Add CNCF governance files for Sandbox application

ADOPTERS.md

@@ -0,0 +1,24 @@
+# OpenUBA Adopters
+
+This file lists organizations and individuals using OpenUBA in production or evaluation.
+
+If you are using OpenUBA, please submit a pull request to add your organization to this list.
+
+## Production Users
+
+| Organization | Use Case | Since |
+|-------------|----------|-------|
+| Georgia Cyber Warfare Range (GCWR) | Security operations training and threat detection | 2019 |
+
+## Evaluation / Development
+
+| Organization | Use Case | Since |
+|-------------|----------|-------|
+| *(Your organization here)* | | |
+
+## Adding Your Organization
+
+To add your organization, submit a PR editing this file with:
+- Organization name
+- Brief use case description
+- Year you started using OpenUBA

CODE_OF_CONDUCT.md

@@ -0,0 +1,37 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+* The use of sexualized language or imagery, and sexual attention or advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at info@gacwr.org. All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html

CONTRIBUTING.md

@@ -0,0 +1,122 @@
+# Contributing to OpenUBA
+
+Thank you for your interest in contributing to OpenUBA! This document provides guidelines and information for contributors.
+
+## Developer Certificate of Origin (DCO)
+
+All contributions to OpenUBA must be signed off under the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). By signing off, you certify that you wrote the contribution or otherwise have the right to submit it under the project's license.
+
+Sign off your commits by adding `Signed-off-by` to your commit message:
+
+```
+git commit -s -m "Your commit message"
+```
+
+Or manually add to your commit message:
+
+```
+Signed-off-by: Your Name <your.email@example.com>
+```
+
+## Getting Started
+
+1. **Fork the repository** on GitHub
+2. **Clone your fork** locally:
+   ```bash
+   git clone https://github.com/YOUR_USERNAME/OpenUBA.git
+   cd OpenUBA
+   ```
+3. **Set up development environment:**
+   ```bash
+   make dev-hybrid   # Backend local + infra in Kind cluster
+   ```
+4. **Create a branch** for your changes:
+   ```bash
+   git checkout -b feature/your-feature-name
+   ```
+
+## Development Setup
+
+### Prerequisites
+
+- Python 3.11+
+- Docker & Docker Compose
+- Kind (Kubernetes in Docker)
+- Node.js 18+ (for frontend)
+- Make
+
+### Backend
+
+```bash
+pip install -r requirements.txt
+python -m uvicorn core.api:app --reload --port 8000
+```
+
+### Frontend
+
+```bash
+cd interface
+npm install
+npm run dev
+```
+
+### Running Tests
+
+```bash
+make test          # All tests
+make test-backend  # Backend only
+make test-models   # Model pipeline tests
+```
+
+## What to Contribute
+
+### Good First Issues
+
+Look for issues labeled `good first issue` in the GitHub issue tracker.
+
+### Areas of Interest
+
+- **New ML models** for the Model Library
+- **Data source integrations** (new loaders beyond ES and Spark)
+- **Documentation** improvements
+- **Test coverage** expansion
+- **Frontend UX** improvements
+- **Kubernetes operator** development
+- **CNCF integration** (Falco, OpenTelemetry, Prometheus)
+
+## Pull Request Process
+
+1. Ensure your code follows the project's coding style
+2. Update documentation if your changes affect user-facing behavior
+3. Add tests for new functionality
+4. Ensure all tests pass (`make test`)
+5. Sign off all commits (DCO)
+6. Submit a pull request against the `master` branch
+7. Describe your changes clearly in the PR description
+8. Link to any related issues
+
+## Code Review
+
+- All PRs require at least one maintainer review
+- CI must pass before merging
+- Maintainers may request changes or improvements
+
+## Reporting Bugs
+
+- Use GitHub Issues to report bugs
+- Include: steps to reproduce, expected behavior, actual behavior, environment details
+- Check existing issues before creating a new one
+
+## Requesting Features
+
+- Open a GitHub Issue with the `enhancement` label
+- Describe the use case and expected behavior
+- Be open to discussion about implementation approach
+
+## Code of Conduct
+
+All participants in the OpenUBA community are expected to follow the [Code of Conduct](CODE_OF_CONDUCT.md).
+
+## License
+
+By contributing to OpenUBA, you agree that your contributions will be licensed under the project's license.

