TacitSoft Diagnostics

Collector Catalog

Public metadata for safe, inspectable diagnostic collectors. Each collector generates a local bundle that should be reviewed before upload.

Catalog schema

2026.05

Bundle schema

2026.05

Machine metadata

collectors.json

k8s-resource-audit

Kubernetes Resource Audit

v0.1.0 metadata-preview

Collects Kubernetes resource, workload, namespace, and scheduling signals for a production-readiness diagnostic bundle.

Safety level
Level 2: cluster configuration inventory
Download metadata
tacitdiag module · SHA-256 pending-release-sha256 · placeholder-pending-signed-release
Signing key
TacitSoft collector signing key pending publication

Collects

  • Cluster and namespace resource inventory
  • Workload requests, limits, replicas, and scheduling metadata
  • Service, ingress, storage, and configuration references
  • Diagnostic logs produced by the collector run

Does not collect by default

  • Kubernetes Secret values
  • Container filesystem contents
  • Live workload traffic

Source references

  • docs/strategies/cmmc-stig-diagnostics-saas-platform.md
  • docs/strategies/tacitsoft-full-spectrum-strategy-map.md

linux-baseline

Linux Baseline

v0.1.0 metadata-preview

Collects Linux host baseline facts used to assess hardening posture before deeper compliance mapping.

Safety level
Level 3: host configuration and hardening signals
Download metadata
shell collector bundle · SHA-256 pending-release-sha256 · placeholder-pending-signed-release
Signing key
TacitSoft collector signing key pending publication

Collects

  • OS release, kernel, package, service, and account posture metadata
  • Filesystem, mount, network listener, and firewall summaries
  • Selected security configuration files and normalized findings
  • Collector log, manifest, and checksums

Does not collect by default

  • Private keys or credential stores
  • User home directory contents
  • Application databases

Source references

  • docs/strategies/cmmc-stig-diagnostics-saas-platform.md
  • docs/strategies/tacitsoft-full-spectrum-strategy-map.md

ubuntu-stig-preflight

Ubuntu STIG Preflight

v0.1.0 metadata-preview

Prepares Ubuntu systems for STIG and CMMC readiness review without applying remediation changes.

Safety level
Level 3: STIG readiness evidence preview
Download metadata
shell collector bundle · SHA-256 pending-release-sha256 · placeholder-pending-signed-release
Signing key
TacitSoft collector signing key pending publication

Collects

  • Ubuntu release, package, service, and kernel configuration facts
  • USG/SCC/STIG readiness inputs where present
  • Authentication, endpoint agent, and rollout-risk indicators
  • Evidence checklist inputs for review tooling

Does not collect by default

  • Password hashes
  • Private SSH keys
  • Automatic remediation output

Source references

  • docs/strategies/cmmc-stig-diagnostics-saas-platform.md
  • docs/strategies/tacitsoft-full-spectrum-strategy-map.md

cmmc-evidence-prep

CMMC Evidence Prep

v0.1.0 metadata-preview

Builds a reviewable evidence-prep bundle for CMMC readiness, control-impact mapping, and documentation planning.

Safety level
Level 3: compliance evidence preparation
Download metadata
shell collector bundle · SHA-256 pending-release-sha256 · placeholder-pending-signed-release
Signing key
TacitSoft collector signing key pending publication

Collects

  • Host and control-mapping evidence inputs
  • Policy, configuration, and audit-readiness file references
  • POA&M and evidence checklist preparation metadata
  • Bundle manifest, checksums, and collector logs

Does not collect by default

  • Full policy repositories by default
  • Customer proprietary evidence unless explicitly added
  • Assessment submissions to third-party systems

Source references

  • docs/strategies/cmmc-stig-diagnostics-saas-platform.md
  • docs/strategies/tacitsoft-full-spectrum-strategy-map.md

Inspect the bundle before upload

Collectors write local artifacts first. Upload should happen only after the generated bundle has been reviewed and redacted as needed.

  1. 1 Open bundle.json and confirm the collector name, version, creation time, platform, and sensitive-data flag.
  2. 2 Review manifest.json and checksums.sha256 so the file list and hashes match the generated bundle.
  3. 3 Inspect raw/ and normalized/ for secrets, tokens, keys, customer data, or other material that should be redacted before upload.
  4. 4 Read collector.log for command failures or skipped checks before sharing the bundle.

Expected bundle contents

bundle.json manifest.json checksums.sha256 collector.log raw/ normalized/ reports/ redaction/ signatures/