refactor: rename os-image-composer to ict across entire codebase

- Update Go module path from os-image-composer to ict
- Rename cmd/os-image-composer/ to cmd/ict/
- Update CLI binary name, help text, and completion scripts
- Update config search paths (ict.yml, /etc/ict/, etc.)
- Update system paths (/var/cache/ict, /tmp/ict)
- Rename schema file to ict-config.schema.json
- Update Earthfile build targets and paths
- Update all documentation (.md) references
- Update GitHub Actions workflows and CODEOWNERS
- Update shell scripts and image template comments
- Rename architecture doc files to ict-* prefix

No logic or behavior changes - only names and string literals.

Author: arodage

.github/CODEOWNERS

@@ -7,10 +7,10 @@
 # someone opens a pull request.
 
 # Everything requires image-composer-maintain team review by default
-* @open-edge-platform/os-image-composer-maintain
+* @open-edge-platform/ict-maintain
 
 # CI files
-.github/ @adimoft @daveroge @shanedonohue @manilk1x @open-edge-platform/os-image-composer-maintain
+.github/ @adimoft @daveroge @shanedonohue @manilk1x @open-edge-platform/ict-maintain
 
 # documentation content
 /docs @open-edge-platform/open-edge-platform-docs-write

.github/copilot-instructions.md

@@ -1,8 +1,8 @@
-# Copilot Instructions for os-image-composer
+# Copilot Instructions for ict
 
 ## Architecture Overview
 
-OS Image Composer builds custom Linux images from pre-built packages. Key components:
+ICT builds custom Linux images from pre-built packages. Key components:
 
 - **Provider** (`internal/provider/`) - Orchestrates builds per OS (azl, elxr, emt, rcd, ubuntu). Implements `Provider` interface with `Name`, `Init`, `PreProcess`, `BuildImage`, `PostProcess` methods. Each provider exports an `OsName` constant and a `Register()` function
 - **Image makers** (`internal/image/`) - Creates output formats: `rawmaker/`, `isomaker/`, `initrdmaker/`
@@ -31,7 +31,7 @@ Coverage threshold is enforced in CI and auto-ratcheted — see `.coverage-thres
 
 1. Create package in `internal/provider/{osname}/`
 2. Implement `provider.Provider` interface (see `internal/provider/provider.go`)
-3. Register in `cmd/os-image-composer/build.go` switch statement
+3. Register in `cmd/ict/build.go` switch statement
 4. Add default configs in `config/osv/{osname}/`
 5. Create example templates in `image-templates/`
 
@@ -47,19 +47,19 @@ for _, tt := range tests {
 ```
 - Follow the **AAA pattern**: Arrange (setup), Act (execute), Assert (verify)
 - Test file naming: `*_test.go` in same package
-- Reset shared state in tests (see `resetBuildFlags()` pattern in `cmd/os-image-composer/build_test.go`)
+- Reset shared state in tests (see `resetBuildFlags()` pattern in `cmd/ict/build_test.go`)
 
 ## Error Handling
 
 - **Always wrap** with context: `fmt.Errorf("failed to X: %w", err)`
-- Use named returns with defer for cleanup (see `docs/architecture/os-image-composer-coding-style.md`)
+- Use named returns with defer for cleanup (see `docs/architecture/ict-coding-style.md`)
 - Never ignore errors with `_`
 
 ## Logging
 
 - Use the project logger, **not** `fmt.Println` or `log` stdlib:
 ```go
-import "github.com/open-edge-platform/os-image-composer/internal/utils/logger"
+import "github.com/open-edge-platform/ict/internal/utils/logger"
 
