From 9b72e74e5abb0eab2b97c21888dfdd8e475a0b88 Mon Sep 17 00:00:00 2001 From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com> Date: Tue, 26 May 2026 20:47:06 +0100 Subject: [PATCH] chore: extract road-skate to its own repo (hyperpolymath/road-skate) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit road-skate is a retro driving game written in AffineScript — Accolade Test Drive III: The Passion-inspired, with perspective road rendering and centripetal-force steering. It belongs as a top-level repo on its own; it was only ever in this tree because of the 2026-04-22 "Consolidate ecosystem projects into affinescript repo" commit, which folded several independently-owned subtrees into this compiler repo by mistake. This PR: * Removes the `road-skate/` subtree (368 files). Pre-extraction history is preserved in `hyperpolymath/road-skate` via `git subtree split` (commit `6715b38` there strips template `verification/proofs/` and rewrites the stale "AffineScript-Vite" README). * Updates the five files that referenced the local `road-skate/` path: - `RSR_COMPLIANCE.adoc` — sibling-repo convention now references `hyperpolymath/road-skate` instead of the local subtree. - `docs/ECOSYSTEM.adoc` — road-skate moved from the in-tree adjunct row to an out-of-tree adjunct entry. - `docs/standards/PANIC-ATTACK.adoc` — the panic-attack tool is installed from crates.io (`hyperpolymath/panic-attack`), not from `road-skate/features/panic-attacker/` (which was a 2-file integration manifest with no Cargo.toml — the install never actually built locally). - `docs/standards/TESTING.adoc` — same fix on the cross-link. - `.github/workflows/panic-attack.yml` — drop the `cargo install --path road-skate/features/panic-attacker` branch; crates.io is the only install path now. * Stripped `road-skate/verification/proofs/` on extraction (RSR template scaffolding, no real proof obligations — same precedent as the 2026-03-29 PROOF-NEEDS template wipe). ## Follow-up Five more subdirectories in this repo are similarly-misplaced consolidations from the 2026-04-22 commit and should be extracted on the same pattern: `affinescript-dom/`, `affinescript-pixijs/`, `affinescript-tea/`, `affinescript-vite/`, and the embedded `affinescriptiser/` (which already has its own repo). Tracking issue to be filed once this PR lands. `affinescript-deno-test/` stays in this tree — it's an approved Deno-test- harness exemption per CLAUDE.md. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/panic-attack.yml | 26 +- RSR_COMPLIANCE.adoc | 4 +- docs/ECOSYSTEM.adoc | 8 +- docs/standards/PANIC-ATTACK.adoc | 10 +- docs/standards/TESTING.adoc | 2 +- road-skate/.devcontainer/Containerfile | 32 - road-skate/.devcontainer/README.adoc | 27 - road-skate/.devcontainer/devcontainer.json | 69 - road-skate/.editorconfig | 65 - road-skate/.envrc | 27 - road-skate/.gitattributes | 55 - road-skate/.github/.mailmap | 1 - road-skate/.github/.nojekyll | 0 road-skate/.github/CODEOWNERS | 14 - road-skate/.github/CODE_OF_CONDUCT.md | 327 ---- road-skate/.github/CONTRIBUTING.md | 121 -- road-skate/.github/DIRECTORY.adoc | 1 - .../.github/DISCUSSION_TEMPLATE/ideas.yml | 13 - .../.github/DISCUSSION_TEMPLATE/q-and-a.yml | 13 - road-skate/.github/FUNDING.yml | 7 - road-skate/.github/GOVERNANCE.md | 158 -- .../.github/ISSUE_TEMPLATE/bug_report.yml | 127 -- road-skate/.github/ISSUE_TEMPLATE/config.yml | 10 - road-skate/.github/ISSUE_TEMPLATE/custom.yml | 76 - .../.github/ISSUE_TEMPLATE/documentation.yml | 64 - .../ISSUE_TEMPLATE/feature_request.yml | 87 - .../.github/ISSUE_TEMPLATE/question.yml | 60 - road-skate/.github/MAINTAINERS | 10 - road-skate/.github/SECURITY.md | 406 ----- road-skate/.github/SUPPORT | 7 - road-skate/.github/copilot-instructions.md | 57 - road-skate/.github/dependabot.yml | 48 - road-skate/.github/pull_request_template.md | 44 - road-skate/.github/settings.yml | 125 -- road-skate/.github/workflows/boj-build.yml | 48 - road-skate/.github/workflows/codeql.yml | 41 - road-skate/.github/workflows/dogfood-gate.yml | 380 ----- road-skate/.github/workflows/e2e.yml | 190 --- road-skate/.github/workflows/governance.yml | 26 - road-skate/.github/workflows/hypatia-scan.yml | 178 -- road-skate/.github/workflows/instant-sync.yml | 35 - road-skate/.github/workflows/mirror.yml | 145 -- .../.github/workflows/openssf-compliance.yml | 123 -- road-skate/.github/workflows/release.yml | 165 -- road-skate/.github/workflows/rhodibot.yml | 234 --- road-skate/.github/workflows/rust-ci.yml | 69 - .../.github/workflows/scorecard-enforcer.yml | 88 - road-skate/.github/workflows/scorecard.yml | 33 - .../.github/workflows/secret-scanner.yml | 68 - .../workflows/static-analysis-gate.yml | 432 ----- road-skate/.gitignore | 114 -- road-skate/.gitlab-ci.yml | 175 -- road-skate/.guix-channel | 22 - road-skate/.machine_readable/6a2/AGENTIC.a2ml | 51 - .../.machine_readable/6a2/ECOSYSTEM.a2ml | 26 - road-skate/.machine_readable/6a2/META.a2ml | 53 - .../.machine_readable/6a2/NEUROSYM.a2ml | 23 - .../.machine_readable/6a2/PLAYBOOK.a2ml | 35 - road-skate/.machine_readable/6a2/STATE.a2ml | 64 - .../.machine_readable/ADJUST.contractile | 126 -- road-skate/.machine_readable/CLADE.a2ml | 26 - road-skate/.machine_readable/ECOSYSTEM.a2ml | 8 - .../.machine_readable/ENSAID_CONFIG.a2ml | 96 -- .../.machine_readable/INTENT.contractile | 72 - road-skate/.machine_readable/META.a2ml | 30 - road-skate/.machine_readable/MUST.contractile | 91 - road-skate/.machine_readable/READINESS.md | 53 - road-skate/.machine_readable/README.adoc | 1 - road-skate/.machine_readable/STATE.a2ml | 27 - road-skate/.machine_readable/TOPOLOGY.md | 33 - .../.machine_readable/TRUST.contractile | 80 - .../agent_instructions/README.adoc | 41 - .../agent_instructions/coverage.a2ml | 61 - .../agent_instructions/debt.a2ml | 49 - .../agent_instructions/methodology.a2ml | 107 -- road-skate/.machine_readable/ai/.clinerules | 43 - road-skate/.machine_readable/ai/.cursorrules | 47 - .../.machine_readable/ai/.windsurfrules | 43 - .../.machine_readable/ai/0.2-AI-MANIFEST.a2ml | 11 - road-skate/.machine_readable/ai/AI.a2ml | 37 - .../.machine_readable/ai/PLACEHOLDERS.adoc | 142 -- road-skate/.machine_readable/ai/README.adoc | 22 - .../anchors/0.2-AI-MANIFEST.a2ml | 11 - .../.machine_readable/anchors/ANCHOR.a2ml | 62 - .../.machine_readable/anchors/README.adoc | 1 - .../compliance/PROOF-NEEDS.md | 103 -- .../compliance/PROOF-STATUS.md | 81 - .../compliance/TEST-NEEDS.md | 107 -- .../.machine_readable/compliance/reuse/dep5 | 54 - .../compliance/rust/deny.toml | 65 - .../configs/0.2-AI-MANIFEST.a2ml | 11 - .../.machine_readable/configs/README.adoc | 1 - .../configs/eclexiaiser.toml | 26 - .../configs/git-cliff/cliff.toml | 119 -- .../configs/selur-compose.toml | 17 - .../.machine_readable/configs/stapeln.toml | 87 - .../contractiles/README.adoc | 19 - .../contractiles/contractile.just | 75 - .../contractiles/dust/Dustfile.a2ml | 44 - .../contractiles/must/Mustfile.a2ml | 69 - .../contractiles/trust/Trustfile.a2ml | 74 - .../integrations/feedback-o-tron.a2ml | 14 - .../integrations/groove.a2ml | 38 - .../integrations/proven.a2ml | 20 - .../integrations/verisimdb.a2ml | 17 - .../integrations/vexometer.a2ml | 19 - .../policies/.maintenance-perms-ignore | 5 - .../policies/0.2-AI-MANIFEST.a2ml | 11 - .../policies/MAINTENANCE-AXES.a2ml | 54 - .../policies/MAINTENANCE-CHECKLIST.a2ml | 159 -- .../.machine_readable/policies/README.adoc | 1 - .../SOFTWARE-DEVELOPMENT-APPROACH.a2ml | 53 - .../scripts/0.2-AI-MANIFEST.a2ml | 18 - .../scripts/forge/0.3-AI-MANIFEST.a2ml | 11 - .../scripts/forge/README.adoc | 1 - .../scripts/forge/forge-sync.sh | 25 - .../scripts/forge/git-cleanup.sh | 8 - .../scripts/lifecycle/0.3-AI-MANIFEST.a2ml | 11 - .../scripts/lifecycle/README.adoc | 1 - .../scripts/lifecycle/install-tools.sh | 27 - .../scripts/maintenance/maint-assault.sh | 44 - .../scripts/verification/0.3-AI-MANIFEST.a2ml | 11 - .../scripts/verification/README.adoc | 1 - road-skate/.pre-commit-config.yaml | 52 - road-skate/.tool-versions | 10 - road-skate/.well-known/ai.txt | 18 - road-skate/.well-known/humans.txt | 14 - road-skate/.well-known/security.txt | 11 - road-skate/0-AI-MANIFEST.a2ml | 131 -- road-skate/AUDIT.adoc | 48 - road-skate/CHANGELOG.md | 11 - road-skate/Containerfile | 41 - road-skate/EXPLAINME.adoc | 49 - road-skate/Justfile | 1481 ----------------- road-skate/LICENSE | 408 ----- road-skate/QUICKSTART-DEV.adoc | 111 -- road-skate/QUICKSTART-MAINTAINER.adoc | 129 -- road-skate/QUICKSTART-USER.adoc | 124 -- road-skate/README.adoc | 94 -- road-skate/ROADMAP.adoc | 27 - road-skate/benches/template_bench.sh | 10 - road-skate/container/.gatekeeper.yaml | 122 -- road-skate/container/0.1-AI-MANIFEST.a2ml | 143 -- road-skate/container/Containerfile | 136 -- road-skate/container/README.adoc | 179 -- road-skate/container/compose.example.toml | 135 -- road-skate/container/compose.toml | 70 - road-skate/container/ct-build.sh | 162 -- road-skate/container/deploy.k9.ncl | 166 -- road-skate/container/entrypoint.sh | 63 - road-skate/container/manifest.toml | 62 - road-skate/container/vordr.toml | 100 -- road-skate/docs/0.1-AI-MANIFEST.a2ml | 33 - road-skate/docs/QUICKSTART.adoc | 24 - road-skate/docs/README.adoc | 14 - road-skate/docs/RSR_OUTLINE.adoc | 290 ---- road-skate/docs/STATE-VISUALIZER.adoc | 128 -- .../docs/architecture/0.2-AI-MANIFEST.a2ml | 17 - .../docs/architecture/THREAT-MODEL.adoc | 162 -- .../docs/attribution/0.2-AI-MANIFEST.a2ml | 11 - road-skate/docs/attribution/CITATION.cff | 17 - road-skate/docs/attribution/CITATIONS.adoc | 35 - road-skate/docs/attribution/CODEOWNERS.adoc | 19 - road-skate/docs/attribution/MAINTAINERS.adoc | 47 - road-skate/docs/attribution/README.adoc | 1 - .../docs/decisions/0.2-AI-MANIFEST.a2ml | 11 - road-skate/docs/decisions/0000-template.adoc | 35 - .../decisions/0001-adopt-rsr-standard.adoc | 86 - road-skate/docs/decisions/README.adoc | 1 - .../docs/developer/0.2-AI-MANIFEST.a2ml | 11 - road-skate/docs/developer/ABI-FFI-README.adoc | 384 ----- road-skate/docs/developer/README.adoc | 1 - .../docs/governance/0.1-AI-MANIFEST.a2ml | 21 - road-skate/docs/governance/CRG-CRITERIA.a2ml | 108 -- road-skate/docs/governance/CRG-CRITERIA.adoc | 39 - .../governance/MAINTENANCE-CHECKLIST.a2ml | 159 -- .../governance/MAINTENANCE-CHECKLIST.adoc | 569 ------- road-skate/docs/governance/README.adoc | 1 - .../SOFTWARE-DEVELOPMENT-APPROACH.a2ml | 53 - .../SOFTWARE-DEVELOPMENT-APPROACH.adoc | 63 - road-skate/docs/governance/TSDM.a2ml | 22 - road-skate/docs/governance/TSDM.adoc | 26 - .../governance/audit/0.2-AI-MANIFEST.a2ml | 11 - road-skate/docs/governance/audit/README.adoc | 1 - .../audit/compliance/0.3-AI-MANIFEST.a2ml | 11 - .../governance/audit/compliance/README.adoc | 1 - .../audit/effects/0.3-AI-MANIFEST.a2ml | 11 - .../docs/governance/audit/effects/README.adoc | 1 - .../audit/systems/0.3-AI-MANIFEST.a2ml | 11 - .../docs/governance/audit/systems/README.adoc | 1 - .../maintenance/0.2-AI-MANIFEST.a2ml | 11 - .../docs/governance/maintenance/README.adoc | 1 - .../maintenance/adaptive/0.3-AI-MANIFEST.a2ml | 11 - .../maintenance/adaptive/README.adoc | 1 - .../corrective/0.3-AI-MANIFEST.a2ml | 11 - .../maintenance/corrective/README.adoc | 1 - .../perfective/0.3-AI-MANIFEST.a2ml | 11 - .../maintenance/perfective/README.adoc | 1 - .../governance/planning/0.2-AI-MANIFEST.a2ml | 11 - .../docs/governance/planning/README.adoc | 1 - .../planning/could/0.3-AI-MANIFEST.a2ml | 11 - .../governance/planning/could/README.adoc | 1 - .../planning/must/0.3-AI-MANIFEST.a2ml | 11 - .../docs/governance/planning/must/README.adoc | 1 - .../planning/should/0.3-AI-MANIFEST.a2ml | 11 - .../governance/planning/should/README.adoc | 1 - road-skate/docs/legal/0.2-AI-MANIFEST.a2ml | 16 - .../docs/legal/EXHIBIT-A-ETHICAL-USE.txt | 68 - .../docs/legal/EXHIBIT-B-QUANTUM-SAFE.txt | 102 -- road-skate/docs/practice/.gitkeep | 0 road-skate/docs/practice/0.2-AI-MANIFEST.a2ml | 11 - road-skate/docs/practice/AI-CONVENTIONS.adoc | 85 - road-skate/docs/practice/README.adoc | 1 - .../docs/practice/STATE-VISUALIZER-GUIDE.adoc | 155 -- road-skate/docs/reports/0.2-AI-MANIFEST.a2ml | 19 - road-skate/docs/reports/README.adoc | 1 - .../reports/compliance/0.3-AI-MANIFEST.a2ml | 11 - .../docs/reports/compliance/README.adoc | 1 - .../reports/maintenance/0.3-AI-MANIFEST.a2ml | 11 - .../docs/reports/maintenance/README.adoc | 1 - .../reports/performance/0.3-AI-MANIFEST.a2ml | 11 - .../docs/reports/performance/README.adoc | 1 - .../docs/reports/quality/0.3-AI-MANIFEST.a2ml | 11 - road-skate/docs/reports/quality/README.adoc | 1 - .../reports/security/0.3-AI-MANIFEST.a2ml | 11 - road-skate/docs/reports/security/README.adoc | 1 - .../docs/standards/0.2-AI-MANIFEST.a2ml | 11 - road-skate/docs/standards/README.adoc | 1 - .../docs/templates/contractiles/README.adoc | 11 - .../templates/contractiles/dust/Dustfile.a2ml | 11 - .../templates/contractiles/must/Mustfile.a2ml | 11 - .../contractiles/trust/Trustfile.a2ml | 11 - road-skate/docs/theory/.gitkeep | 0 road-skate/docs/theory/0.2-AI-MANIFEST.a2ml | 23 - road-skate/docs/theory/README.adoc | 1 - .../theory/computing/0.3-AI-MANIFEST.a2ml | 11 - road-skate/docs/theory/computing/README.adoc | 1 - .../theory/formalisms/0.3-AI-MANIFEST.a2ml | 11 - road-skate/docs/theory/formalisms/README.adoc | 1 - .../theory/mathematics/0.3-AI-MANIFEST.a2ml | 11 - .../docs/theory/mathematics/README.adoc | 1 - .../theory/ontologies/0.3-AI-MANIFEST.a2ml | 11 - road-skate/docs/theory/ontologies/README.adoc | 1 - .../docs/theory/other/0.3-AI-MANIFEST.a2ml | 11 - road-skate/docs/theory/other/README.adoc | 1 - .../socio-technical/0.3-AI-MANIFEST.a2ml | 11 - .../docs/theory/socio-technical/README.adoc | 1 - .../docs/whitepapers/0.2-AI-MANIFEST.a2ml | 20 - road-skate/docs/whitepapers/README.adoc | 1 - road-skate/docs/whitepapers/academic/.gitkeep | 0 .../whitepapers/academic/0.3-AI-MANIFEST.a2ml | 11 - .../docs/whitepapers/academic/README.adoc | 1 - road-skate/docs/whitepapers/industry/.gitkeep | 0 .../whitepapers/industry/0.3-AI-MANIFEST.a2ml | 11 - .../docs/whitepapers/industry/README.adoc | 1 - .../whitepapers/outreach/0.3-AI-MANIFEST.a2ml | 16 - .../docs/whitepapers/outreach/README.adoc | 17 - road-skate/docs/wikis/0.2-AI-MANIFEST.a2ml | 15 - road-skate/docs/wikis/README.adoc | 15 - road-skate/features/0.1-AI-MANIFEST.a2ml | 17 - road-skate/features/README.adoc | 1 - .../features/boj-server/0.2-AI-MANIFEST.a2ml | 11 - road-skate/features/boj-server/README.adoc | 14 - .../panic-attacker/0.2-AI-MANIFEST.a2ml | 11 - .../features/panic-attacker/README.adoc | 25 - road-skate/features/ssg/0.2-AI-MANIFEST.a2ml | 11 - road-skate/features/ssg/README.adoc | 1 - road-skate/features/ssg/ssg-bootstrap.sh | 54 - road-skate/flake.nix | 170 -- road-skate/game/index.html | 12 - road-skate/game/main.as | 7 - road-skate/game/main.js | 13 - road-skate/guix.scm | 71 - road-skate/hello.affine | 3 - road-skate/llm-warmup-dev.md | 16 - road-skate/llm-warmup-user.md | 16 - road-skate/minimal.affine | 3 - road-skate/package.json | 31 - road-skate/physics_example.affine | 49 - road-skate/report.yaml | 6 - .../reports/assemblyline-20260406231857.json | 10 - road-skate/road_render.affine | 71 - road-skate/road_render_final.affine | 28 - road-skate/road_render_fixed.affine | 3 - road-skate/road_render_minimal.affine | 16 - road-skate/road_render_simple.affine | 31 - road-skate/road_render_step1.affine | 3 - road-skate/road_render_step2.affine | 45 - road-skate/road_render_step2_fixed.affine | 45 - road-skate/road_render_working.affine | 28 - road-skate/scripts/validate-rsr.sh | 19 - road-skate/setup.sh | 18 - road-skate/simple_test.affine | 17 - road-skate/src/0.1-AI-MANIFEST.a2ml | 27 - road-skate/src/README.adoc | 1 - road-skate/src/affine-plugin-improved.js | 154 -- road-skate/src/affine-plugin.js | 52 - road-skate/src/aspects/0.2-AI-MANIFEST.a2ml | 17 - road-skate/src/aspects/README.adoc | 1 - .../aspects/integrity/0.3-AI-MANIFEST.a2ml | 11 - road-skate/src/aspects/integrity/README.adoc | 1 - .../observability/0.3-AI-MANIFEST.a2ml | 11 - .../src/aspects/observability/README.adoc | 1 - .../src/aspects/security/0.3-AI-MANIFEST.a2ml | 11 - road-skate/src/aspects/security/README.adoc | 1 - road-skate/src/bridges/0.2-AI-MANIFEST.a2ml | 11 - road-skate/src/contracts/0.2-AI-MANIFEST.a2ml | 11 - road-skate/src/contracts/README.adoc | 1 - road-skate/src/core/0.2-AI-MANIFEST.a2ml | 11 - .../src/definitions/0.2-AI-MANIFEST.a2ml | 11 - road-skate/src/definitions/README.adoc | 1 - road-skate/src/errors/0.2-AI-MANIFEST.a2ml | 11 - road-skate/src/errors/README.adoc | 1 - road-skate/src/index.js | 2 - road-skate/src/interface/0.2-AI-MANIFEST.a2ml | 24 - road-skate/src/interface/README.adoc | 1 - .../src/interface/abi/0.3-AI-MANIFEST.a2ml | 11 - road-skate/src/interface/abi/Foreign.idr | 82 - road-skate/src/interface/abi/Layout.idr | 127 -- road-skate/src/interface/abi/README.adoc | 1 - road-skate/src/interface/abi/Types.idr | 111 -- .../src/interface/ffi/0.3-AI-MANIFEST.a2ml | 11 - road-skate/src/interface/ffi/README.adoc | 1 - road-skate/src/interface/ffi/build.zig | 19 - .../interface/ffi/src/0.4-AI-MANIFEST.a2ml | 11 - road-skate/src/interface/ffi/src/README.adoc | 1 - road-skate/src/interface/ffi/src/main.zig | 274 --- .../interface/ffi/test/0.4-AI-MANIFEST.a2ml | 11 - road-skate/src/interface/ffi/test/README.adoc | 1 - .../interface/ffi/test/integration_test.zig | 66 - .../interface/generated/0.3-AI-MANIFEST.a2ml | 11 - .../src/interface/generated/README.adoc | 1 - .../src/interface/generated/abi/.gitkeep | 0 .../generated/abi/0.4-AI-MANIFEST.a2ml | 11 - .../src/interface/generated/abi/README.adoc | 1 - road-skate/test_config.affine | 9 - road-skate/test_exact.affine | 14 - road-skate/test_minimal.affine | 3 - road-skate/test_projection.affine | 65 - road-skate/tests/aspect_tests.sh | 58 - road-skate/tests/e2e.sh | 51 - .../tests/e2e/template_instantiation_test.sh | 15 - road-skate/tests/fuzz/README.adoc | 112 -- .../workflows/validate_workflows_test.sh | 30 - road-skate/verification/0.1-AI-MANIFEST.a2ml | 27 - road-skate/verification/README.adoc | 1 - .../benchmarks/0.2-AI-MANIFEST.a2ml | 11 - .../verification/benchmarks/README.adoc | 1 - .../coverage/0.2-AI-MANIFEST.a2ml | 12 - road-skate/verification/coverage/README.adoc | 1 - .../verification/fuzzing/0.2-AI-MANIFEST.a2ml | 11 - road-skate/verification/fuzzing/README.adoc | 1 - .../verification/proofs/0.2-AI-MANIFEST.a2ml | 11 - road-skate/verification/proofs/README.adoc | 59 - .../verification/proofs/agda/Properties.agda | 37 - .../verification/proofs/coq/TypeSafety.v | 73 - .../proofs/idris2/ABI/Compliance.idr | 41 - .../proofs/idris2/ABI/Foreign.idr | 53 - .../verification/proofs/idris2/ABI/Layout.idr | 63 - .../proofs/idris2/ABI/Platform.idr | 63 - .../proofs/idris2/ABI/Pointers.idr | 52 - .../verification/proofs/idris2/Types.idr | 38 - .../verification/proofs/lean4/ApiTypes.lean | 44 - .../proofs/tlaplus/StateMachine.tla | 91 - .../safety_case/0.2-AI-MANIFEST.a2ml | 12 - .../verification/safety_case/README.adoc | 1 - .../simulations/0.2-AI-MANIFEST.a2ml | 11 - .../verification/simulations/README.adoc | 1 - .../verification/tests/0.2-AI-MANIFEST.a2ml | 1 - road-skate/verification/tests/README.adoc | 1 - .../traceability/0.2-AI-MANIFEST.a2ml | 12 - .../verification/traceability/README.adoc | 1 - road-skate/vite.config.js | 18 - 373 files changed, 26 insertions(+), 18236 deletions(-) delete mode 100644 road-skate/.devcontainer/Containerfile delete mode 100644 road-skate/.devcontainer/README.adoc delete mode 100644 road-skate/.devcontainer/devcontainer.json delete mode 100644 road-skate/.editorconfig delete mode 100644 road-skate/.envrc delete mode 100644 road-skate/.gitattributes delete mode 100644 road-skate/.github/.mailmap delete mode 100644 road-skate/.github/.nojekyll delete mode 100644 road-skate/.github/CODEOWNERS delete mode 100644 road-skate/.github/CODE_OF_CONDUCT.md delete mode 100644 road-skate/.github/CONTRIBUTING.md delete mode 100644 road-skate/.github/DIRECTORY.adoc delete mode 100644 road-skate/.github/DISCUSSION_TEMPLATE/ideas.yml