reference deployment. Recorded as out-of-scope (revisit point 3).
- No removal of legacy `oversight_core/tlog.py`. It stays as fallback verifier.
- No Hardware KeyProvider work - that's v0.6 alongside format adapters.
- No new entry-type negotiation with Sigstore. We use vanilla DSSE.
oversight_core/decoy.py +6 -4
@@ -15,11 +15,13 @@ realism. Recent research (SPADE 2025, HoneyGPT) shows this is an open area
with no strong commercial shipment.
Backend options (pick via `backend` arg or OVERSIGHT_DECOY_BACKEND env):
- - "ollama" - POST to a local Ollama server (recommended; uses GPU node)
+ - "ollama" - POST to a local Ollama server (recommended)
- "openai" - OpenAI-compatible API (for testing)
- "static" - hardcoded templates (works offline; lowest quality)
-Point OLLAMA_URL at any Ollama instance; default is loopback.
+Override the Ollama endpoint and model with the ``OLLAMA_URL`` and
+``OVERSIGHT_DECOY_MODEL`` environment variables. Defaults target a
+loopback Ollama install.
"""
from __future__ import annotations
@@ -33,8 +35,8 @@ from typing import Optional
import httpx
-DEFAULT_OLLAMA = os.environ.get("OLLAMA_URL", "http://[redacted-rfc1918]")
-DEFAULT_MODEL = os.environ.get("OVERSIGHT_DECOY_MODEL", "dolphin-mistral:7b-v2.8")
+DEFAULT_OLLAMA = os.environ.get("OLLAMA_URL", "http://127.0.0.1:11434")
+DEFAULT_MODEL = os.environ.get("OVERSIGHT_DECOY_MODEL", "llama3.1:8b")
# Realistic decoy filenames. These are deliberately interesting to an attacker