 var log = logger.Logger()
 ```
@@ -78,17 +78,17 @@ var log = logger.Logger()
 - **Imports**: stdlib → third-party → local (blank line separated)
 - **Struct-based design over globals** — prefer dependency injection
 - **Interface naming**: should end with `-er` when possible (e.g., `PackageInstaller`, `ConfigReader`)
-- **Named returns + defer for cleanup** — the standard cleanup pattern (not "goto fail"); see [coding style Section 4.3](../docs/architecture/os-image-composer-coding-style.md)
+- **Named returns + defer for cleanup** — the standard cleanup pattern (not "goto fail"); see [coding style Section 4.3](../docs/architecture/ict-coding-style.md)
 - **Linters** (`earthly +lint`): `govet`, `gofmt`, `errcheck`, `staticcheck`, `unused`, `gosimple` — all errors must be handled (`errcheck` is enforced)
 - Shell scripts: `set -euo pipefail`
-- See `docs/architecture/os-image-composer-coding-style.md` for the full guide
+- See `docs/architecture/ict-coding-style.md` for the full guide
 
 ## Security
 
 - **HTTP clients**: Always use `network.NewSecureHTTPClient()` or the singleton `network.GetSecureHTTPClient()` from `internal/utils/network/` — enforces TLS 1.2+ with approved cipher suites. Never use `http.DefaultClient`
 - **Command execution**: Use the `internal/utils/shell/` package which maintains an allowlist of approved system commands. Never use raw `exec.Command()`
 - **Input validation**: Sanitize user-provided filenames and paths; use `filepath.Clean()` on paths
-- **Template validation**: Templates are validated against JSON schema (`os-image-template.schema.json`) via `os-image-composer validate`
+- **Template validation**: Templates are validated against JSON schema (`os-image-template.schema.json`) via `ict validate`
 - **File permissions**: `0700` for chroot dirs, `0755` for general dirs, `0644` for data files, `0640` for log files
 - CI runs **Trivy** (dependency vulnerability scanning — fails on HIGH/CRITICAL), **Gitleaks** (secret detection), and **Zizmor** (GitHub Actions security auditing)
 
@@ -100,16 +100,16 @@ Before opening a PR, check whether your changes affect any of these and update a
 
 | What changed | Docs to update |
 |---|---|
-| CLI flags or commands | `docs/architecture/os-image-composer-cli-specification.md`, `docs/tutorial/usage-guide.md` |
+| CLI flags or commands | `docs/architecture/ict-cli-specification.md`, `docs/tutorial/usage-guide.md` |
 | Build process or Earthfile targets | `docs/tutorial/usage-guide.md`, this file's **Build and Test** section |
-| Image template schema or fields | `docs/architecture/os-image-composer-templates.md`, relevant `image-templates/*.yml` examples |
+| Image template schema or fields | `docs/architecture/ict-templates.md`, relevant `image-templates/*.yml` examples |
 | New OS provider | `docs/architecture/architecture.md`, this file's **Adding a New OS Provider** section |
 | New tutorial-worthy feature | Add or update a guide in `docs/tutorial/` |
 | Architecture or design decisions | Add an ADR in `docs/architecture/` |
 | Security-related changes | `docs/architecture/image-composition-tool-security-objectives.md` |
-| Caching behavior | `docs/architecture/os-image-composer-caching.md` |
-| Coding conventions | `docs/architecture/os-image-composer-coding-style.md` |
-| Dependencies or multi-repo setup | `docs/architecture/os-image-composer-multi-repo-support.md` |
+| Caching behavior | `docs/architecture/ict-caching.md` |
+| Coding conventions | `docs/architecture/ict-coding-style.md` |
+| Dependencies or multi-repo setup | `docs/architecture/ict-multi-repo-support.md` |
 | User-facing features or fixes | `docs/release-notes.md` |
 
 ## Git Commits & PRs
@@ -139,7 +139,7 @@ All PRs must pass these checks before merging:
 - **Minimal user templates**: only `image` + `target` sections required; OS defaults handle the rest
 - **Always include a `metadata` block** with `description`, `use_cases`, and `keywords` for discoverability
 - **Merge behavior**: packages are _additive_ (merged by name); `disk` configuration _replaces_ entirely
-- **Validate** before committing: `os-image-composer validate -t <template.yml>`
+- **Validate** before committing: `ict validate -t <template.yml>`
 
 ## Key Files
 

.github/workflows/gitleak-scan.yml

@@ -19,6 +19,6 @@ jobs:
         with:
           scan-scope: "all"
           source: "./"
-          config_path: "./ci/gitleaks_baselines/os-image-composer-gitleaks.sarif"
+          config_path: "./ci/gitleaks_baselines/ict-gitleaks.sarif"
           report_format: "sarif"
           redact: "true"

Earthfile

@@ -106,11 +106,11 @@ build:
         CGO_ENABLED=0 GOARCH=amd64 GOOS=linux \
         go build -trimpath -buildmode=pie -o build/live-installer \