delete mode 100644 road-skate/.github/DISCUSSION_TEMPLATE/q-and-a.yml delete mode 100644 road-skate/.github/FUNDING.yml delete mode 100644 road-skate/.github/GOVERNANCE.md delete mode 100644 road-skate/.github/ISSUE_TEMPLATE/bug_report.yml delete mode 100644 road-skate/.github/ISSUE_TEMPLATE/config.yml delete mode 100644 road-skate/.github/ISSUE_TEMPLATE/custom.yml delete mode 100644 road-skate/.github/ISSUE_TEMPLATE/documentation.yml delete mode 100644 road-skate/.github/ISSUE_TEMPLATE/feature_request.yml delete mode 100644 road-skate/.github/ISSUE_TEMPLATE/question.yml delete mode 100644 road-skate/.github/MAINTAINERS delete mode 100644 road-skate/.github/SECURITY.md delete mode 100644 road-skate/.github/SUPPORT delete mode 100644 road-skate/.github/copilot-instructions.md delete mode 100644 road-skate/.github/dependabot.yml delete mode 100644 road-skate/.github/pull_request_template.md delete mode 100644 road-skate/.github/settings.yml delete mode 100644 road-skate/.github/workflows/boj-build.yml delete mode 100644 road-skate/.github/workflows/codeql.yml delete mode 100644 road-skate/.github/workflows/dogfood-gate.yml delete mode 100644 road-skate/.github/workflows/e2e.yml delete mode 100644 road-skate/.github/workflows/governance.yml delete mode 100644 road-skate/.github/workflows/hypatia-scan.yml delete mode 100644 road-skate/.github/workflows/instant-sync.yml delete mode 100644 road-skate/.github/workflows/mirror.yml delete mode 100644 road-skate/.github/workflows/openssf-compliance.yml delete mode 100644 road-skate/.github/workflows/release.yml delete mode 100644 road-skate/.github/workflows/rhodibot.yml delete mode 100644 road-skate/.github/workflows/rust-ci.yml delete mode 100644 road-skate/.github/workflows/scorecard-enforcer.yml delete mode 100644 road-skate/.github/workflows/scorecard.yml delete mode 100644 road-skate/.github/workflows/secret-scanner.yml delete mode 100644 road-skate/.github/workflows/static-analysis-gate.yml delete mode 100644 road-skate/.gitignore delete mode 100644 road-skate/.gitlab-ci.yml delete mode 100644 road-skate/.guix-channel delete mode 100644 road-skate/.machine_readable/6a2/AGENTIC.a2ml delete mode 100644 road-skate/.machine_readable/6a2/ECOSYSTEM.a2ml delete mode 100644 road-skate/.machine_readable/6a2/META.a2ml delete mode 100644 road-skate/.machine_readable/6a2/NEUROSYM.a2ml delete mode 100644 road-skate/.machine_readable/6a2/PLAYBOOK.a2ml delete mode 100644 road-skate/.machine_readable/6a2/STATE.a2ml delete mode 100644 road-skate/.machine_readable/ADJUST.contractile delete mode 100644 road-skate/.machine_readable/CLADE.a2ml delete mode 100644 road-skate/.machine_readable/ECOSYSTEM.a2ml delete mode 100644 road-skate/.machine_readable/ENSAID_CONFIG.a2ml delete mode 100644 road-skate/.machine_readable/INTENT.contractile delete mode 100644 road-skate/.machine_readable/META.a2ml delete mode 100644 road-skate/.machine_readable/MUST.contractile delete mode 100644 road-skate/.machine_readable/READINESS.md delete mode 100644 road-skate/.machine_readable/README.adoc delete mode 100644 road-skate/.machine_readable/STATE.a2ml delete mode 100644 road-skate/.machine_readable/TOPOLOGY.md delete mode 100644 road-skate/.machine_readable/TRUST.contractile delete mode 100644 road-skate/.machine_readable/agent_instructions/README.adoc delete mode 100644 road-skate/.machine_readable/agent_instructions/coverage.a2ml delete mode 100644 road-skate/.machine_readable/agent_instructions/debt.a2ml delete mode 100644 road-skate/.machine_readable/agent_instructions/methodology.a2ml delete mode 100644 road-skate/.machine_readable/ai/.clinerules delete mode 100644 road-skate/.machine_readable/ai/.cursorrules delete mode 100644 road-skate/.machine_readable/ai/.windsurfrules delete mode 100644 road-skate/.machine_readable/ai/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/ai/AI.a2ml delete mode 100644 road-skate/.machine_readable/ai/PLACEHOLDERS.adoc delete mode 100644 road-skate/.machine_readable/ai/README.adoc delete mode 100644 road-skate/.machine_readable/anchors/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/anchors/ANCHOR.a2ml delete mode 100644 road-skate/.machine_readable/anchors/README.adoc delete mode 100644 road-skate/.machine_readable/compliance/PROOF-NEEDS.md delete mode 100644 road-skate/.machine_readable/compliance/PROOF-STATUS.md delete mode 100644 road-skate/.machine_readable/compliance/TEST-NEEDS.md delete mode 100644 road-skate/.machine_readable/compliance/reuse/dep5 delete mode 100644 road-skate/.machine_readable/compliance/rust/deny.toml delete mode 100644 road-skate/.machine_readable/configs/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/configs/README.adoc delete mode 100644 road-skate/.machine_readable/configs/eclexiaiser.toml delete mode 100644 road-skate/.machine_readable/configs/git-cliff/cliff.toml delete mode 100644 road-skate/.machine_readable/configs/selur-compose.toml delete mode 100644 road-skate/.machine_readable/configs/stapeln.toml delete mode 100644 road-skate/.machine_readable/contractiles/README.adoc delete mode 100644 road-skate/.machine_readable/contractiles/contractile.just delete mode 100644 road-skate/.machine_readable/contractiles/dust/Dustfile.a2ml delete mode 100644 road-skate/.machine_readable/contractiles/must/Mustfile.a2ml delete mode 100644 road-skate/.machine_readable/contractiles/trust/Trustfile.a2ml delete mode 100644 road-skate/.machine_readable/integrations/feedback-o-tron.a2ml delete mode 100644 road-skate/.machine_readable/integrations/groove.a2ml delete mode 100644 road-skate/.machine_readable/integrations/proven.a2ml delete mode 100644 road-skate/.machine_readable/integrations/verisimdb.a2ml delete mode 100644 road-skate/.machine_readable/integrations/vexometer.a2ml delete mode 100644 road-skate/.machine_readable/policies/.maintenance-perms-ignore delete mode 100644 road-skate/.machine_readable/policies/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/policies/MAINTENANCE-AXES.a2ml delete mode 100644 road-skate/.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml delete mode 100644 road-skate/.machine_readable/policies/README.adoc delete mode 100644 road-skate/.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml delete mode 100644 road-skate/.machine_readable/scripts/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/scripts/forge/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/scripts/forge/README.adoc delete mode 100755 road-skate/.machine_readable/scripts/forge/forge-sync.sh delete mode 100755 road-skate/.machine_readable/scripts/forge/git-cleanup.sh delete mode 100644 road-skate/.machine_readable/scripts/lifecycle/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/scripts/lifecycle/README.adoc delete mode 100755 road-skate/.machine_readable/scripts/lifecycle/install-tools.sh delete mode 100644 road-skate/.machine_readable/scripts/maintenance/maint-assault.sh delete mode 100644 road-skate/.machine_readable/scripts/verification/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/.machine_readable/scripts/verification/README.adoc delete mode 100644 road-skate/.pre-commit-config.yaml delete mode 100644 road-skate/.tool-versions delete mode 100644 road-skate/.well-known/ai.txt delete mode 100644 road-skate/.well-known/humans.txt delete mode 100644 road-skate/.well-known/security.txt delete mode 100644 road-skate/0-AI-MANIFEST.a2ml delete mode 100644 road-skate/AUDIT.adoc delete mode 100644 road-skate/CHANGELOG.md delete mode 100644 road-skate/Containerfile delete mode 100644 road-skate/EXPLAINME.adoc delete mode 100644 road-skate/Justfile delete mode 100644 road-skate/LICENSE delete mode 100644 road-skate/QUICKSTART-DEV.adoc delete mode 100644 road-skate/QUICKSTART-MAINTAINER.adoc delete mode 100644 road-skate/QUICKSTART-USER.adoc delete mode 100644 road-skate/README.adoc delete mode 100644 road-skate/ROADMAP.adoc delete mode 100755 road-skate/benches/template_bench.sh delete mode 100644 road-skate/container/.gatekeeper.yaml delete mode 100644 road-skate/container/0.1-AI-MANIFEST.a2ml delete mode 100644 road-skate/container/Containerfile delete mode 100644 road-skate/container/README.adoc delete mode 100644 road-skate/container/compose.example.toml delete mode 100644 road-skate/container/compose.toml delete mode 100755 road-skate/container/ct-build.sh delete mode 100644 road-skate/container/deploy.k9.ncl delete mode 100755 road-skate/container/entrypoint.sh delete mode 100644 road-skate/container/manifest.toml delete mode 100644 road-skate/container/vordr.toml delete mode 100644 road-skate/docs/0.1-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/QUICKSTART.adoc delete mode 100644 road-skate/docs/README.adoc delete mode 100644 road-skate/docs/RSR_OUTLINE.adoc delete mode 100644 road-skate/docs/STATE-VISUALIZER.adoc delete mode 100644 road-skate/docs/architecture/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/architecture/THREAT-MODEL.adoc delete mode 100644 road-skate/docs/attribution/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/attribution/CITATION.cff delete mode 100644 road-skate/docs/attribution/CITATIONS.adoc delete mode 100644 road-skate/docs/attribution/CODEOWNERS.adoc delete mode 100644 road-skate/docs/attribution/MAINTAINERS.adoc delete mode 100644 road-skate/docs/attribution/README.adoc delete mode 100644 road-skate/docs/decisions/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/decisions/0000-template.adoc delete mode 100644 road-skate/docs/decisions/0001-adopt-rsr-standard.adoc delete mode 100644 road-skate/docs/decisions/README.adoc delete mode 100644 road-skate/docs/developer/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/developer/ABI-FFI-README.adoc delete mode 100644 road-skate/docs/developer/README.adoc delete mode 100644 road-skate/docs/governance/0.1-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/CRG-CRITERIA.a2ml delete mode 100644 road-skate/docs/governance/CRG-CRITERIA.adoc delete mode 100644 road-skate/docs/governance/MAINTENANCE-CHECKLIST.a2ml delete mode 100644 road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc delete mode 100644 road-skate/docs/governance/README.adoc delete mode 100644 road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.a2ml delete mode 100644 road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc delete mode 100644 road-skate/docs/governance/TSDM.a2ml delete mode 100644 road-skate/docs/governance/TSDM.adoc delete mode 100644 road-skate/docs/governance/audit/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/audit/README.adoc delete mode 100644 road-skate/docs/governance/audit/compliance/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/audit/compliance/README.adoc delete mode 100644 road-skate/docs/governance/audit/effects/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/audit/effects/README.adoc delete mode 100644 road-skate/docs/governance/audit/systems/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/audit/systems/README.adoc delete mode 100644 road-skate/docs/governance/maintenance/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/maintenance/README.adoc delete mode 100644 road-skate/docs/governance/maintenance/adaptive/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/maintenance/adaptive/README.adoc delete mode 100644 road-skate/docs/governance/maintenance/corrective/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/maintenance/corrective/README.adoc delete mode 100644 road-skate/docs/governance/maintenance/perfective/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/maintenance/perfective/README.adoc delete mode 100644 road-skate/docs/governance/planning/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/planning/README.adoc delete mode 100644 road-skate/docs/governance/planning/could/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/planning/could/README.adoc delete mode 100644 road-skate/docs/governance/planning/must/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/planning/must/README.adoc delete mode 100644 road-skate/docs/governance/planning/should/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/governance/planning/should/README.adoc delete mode 100644 road-skate/docs/legal/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/legal/EXHIBIT-A-ETHICAL-USE.txt delete mode 100644 road-skate/docs/legal/EXHIBIT-B-QUANTUM-SAFE.txt delete mode 100644 road-skate/docs/practice/.gitkeep delete mode 100644 road-skate/docs/practice/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/practice/AI-CONVENTIONS.adoc delete mode 100644 road-skate/docs/practice/README.adoc delete mode 100644 road-skate/docs/practice/STATE-VISUALIZER-GUIDE.adoc delete mode 100644 road-skate/docs/reports/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/reports/README.adoc delete mode 100644 road-skate/docs/reports/compliance/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/reports/compliance/README.adoc delete mode 100644 road-skate/docs/reports/maintenance/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/reports/maintenance/README.adoc delete mode 100644 road-skate/docs/reports/performance/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/reports/performance/README.adoc delete mode 100644 road-skate/docs/reports/quality/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/reports/quality/README.adoc delete mode 100644 road-skate/docs/reports/security/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/reports/security/README.adoc delete mode 100644 road-skate/docs/standards/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/standards/README.adoc delete mode 100644 road-skate/docs/templates/contractiles/README.adoc delete mode 100644 road-skate/docs/templates/contractiles/dust/Dustfile.a2ml delete mode 100644 road-skate/docs/templates/contractiles/must/Mustfile.a2ml delete mode 100644 road-skate/docs/templates/contractiles/trust/Trustfile.a2ml delete mode 100644 road-skate/docs/theory/.gitkeep delete mode 100644 road-skate/docs/theory/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/README.adoc delete mode 100644 road-skate/docs/theory/computing/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/computing/README.adoc delete mode 100644 road-skate/docs/theory/formalisms/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/formalisms/README.adoc delete mode 100644 road-skate/docs/theory/mathematics/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/mathematics/README.adoc delete mode 100644 road-skate/docs/theory/ontologies/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/ontologies/README.adoc delete mode 100644 road-skate/docs/theory/other/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/other/README.adoc delete mode 100644 road-skate/docs/theory/socio-technical/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/theory/socio-technical/README.adoc delete mode 100644 road-skate/docs/whitepapers/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/whitepapers/README.adoc delete mode 100644 road-skate/docs/whitepapers/academic/.gitkeep delete mode 100644 road-skate/docs/whitepapers/academic/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/whitepapers/academic/README.adoc delete mode 100644 road-skate/docs/whitepapers/industry/.gitkeep delete mode 100644 road-skate/docs/whitepapers/industry/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/whitepapers/industry/README.adoc delete mode 100644 road-skate/docs/whitepapers/outreach/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/whitepapers/outreach/README.adoc delete mode 100644 road-skate/docs/wikis/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/docs/wikis/README.adoc delete mode 100644 road-skate/features/0.1-AI-MANIFEST.a2ml delete mode 100644 road-skate/features/README.adoc delete mode 100644 road-skate/features/boj-server/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/features/boj-server/README.adoc delete mode 100644 road-skate/features/panic-attacker/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/features/panic-attacker/README.adoc delete mode 100644 road-skate/features/ssg/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/features/ssg/README.adoc delete mode 100755 road-skate/features/ssg/ssg-bootstrap.sh delete mode 100644 road-skate/flake.nix delete mode 100644 road-skate/game/index.html delete mode 100644 road-skate/game/main.as delete mode 100644 road-skate/game/main.js delete mode 100644 road-skate/guix.scm delete mode 100644 road-skate/hello.affine delete mode 100644 road-skate/llm-warmup-dev.md delete mode 100644 road-skate/llm-warmup-user.md delete mode 100644 road-skate/minimal.affine delete mode 100644 road-skate/package.json delete mode 100644 road-skate/physics_example.affine delete mode 100644 road-skate/report.yaml delete mode 100644 road-skate/reports/assemblyline-20260406231857.json delete mode 100644 road-skate/road_render.affine delete mode 100644 road-skate/road_render_final.affine delete mode 100644 road-skate/road_render_fixed.affine delete mode 100644 road-skate/road_render_minimal.affine delete mode 100644 road-skate/road_render_simple.affine delete mode 100644 road-skate/road_render_step1.affine delete mode 100644 road-skate/road_render_step2.affine delete mode 100644 road-skate/road_render_step2_fixed.affine delete mode 100644 road-skate/road_render_working.affine delete mode 100755 road-skate/scripts/validate-rsr.sh delete mode 100755 road-skate/setup.sh delete mode 100644 road-skate/simple_test.affine delete mode 100644 road-skate/src/0.1-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/README.adoc delete mode 100644 road-skate/src/affine-plugin-improved.js delete mode 100644 road-skate/src/affine-plugin.js delete mode 100644 road-skate/src/aspects/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/aspects/README.adoc delete mode 100644 road-skate/src/aspects/integrity/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/aspects/integrity/README.adoc delete mode 100644 road-skate/src/aspects/observability/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/aspects/observability/README.adoc delete mode 100644 road-skate/src/aspects/security/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/aspects/security/README.adoc delete mode 100644 road-skate/src/bridges/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/contracts/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/contracts/README.adoc delete mode 100644 road-skate/src/core/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/definitions/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/definitions/README.adoc delete mode 100644 road-skate/src/errors/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/errors/README.adoc delete mode 100644 road-skate/src/index.js delete mode 100644 road-skate/src/interface/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/README.adoc delete mode 100644 road-skate/src/interface/abi/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/abi/Foreign.idr delete mode 100644 road-skate/src/interface/abi/Layout.idr delete mode 100644 road-skate/src/interface/abi/README.adoc delete mode 100644 road-skate/src/interface/abi/Types.idr delete mode 100644 road-skate/src/interface/ffi/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/ffi/README.adoc delete mode 100644 road-skate/src/interface/ffi/build.zig delete mode 100644 road-skate/src/interface/ffi/src/0.4-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/ffi/src/README.adoc delete mode 100644 road-skate/src/interface/ffi/src/main.zig delete mode 100644 road-skate/src/interface/ffi/test/0.4-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/ffi/test/README.adoc delete mode 100644 road-skate/src/interface/ffi/test/integration_test.zig delete mode 100644 road-skate/src/interface/generated/0.3-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/generated/README.adoc delete mode 100644 road-skate/src/interface/generated/abi/.gitkeep delete mode 100644 road-skate/src/interface/generated/abi/0.4-AI-MANIFEST.a2ml delete mode 100644 road-skate/src/interface/generated/abi/README.adoc delete