Your first 30 minutes
A short, ordered sequence to get oriented. Kick off the access requests first (step 3) so approvals process in the background while you set up your laptop.
-
Download, unzip & verify — one line
Grab the onboarding zip from the top of this page, then unzip it, step into the folder, and confirm the checkout is intact — all in a single command. If
git fsckreports any errors, delete the folder and download it again before continuing.unzip standard-industries-onboarding.zip && cd standard-industries-onboarding && git fsck --full -
Skim the lay of the land
Read this page end to end once so you know where everything lives. You are not expected to memorize it by Friday.
-
Start your access requests early
Some approvals take up to a business day. File them now so they clear while you set up. Jump to Request access.
-
Copy the environment template
Fill in the values your team lead sends you. Never commit
.env— it's gitignored for a reason.cp .env.example .env -
Say hi
Introduce yourself in #new-threads on Slack, and drop a line in your team channel.
Request access
Request these on day one — some take up to a business day and you'll be blocked without them. File through the IT portal (link in your welcome email) or #it-help. Your team lead approves role-specific access.
eng-staging VPN group. Request it first — everything that touches the staging cluster depends on it.Identity & core 0/4
Source & build 0/4
Network & environments 0/3
Tools & observability 0/5
Set up your machine
Budget two to three hours, mostly waiting on installs. We support macOS (Apple Silicon or Intel) and Ubuntu 22.04+. Windows engineers work inside WSL2 — talk to IT before day one to get it provisioned.
Our device pins
| Toolchain | Version | Pinned in |
|---|---|---|
| Node | 20.14.0 | .nvmrc |
| Python | 3.12.4 | .python-version |
| Go | 1.22.x | go.mod |
The setup script installs and pins all three via nvm, pyenv, and goenv.
Setup checklist 0/7
1 · Get the code and verify
Download the zip from the top of this page, then unzip, enter the folder, and verify integrity — all in one line. Once your GitHub access lands you can switch to cloning; same repo, either way.
unzip standard-industries-onboarding.zip && cd standard-industries-onboarding && git fsck --full
# …or, once you're in the GitHub org:
# git clone git@github.com:standard-industries/onboarding.git2 · Install the toolchain
setup.sh installs Homebrew or refreshes apt, then nvm / pyenv / goenv with the pinned versions, Docker, the internal gi CLI, and the pre-commit hooks. It's safe to re-run — every step is idempotent.
./scripts/setup.sh3 · Verify with doctor
Checks versions, Docker health, SSO login, and VPN reachability to staging. Here's what a healthy-enough local machine looks like — remote checks (SSO, VPN) can be red until your access clears:
Standard Industries :: machine doctor ------------------------------------ Toolchain: ✗ node 24.14.0 (want 20.14.0 — run 'nvm use') ✗ python not found ✓ go go1.26.1 ✗ si CLI not found (check registry access) Containers: ✓ docker daemon reachable Git hygiene: ✓ pre-commit installed ✓ pre-commit hook registered ✓ .env present Access (best-effort checks): ✗ no active AWS SSO session (run your SSO login) ✗ staging unreachable — are you on the eng-staging VPN? ------------------------------------ Result: 5 passed, 5 need attention
4 · Configure your environment
The variable names in .env.example are safe to read; the values are secrets your lead sends you. .env is gitignored — never commit it.
cp .env.example .env5 · Bring up the local stack
We run a trimmed slice of production locally via Docker Compose.
si up # Loom, Spindle, Selvage, Postgres, Redis, Kafka
si seed # load demo tenants and sample device data
si open tapestry # opens the local customer app at http://localhost:3000si up only starts the core path. Data-heavy services (Dye) and edge simulators (Weft, Bobbin) start on demand with si up --profile edge or --profile analytics.
6 · Run something end to end
The smoke flow creates a demo tenant, registers a fake device through Bobbin, pushes a reading through Weft → Warp → Selvage, and asserts a workflow fires.
si smokeIf si smoke passes, you have a working dev environment. Congrats.
7 · Make your first change
A good first task is a "docs or tests" PR — small, low-risk, and it walks you through the whole flow. Your onboarding buddy will suggest a starter issue tagged good-first-issue. Read How we ship before you open it.
eng-staging group yet. Docker won't start on Apple Silicon → enable Rosetta in Docker Desktop (Kafka needs it). si seed hangs → Postgres isn't healthy yet; gi logs postgres and give it 30 seconds. Pre-commit rejected your commit → that's expected, it auto-formats; re-stage and commit again.How we ship
The short version: small changes, clear descriptions, green CI, one approving reviewer. This applies across every service repo, not just onboarding.