             -ldflags "-s -w \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.Version=$VERSION' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.Toolname=Image-Composer' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.Organization=Open Edge Platform' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.BuildDate=$BUILD_DATE' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.CommitSHA=$COMMIT_SHA'" \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.Version=$VERSION' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.Toolname=Image-Composer' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.Organization=Open Edge Platform' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.BuildDate=$BUILD_DATE' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.CommitSHA=$COMMIT_SHA'" \
             ./cmd/live-installer
 
     SAVE ARTIFACT build/live-installer AS LOCAL ./build/live-installer
@@ -120,17 +120,17 @@ build:
         COMMIT_SHA=$(cat /tmp/commit_sha) && \
         BUILD_DATE=$(cat /tmp/build_date) && \
         CGO_ENABLED=0 GOARCH=amd64 GOOS=linux \
-        go build -trimpath -buildmode=pie -o build/os-image-composer \
+        go build -trimpath -buildmode=pie -o build/ict \
             -ldflags "-s -w \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.Version=$VERSION' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.Toolname=Image-Composer' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.Organization=Open Edge Platform' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.BuildDate=$BUILD_DATE' \
-                     -X 'github.com/open-edge-platform/os-image-composer/internal/config/version.CommitSHA=$COMMIT_SHA'" \
-            ./cmd/os-image-composer
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.Version=$VERSION' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.Toolname=Image-Composer' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.Organization=Open Edge Platform' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.BuildDate=$BUILD_DATE' \
+                     -X 'github.com/open-edge-platform/ict/internal/config/version.CommitSHA=$COMMIT_SHA'" \
+            ./cmd/ict
 
-    SAVE ARTIFACT build/os-image-composer AS LOCAL ./build/os-image-composer
-    SAVE ARTIFACT /tmp/version.txt AS LOCAL ./build/os-image-composer.version
+    SAVE ARTIFACT build/ict AS LOCAL ./build/ict
+    SAVE ARTIFACT /tmp/version.txt AS LOCAL ./build/ict.version
 
 lint:
     FROM +golang-base
@@ -212,59 +212,59 @@ deb:
 
     # Create directory structure following FHS (Filesystem Hierarchy Standard)
     RUN mkdir -p usr/local/bin \
-                 etc/os-image-composer/config \
-                 usr/share/os-image-composer/examples \
-                 usr/share/doc/os-image-composer \
-                 var/cache/os-image-composer \
+                 etc/ict/config \
+                 usr/share/ict/examples \
+                 usr/share/doc/ict \
+                 var/cache/ict \
                  DEBIAN
 
     # Copy the built binary from the build target
-    COPY +build/os-image-composer usr/local/bin/os-image-composer
+    COPY +build/ict usr/local/bin/ict
 
     # Make the binary executable
-    RUN chmod +x usr/local/bin/os-image-composer
+    RUN chmod +x usr/local/bin/ict
 
     # Create default global configuration with system paths (user-editable)
     # Note: Must be named config.yml to match the default search paths in the code
-    RUN echo "# OS Image Composer - Global Configuration" > etc/os-image-composer/config.yml && \
-        echo "# This file contains tool-level settings that apply across all image builds." >> etc/os-image-composer/config.yml && \
-        echo "# Image-specific parameters should be defined in the image specification." >> etc/os-image-composer/config.yml && \
-        echo "" >> etc/os-image-composer/config.yml && \
-        echo "# Core tool settings" >> etc/os-image-composer/config.yml && \
-        echo "workers: 8" >> etc/os-image-composer/config.yml && \
-        echo "# Number of concurrent download workers (1-100, default: 8)" >> etc/os-image-composer/config.yml && \
-        echo "" >> etc/os-image-composer/config.yml && \
-        echo "config_dir: \"/etc/os-image-composer/config\"" >> etc/os-image-composer/config.yml && \
-        echo "# Directory containing configuration files for different target OSs" >> etc/os-image-composer/config.yml && \
-        echo "" >> etc/os-image-composer/config.yml && \
-        echo "cache_dir: \"/var/cache/os-image-composer\"" >> etc/os-image-composer/config.yml && \
-        echo "# Package cache directory where downloaded RPMs/DEBs are stored" >> etc/os-image-composer/config.yml && \
-        echo "" >> etc/os-image-composer/config.yml && \
-        echo "work_dir: \"/tmp/os-image-composer\"" >> etc/os-image-composer/config.yml && \
-        echo "# Working directory for build operations and image assembly" >> etc/os-image-composer/config.yml && \
-        echo "" >> etc/os-image-composer/config.yml && \
-        echo "temp_dir: \"/tmp\"" >> etc/os-image-composer/config.yml && \