mode 100644 road-skate/test_config.affine delete mode 100644 road-skate/test_exact.affine delete mode 100644 road-skate/test_minimal.affine delete mode 100644 road-skate/test_projection.affine delete mode 100755 road-skate/tests/aspect_tests.sh delete mode 100755 road-skate/tests/e2e.sh delete mode 100755 road-skate/tests/e2e/template_instantiation_test.sh delete mode 100644 road-skate/tests/fuzz/README.adoc delete mode 100755 road-skate/tests/workflows/validate_workflows_test.sh delete mode 100644 road-skate/verification/0.1-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/README.adoc delete mode 100644 road-skate/verification/benchmarks/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/benchmarks/README.adoc delete mode 100644 road-skate/verification/coverage/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/coverage/README.adoc delete mode 100644 road-skate/verification/fuzzing/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/fuzzing/README.adoc delete mode 100644 road-skate/verification/proofs/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/proofs/README.adoc delete mode 100644 road-skate/verification/proofs/agda/Properties.agda delete mode 100644 road-skate/verification/proofs/coq/TypeSafety.v delete mode 100644 road-skate/verification/proofs/idris2/ABI/Compliance.idr delete mode 100644 road-skate/verification/proofs/idris2/ABI/Foreign.idr delete mode 100644 road-skate/verification/proofs/idris2/ABI/Layout.idr delete mode 100644 road-skate/verification/proofs/idris2/ABI/Platform.idr delete mode 100644 road-skate/verification/proofs/idris2/ABI/Pointers.idr delete mode 100644 road-skate/verification/proofs/idris2/Types.idr delete mode 100644 road-skate/verification/proofs/lean4/ApiTypes.lean delete mode 100644 road-skate/verification/proofs/tlaplus/StateMachine.tla delete mode 100644 road-skate/verification/safety_case/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/safety_case/README.adoc delete mode 100644 road-skate/verification/simulations/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/simulations/README.adoc delete mode 100644 road-skate/verification/tests/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/tests/README.adoc delete mode 100644 road-skate/verification/traceability/0.2-AI-MANIFEST.a2ml delete mode 100644 road-skate/verification/traceability/README.adoc delete mode 100644 road-skate/vite.config.js diff --git a/.github/workflows/panic-attack.yml b/.github/workflows/panic-attack.yml index bc878926..dbf12330 100644 --- a/.github/workflows/panic-attack.yml +++ b/.github/workflows/panic-attack.yml @@ -9,8 +9,8 @@ # open a tracking issue. # - Release cuts call `just panic` manually per RELEASE.md. # -# Tool: `panic-attacker` Rust crate from -# road-skate/features/panic-attacker. Installed via cargo. +# Tool: `panic-attacker` Rust crate from `hyperpolymath/panic-attack`. +# Installed from crates.io. name: Panic-Attack (compliance scan) @@ -44,19 +44,17 @@ jobs: toolchain: stable - name: Install panic-attacker - # Source-install from the estate crate. Once published to - # crates.io this can switch to `cargo install panic-attacker`. + # Installed from crates.io (the estate crate is published at + # `hyperpolymath/panic-attack`). The previous `road-skate/features/ + # panic-attacker/` local-path fallback was removed when road-skate + # was extracted to its own repo on 2026-05-26 — that path was a + # 2-file integration manifest with no Cargo.toml, so the fallback + # never actually built locally. run: | - if [ -d road-skate/features/panic-attacker ]; then - cargo install --path road-skate/features/panic-attacker --locked || \ - cargo install --path road-skate/features/panic-attacker - else - echo "::warning::road-skate/features/panic-attacker not found; trying crates.io" - cargo install panic-attacker || { - echo "::error::panic-attacker unavailable from both estate path and crates.io" - exit 1 - } - fi + cargo install panic-attacker || { + echo "::error::panic-attacker unavailable from crates.io" + exit 1 + } - name: Run panic-attack id: scan diff --git a/RSR_COMPLIANCE.adoc b/RSR_COMPLIANCE.adoc index a10c636b..c42abb13 100644 --- a/RSR_COMPLIANCE.adoc +++ b/RSR_COMPLIANCE.adoc @@ -33,8 +33,8 @@ toc::[] |`.well-known/ai.txt` |✅ |Estate-wide AI agent affordance metadata. |`.well-known/humans.txt` |✅ |Human-readable maintainer / contributor surface. |`guix.scm` or `flake.nix` |⚠️ |Neither file currently committed; the `affinescript.opam` package descriptor + the global `justfile` recipes carry the build contract today. Adding a Guix channel definition is a planned follow-up (estate primary is Guix per RSR-OUTLINE §"Language Tiers"); a Nix fallback would be acceptable for early CI. -|`0-AI-MANIFEST.a2ml` |✅ |Adopted 2026-05-25 (PR #359) replacing the older `AI.a2ml` per Hypatia `root_hygiene` rule. Matches sibling-repo convention (`road-skate/`, `affinescript-vite/`, `affinescriptiser/` all carry the same). -|`STATE.scm` |❌ |*Documented exemption.* This repo's `.scm` extension is reserved for Guix (`guix.scm`, `.guix-channel`) per the language policy in `0-AI-MANIFEST.a2ml`. Project state lives at `.machine_readable/6a2/STATE.a2ml` in the canonical 6a2 schema (matches sibling repos in the same estate). Substituting `.a2ml` for `.scm` is the cross-repo standard, not an AffineScript outlier — see also `road-skate/.machine_readable/STATE.a2ml`. +|`0-AI-MANIFEST.a2ml` |✅ |Adopted 2026-05-25 (PR #359) replacing the older `AI.a2ml` per Hypatia `root_hygiene` rule. Matches sibling-repo convention (`hyperpolymath/road-skate`, `affinescript-vite/`, `affinescriptiser/` all carry the same). +|`STATE.scm` |❌ |*Documented exemption.* This repo's `.scm` extension is reserved for Guix (`guix.scm`, `.guix-channel`) per the language policy in `0-AI-MANIFEST.a2ml`. Project state lives at `.machine_readable/6a2/STATE.a2ml` in the canonical 6a2 schema (matches sibling repos in the same estate). Substituting `.a2ml` for `.scm` is the cross-repo standard, not an AffineScript outlier — see also `hyperpolymath/road-skate`'s `.machine_readable/STATE.a2ml`. |`RSR_COMPLIANCE.adoc` |✅ |This file. Added 2026-05-25. |=== diff --git a/docs/ECOSYSTEM.adoc b/docs/ECOSYSTEM.adoc index 0e07d4a2..246e6c76 100644 --- a/docs/ECOSYSTEM.adoc +++ b/docs/ECOSYSTEM.adoc @@ -170,9 +170,15 @@ canonical `affinescript tea-bridge` + a re-entrancy fixture. |`affinescript-cadre` |scaffold |Was imaginary until #175. Router/navigation satellite (internal `lib/tea_router.ml` contract exists). -|`affinescriptiser`, `road-skate` |adjunct |In-tree tooling/experiments; +|`affinescriptiser` |adjunct |In-tree tooling/experiments; not part of the integration critical path. +|`hyperpolymath/road-skate` (out-of-tree, 2026-05-26) |adjunct |Retro driving +game written in AffineScript (Test Drive III-inspired). Extracted from this +repo's `road-skate/` subtree on 2026-05-26 — see commit history of +`hyperpolymath/road-skate` for pre-extraction lineage. Not part of the +integration critical path. + |`packages/affine-js` / `-ts` / `-res` / `-vscode` |works | `affine-js` SAT-02 fixed by INT-02 (#179): host-agnostic loader (`loader.js`) — Deno/Node/browser parity, multi-namespace import diff --git a/docs/standards/PANIC-ATTACK.adoc b/docs/standards/PANIC-ATTACK.adoc index 0017acc4..89558b82 100644 --- a/docs/standards/PANIC-ATTACK.adoc +++ b/docs/standards/PANIC-ATTACK.adoc @@ -13,7 +13,7 @@ when the scanner runs, how findings are dispositioned, and what the finding-disposition vocabulary is. The estate-wide rule that mandates panic-attack lives in -`road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc` +`hyperpolymath/road-skate`'s `docs/governance/MAINTENANCE-CHECKLIST.adoc` (Axis 3 — *audit: systems > compliance > effects*). This file is the AffineScript-specific instantiation of that rule. ==== @@ -147,16 +147,14 @@ mechanism. == Tool installation `panic-attack` is the `panic-attacker` Rust crate from the estate -(`road-skate/features/panic-attacker/`). Install: +(`hyperpolymath/panic-attack`). Install: [source,bash] ---- -cargo install --path road-skate/features/panic-attacker -# or, from the published crate (when available): cargo install panic-attacker ---- -CI installs it during the weekly workflow via the same crate path. +CI installs it during the weekly workflow via the same published crate. == Cross-references @@ -164,6 +162,6 @@ CI installs it during the weekly workflow via the same crate path. is referenced from there as the security-scan policy). * link:RELEASE.md[RELEASE.md] — release-cut checklist (pre-release panic-attack invocation). -* `road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc` — +* `hyperpolymath/road-skate`'s `docs/governance/MAINTENANCE-CHECKLIST.adoc` — estate-wide maintenance axes that mandate the scanner. * `panic-attack.toml` — the rule configuration this SOP enacts. diff --git a/docs/standards/TESTING.adoc b/docs/standards/TESTING.adoc index 55cd5969..24653f9d 100644 --- a/docs/standards/TESTING.adoc +++ b/docs/standards/TESTING.adoc @@ -199,7 +199,7 @@ and a ratchet policy. == Panic-attack (security scan) `panic-attack` is the estate's compliance scanner. Per estate -practice (`road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc` +practice (`hyperpolymath/road-skate`'s `docs/governance/MAINTENANCE-CHECKLIST.adoc`, Axis 3 — *audit: systems > compliance > effects*) it runs: * On a weekly schedule diff --git a/road-skate/.devcontainer/Containerfile b/road-skate/.devcontainer/Containerfile deleted file mode 100644 index c1773d7f..00000000 --- a/road-skate/.devcontainer/Containerfile +++ /dev/null @@ -1,32 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# Dev Container image for AffineScript-Vite -# Base: Chainguard Wolfi (minimal, supply-chain-secure) -# Build: podman build -t AffineScript-Vite-dev -f .devcontainer/Containerfile . - -FROM cgr.dev/chainguard/wolfi-base:latest - -# Install common development tools -RUN apk update && apk add --no-cache \ - bash \ - curl \ - git \ - openssh-client \ - ca-certificates \ - build-base \ - posix-libc-utils \ - shadow \ - && rm -rf /var/cache/apk/* - -# Create non-root dev user (matches devcontainer.json remoteUser) -RUN groupadd -g 1000 nonroot || true \ - && useradd -m -u 1000 -g 1000 -s /bin/bash nonroot || true - -# Set workspace directory -WORKDIR /workspaces/AffineScript-Vite - -# Default shell -ENV SHELL=/bin/bash - -USER nonroot diff --git a/road-skate/.devcontainer/README.adoc b/road-skate/.devcontainer/README.adoc deleted file mode 100644 index 812652f8..00000000 --- a/road-skate/.devcontainer/README.adoc +++ /dev/null @@ -1,27 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -= Dev Container Usage -:author: hyperpolymath - -== Overview - -This dev container uses `cgr.dev/chainguard/wolfi-base` with git, curl, bash, and just pre-installed. Dev container features add git, just, and nickel automatically. - -== VS Code (Local) - -. Install the *Dev Containers* extension (`ms-vscode-remote.remote-containers`). -. Set `dev.containers.dockerPath` to `podman` in VS Code settings. -. Open the repo folder, then choose **Reopen in Container** from the command palette. - -== GitHub Codespaces - -. From the repository on GitHub, click **Code > Codespaces > New codespace**. -. The container builds automatically from this configuration. - -== Gitpod - -. Prefix the repo URL with `https://gitpod.io/#` to launch a workspace. -. Gitpod reads `devcontainer.json` and builds the environment. - -== Customization - -Replace `AffineScript-Vite` placeholders in both `devcontainer.json` and `Containerfile` with your actual project name. Run `just deps` to verify the environment after first launch. diff --git a/road-skate/.devcontainer/devcontainer.json b/road-skate/.devcontainer/devcontainer.json deleted file mode 100644 index 46ee19ee..00000000 --- a/road-skate/.devcontainer/devcontainer.json +++ /dev/null @@ -1,69 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -// -// Dev Container configuration for AffineScript-Vite -// Works with: VS Code Dev Containers, GitHub Codespaces, Gitpod -// Container runtime: Podman (recommended) or any OCI-compliant runtime -{ - "name": "AffineScript-Vite", - - "build": { - "dockerfile": "Containerfile", - "context": ".." - }, - - "features": { - "ghcr.io/devcontainers/features/git:1": { - "ppa": false, - "version": "latest" - }, - "ghcr.io/jdx/devcontainer-features/just:1": {}, - "ghcr.io/nickel-lang/devcontainer-feature:0": {} - }, - - "postCreateCommand": "just deps", - - "remoteUser": "nonroot", - - "containerEnv": { - "EDITOR": "code --wait", - "LANG": "C.UTF-8" - }, - - "customizations": { - "vscode": { - "extensions": [ - "EditorConfig.EditorConfig", - "eamodio.gitlens", - "streetsidesoftware.code-spell-checker", - "timonwong.shellcheck", - "tamasfe.even-better-toml", - "skellock.just", - "redhat.vscode-yaml", - "DavidAnson.vscode-markdownlint", - "asciidoctor.asciidoctor-vscode", - "usernamehw.errorlens" - ], - "settings": { - "editor.formatOnSave": true, - "editor.insertSpaces": true, - "editor.tabSize": 2, - "files.trimTrailingWhitespace": true, - "files.insertFinalNewline": true, - "files.trimFinalNewlines": true, - "[makefile]": { - "editor.insertSpaces": false - } - } - }, - "codespaces": { - "openFiles": [ - "README.adoc" - ] - } - }, - - "forwardPorts": [], - - "shutdownAction": "stopContainer" -} diff --git a/road-skate/.editorconfig b/road-skate/.editorconfig deleted file mode 100644 index bcdbb4de..00000000 --- a/road-skate/.editorconfig +++ /dev/null @@ -1,65 +0,0 @@ -# RSR-template-repo - Editor Configuration -# https://editorconfig.org - -root = true - -[*] -charset = utf-8 -end_of_line = lf -indent_size = 2 -indent_style = space -insert_final_newline = true -trim_trailing_whitespace = true - -[*.md] -trim_trailing_whitespace = false - -[*.adoc] -trim_trailing_whitespace = false - -[*.rs] -indent_size = 4 - -[*.ex] -indent_size = 2 - -[*.exs] -indent_size = 2 - -[*.zig] -indent_size = 4 - -[*.ada] -indent_size = 3 - -[*.adb] -indent_size = 3 - -[*.ads] -indent_size = 3 - -[*.hs] -indent_size = 2 - -[*.res] -indent_size = 2 - -[*.resi] -indent_size = 2 - -[*.ncl] -indent_size = 2 - -[*.rkt] -indent_size = 2 - -[*.scm] -indent_size = 2 - -[*.nix] -indent_size = 2 - -[Justfile] -indent_style = space -indent_size = 4 - diff --git a/road-skate/.envrc b/road-skate/.envrc deleted file mode 100644 index 3f38b9d7..00000000 --- a/road-skate/.envrc +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Activate development environment -# Install direnv: https://direnv.net/ - -# Load .tool-versions if asdf is available -if has asdf; then - use asdf -fi - -# Load Guix shell if guix.scm exists -if has guix && [ -f guix.scm ]; then - use guix -fi - -# Load Nix flake if flake.nix exists -if has nix && [ -f flake.nix ]; then - use flake -fi - -# Project environment variables -export PROJECT_NAME="AffineScript-Vite" -export RSR_TIER="infrastructure" -# export DATABASE_URL="..." -# export API_KEY="..." - -# Source .env if it exists (gitignored) -dotenv_if_exists diff --git a/road-skate/.gitattributes b/road-skate/.gitattributes deleted file mode 100644 index c95d5ebd..00000000 --- a/road-skate/.gitattributes +++ /dev/null @@ -1,55 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# RSR-compliant .gitattributes - -* text=auto eol=lf - -# Source -*.rs text eol=lf diff=rust -*.ex text eol=lf diff=elixir -*.exs text eol=lf diff=elixir -*.jl text eol=lf -*.res text eol=lf -*.resi text eol=lf -*.ada text eol=lf diff=ada -*.adb text eol=lf diff=ada -*.ads text eol=lf diff=ada -*.hs text eol=lf -*.chpl text eol=lf -*.scm text eol=lf -*.a2ml text eol=lf linguist-language=TOML -*.ncl text eol=lf -*.nix text eol=lf - -# Docs -*.md text eol=lf diff=markdown -*.adoc text eol=lf -*.txt text eol=lf - -# Data -*.json text eol=lf -*.yaml text eol=lf -*.yml text eol=lf -*.toml text eol=lf - -# Config -.gitignore text eol=lf -.gitattributes text eol=lf -Justfile text eol=lf -Makefile text eol=lf -Containerfile text eol=lf - -# Scripts -*.sh text eol=lf - -# Binary -*.png binary -*.jpg binary -*.gif binary -*.pdf binary -*.woff2 binary -*.zip binary -*.gz binary - -# Lock files -Cargo.lock text eol=lf -diff -flake.lock text eol=lf -diff diff --git a/road-skate/.github/.mailmap b/road-skate/.github/.mailmap deleted file mode 100644 index 044c94fe..00000000 --- a/road-skate/.github/.mailmap +++ /dev/null @@ -1 +0,0 @@ -hyperpolymath <{{AUTHOR_EMAIL_ALT}}> diff --git a/road-skate/.github/.nojekyll b/road-skate/.github/.nojekyll deleted file mode 100644 index e69de29b..00000000 diff --git a/road-skate/.github/CODEOWNERS b/road-skate/.github/CODEOWNERS deleted file mode 100644 index 8d339b77..00000000 --- a/road-skate/.github/CODEOWNERS +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# CODEOWNERS - Define code review assignments -# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners -# -# Replace hyperpolymath with your GitHub username or team - -# Default owners for everything -* @hyperpolymath - -# Security-sensitive files require explicit review -SECURITY.md @hyperpolymath -.github/workflows/ @hyperpolymath -Trustfile.a2ml @hyperpolymath -.machine_readable/ @hyperpolymath diff --git a/road-skate/.github/CODE_OF_CONDUCT.md b/road-skate/.github/CODE_OF_CONDUCT.md deleted file mode 100644 index c4fdb013..00000000 --- a/road-skate/.github/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,327 +0,0 @@ -# Code of Conduct - - - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in AffineScript-Vite a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, colour, religion, or sexual identity and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. - -We recognise that a thriving open source community requires **psychological safety** — an environment where people can contribute, ask questions, make mistakes, and learn without fear of ridicule or retaliation. - ---- - -## Our Standards - -### Expected Behaviour - -The following behaviours contribute to a positive environment: - -**Communication** -- Using welcoming and inclusive language -- Being respectful of differing viewpoints and experiences -- Giving and gracefully accepting constructive feedback -- Assuming good intent while addressing impact -- Communicating clearly and patiently, especially with newcomers - -**Collaboration** -- Focusing on what is best for the community -- Showing empathy and kindness toward other community members -- Being collaborative rather than competitive -- Mentoring and supporting less experienced contributors -- Celebrating others' contributions and successes - -**Professionalism** -- Accepting responsibility and apologising to those affected by our mistakes -- Learning from the experience and avoiding repetition -- Respecting others' time and attention -- Staying on topic in project spaces -- Following project guidelines and conventions - -**Accessibility** -- Using plain language and avoiding unnecessary jargon -- Providing alt text for images and transcripts for audio/video -- Being patient with those using assistive technologies -- Accommodating different communication styles and needs -- Recognising that not everyone communicates the same way - -### Unacceptable Behaviour - -The following behaviours are considered harassment and are unacceptable: - -**Harassment** -- The use of sexualised language or imagery, and sexual attention or advances of any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Deliberate intimidation, stalking, or following (online or in-person) -- Unwelcome physical contact or simulated physical contact (e.g., emoji) -- Sustained disruption of talks, events, or online discussions - -**Discrimination** -- Discriminatory jokes and language -- Posting or threatening to post others' personally identifying information ("doxing") -- Advocating for, or encouraging, any of the above behaviour -- Microaggressions — subtle, often unintentional, discriminatory comments or actions - -**Professional Misconduct** -- Publishing others' private information without explicit