bee/bible-local/architecture/system-overview.md

System Overview — bee

What it does

Hardware audit LiveCD. Boots on a server via BMC virtual media or USB. Collects hardware inventory at OS level (not through BMC/Redfish). Produces HardwareIngestRequest JSON compatible with core/reanimator.

Why it exists

Fills gaps where Redfish/logpile is blind:

• NVMe serials and SMART data
• DIMM serials and slot layout
• GPU serials and VBIOS versions
• Physical disks behind RAID controllers
• Full SMART wear telemetry
• NIC firmware versions

In scope

• Read-only hardware inventory: board, CPU, memory, storage, PCIe, PSU, GPU, NIC, RAID
• Unattended operation — no user interaction at any stage
• NVIDIA proprietary driver loaded at boot for GPU enrichment
• SSH access in debug ISO for development and testing
• Auto-update of audit binary from Gitea releases (production ISO)

Out of scope

• Any writes to the server being audited
• Network configuration changes
• BMC/IPMI configuration
• Anything requiring persistent storage on the audited machine
• Windows support

Tech stack

Component	Technology
Audit binary	Go, static, CGO_ENABLED=0
LiveCD	Alpine Linux 3.21, linux-lts 6.12.x
ISO build	Alpine mkimage + apkovl overlay
Init system	OpenRC
SSH (debug)	Dropbear
NVIDIA driver	Proprietary .run installer, built against linux-lts headers
Builder VM	Alpine 3.21, 172.27.0.4

Key paths

Path	Purpose
audit/cmd/audit/	CLI entry point
audit/internal/collector/	Per-subsystem collectors
audit/internal/schema/	HardwareIngestRequest types
iso/builder/	ISO build scripts and mkimage profile
iso/overlay-debug/	Files injected into debug ISO via apkovl
iso/builder/VERSIONS	Pinned versions: Alpine, Go, NVIDIA driver
dist/	Build outputs (gitignored)
iso/out/	Downloaded ISO files (gitignored)