{{ message }}
chore(root): typell root tidy-up — Phase 1+2 (build-safe relocate/archive)#21
Merged
Conversation
…hives
Phase 1 (safe, mechanical):
- gitignore ffi/zig/.zig-cache/ (live untracked Zig FFI build cache)
- .well-known/security.txt: drop invalid `Encryption: TODO`; fix `https://https://`
double-scheme in the Hiring field
Phase 2 — relocations via git mv (build-safe, canon-grounded; root 59 -> 40):
- docs/onboarding/: llm-warmup-{user,dev}.md
- docs/status/: UNIFIED-LEVELS.md, PROOF-NEEDS.md, TEST-NEEDS.md
- docs/design/: ABI-FFI-README.md (README.adoc reference updated)
- docs/: QUICKSTART-{USER,DEV,MAINTAINER}.adoc
- .machine_readable/ai/: .cursorrules, .windsurfrules
- container/: stapeln.toml, selur-compose.toml
- .machine_readable/: wokelangiser.toml
Archived — owner-declared; git mv to archive/, never deleted:
- CODEOWNERS (byte-identical dup; keeper = .github/CODEOWNERS)
- MAINTAINERS (bare {{AUTHOR}} template stub; keeper = MAINTAINERS.adoc)
Kept at root: every canonical + tooling-pinned file (Cargo/deny/cliff/flake/guix/
.guix-channel/eclexiaiser/k9iser/contractile.just/Justfile/git dotfiles/community-
health docs). All LICENCE/SPDX/NOTICE/EXHIBIT artefacts untouched (owner-only).
Deferred to Phase 3 (their only consumers lack owner-string/SPDX headers and cannot
be edited without a licence change or a hook bypass): TOPOLOGY.md move (THREAT-MODEL
link) and MAINTAINERS.md archive (GOVERNANCE/CONTRIBUTING links).
No licence/SPDX content edited. Stale rsr-audit.sh false-negatives NOT chased.
Ref: dev-notes/2026-06-16-typing-estate-tidyup-ledger.adoc
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Completes the deferred Phase 2 items + their reference updates: - git mv TOPOLOGY.md -> docs/TOPOLOGY.md - git mv MAINTAINERS.md -> archive/ (real-but-divergent dup; keeper = MAINTAINERS.adoc) - docs/THREAT-MODEL.md: link ../TOPOLOGY.md -> TOPOLOGY.md - GOVERNANCE.md (x3) + CONTRIBUTING.md: MAINTAINERS.md -> MAINTAINERS.adoc - .github/pull_request_template.md: TOPOLOGY.md -> docs/TOPOLOGY.md (checklist label) Committed with --no-verify (owner-approved, one-time). The reference fixes touch GOVERNANCE.md / CONTRIBUTING.md / docs/THREAT-MODEL.md, which the strict pre-commit hook rejects for a PRE-EXISTING reason: they lack the literal owner-string (and CONTRIBUTING.md has no SPDX header). Supplying those is a licence/attribution edit reserved to the owner (hard-stop), so the hook could not be satisfied without an owner-only change. No licence/SPDX content modified here — only path references. The three files' missing owner-string/SPDX is logged as Phase 3/4 debt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 61 issues detected View findings[
{
"reason": "codeql.yml lists `language: javascript-typescript` but the repo has no source files in any CodeQL-scannable language. The analyze job will exit 'no source files' on every run. Switch the matrix to `actions` (which scans workflow files — every repo has those).",
"type": "codeql_language_matrix_mismatch",
"file": "codeql.yml",
"action": "switch_codeql_matrix_to_actions",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "missing_timeout_minutes",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dependabot-automerge.yml",
"type": "missing_timeout_minutes",
"file": "dependabot-automerge.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Model-repo run of the typing-estate root tidy-up (task #10 cadence). Root 59 → 41 files. Cut fresh from
origin/main; 2 signed commits (id_ed25519_signing, verified).What changed
Phase 1 — quick wins (mechanical, commit 1, hook-clean):
ffi/zig/.zig-cache/(live untracked Zig FFI build cache).well-known/security.txt: drop invalidEncryption: TODO; fixhttps://https://double-scheme inHiringPhase 2 — relocations via
git mv(allR100renames; canon-grounded, build-safe):docs/onboarding/llm-warmup-{user,dev}.mddocs/status/UNIFIED-LEVELS.md,PROOF-NEEDS.md,TEST-NEEDS.mddocs/design/ABI-FFI-README.md(README reference updated)docs/QUICKSTART-{USER,DEV,MAINTAINER}.adoc,TOPOLOGY.md.machine_readable/ai/.cursorrules,.windsurfrulescontainer/stapeln.toml,selur-compose.toml.machine_readable/wokelangiser.tomlArchived (owner-declared;
git mv→archive/, never deleted):CODEOWNERS— byte-identical dup (keeper.github/CODEOWNERS)MAINTAINERS— bare{{AUTHOR}}template stub (keeperMAINTAINERS.adoc)MAINTAINERS.md— real-but-divergent dup (keeperMAINTAINERS.adoc)Reference links updated so nothing dangles:
README.adoc(ABI-FFI path),docs/THREAT-MODEL.md(TOPOLOGY link),GOVERNANCE.md×3 +CONTRIBUTING.md(MAINTAINERS →.adoc),.github/pull_request_template.md(TOPOLOGY checklist).Kept at root (canonical + tooling-pinned)
Everything build-critical stays:
Cargo.*,deny.toml,cliff.toml,flake.nix,guix.scm,.guix-channel,eclexiaiser.toml,k9iser.toml,contractile.just,Justfile, git dotfiles, community-health docs,setup.sh(curl-bootstrap UX). No tooling-pinned file moved. REUSE compliance preserved (the.reuse/dep5Files: *glob covers all new paths) — zero licence/SPDX edits.Note on commit 2 (
--no-verify, owner-approved one-time)Commit 2 (TOPOLOGY.md move + MAINTAINERS.md archive + their link-fixes) touches
GOVERNANCE.md/CONTRIBUTING.md/docs/THREAT-MODEL.md, which the strict attribution-drift pre-commit hook rejects for a pre-existing reason — they lack the literal owner-string (andCONTRIBUTING.mdhas no SPDX header). Supplying those is an owner-only licence/attribution edit (hard-stop), so the hook couldn't be satisfied without an owner change. Commit 1 is fully hook-verified-clean.Deferred to Phase 3 (owner-authored, not in this PR)
PLACEHOLDERS.md,READINESS.md,RSR_OUTLINE.adoc,GOVERNANCE.md→.adoc, and{{…}}token fills in.clinerules/.cursorrules/.windsurfrules/.mailmap/.envrc/.guix-channel/CODE_OF_CONDUCT.md/SECURITY.md/QUICKSTART-*.GOVERNANCE.md/CONTRIBUTING.md/docs/THREAT-MODEL.mdmissing owner-string / SPDX.UNIFIED-LEVELS.mdheader isPMPL-2.0-or-later, andEXHIBIT-A/B+LICENSES/PMPL-1.0-or-later.txtare PMPL artifacts — PMPL is sanctioned only inpalimpsest-license/palimpsest-plasma/consent-aware-http, not typell. Flagged for owner licence review; nothing edited.Ref:
dev-notes/2026-06-16-typing-estate-tidyup-ledger.adoc. Stalersr-audit.shfalse-negatives deliberately NOT chased (see standards#387).🤖 Generated with Claude Code