permission -- Misrepresenting affiliation or contributions -- Plagiarism or claiming credit for others' work -- Retaliating against anyone who reports a Code of Conduct violation -- Other conduct which could reasonably be considered inappropriate in a professional setting - -### Grey Areas - -Some situations require judgement. When uncertain: - -- **Intent vs Impact**: Good intentions do not excuse harmful impact. Focus on making things right. -- **Power Dynamics**: Those with more power (maintainers, employers, experienced contributors) must be especially mindful of their impact. -- **Cultural Differences**: What's acceptable varies by culture. When in doubt, err on the side of caution and ask. -- **Humour**: Jokes at others' expense are rarely funny to everyone. Punch up, not down. - ---- - -## Scope - -This Code of Conduct applies within all community spaces, including: - -**Online Spaces** -- Repository discussions, issues, and pull/merge requests -- Project chat channels (Matrix, Discord, Slack, IRC) -- Mailing lists and forums -- Social media when representing the project -- Video calls and virtual meetings - -**In-Person Spaces** -- Conferences, meetups, and events -- Workshops and training sessions -- Any gathering where you represent the project - -**Representation** -This Code of Conduct also applies when an individual is officially representing the community in public spaces. Examples include: - -- Using an official project email address -- Posting via an official social media account -- Acting as an appointed representative at an event -- Speaking on behalf of the project - ---- - -## Enforcement - -### Reporting - -If you experience or witness unacceptable behaviour, or have any other concerns, please report it as soon as possible. - -**How to Report** - -| Method | Details | Best For | -|--------|---------|----------| -| **Email** | {{CONDUCT_EMAIL}} | Detailed reports, sensitive matters | -| **Private Message** | Contact any maintainer directly | Quick questions, minor issues | -| **Anonymous Form** | [Link to form if available] | When you need anonymity | - -**What to Include** - -- Your contact information (unless anonymous) -- Names/usernames of those involved -- Description of what happened -- When and where it occurred -- Any witnesses -- Any supporting evidence (screenshots, links) -- How you would like us to respond (if you have a preference) - -**What Happens Next** - -1. You will receive acknowledgment within **{{RESPONSE_TIME}}** -2. The {{CONDUCT_TEAM}} will review the report -3. We may ask for additional information -4. We will determine appropriate action -5. We will inform you of the outcome (respecting others' privacy) - -### Confidentiality - -All reports will be handled with discretion: - -- Reporter identity is protected by default -- Details are shared only with those who need to know -- We will ask before naming you in any communication -- Anonymous reports are accepted and investigated - -### Conflicts of Interest - -If a {{CONDUCT_TEAM}} member is involved in an incident: - -- They will recuse themselves from the process -- Another maintainer or external party will handle the report -- We will disclose any potential conflicts - ---- - -## Enforcement Guidelines - -The {{CONDUCT_TEAM}} will follow these guidelines in determining consequences: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behaviour deemed unprofessional or unwelcome. - -**Consequence**: A private, written warning providing clarity around the nature of the violation and an explanation of why the behaviour was inappropriate. A public apology may be requested. - -**Duration**: Immediate - -### 2. Warning - -**Community Impact**: A violation through a single incident or series of actions. - -**Consequence**: A warning with consequences for continued behaviour. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. - -**Duration**: 1-4 weeks - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including sustained inappropriate behaviour. - -**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. - -**Duration**: 1-6 months - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behaviour, harassment of an individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within the community. - -**Duration**: Permanent (with appeal rights after 12 months) - -### Enforcement Across Perimeters - -For contributors with elevated access (Perimeter 2 or 1): - -| Level | Additional Consequence | -|-------|----------------------| -| Correction | Noted in contributor record | -| Warning | Access privileges may be temporarily reduced | -| Temporary Ban | Access reduced to Perimeter 3 for ban duration | -| Permanent Ban | All access revoked | - ---- - -## Appeals - -If you believe an enforcement decision was made in error: - -1. **Wait 7 days** after the decision (cooling-off period) -2. **Email** {{CONDUCT_EMAIL}} with subject line "Appeal: [Original Report ID]" -3. **Explain** why you believe the decision should be reconsidered -4. **Provide** any new information not previously available - -**Appeals Process** - -- Appeals are reviewed by a different {{CONDUCT_TEAM}} member than the original -- You will receive a response within 14 days -- The appeals decision is final -- You may only appeal once per incident - -**Grounds for Appeal** - -- Procedural errors in the original investigation -- New evidence not previously available -- Disproportionate response to the violation -- Misunderstanding of facts - ---- - -## Supporting Those Who Report - -We are committed to supporting those who report violations: - -**We Will** -- Believe and take all reports seriously -- Respect your privacy and confidentiality preferences -- Keep you informed of progress (if you wish) -- Take steps to protect you from retaliation -- Provide resources if you need support - -**We Will Not** -- Require you to confront the person directly -- Dismiss reports without investigation -- Reveal your identity without consent -- Tolerate retaliation against reporters -- Rush you to make decisions - ---- - -## Prevention - -Beyond enforcement, we actively work to prevent issues: - -**Onboarding** -- All contributors are expected to read this Code of Conduct -- Perimeter 2 applicants must confirm they've read and understood it -- Maintainers receive additional training on enforcement - -**Culture** -- We model the behaviour we expect -- We intervene early when we see potential issues -- We thank people for positive contributions -- We create opportunities for diverse voices - -**Review** -- This Code of Conduct is reviewed annually -- Community feedback is welcomed -- Changes are communicated clearly - ---- - -## Acknowledgments - -This Code of Conduct is adapted from: - -- [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1 -- [Django Code of Conduct](https://www.djangoproject.com/conduct/) -- [Rust Code of Conduct](https://www.rust-lang.org/policies/code-of-conduct) -- [Python Community Code of Conduct](https://www.python.org/psf/conduct/) - -We thank these communities for their leadership in creating welcoming spaces. - ---- - -## Questions? - -If you have questions about this Code of Conduct: - -- Open a [Discussion](https://github.com/hyperpolymath/affinescript-vite/discussions) (for general questions) -- Email {{CONDUCT_EMAIL}} (for private questions) -- Contact any maintainer directly - ---- - -## Summary - -**Be kind. Be respectful. Be collaborative.** - -We're all here because we care about this project. Let's make it a place where everyone can do their best work. - ---- - -Last updated: {{CURRENT_YEAR}} · Based on Contributor Covenant 2.1 diff --git a/road-skate/.github/CONTRIBUTING.md b/road-skate/.github/CONTRIBUTING.md deleted file mode 100644 index 9f94e301..00000000 --- a/road-skate/.github/CONTRIBUTING.md +++ /dev/null @@ -1,121 +0,0 @@ -# Clone the repository -git clone https://github.com/hyperpolymath/affinescript-vite.git -cd affinescript-vite - -# Using Nix (recommended for reproducibility) -nix develop - -# Or using toolbox/distrobox -toolbox create affinescript-vite-dev -toolbox enter affinescript-vite-dev -# Install dependencies manually - -# Verify setup -just check # or: cargo check / mix compile / etc. -just test # Run test suite -``` - -### Repository Structure -``` -affinescript-vite/ -├── src/ # Source code (Perimeter 1-2) -├── lib/ # Library code (Perimeter 1-2) -├── extensions/ # Extensions (Perimeter 2) -├── plugins/ # Plugins (Perimeter 2) -├── tools/ # Tooling (Perimeter 2) -├── docs/ # Documentation (Perimeter 3) -│ ├── architecture/ # ADRs, specs (Perimeter 2) -│ └── proposals/ # RFCs (Perimeter 3) -├── examples/ # Examples (Perimeter 3) -├── spec/ # Spec tests (Perimeter 3) -├── tests/ # Test suite (Perimeter 2-3) -├── .machine_readable/ # ALL machine-readable content (Perimeter 1) -│ ├── *.a2ml # State files (STATE, META, ECOSYSTEM, etc.) -│ ├── bot_directives/ # Bot configs -│ └── contractiles/ # Policy contracts (k9, dust, lust, must, trust) -├── .well-known/ # Protocol files (Perimeter 1-3) -├── .github/ # GitHub config (Perimeter 1) -│ ├── ISSUE_TEMPLATE/ -│ └── workflows/ -├── CHANGELOG.md -├── CODE_OF_CONDUCT.md -├── CONTRIBUTING.md # This file -├── GOVERNANCE.md -├── LICENSE -├── MAINTAINERS.md -├── README.adoc -├── SECURITY.md -├── flake.nix # Nix flake — fallback (Perimeter 1) -├── guix.scm # Guix package — primary (Perimeter 1) -└── Justfile # Task runner (Perimeter 1) -``` - ---- - -## How to Contribute - -### Reporting Bugs - -**Before reporting**: -1. Search existing issues -2. Check if it's already fixed in `{{MAIN_BRANCH}}` -3. Determine which perimeter the bug affects - -**When reporting**: - -Use the [bug report template](.github/ISSUE_TEMPLATE/bug_report.md) and include: - -- Clear, descriptive title -- Environment details (OS, versions, toolchain) -- Steps to reproduce -- Expected vs actual behaviour -- Logs, screenshots, or minimal reproduction - -### Suggesting Features - -**Before suggesting**: -1. Check the [roadmap](ROADMAP.md) if available -2. Search existing issues and discussions -3. Consider which perimeter the feature belongs to - -**When suggesting**: - -Use the [feature request template](.github/ISSUE_TEMPLATE/feature_request.md) and include: - -- Problem statement (what pain point does this solve?) -- Proposed solution -- Alternatives considered -- Which perimeter this affects - -### Your First Contribution - -Look for issues labelled: - -- [`good first issue`](https://github.com/hyperpolymath/affinescript-vite/labels/good%20first%20issue) — Simple Perimeter 3 tasks -- [`help wanted`](https://github.com/hyperpolymath/affinescript-vite/labels/help%20wanted) — Community help needed -- [`documentation`](https://github.com/hyperpolymath/affinescript-vite/labels/documentation) — Docs improvements -- [`perimeter-3`](https://github.com/hyperpolymath/affinescript-vite/labels/perimeter-3) — Community sandbox scope - ---- - -## Development Workflow - -### Branch Naming -``` -docs/short-description # Documentation (P3) -test/what-added # Test additions (P3) -feat/short-description # New features (P2) -fix/issue-number-description # Bug fixes (P2) -refactor/what-changed # Code improvements (P2) -security/what-fixed # Security fixes (P1-2) -``` - -### Commit Messages - -We follow [Conventional Commits](https://www.conventionalcommits.org/): -``` -(): - -[optional body] - -[optional footer] diff --git a/road-skate/.github/DIRECTORY.adoc b/road-skate/.github/DIRECTORY.adoc deleted file mode 100644 index a97d2202..00000000 --- a/road-skate/.github/DIRECTORY.adoc +++ /dev/null @@ -1 +0,0 @@ -= .github Pillar diff --git a/road-skate/.github/DISCUSSION_TEMPLATE/ideas.yml b/road-skate/.github/DISCUSSION_TEMPLATE/ideas.yml deleted file mode 100644 index ef912f85..00000000 --- a/road-skate/.github/DISCUSSION_TEMPLATE/ideas.yml +++ /dev/null @@ -1,13 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -labels: [enhancement] -body: - - type: textarea - attributes: - label: Idea - description: Describe your idea - validations: - required: true - - type: textarea - attributes: - label: Motivation - description: Why would this be useful? diff --git a/road-skate/.github/DISCUSSION_TEMPLATE/q-and-a.yml b/road-skate/.github/DISCUSSION_TEMPLATE/q-and-a.yml deleted file mode 100644 index df4ec200..00000000 --- a/road-skate/.github/DISCUSSION_TEMPLATE/q-and-a.yml +++ /dev/null @@ -1,13 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -labels: [question] -body: - - type: textarea - attributes: - label: Question - description: What would you like to know? - validations: - required: true - - type: textarea - attributes: - label: Context - description: Any relevant background diff --git a/road-skate/.github/FUNDING.yml b/road-skate/.github/FUNDING.yml deleted file mode 100644 index 688a442c..00000000 --- a/road-skate/.github/FUNDING.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Funding platforms for hyperpolymath projects -# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository - -github: hyperpolymath -ko_fi: hyperpolymath -liberapay: hyperpolymath diff --git a/road-skate/.github/GOVERNANCE.md b/road-skate/.github/GOVERNANCE.md deleted file mode 100644 index 527c72e6..00000000 --- a/road-skate/.github/GOVERNANCE.md +++ /dev/null @@ -1,158 +0,0 @@ - - -# Project Governance - -This document describes the governance model for **AffineScript-Vite**. - ---- - -## Project Governance Model - -AffineScript-Vite follows a **Benevolent Dictator For Life (BDFL)** governance model. -This model is well-suited for solo maintainers and small project teams where rapid, -consistent decision-making is more valuable than formal consensus processes. - -The BDFL has final authority on all project decisions, including technical direction, -release schedules, contributor access, and community standards. - -> **Transition clause:** When the core team exceeds three active maintainers, this -> project should transition to a **consensus-based governance model** with documented -> voting procedures. That transition should itself be recorded as an Architecture -> Decision Record (ADR) in `docs/decisions/`. - ---- - -## Decision Making - -### Day-to-day decisions - -- The BDFL makes final decisions on all matters. -- Routine decisions (bug fixes, dependency updates, minor improvements) may be made - by any maintainer with commit access. -- Maintainers are expected to use good judgement and seek input on non-trivial changes. - -### Proposing changes - -- Contributors can propose changes by opening issues or pull requests. -- Significant changes (new features, breaking changes, architectural shifts) should - be discussed in an issue before implementation begins. -- The BDFL will provide a clear accept/reject decision with reasoning. - -### Architecture Decision Records (ADRs) - -- Significant technical decisions are documented as ADRs in `docs/decisions/`. -- ADR statuses: `proposed`, `accepted`, `deprecated`, `superseded`, `rejected`. -- ADRs provide a historical record of why decisions were made and what alternatives - were considered. -- See `.machine_readable/META.a2ml` for the machine-readable ADR index. - ---- - -## Roles - -### BDFL (Benevolent Dictator For Life) - -- The project creator and ultimate decision-maker. -- Sets the project's technical direction and long-term vision. -- Has final say on all matters, including maintainer appointments and removals. -- Responsible for ensuring the project adheres to RSR standards. - -### Maintainer - -- Has commit access to the repository. -- Reviews and merges pull requests. -- Triages issues and manages releases. -- Upholds code quality, security standards, and the Code of Conduct. -- Listed in [MAINTAINERS.md](MAINTAINERS.md). - -### Contributor - -- Anyone who submits pull requests, opens issues, or participates in discussions. -- Does not have direct commit access. -- Contributions are reviewed by maintainers before merging. -- All contributors must follow the [Code of Conduct](CODE_OF_CONDUCT.md). - -### Bot - -- Automated agents managed via your bot orchestration system. -- Perform automated code review, security scanning, dependency updates, and - standards enforcement. -- Bot actions are subject to the same quality and review standards as human - contributions. -- Configure your bots in `.machine_readable/bot_directives/`. - ---- - -## Becoming a Maintainer - -A contributor may be nominated to become a maintainer when they demonstrate: - -1. **Sustained quality contributions** -- a track record of well-crafted pull requests - that follow project conventions and require minimal revision. -2. **Understanding of RSR standards** -- familiarity with the Repository Structure - Requirements, security policies, and CI/CD workflows used across the project. -3. **Constructive participation** -- helpful issue triage, thoughtful code review - comments, and mentoring of other contributors. -4. **Reliability** -- consistent engagement over a meaningful period (typically 3+ - months of active contribution). - -### Process - -1. An existing maintainer nominates the candidate by opening a private discussion - with the BDFL. -2. The BDFL reviews the candidate's contribution history and community interactions. -3. The BDFL approves or declines the nomination, with reasoning provided to the - nominator. -4. If approved, the new maintainer is added to [MAINTAINERS.md](MAINTAINERS.md) and - granted appropriate repository access. - ---- - -## Removing a Maintainer - -A maintainer may be removed under the following circumstances: - -- **Inactivity**: No meaningful contributions or reviews for 12 or more consecutive - months. The maintainer will be contacted before removal and offered the option to - move to emeritus status voluntarily. -- **Code of Conduct violation**: Behaviour that violates the - [Code of Conduct](CODE_OF_CONDUCT.md), as determined through the enforcement - process described therein. -- **BDFL discretion**: The BDFL may remove a maintainer for other reasons (e.g., - repeated disregard for project standards, loss of trust). Reasoning will be - documented privately. - -Removed maintainers are moved to the Emeritus section of -[MAINTAINERS.md](MAINTAINERS.md) unless removal was due to a serious Code of Conduct -violation. - ---- - -## Code of Conduct - -All participants in this project are expected to follow the -[Code of Conduct](CODE_OF_CONDUCT.md). The Code of Conduct applies to all project -spaces, including issues, pull requests, discussions, and any forum where the project -is represented. - -Enforcement of the Code of Conduct is described in that document. The BDFL serves as -the final arbiter in conduct disputes. - ---- - -## Amendments - -This governance document may be amended by the BDFL at any time. All amendments will -be: - -1. Documented as an ADR in `docs/decisions/` explaining the rationale for the change. -2. Committed to the repository with a clear commit message. -3. Communicated to existing maintainers and contributors via the project's usual - channels. - -Substantive changes (e.g., changing the governance model itself) should be discussed -with the community before adoption, even though the BDFL retains final authority. - ---- - -Copyright (c) {{CURRENT_YEAR}} hyperpolymath. Licensed under MPL-2.0. diff --git a/road-skate/.github/ISSUE_TEMPLATE/bug_report.yml b/road-skate/.github/ISSUE_TEMPLATE/bug_report.yml deleted file mode 100644 index 95ba6ffc..00000000 --- a/road-skate/.github/ISSUE_TEMPLATE/bug_report.yml +++ /dev/null @@ -1,127 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Bug report issue template for hyperpolymath/affinescript-vite -name: Bug Report -description: Create a report to help us improve -title: "[Bug]: " -labels: ["bug", "priority: unset", "triage"] -assignees: [] -body: - - type: markdown - attributes: - value: | - Thank you for taking the time to report a bug. Please fill out the sections below - so we can reproduce and fix the issue. - - - type: textarea - id: description - attributes: - label: Describe