-        echo "# Temporary directory for short-lived files" >> etc/os-image-composer/config.yml && \
-        echo "" >> etc/os-image-composer/config.yml && \
-        echo "# Logging configuration" >> etc/os-image-composer/config.yml && \
-        echo "logging:" >> etc/os-image-composer/config.yml && \
-        echo "  level: \"info\"" >> etc/os-image-composer/config.yml && \
-        echo "  # Log verbosity level: debug, info, warn, error" >> etc/os-image-composer/config.yml
+    RUN echo "# ICT - Global Configuration" > etc/ict/config.yml && \
+        echo "# This file contains tool-level settings that apply across all image builds." >> etc/ict/config.yml && \
+        echo "# Image-specific parameters should be defined in the image specification." >> etc/ict/config.yml && \
+        echo "" >> etc/ict/config.yml && \
+        echo "# Core tool settings" >> etc/ict/config.yml && \
+        echo "workers: 8" >> etc/ict/config.yml && \
+        echo "# Number of concurrent download workers (1-100, default: 8)" >> etc/ict/config.yml && \
+        echo "" >> etc/ict/config.yml && \
+        echo "config_dir: \"/etc/ict/config\"" >> etc/ict/config.yml && \
+        echo "# Directory containing configuration files for different target OSs" >> etc/ict/config.yml && \
+        echo "" >> etc/ict/config.yml && \
+        echo "cache_dir: \"/var/cache/ict\"" >> etc/ict/config.yml && \
+        echo "# Package cache directory where downloaded RPMs/DEBs are stored" >> etc/ict/config.yml && \
+        echo "" >> etc/ict/config.yml && \
+        echo "work_dir: \"/tmp/ict\"" >> etc/ict/config.yml && \
+        echo "# Working directory for build operations and image assembly" >> etc/ict/config.yml && \
+        echo "" >> etc/ict/config.yml && \
+        echo "temp_dir: \"/tmp\"" >> etc/ict/config.yml && \
+        echo "# Temporary directory for short-lived files" >> etc/ict/config.yml && \
+        echo "" >> etc/ict/config.yml && \
+        echo "# Logging configuration" >> etc/ict/config.yml && \
+        echo "logging:" >> etc/ict/config.yml && \
+        echo "  level: \"info\"" >> etc/ict/config.yml && \
+        echo "  # Log verbosity level: debug, info, warn, error" >> etc/ict/config.yml
 
     # Copy OS variant configuration files (user-editable)
-    COPY config etc/os-image-composer/config
+    COPY config etc/ict/config
 
     # Copy image templates as examples (read-only, for reference)
-    COPY image-templates usr/share/os-image-composer/examples
+    COPY image-templates usr/share/ict/examples
 
     # Copy documentation
-    COPY README.md usr/share/doc/os-image-composer/
-    COPY LICENSE usr/share/doc/os-image-composer/
-    COPY docs/architecture/os-image-composer-cli-specification.md usr/share/doc/os-image-composer/
+    COPY README.md usr/share/doc/ict/
+    COPY LICENSE usr/share/doc/ict/
+    COPY docs/architecture/ict-cli-specification.md usr/share/doc/ict/
 
     # Create the DEBIAN control file with proper metadata
     RUN VERSION=$(cat /tmp/pkg_version) && \
-        echo "Package: os-image-composer" > DEBIAN/control && \
+        echo "Package: ict" > DEBIAN/control && \
         echo "Version: ${VERSION}" >> DEBIAN/control && \
         echo "Section: utils" >> DEBIAN/control && \
         echo "Priority: optional" >> DEBIAN/control && \
@@ -273,17 +273,17 @@ deb:
         echo "Depends: bash, coreutils, unzip, dosfstools, xorriso, grub-common" >> DEBIAN/control && \
         echo "Recommends: mmdebstrap, debootstrap" >> DEBIAN/control && \
         echo "License: MIT" >> DEBIAN/control && \
-        echo "Description: OS Image Composer (OIC)" >> DEBIAN/control && \
+        echo "Description: ICT (OIC)" >> DEBIAN/control && \
         echo " OIC enables users to compose custom bootable OS images based on a" >> DEBIAN/control && \
         echo " user-provided template that specifies package lists, configurations," >> DEBIAN/control && \
         echo " and output formats for supported distributions." >> DEBIAN/control
 
     # Build the debian package and stage in a stable location
     RUN VERSION=$(cat /tmp/pkg_version) && \
         mkdir -p /tmp/dist && \
-        dpkg-deb --build . /tmp/dist/os-image-composer_${VERSION}_${ARCH}.deb
+        dpkg-deb --build . /tmp/dist/ict_${VERSION}_${ARCH}.deb
 
     # Save the debian package artifact and resolved version information to dist/
-    RUN VERSION=$(cat /tmp/pkg_version) && cp /tmp/pkg_version /tmp/dist/os-image-composer.version
-    SAVE ARTIFACT /tmp/dist/os-image-composer_*_${ARCH}.deb AS LOCAL dist/
-    SAVE ARTIFACT /tmp/dist/os-image-composer.version AS LOCAL dist/os-image-composer.version
+    RUN VERSION=$(cat /tmp/pkg_version) && cp /tmp/pkg_version /tmp/dist/ict.version
+    SAVE ARTIFACT /tmp/dist/ict_*_${ARCH}.deb AS LOCAL dist/
+    SAVE ARTIFACT /tmp/dist/ict.version AS LOCAL dist/ict.version