Branching & commits
Cut branches from main, named <type>/GI-<ticket>-<short-slug>. Types: feat, fix, docs, chore, refactor, test, perf.
git switch -c feat/GI-1421-selvage-retry-backoffWe like Conventional Commits — keep the subject under ~72 chars and explain the why in the body.
feat(selvage): add exponential backoff to action retries
Workflows that call flaky external webhooks were hammering them on
failure. Backoff caps at 5 attempts. Closes GI-1421.Pull requests
- Keep them small
- A tight, single-purpose PR is a "snip." A 2,000-line PR is a saga, and sagas sit unreviewed for days — split them.
- Fill the template
- Link the Jira thread. Add screenshots for UI changes.
- Draft = WIP
- Use a
WIP:prefix or GitHub's draft state; mark ready when CI is green. - CI must pass
- The lint gate blocks merge — run
pre-commit run --all-fileslocally first.
pre-commit run --all-filesReview norms
- One approval required — two for changes to Spindle (auth), Warp (event schemas), or anything touching tenant isolation.
- Reviewers aim to respond within one business day. Blocked? A polite
PTALin the team channel. - Reviews are about the code, not the coder. Approve with
LGTM; the author squash-merges after approval. - "Disagree and commit" is fine once a decision is made.
What needs an RFC
Write a short RFC in The Spool (Notion) before the code for: new services, new Warp event schemas, cross-team API changes, data-model changes, or anything that alters tenant isolation. Small stuff doesn't — use judgment, and ask your lead when unsure.
.env. Never reach into another service's database — use its API or a Warp event. Always scope by tenant_id; cross-tenant leaks are security incidents, full stop.How Fabric fits together
Fabric ingests signals from customer factory equipment, moves them through an event backbone, runs them against customer-defined workflows, and surfaces results in dashboards and integrations. Every service name is textile-themed — blame the CTO.
Factory floor Edge Cloud (AWS / EKS) ┌────────────┐ ┌──────────────┐ ┌──────────────────────────────┐ │ PLCs / MES │─────│ Bobbin agent │───│ Weft ─▶ Warp ─▶ Selvage │ │ ERP / IoT │ TLS │ (device mgmt)│ │ ingest events workflows │ └────────────┘ └──────────────┘ │ │ │ │ │ ▼ ▼ │ │ Dye Shuttle │ │ (analytics) (notify) │ └──────┬──────────────┬──────────┘ ┌────▼────┐ ┌────▼────┐ │ Tapestry│ │ Reel │ │(cust app)│ │(admin) │ └─────────┘ └─────────┘ Everything public enters through Loom (gateway) and authns via Spindle.
Core services
| Service | Purpose | Lang | Team |
|---|---|---|---|
| Loom | API gateway / routing, rate limiting, TLS termination | Go | Platform |
| Spindle | Identity, auth, tenant / RBAC, API keys | Go | Platform |
| Warp | Kafka event backbone — the spine everything publishes to | Go | Platform |
| Weft | Ingestion — normalizes raw device readings into events | Python | Edge |
| Bobbin | Device registry + fleet management for on-prem agents | Python | Edge |
| Selvage | The workflow orchestration engine — the actual product | Go | Orchestration |
| Dye | Analytics, aggregation, reporting queries | Python | Data & Analytics |
| Shuttle | Notifications — email, webhook, SMS, in-app | Go | Platform |
| Tapestry | Customer-facing web app | TS / Next.js | Frontend |
| Reel | Internal admin + support console | TS / Next.js | Frontend |
| Skein | Shared design system / component library | TS | Frontend |
How a reading flows
- A device on the factory floor emits a reading.
- The Bobbin agent (running on-prem) batches and ships it over mTLS.
- Weft validates and normalizes it into a canonical Fabric event.
- The event lands on a Warp topic (
fabric.<domain>.<event>). - Selvage evaluates the tenant's workflows and may emit actions.
- Actions fan out — Shuttle notifies humans, Dye records for analytics, results surface in Tapestry.
Guardrails worth internalizing early
- Service boundaries are sacred. Talk to other services through their API or Warp events — never their database.