the bug - description: A clear and concise description of what the bug is. - placeholder: When I do X, Y happens instead of Z. - validations: - required: true - - - type: textarea - id: reproduction - attributes: - label: Steps to reproduce - description: Detailed steps to reproduce the behavior. - placeholder: | - 1. Go to '...' - 2. Run command '...' - 3. See error - value: | - 1. - 2. - 3. - validations: - required: true - - - type: textarea - id: expected - attributes: - label: Expected behavior - description: A clear and concise description of what you expected to happen. - placeholder: I expected X to happen. - validations: - required: true - - - type: textarea - id: actual - attributes: - label: Actual behavior - description: What actually happened instead. - placeholder: Instead, Y happened. - validations: - required: true - - - type: textarea - id: screenshots - attributes: - label: Screenshots or logs - description: If applicable, add screenshots or paste error logs to help explain the problem. - placeholder: Paste screenshots or error output here. - render: text - validations: - required: false - - - type: dropdown - id: severity - attributes: - label: Severity - description: How severe is this bug? - options: - - Low (cosmetic, minor inconvenience) - - Medium (functionality impaired but workaround exists) - - High (major functionality broken) - - Critical (data loss, security issue, complete failure) - validations: - required: true - - - type: input - id: os - attributes: - label: Operating system - description: What OS are you using? - placeholder: "e.g. Fedora 43, macOS 15.3, Windows 11" - validations: - required: false - - - type: input - id: version - attributes: - label: Version - description: What version of this project are you using? - placeholder: "e.g. 1.2.3, commit abc1234, main branch" - validations: - required: false - - - type: input - id: runtime - attributes: - label: Runtime / toolchain - description: Relevant runtime or toolchain version, if applicable. - placeholder: "e.g. Deno 2.1, Rust nightly 2026-02-10, Gleam 1.8" - validations: - required: false - - - type: textarea - id: additional - attributes: - label: Additional context - description: Add any other context about the problem here. - placeholder: Any other relevant information. - validations: - required: false - - - type: checkboxes - id: checklist - attributes: - label: Pre-submission checklist - options: - - label: I have searched existing issues to ensure this is not a duplicate - required: true - - label: I am using a supported version of this project - required: false - - label: I would be willing to submit a PR to fix this - required: false diff --git a/road-skate/.github/ISSUE_TEMPLATE/config.yml b/road-skate/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index 0140d78c..00000000 --- a/road-skate/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Issue template chooser configuration for hyperpolymath/affinescript-vite -blank_issues_enabled: true -contact_links: - - name: Discussions - url: https://github.com/hyperpolymath/affinescript-vite/discussions - about: Ask questions, share ideas, or start a conversation in Discussions. - - name: Security Vulnerabilities - url: https://github.com/hyperpolymath/affinescript-vite/security/advisories/new - about: Report security vulnerabilities privately via GitHub Security Advisories. diff --git a/road-skate/.github/ISSUE_TEMPLATE/custom.yml b/road-skate/.github/ISSUE_TEMPLATE/custom.yml deleted file mode 100644 index 7c1bb320..00000000 --- a/road-skate/.github/ISSUE_TEMPLATE/custom.yml +++ /dev/null @@ -1,76 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Custom issue template for hyperpolymath/affinescript-vite -name: Other -description: Report an issue that does not fit the other categories -title: "" -labels: ["triage"] -assignees: [] -body: - - type: markdown - attributes: - value: | - Use this template for issues that do not fit into bug reports, feature requests, - documentation, or questions. Please provide as much detail as possible. - - - type: dropdown - id: category - attributes: - label: Issue category - description: What best describes this issue? - options: - - Refactoring - - Technical debt - - Build / CI issue - - Dependency update - - Security concern - - Licensing question - - Ecosystem integration - - Other - validations: - required: true - - - type: textarea - id: description - attributes: - label: Description - description: Clearly describe what this issue is about. - placeholder: Provide a detailed description of the issue. - validations: - required: true - - - type: textarea - id: rationale - attributes: - label: Rationale - description: Why is this important? What is the impact of not addressing it? - placeholder: "This matters because..." - validations: - required: false - - - type: textarea - id: proposal - attributes: - label: Proposed approach - description: If you have a plan or approach in mind, describe it here. - placeholder: "I suggest we..." - validations: - required: false - - - type: textarea - id: additional - attributes: - label: Additional context - description: Add any other context, links, or references. - placeholder: Any supplementary information. - validations: - required: false - - - type: checkboxes - id: checklist - attributes: - label: Pre-submission checklist - options: - - label: I have searched existing issues to ensure this is not a duplicate - required: true - - label: I would be willing to submit a PR to address this - required: false diff --git a/road-skate/.github/ISSUE_TEMPLATE/documentation.yml b/road-skate/.github/ISSUE_TEMPLATE/documentation.yml deleted file mode 100644 index 92337727..00000000 --- a/road-skate/.github/ISSUE_TEMPLATE/documentation.yml +++ /dev/null @@ -1,64 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Documentation issue template for hyperpolymath/affinescript-vite -name: Documentation -description: Report unclear, missing, or incorrect documentation -title: "[Docs]: " -labels: ["documentation", "priority: unset", "triage"] -assignees: [] -body: - - type: markdown - attributes: - value: | - Help us improve our documentation by reporting issues or gaps. - - - type: dropdown - id: type - attributes: - label: Documentation issue type - description: What kind of documentation problem is this? - options: - - Missing (documentation doesn't exist) - - Incorrect (information is wrong) - - Unclear (confusing or hard to follow) - - Outdated (no longer accurate) - - Incomplete (partially documented) - - Typo or grammar - validations: - required: true - - - type: input - id: location - attributes: - label: Location - description: Where is this documentation? (URL, file path, or section name) - placeholder: "README.adoc, section \"Installation\"" - validations: - required: true - - - type: textarea - id: description - attributes: - label: Description - description: What is the problem with the current documentation? - placeholder: Describe what is wrong or missing. - validations: - required: true - - - type: textarea - id: suggestion - attributes: - label: Suggested improvement - description: How should the documentation be fixed or improved? - placeholder: "The documentation should say..." - validations: - required: false - - - type: checkboxes - id: contribution - attributes: - label: Contribution - options: - - label: I have searched existing issues to ensure this is not a duplicate - required: true - - label: I would be willing to submit a PR to fix this - required: false diff --git a/road-skate/.github/ISSUE_TEMPLATE/feature_request.yml b/road-skate/.github/ISSUE_TEMPLATE/feature_request.yml deleted file mode 100644 index 1da4c337..00000000 --- a/road-skate/.github/ISSUE_TEMPLATE/feature_request.yml +++ /dev/null @@ -1,87 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Feature request issue template for hyperpolymath/affinescript-vite -name: Feature Request -description: Suggest an idea or enhancement for this project -title: "[Feature]: " -labels: ["enhancement", "priority: unset", "triage"] -assignees: [] -body: - - type: markdown - attributes: - value: | - Thank you for suggesting a feature. Please describe your idea clearly so we can - evaluate and prioritize it. - - - type: textarea - id: problem - attributes: - label: Problem statement - description: Is your feature request related to a problem? Describe the pain point. - placeholder: "I'm always frustrated when [...]. Currently there is no way to [...]." - validations: - required: true - - - type: textarea - id: solution - attributes: - label: Proposed solution - description: A clear and concise description of what you want to happen. - placeholder: "I'd like a command/option/feature that [...]." - validations: - required: true - - - type: textarea - id: alternatives - attributes: - label: Alternatives considered - description: Any alternative solutions or features you have considered. - placeholder: "I considered using X, but it doesn't work because [...]." - validations: - required: false - - - type: dropdown - id: category - attributes: - label: Category - description: What area does this feature relate to? - options: - - Core functionality - - Developer experience - - Performance - - Documentation - - CI/CD / Tooling - - Integration / Interop - - Security - - Accessibility - - Other - validations: - required: true - - - type: dropdown - id: priority - attributes: - label: Importance to you - description: How important is this feature for your use case? - options: - - Nice to have - - Important (would improve my workflow) - - Critical (blocking my use case) - validations: - required: true - - - type: textarea - id: additional - attributes: - label: Additional context - description: Add any other context, screenshots, mockups, or references about the feature request. - placeholder: Links, screenshots, related projects, etc. - validations: - required: false - - - type: checkboxes - id: contribution - attributes: - label: Contribution - options: - - label: I would be willing to submit a PR to implement this feature - required: false diff --git a/road-skate/.github/ISSUE_TEMPLATE/question.yml b/road-skate/.github/ISSUE_TEMPLATE/question.yml deleted file mode 100644 index e6cde687..00000000 --- a/road-skate/.github/ISSUE_TEMPLATE/question.yml +++ /dev/null @@ -1,60 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Question issue template for hyperpolymath/affinescript-vite -name: Question -description: Ask a question about usage or behaviour -title: "[Question]: " -labels: ["question", "triage"] -assignees: [] -body: - - type: markdown - attributes: - value: | - Have a question? You can also ask in - [Discussions](https://github.com/hyperpolymath/affinescript-vite/discussions) - for broader conversations. - - - type: textarea - id: question - attributes: - label: Your question - description: What would you like to know? - placeholder: "How do I...?" - validations: - required: true - - - type: textarea - id: context - attributes: - label: Context - description: Any relevant context that helps us answer your question. - placeholder: "I'm trying to achieve X and I've tried Y..." - validations: - required: false - - - type: textarea - id: research - attributes: - label: What I have already tried - description: What have you already looked at or attempted? - placeholder: "I've read the README and searched issues but..." - validations: - required: false - - - type: input - id: version - attributes: - label: Version - description: What version of this project are you using? - placeholder: "e.g. 1.2.3, commit abc1234, main branch" - validations: - required: false - - - type: checkboxes - id: checklist - attributes: - label: Pre-submission checklist - options: - - label: I have searched existing issues and discussions - required: true - - label: I have read the available documentation - required: true diff --git a/road-skate/.github/MAINTAINERS b/road-skate/.github/MAINTAINERS deleted file mode 100644 index e6c5ad44..00000000 --- a/road-skate/.github/MAINTAINERS +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# MAINTAINERS - Project maintainers and contact information -# -# Format: Name (role) -# Replace placeholders with actual maintainer information. - -hyperpolymath (Lead Maintainer) - -# Additional maintainers: -# Name (role) diff --git a/road-skate/.github/SECURITY.md b/road-skate/.github/SECURITY.md deleted file mode 100644 index 862e5145..00000000 --- a/road-skate/.github/SECURITY.md +++ /dev/null @@ -1,406 +0,0 @@ -# Security Policy - - - -We take security seriously. We appreciate your efforts to responsibly disclose vulnerabilities and will make every effort to acknowledge your contributions. - -## Table of Contents - -- [Reporting a Vulnerability](#reporting-a-vulnerability) -- [What to Include](#what-to-include) -- [Response Timeline](#response-timeline) -- [Disclosure Policy](#disclosure-policy) -- [Scope](#scope) -- [Safe Harbour](#safe-harbour) -- [Recognition](#recognition) -- [Security Updates](#security-updates) -- [Security Best Practices](#security-best-practices) - ---- - -## Reporting a Vulnerability - -### Preferred Method: GitHub Security Advisories - -The preferred method for reporting security vulnerabilities is through GitHub's Security Advisory feature: - -1. Navigate to [Report a Vulnerability](https://github.com/hyperpolymath/affinescript-vite/security/advisories/new) -2. Click **"Report a vulnerability"** -3. Complete the form with as much detail as possible -4. Submit — we'll receive a private notification - -This method ensures: - -- End-to-end encryption of your report -- Private discussion space for collaboration -- Coordinated disclosure tooling -- Automatic credit when the advisory is published - -### Alternative: Encrypted Email - -If you cannot use GitHub Security Advisories, you may email us directly: - -| | | -|---|---| -| **Email** | {{SECURITY_EMAIL}} | -| **PGP Key** | [Download Public Key]({{PGP_KEY_URL}}) | -| **Fingerprint** | `{{PGP_FINGERPRINT}}` | - -```bash -# Import our PGP key -curl -sSL {{PGP_KEY_URL}} | gpg --import - -# Verify fingerprint -gpg --fingerprint {{SECURITY_EMAIL}} - -# Encrypt your report -gpg --armor --encrypt --recipient {{SECURITY_EMAIL}} report.txt -``` - -> **⚠️ Important:** Do not report security vulnerabilities through public GitHub issues, pull requests, discussions, or social media. - ---- - -## What to Include - -A good vulnerability report helps us understand and reproduce the issue quickly. - -### Required Information - -- **Description**: Clear explanation of the vulnerability -- **Impact**: What an attacker could achieve (confidentiality, integrity, availability) -- **Affected versions**: Which versions/commits are affected -- **Reproduction steps**: Detailed steps to reproduce the issue - -### Helpful Additional Information - -- **Proof of concept**: Code, scripts, or screenshots demonstrating the vulnerability -- **Attack scenario**: Realistic attack scenario showing exploitability -- **CVSS score**: Your assessment of severity (use [CVSS 3.1 Calculator](https://www.first.org/cvss/calculator/3.1)) -- **CWE ID**: Common Weakness Enumeration identifier if known -- **Suggested fix**: If you have ideas for remediation -- **References**: Links to related vulnerabilities, research, or advisories - -### Example Report Structure - -```markdown -## Summary -[One-sentence description of the vulnerability] - -## Vulnerability Type -[e.g., SQL Injection, XSS, SSRF, Path Traversal, etc.] - -## Affected Component -[File path, function name, API endpoint, etc.] - -## Affected Versions -[Version range or specific commits] - -## Severity Assessment -- CVSS 3.1 Score: [X.X] -- CVSS Vector: [CVSS:3.1/AV:X/AC:X/PR:X/UI:X/S:X/C:X/I:X/A:X] - -## Description -[Detailed technical description] - -## Steps to Reproduce -1. [First step] -2. [Second step] -3. [...] - -## Proof of Concept -[Code, curl commands, screenshots, etc.] - -## Impact -[What can an attacker achieve?] - -## Suggested Remediation -[Optional: your ideas for fixing] - -## References -[Links to related issues, CVEs, research] -``` - ---- - -## Response Timeline - -We commit to the following response times: - -| Stage | Timeframe | Description | -|-------|-----------|-------------| -| **Initial Response** | 48 hours | We acknowledge receipt and confirm we're investigating | -| **Triage** | 7 days | We assess severity, confirm the vulnerability, and estimate timeline | -| **Status Update** | Every 7 days | Regular updates on remediation progress | -| **Resolution** | 90 days | Target for fix development and release (complex issues may take longer) | -| **Disclosure** | 90 days | Public disclosure after fix is available (coordinated with you) | - -> **Note:** These are targets, not guarantees. Complex vulnerabilities may require more time. We'll communicate openly about any delays. - ---- - -## Disclosure Policy - -We follow **coordinated disclosure** (also known as responsible disclosure): - -1. **You report** the vulnerability privately -2. **We acknowledge** and begin investigation -3. **We develop** a fix and prepare a release -4. **We coordinate** disclosure timing with you -5. **We publish** security advisory and fix simultaneously -6. **You may publish** your research after disclosure - -### Our Commitments - -- We will not take legal action against researchers who follow this policy -- We will work with you to understand and resolve the issue -- We will credit you in the security advisory (unless you prefer anonymity) -- We will notify you before public disclosure -- We will publish advisories with sufficient detail for users to assess risk - -### Your Commitments - -- Report vulnerabilities promptly after discovery -- Give us reasonable time to address the issue before disclosure -- Do not access, modify, or delete data beyond what's necessary to demonstrate the vulnerability -- Do not degrade service availability (no DoS testing on production) -- Do not share vulnerability details with others until coordinated disclosure - -### Disclosure Timeline - -``` -Day 0 You report vulnerability -Day 1-2 We acknowledge receipt -Day 7 We confirm vulnerability and share initial assessment -Day 7-90 We develop and test fix -Day 90 Coordinated public disclosure - (earlier if fix is ready; later by mutual agreement) -``` - -If we cannot reach agreement on disclosure timing, we default to 90 days from your initial report. - ---- - -## Scope - -### In Scope ✅ - -The following are within scope for security research: - -- This repository (`hyperpolymath/affinescript-vite`) and all its code -- Official releases and packages published from this repository -- Documentation that could lead to security issues -- Build and deployment configurations in this repository -- Dependencies (report here, we'll coordinate with upstream) - -### Out of Scope ❌ - -The following are **not** in scope: - -- Third-party services we integrate with (report directly to them) -- Social engineering attacks against maintainers -- Physical security -- Denial of service attacks against production infrastructure -- Spam, phishing, or other non-technical attacks -- Issues already reported or publicly known -- Theoretical vulnerabilities without proof of concept - -### Qualifying Vulnerabilities - -We're particularly interested in: - -- Remote code execution -- SQL injection, command injection, code injection -- Authentication/authorisation bypass -- Cross-site scripting (XSS) and cross-site request forgery (CSRF) -- Server-side request forgery (SSRF) -- Path traversal / local file inclusion -- Information disclosure (credentials, PII, secrets) -- Cryptographic weaknesses -- Deserialisation vulnerabilities -- Memory safety issues (buffer overflows, use-after-free, etc.) -- Supply chain vulnerabilities (dependency confusion, etc.) -- Significant logic flaws - -### Non-Qualifying Issues - -The following generally do not qualify as security vulnerabilities: - -- Missing security headers on non-sensitive pages -- Clickjacking