GOVERNANCE.md

@@ -0,0 +1,40 @@
+# OpenUBA Governance
+
+## Overview
+
+OpenUBA is an open-source project governed by its maintainers. The project aims for transparent, community-driven decision-making.
+
+## Roles
+
+### Users
+Anyone who uses OpenUBA. Users may provide feedback, report bugs, and request features via GitHub Issues.
+
+### Contributors
+Anyone who contributes code, documentation, tests, or other improvements via pull requests. Contributors must sign off commits under the DCO (see CONTRIBUTING.md).
+
+### Maintainers
+Individuals with merge access to the repository. Maintainers review PRs, triage issues, and make technical decisions. Listed in MAINTAINERS.md.
+
+### Project Lead
+The project lead provides overall direction, resolves disputes, and represents the project externally. Currently: Jovonni Pharr (@Jovonni).
+
+## Decision Making
+
+- **Routine changes** (bug fixes, docs, tests): Single maintainer approval
+- **Significant changes** (new features, architecture): Two maintainer approvals or project lead approval
+- **Breaking changes** (API changes, major refactors): Discussed in a GitHub Issue first, requires project lead approval
+
+## Becoming a Maintainer
+
+1. Demonstrate sustained, quality contributions over 3+ months
+2. Be nominated by an existing maintainer
+3. Approved by project lead
+4. Added to MAINTAINERS.md
+
+## Code of Conduct
+
+All participants must follow the [Code of Conduct](CODE_OF_CONDUCT.md).
+
+## Changes to Governance
+
+Changes to this governance model require approval from the project lead and must be proposed via a GitHub Issue for community discussion.

MAINTAINERS.md

@@ -0,0 +1,17 @@
+# OpenUBA Maintainers
+
+This file lists the maintainers of the OpenUBA project.
+
+## Active Maintainers
+
+| Name | GitHub | Affiliation | Role |
+|------|--------|-------------|------|
+| Jovonni Pharr | [@Jovonni](https://github.com/Jovonni) | GACWR | Project Lead |
+
+## Emeritus Maintainers
+
+None at this time.
+
+## Becoming a Maintainer
+
+New maintainers are nominated by existing maintainers based on sustained, high-quality contributions to the project. See [GOVERNANCE.md](GOVERNANCE.md) for the full process.