- Everything is multi-tenant. When in doubt, scope by
tenant_id. - Warp is the spine. New events go through the schema registry — no ad-hoc topics.
- Prod is boring on purpose. Big changes ship behind flags via Heddle.
Who to ask
Names are your fastest route to an answer — but always prefer the team's Slack channel over DMing a person, so answers stay searchable. (Everyone below is fictional.)
Engineering teams
| Team | Owns | Ask them about | Channel |
|---|---|---|---|
| Platform | Loom, Spindle, Warp, Shuttle | auth, gateways, event schemas, rate limits | #team-platform |
| Edge | Weft, Bobbin | device agents, mTLS, ingestion, floor protocols | #team-edge |
| Orchestration | Selvage | workflow evaluation, the rules DSL, action fan-out | #team-orchestration |
| Data & Analytics | Dye, ClickHouse | reporting queries, aggregations, data exports | #team-data |
| Frontend | Tapestry, Reel, Skein | the customer app, admin console, design system | #team-frontend |
| SRE / Infra | clusters, CI/CD, Heddle, on-call | deploys, environments, flags, incidents | #team-sre |
| Security | program, threat model, IR | tenant isolation, secrets, anything vuln-shaped | #security-report |
"Who owns this?" cheat sheet
| If it's about… | Ask |
|---|---|
| Login / can't authenticate | Platform · #team-platform |
| A device isn't reporting | Edge · #team-edge |
| A workflow didn't fire | Orchestration · #team-orchestration |
| A dashboard number looks wrong | Data & Analytics · #team-data |
| The UI is broken / ugly | Frontend · #team-frontend |
| A deploy failed / prod is down | SRE · #team-sre (or #incidents if live) |
| "Is this a security issue?" | Security · #security-report |
| Laptop, accounts, hardware, WSL | IT (Sam Okonkwo) · #it-help |
| Payroll, benefits, PTO | People Ops · #people-ops |
Glossary & channels
The jargon you'll hit in your first week. When a term nobody explains trips you up, it's probably here — and if it isn't, add it in a PR.
Concepts & jargon
| Term | Meaning |
|---|---|
| Tenant | A customer organization. Everything is scoped by tenant_id. |
| Reading | A single data point emitted by a device (temp, count, status…). |
| Workflow | A tenant-defined rule in Selvage: when X, do Y. |
| Weave | Internal verb for "connect a customer's system into Fabric." |
| The Spool | Our internal wiki (Notion). Deeper docs and RFCs live there. |
| Thread | A unit of work / ticket. Tracked in Jira. |
| Snip | A small, self-contained PR. We like snips. |
| Lint gate | The CI check that blocks merge on style / format failures. |
| Frayed | Slang for a flaky test. "That test is frayed again." |
| Golden path | The supported, blessed way to do a common task via the gi CLI. |
Acronyms you'll hear
| Acronym | Meaning |
|---|---|
| SI | Standard Industries. Also our internal CLI (si). |
| PLC / MES / ERP | Factory device / shop-floor software / back-office software we ingest from. |
| RBAC | Role-Based Access Control, enforced by Spindle. |
| mTLS | Mutual TLS — how Bobbin agents authenticate to the cloud. |
| DRI | Directly Responsible Individual — the one owner of a thing. |
| RFC | Request For Comments — how we propose non-trivial changes. |
| PTAL / LGTM / WIP | "Please Take Another Look" / "Looks Good To Me" / "Work In Progress." |
Slack channels to join
| Channel | For |
|---|---|
| #new-threads | New hires — ask anything, no dumb questions |
| #eng-help | General engineering questions |
| #dev-env | Broken setup, doctor.sh failures, tooling |
| #incidents | Live incident coordination (read-only unless on-call) |
| #deploys | Automated deploy notifications |
| #watercooler | Not about work |
When you're stuck
We'd rather you ask early than stay stuck. Nobody expects you to have this memorized by Friday.
- Anything blocking you on day one — ping your onboarding buddy (assigned in your offer packet) or #new-threads.
- "Who owns X?" — check Who to ask, then #eng-help.
- Setup script broke — paste the output of
./scripts/doctor.shinto #dev-env. - An approval is stuck >1 business day — nudge in #it-help and CC your lead. Don't sit blocked silently — that's the one thing we ask you not to do.
si smoke passes, you're ready for local development, feature branches, and the code-review workflow. Welcome aboard.