on pages without sensitive actions -- Self-XSS (requires victim to paste code) -- Missing rate limiting (unless it enables a specific attack) -- Username/email enumeration (unless high-risk context) -- Missing cookie flags on non-sensitive cookies -- Software version disclosure -- Verbose error messages (unless exposing secrets) -- Best practice deviations without demonstrable impact - ---- - -## Safe Harbour - -We support security research conducted in good faith. - -### Our Promise - -If you conduct security research in accordance with this policy: - -- ✅ We will not initiate legal action against you -- ✅ We will not report your activity to law enforcement -- ✅ We will work with you in good faith to resolve issues -- ✅ We consider your research authorised under the Computer Fraud and Abuse Act (CFAA), UK Computer Misuse Act, and similar laws -- ✅ We waive any potential claim against you for circumvention of security controls - -### Good Faith Requirements - -To qualify for safe harbour, you must: - -- Comply with this security policy -- Report vulnerabilities promptly -- Avoid privacy violations (do not access others' data) -- Avoid service degradation (no destructive testing) -- Not exploit vulnerabilities beyond proof-of-concept -- Not use vulnerabilities for profit (beyond bug bounties where offered) - -> **⚠️ Important:** This safe harbour does not extend to third-party systems. Always check their policies before testing. - ---- - -## Recognition - -We believe in recognising security researchers who help us improve. - -### Hall of Fame - -Researchers who report valid vulnerabilities will be acknowledged in our [Security Acknowledgments](SECURITY-ACKNOWLEDGMENTS.md) (unless they prefer anonymity). - -Recognition includes: - -- Your name (or chosen alias) -- Link to your website/profile (optional) -- Brief description of the vulnerability class -- Date of report - -### What We Offer - -- ✅ Public credit in security advisories -- ✅ Acknowledgment in release notes -- ✅ Entry in our Hall of Fame -- ✅ Reference/recommendation letter upon request (for significant findings) - -### What We Don't Currently Offer - -- ❌ Monetary bug bounties -- ❌ Hardware or swag -- ❌ Paid security research contracts - -> **Note:** We're a community project with limited resources. Your contributions help everyone who uses this software. - ---- - -## Security Updates - -### Receiving Updates - -To stay informed about security updates: - -- **Watch this repository**: Click "Watch" → "Custom" → Select "Security alerts" -- **GitHub Security Advisories**: Published at [Security Advisories](https://github.com/hyperpolymath/affinescript-vite/security/advisories) -- **Release notes**: Security fixes noted in [CHANGELOG](CHANGELOG.md) - -### Update Policy - -| Severity | Response | -|----------|----------| -| **Critical/High** | Patch release as soon as fix is ready | -| **Medium** | Included in next scheduled release (or earlier) | -| **Low** | Included in next scheduled release | - -### Supported Versions - - - -| Version | Supported | Notes | -|---------|-----------|-------| -| `main` branch | ✅ Yes | Latest development | -| Latest release | ✅ Yes | Current stable | -| Previous minor release | ✅ Yes | Security fixes backported | -| Older versions | ❌ No | Please upgrade | - ---- - -## Security Best Practices - -When using AffineScript-Vite, we recommend: - -### General - -- Keep dependencies up to date -- Use the latest stable release -- Subscribe to security notifications -- Review configuration against security documentation -- Follow principle of least privilege - -### For Contributors - -- Never commit secrets, credentials, or API keys -- Use signed commits (`git config commit.gpgsign true`) -- Review dependencies before adding them -- Run security linters locally before pushing -- Report any concerns about existing code - ---- - -## Additional Resources - -- [Our PGP Public Key]({{PGP_KEY_URL}}) -- [Security Advisories](https://github.com/hyperpolymath/affinescript-vite/security/advisories) -- [Changelog](CHANGELOG.md) -- [Contributing Guidelines](CONTRIBUTING.md) -- [CVE Database](https://cve.mitre.org/) -- [CVSS Calculator](https://www.first.org/cvss/calculator/3.1) - ---- - -## Contact - -| Purpose | Contact | -|---------|---------| -| **Security issues** | [Report via GitHub](https://github.com/hyperpolymath/affinescript-vite/security/advisories/new) or {{SECURITY_EMAIL}} | -| **General questions** | [GitHub Discussions](https://github.com/hyperpolymath/affinescript-vite/discussions) | -| **Other enquiries** | See [README](README.md) for contact information | - ---- - -## Policy Changes - -This security policy may be updated from time to time. Significant changes will be: - -- Committed to this repository with a clear commit message -- Noted in the changelog -- Announced via GitHub Discussions (for major changes) - ---- - -*Thank you for helping keep AffineScript-Vite and its users safe.* 🛡️ - ---- - -Last updated: {{CURRENT_YEAR}} · Policy version: 1.0.0 diff --git a/road-skate/.github/SUPPORT b/road-skate/.github/SUPPORT deleted file mode 100644 index 7c3986a7..00000000 --- a/road-skate/.github/SUPPORT +++ /dev/null @@ -1,7 +0,0 @@ -# Support - -For questions, help, and community discussion: - -- GitHub Discussions: https://github.com/hyperpolymath/affinescript-vite/discussions -- GitHub Issues: https://github.com/hyperpolymath/affinescript-vite/issues -- Documentation: See README.adoc in the root directory. diff --git a/road-skate/.github/copilot-instructions.md b/road-skate/.github/copilot-instructions.md deleted file mode 100644 index 3570d522..00000000 --- a/road-skate/.github/copilot-instructions.md +++ /dev/null @@ -1,57 +0,0 @@ - - - - -# Copilot Instructions - -## Before Writing Code - -- Read `0-AI-MANIFEST.a2ml` in the repo root for canonical file locations. -- State files (.a2ml) live in `.machine_readable/` ONLY, never the root. - -## License - -- SPDX: `MPL-2.0` on all new files. -- Never use AGPL-3.0. -- Copyright: `hyperpolymath (hyperpolymath) ` - -## Code Style - -- Use descriptive variable names. -- Annotate and document all files. -- Add SPDX header to every source file. -- Use `just` for build/test/lint commands. - -## Banned Patterns - -- Idris2: no `believe_me`, no `assert_total` -- Haskell: no `unsafeCoerce`, no `unsafePerformIO` -- OCaml: no `Obj.magic` -- Coq: no `Admitted` -- Lean: no `sorry` -- Rust: no `transmute` unless FFI with `// SAFETY:` comment - -## Banned Languages - -- No TypeScript (use ReScript) -- No Node.js / npm / bun (use Deno) -- No Go (use Rust) -- No Python (use Julia or Rust) - -## Containers - -- Use Podman, never Docker. -- Name the file `Containerfile`, never `Dockerfile`. -- Base image: `cgr.dev/chainguard/wolfi-base:latest`. - -## ABI/FFI - -- ABI definitions in Idris2 (`src/interface/abi/`). -- FFI implementations in Zig (`src/interface/ffi/`). -- Generated C headers in `src/interface/generated/`. - -## State Files - -Never create these in the repo root: -STATE.a2ml, META.a2ml, ECOSYSTEM.a2ml, AGENTIC.a2ml, NEUROSYM.a2ml, PLAYBOOK.a2ml. -They belong in `.machine_readable/` only. diff --git a/road-skate/.github/dependabot.yml b/road-skate/.github/dependabot.yml deleted file mode 100644 index d5cd4e99..00000000 --- a/road-skate/.github/dependabot.yml +++ /dev/null @@ -1,48 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Dependabot configuration for RSR-compliant repositories -# Covers common ecosystems - remove unused ones for your project - -version: 2 -updates: - # GitHub Actions - always include - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - groups: - actions: - patterns: - - "*" - - # Rust/Cargo - - package-ecosystem: "cargo" - directory: "/" - schedule: - interval: "weekly" - ignore: - - dependency-name: "*" - update-types: ["version-update:semver-patch"] - - # Elixir/Mix - - package-ecosystem: "mix" - directory: "/" - schedule: - interval: "weekly" - - # Node.js/npm - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" - - # Python/pip - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "weekly" - - # Nix flakes - - package-ecosystem: "nix" - directory: "/" - schedule: - interval: "weekly" diff --git a/road-skate/.github/pull_request_template.md b/road-skate/.github/pull_request_template.md deleted file mode 100644 index 63eb6ad7..00000000 --- a/road-skate/.github/pull_request_template.md +++ /dev/null @@ -1,44 +0,0 @@ - -## Summary - - - -## Changes - - - -- - -## RSR Quality Checklist - - - -### Required - -- [ ] Tests pass (`just test` or equivalent) -- [ ] Code is formatted (`just fmt` or equivalent) -- [ ] Linter is clean (no new warnings or errors) -- [ ] No banned language patterns (no TypeScript, no npm/bun, no Go/Python) -- [ ] No `unsafe` blocks without `// SAFETY:` comments -- [ ] No banned functions (`believe_me`, `unsafeCoerce`, `Obj.magic`, `Admitted`, `sorry`) -- [ ] SPDX license headers present on all new/modified source files -- [ ] No secrets, credentials, or `.env` files included - -### As Applicable - -- [ ] `.machine_readable/STATE.a2ml` updated (if project state changed) -- [ ] `.machine_readable/ECOSYSTEM.a2ml` updated (if integrations changed) -- [ ] `.machine_readable/META.a2ml` updated (if architectural decisions changed) -- [ ] Documentation updated for user-facing changes -- [ ] `TOPOLOGY.md` updated (if architecture changed) -- [ ] `CHANGELOG` or release notes updated -- [ ] New dependencies reviewed for license compatibility (MPL-2.0 / MPL-2.0) -- [ ] ABI/FFI changes validated (`src/interface/abi/` and `src/interface/ffi/` consistent) - -## Testing - - - -## Screenshots - - diff --git a/road-skate/.github/settings.yml b/road-skate/.github/settings.yml deleted file mode 100644 index c2956441..00000000 --- a/road-skate/.github/settings.yml +++ /dev/null @@ -1,125 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# Repository settings for probot/settings GitHub App. -# https://github.com/probot/settings -# -# This file defines repository-level configuration that is automatically -# applied by the probot/settings app when changes are pushed to the default -# branch. Install the app at: https://github.com/apps/settings -# -# Template file — replace affinescript-vite and {{DESCRIPTION}} with actual values. - -# ─── Repository Settings ─────────────────────────────────────────────────────── - -repository: - name: "affinescript-vite" - description: "{{DESCRIPTION}}" - homepage: "https://github.com/hyperpolymath/affinescript-vite" - private: false - has_issues: true - has_projects: true - has_wiki: false - has_downloads: true - default_branch: main - allow_squash_merge: true - allow_merge_commit: true - allow_rebase_merge: true - delete_branch_on_merge: true - enable_automated_security_fixes: true - enable_vulnerability_alerts: true - -# ─── Labels ──────────────────────────────────────────────────────────────────── - -labels: - - name: "bug" - color: "d73a4a" - description: "Something isn't working" - - - name: "enhancement" - color: "a2eeef" - description: "New feature or request" - - - name: "documentation" - color: "0075ca" - description: "Improvements or additions to documentation" - - - name: "security" - color: "e4e669" - description: "Security-related issue or vulnerability" - - - name: "good first issue" - color: "7057ff" - description: "Good for newcomers" - - - name: "help wanted" - color: "008672" - description: "Extra attention is needed" - - - name: "question" - color: "d876e3" - description: "Further information is requested" - - - name: "duplicate" - color: "cfd3d7" - description: "This issue or pull request already exists" - - - name: "invalid" - color: "e4e669" - description: "This doesn't seem right" - - - name: "wontfix" - color: "ffffff" - description: "This will not be worked on" - - - name: "dependencies" - color: "0366d6" - description: "Pull requests that update a dependency file" - - - name: "ci/cd" - color: "fbca04" - description: "Continuous integration and deployment" - - - name: "rsr" - color: "006b75" - description: "Rhodium Standard Repository compliance" - - - name: "hypatia" - color: "5319e7" - description: "Hypatia neurosymbolic scanner finding" - - - name: "bot" - color: "b4a8d1" - description: "Automated action by gitbot-fleet" - - - name: "breaking-change" - color: "b60205" - description: "Introduces a breaking change" - - - name: "performance" - color: "f9d0c4" - description: "Performance improvement" - - - name: "refactor" - color: "c5def5" - description: "Code refactoring with no functional change" - -# ─── Branch Protection ───────────────────────────────────────────────────────── - -branches: - - name: "main" - protection: - required_pull_request_reviews: - required_approving_review_count: 1 - dismiss_stale_reviews: true - require_code_owner_reviews: true - required_status_checks: - strict: true - contexts: - - "hypatia-scan" - - "codeql" - - "openssf-compliance" - enforce_admins: true - required_signatures: true - restrictions: null - allow_force_pushes: false - allow_deletions: false diff --git a/road-skate/.github/workflows/boj-build.yml b/road-skate/.github/workflows/boj-build.yml deleted file mode 100644 index f9331541..00000000 --- a/road-skate/.github/workflows/boj-build.yml +++ /dev/null @@ -1,48 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# OPTIONAL: BoJ Server Build Trigger -# This workflow notifies a BoJ Server instance when code is pushed. -# It is a no-op if BOJ_SERVER_URL is not set or the server is unreachable. -# To enable: set BOJ_SERVER_URL as a repository secret or variable. -# To disable: delete this file or leave BOJ_SERVER_URL unset. -name: BoJ Server Build Trigger - -on: - push: - branches: [main, master] - workflow_dispatch: - -permissions: - contents: read - -jobs: - trigger-boj: - runs-on: ubuntu-latest - if: ${{ vars.BOJ_SERVER_URL != '' || secrets.BOJ_SERVER_URL != '' }} - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Trigger BoJ Server (Casket/ssg-mcp) - env: - BOJ_URL: ${{ secrets.BOJ_SERVER_URL || vars.BOJ_SERVER_URL }} - REPO_NAME: ${{ github.repository }} - BRANCH_NAME: ${{ github.ref_name }} - run: | - set -euo pipefail - - if [ -z "$BOJ_URL" ]; then - echo "BOJ_SERVER_URL not configured - skipping" - exit 0 - fi - - payload="$(jq -cn \ - --arg repo "$REPO_NAME" \ - --arg branch "$BRANCH_NAME" \ - --arg engine "casket" \ - '{repo:$repo, branch:$branch, engine:$engine}')" - - curl -sf -X POST "${BOJ_URL}/cartridges/ssg-mcp/invoke" \ - -H "Content-Type: application/json" \ - --data "$payload" \ - || echo "BoJ server unreachable - skipping (non-fatal)" diff --git a/road-skate/.github/workflows/codeql.yml b/road-skate/.github/workflows/codeql.yml deleted file mode 100644 index 03baadb4..00000000 --- a/road-skate/.github/workflows/codeql.yml +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -name: CodeQL Security Analysis - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - schedule: - - cron: '0 6 * * 1' - -permissions: - contents: read - -jobs: - analyze: - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - strategy: - fail-fast: false - matrix: - include: - - language: javascript-typescript - build-mode: none - - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.28.1 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.28.1 - with: - category: "/language:${{ matrix.language }}" diff --git a/road-skate/.github/workflows/dogfood-gate.yml b/road-skate/.github/workflows/dogfood-gate.yml deleted file mode 100644 index d00c7520..00000000 --- a/road-skate/.github/workflows/dogfood-gate.yml +++ /dev/null @@ -1,380 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -# -# dogfood-gate.yml — Hyperpolymath Dogfooding Quality Gate -# Validates that the repo uses hyperpolymath's own formats and tools. -# Companion to static-analysis-gate.yml (security) — this is for format compliance. -name: Dogfood Gate - -on: - pull_request: - branches: ['**'] - push: - branches: [main, master] - -permissions: - contents: read - -jobs: - # --------------------------------------------------------------------------- - # Job 1: A2ML manifest validation - # --------------------------------------------------------------------------- - a2ml-validate: - name: Validate A2ML manifests - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Check for A2ML files - id: detect - run: | - COUNT=$(find . -name '*.a2ml' -not -path './.git/*' | wc -l) - echo "count=$COUNT" >> "$GITHUB_OUTPUT" - if [ "$COUNT" -eq 0 ]; then - echo "::warning::No .a2ml manifest files found. Every RSR repo should have 0-AI-MANIFEST.a2ml" - fi - - - name: Validate A2ML manifests - if: steps.detect.outputs.count > 0 - uses: hyperpolymath/a2ml-validate-action@cb3c1e298169dc5ac2b42e257068b0fb5920cd5e # main - with: - path: '.' - strict: 'false' - - - name: Write summary - run: | - A2ML_COUNT="${{ steps.detect.outputs.count }}" - if [ "$A2ML_COUNT" -eq 0 ]; then - cat <<'EOF' >> "$GITHUB_STEP_SUMMARY" - ## A2ML Validation - - :warning: **No .a2ml files found.** Every RSR-compliant repo should have at least `0-AI-MANIFEST.a2ml`. - - Create one with: `a2mliser init` or copy from [rsr-template-repo](https://github.com/hyperpolymath/rsr-template-repo). - EOF - else - echo "## A2ML Validation" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Scanned **${A2ML_COUNT}** .a2ml file(s). See step output for details." >> "$GITHUB_STEP_SUMMARY" - fi - - # --------------------------------------------------------------------------- - # Job 2: K9 contract validation - # --------------------------------------------------------------------------- - k9-validate: - name: Validate K9 contracts - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Check for K9 files - id: detect - run: | - COUNT=$(find . \( -name '*.k9' -o -name '*.k9.ncl' \) -not -path './.git/*' | wc -l) - CONFIG_COUNT=$(find . \( -name '*.toml' -o -name '*.yaml' -o -name '*.yml' -o -name '*.json' \) \ - -not -path './.git/*' -not -path './node_modules/*' -not -path './.deno/*' \ - -not -name 'package-lock.json' -not -name 'Cargo.lock' -not -name 'deno.lock' | wc -l) - echo "k9_count=$COUNT" >> "$GITHUB_OUTPUT" - echo "config_count=$CONFIG_COUNT" >> "$GITHUB_OUTPUT" - if [ "$COUNT" -eq 0 ] && [ "$CONFIG_COUNT" -gt 0 ]; then - echo "::warning::Found $CONFIG_COUNT config files but no K9 contracts. Run k9iser to generate contracts." - fi - - - name: Validate K9 contracts - if: steps.detect.outputs.k9_count > 0 - uses: hyperpolymath/k9-validate-action@236f0035cc159051c8dd5dc7cd8af1e8cf961462 # main - with: - path: '.' - strict: 'false' - - - name: Write summary - run: | - K9_COUNT="${{ steps.detect.outputs.k9_count }}" - CFG_COUNT="${{ steps.detect.outputs.config_count }}" - if [ "$K9_COUNT" -eq 0 ]; then - cat <<'EOF' >> "$GITHUB_STEP_SUMMARY" - ## K9 Contract Validation - - :warning: **No K9 contract files found.** Repos with configuration files should have K9 contracts. - - Generate contracts with: `k9iser generate .