ROADMAP.md

@@ -0,0 +1,87 @@
+# OpenUBA Roadmap
+
+## Vision
+
+OpenUBA aims to be the standard open-source User & Entity Behavior Analytics (UEBA) platform for cloud-native security operations.
+
+## Current State (v0.0.2)
+
+### Core Engine
+- FastAPI backend with REST API
+- Containerized model execution sandbox (Docker-based)
+- Dual data pipelines: Elasticsearch + Apache Spark
+- 5 ML runtime images: sklearn, pytorch, tensorflow, networkx, base
+- Next.js frontend with model management UI
+- PostgreSQL storage with CloudNativePG
+- Local model library with install/train/infer lifecycle
+- Kind cluster development environment
+
+### Kubernetes-Native Infrastructure
+- Custom Resource Definitions: UBATraining, UBAInference, UBAPipeline, UBAWorkspace
+- Kopf-based operator (core/operator/) with workspace and pipeline handlers
+- Operator deployment, RBAC, and service accounts (k8s/)
+- Full K8s manifests: backend, frontend, Elasticsearch, Spark, Postgres, ingress
+
+### Model Registry & Ecosystem
+- Multi-backend model registry with adapter pattern
+- Adapters: local filesystem, GitHub, HuggingFace, Kubeflow, OpenUBA Hub
+- Model integrity verification via SHA-256 hashing (core/hash.py)
+- Registry service with tests
+
+### Scheduling & Async
+- Model scheduler service (core/services/model_scheduler.py)
+- Schedules API router (core/api_routers/schedules.py)
+- Async inference support in pipeline
+
+### GraphQL
+- PostGraphile deployment (k8s/postgraphile-deployment.yaml)
+- GraphQL endpoint with tests (core/tests/test_graphql.py)
+
+### Workspaces
+- Jupyter notebook workspaces with SDK integration
+- Workspace CRD + operator handler
+- E2E tests for workspace notebooks and JupyterLab SDK
+
+### Visual Rule Builder (Rule Canvas)
+- ReactFlow-based drag-and-drop rule editor (664 LOC, flow-canvas.tsx)
+- Custom node types for detection logic (290 LOC, flow-nodes.tsx)
+- Palette with draggable condition/action nodes
+- Rule save, test, severity configuration
+- Integrated with GraphQL model queries
+
+### LLM Investigation Assistant
+- Omnipresent chat window accessible from any page (559 LOC, chat-window.tsx)
+- Multi-provider support: Ollama, OpenAI, Claude, Gemini
+- SSE streaming with thinking block parsing
+- Context-aware: injects current page/entity context into prompts
+- Backend chat API with SSE streaming (app/api/chat/route.ts)
+
+## Phase 1: Production Hardening (Q3 2026)
+
+- [ ] Helm chart packaging and publishing to Artifact Hub
+- [ ] Horizontal pod autoscaling for Spark workers
+- [ ] Multi-tenant isolation (namespace-per-tenant)
+- [ ] Production-grade observability (OpenTelemetry self-instrumentation, Prometheus /metrics endpoint)
+- [ ] Full PostgreSQL migration for all state (eliminate remaining JSON file state)
+
+## Phase 2: CNCF Integration (Q4 2026)
+
+- [ ] Falco integration: consume runtime security events as behavioral data source
+- [ ] OpenTelemetry integration: ingest OTLP traces and logs as behavioral signals
+- [ ] OPA/Kyverno policy trigger: output risk scores as policy inputs
+- [ ] SPIFFE/SPIRE workload identity for inter-service authentication
+- [ ] CNCF Landscape listing
+- [ ] TAG Security presentation and feedback incorporation
+
+## Phase 3: Community & Scale (Q1 2027)
+
+- [ ] Community model marketplace (OpenUBA Hub public instance)
+- [ ] Performance benchmarks published
+- [ ] Contributor diversity (multiple organizations)
+
+## Phase 4: Incubation Readiness (Q2 2027)
+
+- [ ] Production deployments documented in ADOPTERS.md
+- [ ] Independent security audit
+- [ ] Comprehensive documentation review
+- [ ] Governance maturity demonstration

SECURITY.md

@@ -0,0 +1,48 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.0.2   | Yes       |
+| < 0.0.2 | No        |
+
+## Reporting a Vulnerability
+
+The OpenUBA team takes security seriously. If you discover a security vulnerability, please report it responsibly.
+
+**DO NOT** open a public GitHub issue for security vulnerabilities.
+
+### How to Report
+
+1. Email: info@gacwr.org
+2. Subject: `[SECURITY] OpenUBA Vulnerability Report`
+3. Include:
+   - Description of the vulnerability
+   - Steps to reproduce
+   - Potential impact
+   - Suggested fix (if any)
+
+### Response Timeline
+
+- **Acknowledgment**: Within 48 hours
+- **Initial Assessment**: Within 7 days
+- **Fix/Mitigation**: Depends on severity
+  - Critical: 7 days
+  - High: 14 days
+  - Medium: 30 days
+  - Low: Next release
+
+### Disclosure Policy
+
+- We will coordinate disclosure with the reporter
+- We aim to release a fix before public disclosure
+- Credit will be given to reporters (unless they prefer anonymity)
+
+## Security Best Practices for Deployment
+
+- Run OpenUBA behind a reverse proxy with TLS
+- Use Kubernetes RBAC to restrict access to OpenUBA pods
+- Store Elasticsearch and PostgreSQL credentials in Kubernetes Secrets
+- Enable network policies to restrict pod-to-pod communication
+- Regularly update container images for security patches