` - EOF - else - echo "## K9 Contract Validation" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Validated **${K9_COUNT}** K9 contract(s) against **${CFG_COUNT}** config file(s)." >> "$GITHUB_STEP_SUMMARY" - fi - - # --------------------------------------------------------------------------- - # Job 3: Empty-linter — invisible character detection - # --------------------------------------------------------------------------- - empty-lint: - name: Empty-linter (invisible characters) - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Scan for invisible characters - id: lint - run: | - # Inline invisible character detection (from empty-linter's core patterns). - # Checks for: zero-width spaces, zero-width joiners, BOM, soft hyphens, - # non-breaking spaces, null bytes, and other invisible Unicode in source files. - set +e - PATTERNS='\xc2\xa0|\xe2\x80\x8b|\xe2\x80\x8c|\xe2\x80\x8d|\xef\xbb\xbf|\xc2\xad|\xe2\x80\x8e|\xe2\x80\x8f|\xe2\x80\xaa|\xe2\x80\xab|\xe2\x80\xac|\xe2\x80\xad|\xe2\x80\xae|\x00' - find "$GITHUB_WORKSPACE" \ - -not -path '*/.git/*' -not -path '*/node_modules/*' \ - -not -path '*/.deno/*' -not -path '*/target/*' \ - -not -path '*/_build/*' -not -path '*/deps/*' \ - -not -path '*/external_corpora/*' -not -path '*/.lake/*' \ - -type f \( -name '*.rs' -o -name '*.ex' -o -name '*.exs' -o -name '*.res' \ - -o -name '*.js' -o -name '*.ts' -o -name '*.json' -o -name '*.toml' \ - -o -name '*.yml' -o -name '*.yaml' -o -name '*.md' -o -name '*.adoc' \ - -o -name '*.idr' -o -name '*.zig' -o -name '*.v' -o -name '*.jl' \ - -o -name '*.gleam' -o -name '*.hs' -o -name '*.ml' -o -name '*.sh' \) \ - -exec grep -Prl "$PATTERNS" {} \; > /tmp/empty-lint-results.txt 2>/dev/null - EL_EXIT=$? - set -e - - FINDINGS=$(wc -l < /tmp/empty-lint-results.txt 2>/dev/null || echo 0) - echo "findings=$FINDINGS" >> "$GITHUB_OUTPUT" - echo "exit_code=$EL_EXIT" >> "$GITHUB_OUTPUT" - echo "ready=true" >> "$GITHUB_OUTPUT" - - # Emit annotations for each file with invisible chars - while IFS= read -r filepath; do - [ -z "$filepath" ] && continue - REL_PATH="${filepath#$GITHUB_WORKSPACE/}" - echo "::warning file=${REL_PATH}::Invisible Unicode characters detected (zero-width space, BOM, NBSP, etc.)" - done < /tmp/empty-lint-results.txt - - - name: Write summary - run: | - if [ "${{ steps.lint.outputs.ready }}" = "true" ]; then - FINDINGS="${{ steps.lint.outputs.findings }}" - if [ "$FINDINGS" -gt 0 ] 2>/dev/null; then - echo "## Empty-Linter Results" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Found **${FINDINGS}** invisible character issue(s). See annotations above." >> "$GITHUB_STEP_SUMMARY" - else - echo "## Empty-Linter Results" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo ":white_check_mark: No invisible character issues found." >> "$GITHUB_STEP_SUMMARY" - fi - else - echo "## Empty-Linter" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Skipped: empty-linter not available." >> "$GITHUB_STEP_SUMMARY" - fi - - # --------------------------------------------------------------------------- - # Job 4: Groove manifest check (for repos that should expose services) - # --------------------------------------------------------------------------- - groove-check: - name: Groove manifest check - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Check for Groove manifest - id: groove - run: | - # Check for static or dynamic Groove endpoints - HAS_MANIFEST="false" - HAS_GROOVE_CODE="false" - - if [ -f ".well-known/groove/manifest.json" ]; then - HAS_MANIFEST="true" - # Validate the manifest JSON - if ! jq empty .well-known/groove/manifest.json 2>/dev/null; then - echo "::error file=.well-known/groove/manifest.json::Invalid JSON in Groove manifest" - else - SVC_ID=$(jq -r '.service_id // "unknown"' .well-known/groove/manifest.json) - echo "service_id=$SVC_ID" >> "$GITHUB_OUTPUT" - fi - fi - - # Check for Groove endpoint code (Rust, Elixir, Zig, V) - if grep -rl 'well-known/groove' --include='*.rs' --include='*.ex' --include='*.zig' --include='*.v' --include='*.res' . 2>/dev/null | head -1 | grep -q .; then - HAS_GROOVE_CODE="true" - fi - - # Check if this repo likely serves HTTP (has server/listener code) - HAS_SERVER="false" - if grep -rl 'TcpListener\|Bandit\|Plug.Cowboy\|httpz\|vweb\|axum::serve\|actix_web' --include='*.rs' --include='*.ex' --include='*.zig' --include='*.v' . 2>/dev/null | head -1 | grep -q .; then - HAS_SERVER="true" - fi - - echo "has_manifest=$HAS_MANIFEST" >> "$GITHUB_OUTPUT" - echo "has_groove_code=$HAS_GROOVE_CODE" >> "$GITHUB_OUTPUT" - echo "has_server=$HAS_SERVER" >> "$GITHUB_OUTPUT" - - if [ "$HAS_SERVER" = "true" ] && [ "$HAS_MANIFEST" = "false" ] && [ "$HAS_GROOVE_CODE" = "false" ]; then - echo "::warning::This repo has server code but no Groove endpoint. Add .well-known/groove/manifest.json for service discovery." - fi - - - name: Write summary - run: | - echo "## Groove Protocol Check" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "| Check | Status |" >> "$GITHUB_STEP_SUMMARY" - echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY" - echo "| Static manifest (.well-known/groove/manifest.json) | ${{ steps.groove.outputs.has_manifest }} |" >> "$GITHUB_STEP_SUMMARY" - echo "| Groove endpoint in code | ${{ steps.groove.outputs.has_groove_code }} |" >> "$GITHUB_STEP_SUMMARY" - echo "| Has HTTP server code | ${{ steps.groove.outputs.has_server }} |" >> "$GITHUB_STEP_SUMMARY" - - # --------------------------------------------------------------------------- - # Job 5: eclexiaiser manifest validation - # --------------------------------------------------------------------------- - eclexiaiser-validate: - name: Validate eclexiaiser manifest - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Check and validate eclexiaiser manifest - id: eclex - run: | - if [ ! -f "eclexiaiser.toml" ]; then - # Check if repo has a Containerfile — if so, recommend eclexiaiser - if [ -f "Containerfile" ]; then - echo "::warning::Containerfile present but no eclexiaiser.toml. Run \`eclexiaiser init\` to scaffold energy/carbon budgets." - fi - echo "has_manifest=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - - echo "has_manifest=true" >> "$GITHUB_OUTPUT" - - # Validate TOML structure using Python 3.11+ tomllib - python3 -c " -import tomllib, sys -with open('eclexiaiser.toml', 'rb') as f: - data = tomllib.load(f) -project = data.get('project', {}) -if not project.get('name', '').strip(): - print('ERROR: project.name is required', file=sys.stderr) - sys.exit(1) -functions = data.get('functions', []) -if not functions: - print('ERROR: at least one [[functions]] entry is required', file=sys.stderr) - sys.exit(1) -for fn in functions: - if not fn.get('name', '').strip(): - print('ERROR: function name cannot be empty', file=sys.stderr) - sys.exit(1) - if not fn.get('source', '').strip(): - print(f'ERROR: function {fn[\"name\"]} has no source path', file=sys.stderr) - sys.exit(1) -print(f'Valid: {project[\"name\"]} ({len(functions)} function(s))') -" || { - echo "::error file=eclexiaiser.toml::Invalid eclexiaiser.toml — see step output for details" - exit 1 - } - - - name: Write summary - run: | - if [ "${{ steps.eclex.outputs.has_manifest }}" = "true" ]; then - echo "## Eclexiaiser Manifest" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo ":white_check_mark: **eclexiaiser.toml** present and valid." >> "$GITHUB_STEP_SUMMARY" - else - echo "## Eclexiaiser Manifest" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo ":ballot_box_with_check: No eclexiaiser.toml. Add one with \`eclexiaiser init\` for energy/carbon tracking." >> "$GITHUB_STEP_SUMMARY" - fi - - # --------------------------------------------------------------------------- - # Job 6: Dogfooding summary - # --------------------------------------------------------------------------- - dogfood-summary: - name: Dogfooding compliance summary - runs-on: ubuntu-latest - needs: [a2ml-validate, k9-validate, empty-lint, groove-check, eclexiaiser-validate] - if: always() - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Generate dogfooding scorecard - run: | - SCORE=0 - MAX=6 - - # A2ML manifest present? - if find . -name '*.a2ml' -not -path './.git/*' | head -1 | grep -q .; then - SCORE=$((SCORE + 1)) - A2ML_STATUS=":white_check_mark:" - else - A2ML_STATUS=":x:" - fi - - # K9 contracts present? - if find . \( -name '*.k9' -o -name '*.k9.ncl' \) -not -path './.git/*' | head -1 | grep -q .; then - SCORE=$((SCORE + 1)) - K9_STATUS=":white_check_mark:" - else - K9_STATUS=":x:" - fi - - # .editorconfig present? - if [ -f ".editorconfig" ]; then - SCORE=$((SCORE + 1)) - EC_STATUS=":white_check_mark:" - else - EC_STATUS=":x:" - fi - - # Groove manifest or code? - if [ -f ".well-known/groove/manifest.json" ] || grep -rl 'well-known/groove' --include='*.rs' --include='*.ex' --include='*.zig' . 2>/dev/null | head -1 | grep -q .; then - SCORE=$((SCORE + 1)) - GROOVE_STATUS=":white_check_mark:" - else - GROOVE_STATUS=":ballot_box_with_check:" - fi - - # VeriSimDB integration? - if grep -rl 'verisimdb\|VeriSimDB' --include='*.toml' --include='*.yaml' --include='*.yml' --include='*.json' --include='*.rs' --include='*.ex' . 2>/dev/null | head -1 | grep -q .; then - SCORE=$((SCORE + 1)) - VSDB_STATUS=":white_check_mark:" - else - VSDB_STATUS=":ballot_box_with_check:" - fi - - # eclexiaiser energy tracking? - if [ -f "eclexiaiser.toml" ]; then - SCORE=$((SCORE + 1)) - ECLEX_STATUS=":white_check_mark:" - else - ECLEX_STATUS=":ballot_box_with_check:" - fi - - cat <> "$GITHUB_STEP_SUMMARY" - ## Dogfooding Scorecard - - **Score: ${SCORE}/${MAX}** - - | Tool/Format | Status | Notes | - |-------------|--------|-------| - | A2ML manifest (0-AI-MANIFEST.a2ml) | ${A2ML_STATUS} | Required for all RSR repos | - | K9 contracts | ${K9_STATUS} | Required for repos with config files | - | .editorconfig | ${EC_STATUS} | Required for all repos | - | Groove endpoint | ${GROOVE_STATUS} | Required for service repos | - | VeriSimDB integration | ${VSDB_STATUS} | Required for stateful repos | - | eclexiaiser | ${ECLEX_STATUS} | Energy/carbon budgets for container services | - - --- - *Generated by the [Dogfood Gate](https://github.com/hyperpolymath/rsr-template-repo) workflow.* - *Dogfooding is guinea pig fooding — we test our tools on ourselves.* - EOF diff --git a/road-skate/.github/workflows/e2e.yml b/road-skate/.github/workflows/e2e.yml deleted file mode 100644 index 0b68a137..00000000 --- a/road-skate/.github/workflows/e2e.yml +++ /dev/null @@ -1,190 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -# -# RSR Standard E2E + Aspect + Benchmark Workflow Template -# -# Covers ALL merge requirement test categories: -# - E2E (end-to-end pipeline tests) -# - Aspect (cross-cutting concern validation) -# - Benchmarks (performance regression detection) -# - Readiness (Component Readiness Grade: D/C/B) -# -# INSTRUCTIONS: Uncomment and customise the section matching your stack. -# Delete sections that don't apply. See examples in each job. - -name: E2E + Aspect + Bench - -on: - push: - branches: [main, master, develop] - paths: - - 'src/**' - - 'ffi/**' - - 'tests/**' - - '.github/workflows/e2e.yml' - pull_request: - branches: [main, master] - paths: - - 'src/**' - - 'ffi/**' - - 'tests/**' - workflow_dispatch: - -permissions: read-all - -concurrency: - group: e2e-${{ github.ref }} - cancel-in-progress: true - -jobs: - # ─── End-to-End Tests ────────────────────────────────────────────── - # Uncomment ONE of the following e2e job blocks matching your stack. - - ## === RUST E2E === - # e2e: - # name: E2E — Full Pipeline - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable - # - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 - # - run: cargo build --release - # - run: bash tests/e2e.sh - # # OR: cargo test --test end_to_end -- --nocapture - - ## === ZIG FFI E2E === - # e2e: - # name: E2E — FFI Pipeline - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d7b4f723a50dea1f3608 # v2 - # with: - # version: 0.15.0 - # - run: cd ffi/zig && zig build test - # - run: bash tests/e2e.sh - - ## === ELIXIR E2E === - # e2e: - # name: E2E — Full Pipeline - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: erlef/setup-beam@5a67e1a1dd86cae5e5bef84e2da5060406a66c07 # v1 - # with: - # otp-version: '27.0' - # elixir-version: '1.17' - # - run: mix deps.get && mix compile --warnings-as-errors - # - run: mix test test/integration/e2e_test.exs --trace - - ## === DENO/RESCRIPT E2E === - # e2e: - # name: E2E — Full Pipeline - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: denoland/setup-deno@5fae568d37c3b73e0e4ca63d4e2c4e324a2b3497 # v2 - # with: - # deno-version: v2.x - # - run: deno install --node-modules-dir=auto - # - run: deno task res:build # ReScript compile - # - run: deno test tests/e2e/ - - ## === PLAYWRIGHT (Browser E2E) === - # e2e-playwright: - # name: Playwright — ${{ matrix.project }} - # runs-on: ubuntu-latest - # timeout-minutes: 20 - # strategy: - # fail-fast: false - # matrix: - # project: [chromium-1080p, firefox-1080p, webkit-1080p] - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: denoland/setup-deno@5fae568d37c3b73e0e4ca63d4e2c4e324a2b3497 # v2 - # with: - # deno-version: v2.x - # - run: deno install --node-modules-dir=auto - # - run: npx playwright install --with-deps - # - run: npx playwright test --project=${{ matrix.project }} - # - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - # if: failure() - # with: - # name: playwright-traces-${{ matrix.project }} - # path: test-results/**/trace.zip - # retention-days: 7 - - ## === HASKELL E2E === - # e2e: - # name: E2E — Full Pipeline - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: haskell-actions/setup@dd344bc1cec854a9b55c2b857c28b688010e4fce # v2 - # with: - # ghc-version: '9.6' - # cabal-version: '3.10' - # - run: cabal build all - # - run: bash tests/integration-test.sh - - # ─── Aspect Tests ────────────────────────────────────────────────── - # Cross-cutting concerns: thread safety, ABI contracts, SPDX, dangerous patterns - # Uncomment and customise: - - # aspect-tests: - # name: Aspect — Architectural Invariants - # runs-on: ubuntu-latest - # timeout-minutes: 10 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - run: bash tests/aspect_tests.sh - - # ─── Benchmarks ──────────────────────────────────────────────────── - # Performance regression detection. Uncomment matching stack: - - ## === RUST BENCH === - # benchmarks: - # name: Bench — Performance Regression - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable - # - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 - # - run: cargo bench 2>&1 | tee /tmp/bench-results.txt - # - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - # if: always() - # with: - # name: benchmark-results - # path: /tmp/bench-results.txt - # retention-days: 30 - - ## === ZIG BENCH === - # benchmarks: - # name: Bench — Performance Regression - # runs-on: ubuntu-latest - # timeout-minutes: 15 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d7b4f723a50dea1f3608 # v2 - # with: - # version: 0.15.0 - # - run: cd ffi/zig && zig build bench - - # ─── Readiness (CRG) ────────────────────────────────────────────── - # Component Readiness Grade: D (runs) → C (correct) → B (edge cases) - - # readiness: - # name: Readiness — Grade D/C/B - # runs-on: ubuntu-latest - # timeout-minutes: 10 - # steps: - # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - # - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable - # - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 - # - run: cargo test --test readiness -- --nocapture diff --git a/road-skate/.github/workflows/governance.yml b/road-skate/.github/workflows/governance.yml deleted file mode 100644 index b0b1ed6d..00000000 --- a/road-skate/.github/workflows/governance.yml +++ /dev/null @@ -1,26 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# governance.yml — single wrapper calling the shared estate governance bundle -# in hyperpolymath/standards instead of carrying per-repo copies. -# -# Replaces the per-repo governance scaffolding removed in the same commit: -# quality.yml, guix-nix-policy.yml, npm-bun-blocker.yml, ts-blocker.yml, -# security-policy.yml, rsr-antipattern.yml, wellknown-enforcement.yml, -# workflow-linter.yml -# -# Load-bearing build/security workflows stay standalone in the repo -# (rust-ci, codeql, dependabot, release, scan/mirror/pages plumbing). - -name: Governance - -on: - push: - branches: [main, master] - pull_request: - workflow_dispatch: - -permissions: - contents: read - -jobs: - governance: - uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@main diff --git a/road-skate/.github/workflows/hypatia-scan.yml b/road-skate/.github/workflows/hypatia-scan.yml deleted file mode 100644 index 2144e9ab..00000000 --- a/road-skate/.github/workflows/hypatia-scan.yml +++ /dev/null @@ -1,178 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Hypatia Neurosymbolic CI/CD Security Scan -name: Hypatia Security Scan - -on: - push: - branches: [ main, master, develop ] - pull_request: - branches: [ main, master ] - schedule: - - cron: '0 0 * * 0' # Weekly on Sunday - workflow_dispatch: - -permissions: - contents: read - -jobs: - scan: - name: Hypatia Neurosymbolic Analysis - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 # Full history for better pattern analysis - - - name: Setup Elixir for Hypatia scanner - uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.18.2 - with: - elixir-version: '1.19.4' - otp-version: '28.3' - - - name: Clone Hypatia - run: | - if [ ! -d "$HOME/hypatia" ]; then - git clone https://github.com/hyperpolymath/hypatia.git "$HOME/hypatia" - fi - - - name: Build Hypatia scanner (if needed) - working-directory: ${{ env.HOME }}/hypatia - run: | - if [ ! -f hypatia ]; then - echo "Building hypatia scanner..." - mix deps.get - mix escript.build - fi - - - name: Run Hypatia scan - id: scan - run: | - echo "Scanning repository: ${{ github.repository }}" - - # Run scanner (exits non-zero when findings exist — suppress to continue) - HYPATIA_FORMAT=json "$HOME/hypatia/hypatia-cli.sh" scan . > hypatia-findings.json || true - - # Count findings - FINDING_COUNT=$(jq '. | length' hypatia-findings.json 2>/dev/null || echo 0) - echo "findings_count=$FINDING_COUNT" >> $GITHUB_OUTPUT - - # Extract severity counts - CRITICAL=$(jq '[.[] | select(.severity == "critical")] | length' hypatia-findings.json) - HIGH=$(jq '[.[] | select(.severity == "high")] | length' hypatia-findings.json) - MEDIUM=$(jq '[.[] | select(.severity == "medium")] | length' hypatia-findings.json) - - echo "critical=$CRITICAL" >> $GITHUB_OUTPUT - echo "high=$HIGH" >> $GITHUB_OUTPUT - echo "medium=$MEDIUM" >> $GITHUB_OUTPUT - - echo "## Hypatia Scan Results" >> $GITHUB_STEP_SUMMARY - echo "- Total findings: $FINDING_COUNT" >> $GITHUB_STEP_SUMMARY - echo "- Critical: $CRITICAL" >> $GITHUB_STEP_SUMMARY - echo "- High: $HIGH" >> $GITHUB_STEP_SUMMARY - echo "- Medium: $MEDIUM" >> $GITHUB_STEP_SUMMARY - - - name: Upload findings artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - name: hypatia-findings - path: hypatia-findings.json - retention-days: 90 - - - name: Submit findings to gitbot-fleet (Phase 2) - if: steps.scan.outputs.findings_count > 0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_REPOSITORY: ${{ github.repository }} - GITHUB_SHA: ${{ github.sha }} - run: | - echo "📤 Submitting ${{ steps.scan.outputs.findings_count }} findings to gitbot-fleet..." - - # Clone gitbot-fleet to temp directory - FLEET_DIR="/tmp/gitbot-fleet-$$" - git clone https://github.com/hyperpolymath/gitbot-fleet.git "$FLEET_DIR" - - # Run submission script - bash "$FLEET_DIR/scripts/submit-finding.sh" hypatia-findings.json - - # Cleanup - rm -rf "$FLEET_DIR" - - echo "✅ Finding submission complete" - - - name: Check for critical issues - if: steps.scan.outputs.critical > 0 - run: | - echo "⚠️ Critical security issues found!" - echo "Review hypatia-findings.json for details" - # Don't fail the build yet - just warn - # exit 1 - - - name: Generate scan report - run: | - cat << EOF > hypatia-report.md - # Hypatia Security Scan Report - - **Repository:** ${{ github.repository }} - **Scan Date:** $(date -u +"%Y-%m-%d %H:%M:%S UTC") - **Commit:** ${{ github.sha }} - - ## Summary - - | Severity | Count | - |----------|-------| - | Critical | ${{ steps.scan.outputs.critical }} | - | High | ${{ steps.scan.outputs.high }} | - | Medium | ${{ steps.scan.outputs.medium }} | - | **Total**| ${{ steps.scan.outputs.findings_count }} | - - ## Next Steps - - 1. Review findings in the artifact: hypatia-findings.json - 2. Auto-fixable issues will be addressed by robot-repo-automaton (Phase 3) - 3. Manual review required for complex issues - - ## Learning - - These findings feed Hypatia's learning engine to improve future rules. - - --- - *Powered by [Hypatia](https://github.com/hyperpolymath/hypatia) - Neurosymbolic CI/CD Intelligence* - EOF - - cat hypatia-report.md >> $GITHUB_STEP_SUMMARY - - - name: Comment on PR with findings - if: github.event_name == 'pull_request' && steps.scan.outputs.findings_count > 0 - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7 - with: - script: | - const fs = require('fs'); - const findings = JSON.parse(fs.readFileSync('hypatia-findings.json', 'utf8')); - - const critical = findings.filter(f => f.severity === 'critical').length; - const high = findings.filter(f => f.severity === 'high').length; - - let comment = `## 🔍 Hypatia Security Scan\n\n`; - comment += `**Findings:** ${findings.length} issues detected\n\n`; - comment += `| Severity | Count |\n|----------|-------|\n`; - comment += `| 🔴 Critical | ${critical} |\n`; - comment += `| 🟠 High | ${high} |\n`; - comment += `| 🟡 Medium | ${findings.length - critical - high} |\n\n`; - - if (critical > 0) { - comment += `⚠️ **Action Required:** Critical security issues found!\n\n`; - } - - comment += `
View findings\n\n`; - comment += `\`\`\`json\n${JSON.stringify(findings.slice(0, 10), null, 2)}\n\`\`\`\n`; - comment += `
\n\n`; - comment += `*Powered by Hypatia Neurosymbolic CI/CD Intelligence*`; - - github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body: comment - }); diff --git a/road-skate/.github/workflows/instant-sync.yml b/road-skate/.github/workflows/instant-sync.yml deleted file mode 100644 index d022c3e0..00000000 --- a/road-skate/.github/workflows/instant-sync.yml +++ /dev/null @@ -1,35 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Instant Forge Sync - Triggers propagation to all forges on push/release -name: Instant Sync - -on: - push: - branches: [main, master] - release: - types: [published] - -permissions: - contents: read - -jobs: - dispatch: - runs-on: ubuntu-latest - steps: - - name: Trigger Propagation - uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3 - with: - token: ${{ secrets.FARM_DISPATCH_TOKEN }} - repository: hyperpolymath/.git-private-farm - event-type: propagate - client-payload: |- - { - "repo": "${{ github.event.repository.name }}", - "ref": "${{ github.ref }}", - "sha": "${{ github.sha }}", - "forges": "" - } - - - name: Confirm - env: - REPO_NAME: ${{ github.event.repository.name }} - run: echo "::notice::Propagation triggered for ${REPO_NAME}" diff --git a/road-skate/.github/workflows/mirror.yml b/road-skate/.github/workflows/mirror.yml deleted file mode 100644 index efdb7b72..00000000 --- a/road-skate/.github/workflows/mirror.yml +++ /dev/null @@ -1,145 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# SPDX-FileCopyrightText: 2026 Jonathan D.A. Jewell -name: Mirror to Git Forges - -on: - push: - branches: [main] - workflow_dispatch: - -permissions: - contents: read - -jobs: - mirror-gitlab: - runs-on: ubuntu-latest - if: vars.GITLAB_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 - with: - ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }} - - - name: Mirror to GitLab - run: | - ssh-keyscan -t ed25519 gitlab.com >> ~/.ssh/known_hosts - git remote add gitlab git@gitlab.com:${{ vars.GITLAB_ORG || vars.MIRROR_ORG || github.repository_owner }}/${{ github.event.repository.name }}.git || true - git push --force gitlab main - - mirror-bitbucket: - runs-on: ubuntu-latest - if: vars.BITBUCKET_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 - with: - ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }} - - - name: Mirror to Bitbucket - run: | - ssh-keyscan -t ed25519 bitbucket.org >> ~/.ssh/known_hosts - git remote add bitbucket git@bitbucket.org:${{ vars.BITBUCKET_ORG || vars.MIRROR_ORG || github.repository_owner }}/${{ github.event.repository.name }}.git || true - git push --force bitbucket main - - mirror-codeberg: - runs-on: ubuntu-latest - if: vars.CODEBERG_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 - with: - ssh-private-key: ${{ secrets.CODEBERG_SSH_KEY }} - - - name: Mirror to Codeberg - run: | - ssh-keyscan -t ed25519 codeberg.org >> ~/.ssh/known_hosts - git remote add codeberg git@codeberg.org:${{ vars.CODEBERG_ORG || vars.MIRROR_ORG || github.repository_owner }}/${{ github.event.repository.name }}.git || true - git push --force codeberg main - - mirror-sourcehut: - runs-on: ubuntu-latest - if: vars.SOURCEHUT_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 - with: - ssh-private-key: ${{ secrets.SOURCEHUT_SSH_KEY }} - - - name: Mirror to SourceHut - run: | - ssh-keyscan -t ed25519 git.sr.ht >> ~/.ssh/known_hosts - git remote add sourcehut git@git.sr.ht:~${{ vars.SOURCEHUT_ORG || vars.MIRROR_ORG || github.repository_owner }}/${{ github.event.repository.name }} || true - git push --force sourcehut main - - mirror-disroot: - runs-on: ubuntu-latest - if: vars.DISROOT_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 - with: - ssh-private-key: ${{ secrets.DISROOT_SSH_KEY }} - - - name: Mirror to Disroot - run: | - ssh-keyscan -t ed25519 git.disroot.org >> ~/.ssh/known_hosts - git remote add disroot git@git.disroot.org:${{ vars.DISROOT_ORG || vars.MIRROR_ORG || github.repository_owner }}/${{ github.event.repository.name }}.git || true - git push --force disroot main - - mirror-gitea: - runs-on: ubuntu-latest - if: vars.GITEA_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 - with: - ssh-private-key: ${{ secrets.GITEA_SSH_KEY }} - - - name: Mirror to Gitea - run: | - ssh-keyscan -t ed25519 ${{ vars.GITEA_HOST }} >> ~/.ssh/known_hosts - git remote add gitea git@${{ vars.GITEA_HOST }}:${{ vars.GITEA_ORG || vars.MIRROR_ORG || github.repository_owner }}/${{ github.event.repository.name }}.git || true - git push --force gitea main - - mirror-radicle: - runs-on: ubuntu-latest - if: vars.RADICLE_MIRROR_ENABLED == 'true' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - name: Setup Rust - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # stable - with: - toolchain: stable - - - name: Install Radicle - run: | - # Install via cargo (safer than curl|sh) - cargo install radicle-cli --locked - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - - name: Mirror to Radicle - run: | - echo "${{ secrets.RADICLE_KEY }}" > ~/.radicle/keys/radicle - chmod 600 ~/.radicle/keys/radicle - rad sync --announce || echo "Radicle sync attempted" diff --git a/road-skate/.github/workflows/openssf-compliance.yml b/road-skate/.github/workflows/openssf-compliance.yml deleted file mode 100644 index c2262edd..00000000 --- a/road-skate/.github/workflows/openssf-compliance.yml +++ /dev/null @@ -1,123 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# OpenSSF Best Practices compliance gate — blocks PRs and pushes that lack -# required files or still contain unfilled placeholder tokens. -name: OpenSSF Compliance - -on: - push: - branches: [main] - pull_request: - branches: [main] - workflow_dispatch: - -permissions: - contents: read - -jobs: - openssf-compliance: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - persist-credentials: false - - - name: Check SECURITY.md exists and has substance - run: | - SECFILE="" - [ -f "SECURITY.md" ] && SECFILE="SECURITY.md" - [ -f "SECURITY.adoc" ] && SECFILE="SECURITY.adoc" - [ -f ".github/SECURITY.md" ] && SECFILE=".github/SECURITY.md" - - if [ -z "$SECFILE" ]; then - echo "::error::SECURITY.md (or SECURITY.adoc) is required for OpenSSF Best Practices" - exit 1 - fi - - LINES=$(wc -l < "$SECFILE") - if [ "$LINES" -lt 10 ]; then - echo "::error::$SECFILE has only $LINES lines — must have >10 lines of substantive content" - exit 1 - fi - echo "SECURITY file: OK ($SECFILE, $LINES lines)" - - - name: Check LICENSE exists - run: | - if [ ! -f "LICENSE" ] && [ ! -f "LICENSE.txt" ] && [ ! -f "LICENSE.md" ]; then - echo "::error::LICENSE file is required for OpenSSF Best Practices" - exit 1 - fi - echo "LICENSE: OK" - - - name: Check CONTRIBUTING exists - run: | - if [ ! -f "CONTRIBUTING.md" ] && [ ! -f "CONTRIBUTING.adoc" ]; then - echo "::error::CONTRIBUTING file is required for OpenSSF Best Practices" - exit 1 - fi - echo "CONTRIBUTING: OK" - - - name: Check README exists - run: | - if [ ! -f "README.md" ] && [ ! -f "README.adoc" ] && [ ! -f "README.rst" ] && [ ! -f "README.txt" ] && [ ! -f "README" ]; then - echo "::error::README file is required for OpenSSF Best Practices" - exit 1 - fi - echo "README: OK" - - - name: Check .machine_readable directory and STATE.a2ml - run: | - if [ ! -d ".machine_readable" ]; then - echo "::error::.machine_readable/ directory is required" - exit 1 - fi - - if [ ! -f ".machine_readable/STATE.a2ml" ]; then - echo "::error::.machine_readable/STATE.a2ml is required" - exit 1 - fi - echo ".machine_readable/STATE.a2ml: OK" - - - name: Check CHANGELOG exists - run: | - if [ ! -f "CHANGELOG.md" ] && [ ! -f "CHANGELOG.adoc" ] && [ ! -f "CHANGES.md" ]; then - echo "::error::CHANGELOG.md is required for OpenSSF Best Practices" - exit 1 - fi - echo "CHANGELOG: OK" - - - name: Check no unfilled placeholder tokens in required files - run: | - ERRORS=0 - REQUIRED_FILES="" - - # Collect all required files that exist - for f in SECURITY.md SECURITY.adoc .github/SECURITY.md LICENSE LICENSE.txt \ - CONTRIBUTING.md CONTRIBUTING.adoc README.md README.adoc \ - .machine_readable/STATE.a2ml .machine_readable/META.a2ml \ - .machine_readable/ECOSYSTEM.a2ml CHANGELOG.md CHANGELOG.adoc; do - [ -f "$f" ] && REQUIRED_FILES="$REQUIRED_FILES $f" - done - - for f in $REQUIRED_FILES; do - # Match {{ANYTHING}} placeholder tokens - PLACEHOLDERS=$(grep -cE '\{\{[A-Z_]+\}\}' "$f" 2>/dev/null || true) - if [ "$PLACEHOLDERS" -gt 0 ]; then - echo "::error::$f contains $PLACEHOLDERS unfilled {{PLACEHOLDER}} tokens" - grep -nE '\{\{[A-Z_]+\}\}' "$f" | head -5 - ERRORS=$((ERRORS + 1)) - fi - done - - if [ "$ERRORS" -gt 0 ]; then - echo "" - echo "::error::$ERRORS file(s) still contain placeholder tokens — run 'just init' to fill them" - exit 1 - fi - echo "Placeholder check: OK (no unfilled tokens in required files)" - - - name: Summary - run: | - echo "=== OpenSSF Best Practices Compliance: PASS ===" - echo "All required files present and placeholder-free." diff --git a/road-skate/.github/workflows/release.yml b/road-skate/.github/workflows/release.yml deleted file mode 100644 index e49a7b54..00000000 --- a/road-skate/.github/workflows/release.yml +++ /dev/null @@ -1,165 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -# -# Release workflow — triggered by version tags (v*). -# Builds artifacts, generates changelog via git-cliff, creates a GitHub Release, -# and produces SLSA provenance attestations. -name: Release - -on: - push: - tags: - - 'v*' - -permissions: - contents: read - -jobs: - build: - name: Build Artifacts - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Detect project type and build - id: build - run: | - # Auto-detect build system from project files. - # Order matters: more specific markers checked first. - if [ -f "mix.exs" ]; then - echo "::notice::Detected Elixir/Gleam project (mix.exs)" - echo "build_type=mix" >> "$GITHUB_OUTPUT" - mix local.hex --force --if-missing - mix local.rebar --force --if-missing - mix deps.get --only prod - MIX_ENV=prod mix release - elif [ -f "Cargo.toml" ]; then - echo "::notice::Detected Rust project (Cargo.toml)" - echo "build_type=cargo" >> "$GITHUB_OUTPUT" - cargo build --release - elif [ -f "build.zig" ]; then - echo "::notice::Detected Zig project (build.zig)" - echo "build_type=zig" >> "$GITHUB_OUTPUT" - zig build -Doptimize=ReleaseSafe - elif [ -f "deno.json" ] || [ -f "deno.jsonc" ]; then - echo "::notice::Detected Deno project (deno.json)" - echo "build_type=deno" >> "$GITHUB_OUTPUT" - deno task build - elif [ -f "gossamer.conf.json" ]; then - echo "::notice::Detected Gossamer project (gossamer.conf.json)" - echo "build_type=gossamer" >> "$GITHUB_OUTPUT" - gossamer build - elif [ -f "gleam.toml" ]; then - echo "::notice::Detected Gleam project (gleam.toml)" - echo "build_type=gleam" >> "$GITHUB_OUTPUT" - gleam build - elif [ -f "rebar.config" ]; then - echo "::notice::Detected Erlang/Rebar project (rebar.config)" - echo "build_type=rebar" >> "$GITHUB_OUTPUT" - rebar3 as prod release - elif [ -f "Justfile" ] || [ -f "justfile" ]; then - echo "::notice::Detected Justfile — running 'just build'" - echo "build_type=just" >> "$GITHUB_OUTPUT" - just build - else - echo "::error::No recognised build system found." - echo "Expected one of: mix.exs, Cargo.toml, build.zig, deno.json, gossamer.conf.json, gleam.toml, rebar.config, Justfile" - exit 1 - fi - - # TODO: Upload build artifacts if needed - # - uses: actions/upload-artifact@v4 - # with: - # name: release-artifacts - # path: target/release/ - - changelog: - name: Generate Changelog - runs-on: ubuntu-latest - permissions: - contents: read - outputs: - changelog: ${{ steps.cliff.outputs.content }} - version: ${{ steps.version.outputs.version }} - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - name: Extract version from tag - id: version - run: echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT" - - - name: Install git-cliff - run: | - curl -sSfL https://github.com/orhun/git-cliff/releases/latest/download/git-cliff-$(uname -m)-unknown-linux-gnu.tar.gz \ - | tar -xz --strip-components=1 -C /usr/local/bin/ git-cliff-*/git-cliff - - - name: Generate changelog for this release - id: cliff - run: | - # Generate changelog for the current tag only - CHANGELOG=$(git cliff --latest --strip header) - # Write to output using delimiter to handle multiline - { - echo "content<> "$GITHUB_OUTPUT" - - - name: Update full CHANGELOG.md - run: | - git cliff --output CHANGELOG.md - - - name: Upload updated CHANGELOG.md - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: changelog - path: CHANGELOG.md - retention-days: 5 - - release: - name: Create GitHub Release - needs: [build, changelog] - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - # TODO: Download build artifacts if uploading to the release - # - uses: actions/download-artifact@v4 - # with: - # name: release-artifacts - # path: artifacts/ - - - name: Create GitHub Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 - with: - body: ${{ needs.changelog.outputs.changelog }} - draft: false - prerelease: ${{ contains(github.ref_name, '-rc') || contains(github.ref_name, '-beta') || contains(github.ref_name, '-alpha') }} - generate_release_notes: false - # TODO: Add artifact files to the release - # files: | - # artifacts/* - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - provenance: - name: SLSA Provenance - needs: [build] - permissions: - actions: read - id-token: write - contents: write - # SLSA generator must run in a separate, isolated workflow - # See: https://slsa.dev/spec/v1.0/requirements#build-l3 - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a # v2.1.0 - with: - base64-subjects: "" - # TODO: Replace with actual artifact hashes - # Generate with: sha256sum artifact | base64 -w0 - # base64-subjects: "${{ needs.build.outputs.hashes }}" diff --git a/road-skate/.github/workflows/rhodibot.yml b/road-skate/.github/workflows/rhodibot.yml deleted file mode 100644 index a82f1782..00000000 --- a/road-skate/.github/workflows/rhodibot.yml +++ /dev/null @@ -1,234 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# rhodibot.yml — Automated RSR compliance enforcement -# -# Reads root-hygiene rules and auto-fixes what it can: -# - Delete banned files (AI.djot, duplicate CONTRIBUTING.adoc, stale snapshots) -# - Rename misnamed files (AI.a2ml → 0-AI-MANIFEST.a2ml) -# - Fix SPDX headers (AGPL → PMPL in dotfiles) -# - Create missing required files (SECURITY.md, CONTRIBUTING.md) -# - Report unfixable issues as PR comments -# -# Runs weekly and on Hypatia scan completion. - -name: "🤖 Rhodibot — RSR Auto-Fix" - -on: - schedule: - - cron: '0 6 * * 1' # Every Monday at 06:00 UTC - workflow_dispatch: # Manual trigger - workflow_run: - workflows: ["Hypatia Neurosymbolic Analysis"] - types: [completed] - -permissions: - contents: write - pull-requests: write - -jobs: - rhodibot: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - fetch-depth: 1 - - - name: Rhodibot — Scan and Fix - id: fix - run: | - set -euo pipefail - FIXES="" - ISSUES="" - CHANGED=false - - # --- 1. Delete banned files --- - for pattern in "AI.djot" "NEXT_STEPS.md" "TODO.md" "NOTES.md" "TASKS.md"; do - if [ -f "$pattern" ]; then - rm "$pattern" - FIXES="$FIXES\n- Deleted \`$pattern\` (superseded)" - CHANGED=true - fi - done - - # Delete stale snapshot files - for f in *-STATUS-*.md *-COMPLETION-*.md *-COMPLETE.md *-VERIFIED-*.md; do - if [ -f "$f" ]; then - rm "$f" - FIXES="$FIXES\n- Deleted stale snapshot \`$f\`" - CHANGED=true - fi - done - - # --- 2. Rename misnamed files --- - if [ -f "AI.a2ml" ] && [ ! -f "0-AI-MANIFEST.a2ml" ]; then - mv AI.a2ml 0-AI-MANIFEST.a2ml - FIXES="$FIXES\n- Renamed \`AI.a2ml\` → \`0-AI-MANIFEST.a2ml\`" - CHANGED=true - fi - - # --- 3. Delete duplicate format files --- - if [ -f "CONTRIBUTING.md" ] && [ -f "CONTRIBUTING.adoc" ]; then - rm CONTRIBUTING.adoc - FIXES="$FIXES\n- Deleted duplicate \`CONTRIBUTING.adoc\` (keeping .md for GitHub)" - CHANGED=true - fi - - if [ -f "README.md" ] && [ -f "README.adoc" ]; then - # Only delete README.md if it's a stub (<5 lines) - lines=$(wc -l < README.md) - if [ "$lines" -lt 5 ]; then - rm README.md - FIXES="$FIXES\n- Deleted stub \`README.md\` (keeping .adoc)" - CHANGED=true - fi - fi - - # --- 4. Fix SPDX headers in dotfiles --- - for dotfile in .gitignore .gitattributes .editorconfig; do - if [ -f "$dotfile" ] && grep -q "AGPL-3.0" "$dotfile" 2>/dev/null; then - sed -i 's/AGPL-3.0-or-later/MPL-2.0/g; s/AGPL-3.0/MPL-2.0/g' "$dotfile" - FIXES="$FIXES\n- Fixed SPDX header in \`$dotfile\` (AGPL → PMPL)" - CHANGED=true - fi - done - - # --- 5. Create missing required files --- - if [ ! -f "SECURITY.md" ]; then - cat > SECURITY.md << 'SECEOF' - - # Security Policy - - ## Reporting a Vulnerability - - **Email:** j.d.a.jewell@open.ac.uk - - **Response timeline:** - - Acknowledgement within 48 hours - - Initial assessment within 7 days - - Fix or mitigation within 90 days - - **Safe harbour:** We will not pursue legal action against security researchers who follow responsible disclosure. - SECEOF - FIXES="$FIXES\n- Created missing \`SECURITY.md\`" - CHANGED=true - fi - - if [ ! -f "CONTRIBUTING.md" ]; then - cat > CONTRIBUTING.md << 'CONTEOF' - - # Contributing - - 1. Fork the repository - 2. Create a feature branch - 3. Ensure SPDX headers on all files - 4. Submit a pull request - - **Author:** Jonathan D.A. Jewell - CONTEOF - FIXES="$FIXES\n- Created missing \`CONTRIBUTING.md\`" - CHANGED=true - fi - - # --- 6. Check for issues we can't auto-fix --- - if [ ! -f "0-AI-MANIFEST.a2ml" ] && [ ! -f "AI.a2ml" ]; then - ISSUES="$ISSUES\n- Missing AI manifest (0-AI-MANIFEST.a2ml)" - fi - - if [ ! -f "LICENSE" ] && [ ! -f "LICENSE.md" ] && [ ! -f "LICENSE.txt" ]; then - ISSUES="$ISSUES\n- Missing LICENSE file" - fi - - if [ ! -f "README.adoc" ] && [ ! -f "README.md" ]; then - ISSUES="$ISSUES\n- Missing README" - fi - - # Check for third-party fork (skip SPDX enforcement) - if [ -f "LICENSE" ] && grep -q "multiple licenses\|LGPL\|Apache" LICENSE 2>/dev/null; then - echo "FORK=true" >> $GITHUB_OUTPUT - fi - - # --- 7. Check dangerous patterns --- - DANGEROUS="" - for pattern in "believe_me" "assert_total" "Admitted" "sorry" "unsafeCoerce" "Obj.magic"; do - count=$(grep -r "$pattern" --include='*.idr' --include='*.v' --include='*.lean' --include='*.hs' --include='*.ml' --include='*.res' . 2>/dev/null | grep -v node_modules | wc -l || echo 0) - if [ "$count" -gt 0 ]; then - DANGEROUS="$DANGEROUS\n- \`$pattern\`: $count occurrences" - fi - done - - # Output results - echo "CHANGED=$CHANGED" >> $GITHUB_OUTPUT - { - echo "FIXES<> $GITHUB_OUTPUT - { - echo "ISSUES<> $GITHUB_OUTPUT - { - echo "DANGEROUS<> $GITHUB_OUTPUT - - - name: Create PR with fixes - if: steps.fix.outputs.CHANGED == 'true' - run: | - git config user.name "rhodibot" - git config user.email "rhodibot@hyperpolymath.dev" - BRANCH="rhodibot/rsr-compliance-$(date +%Y%m%d)" - git checkout -b "$BRANCH" - git add -A - git commit -m "fix(rhodibot): automated RSR compliance fixes - - ${{ steps.fix.outputs.FIXES }} - - Co-Authored-By: rhodibot " - - git push origin "$BRANCH" - - BODY="## 🤖 Rhodibot — RSR Compliance Fixes - - ### Changes Made - ${{ steps.fix.outputs.FIXES }} - " - - if [ -n "${{ steps.fix.outputs.ISSUES }}" ]; then - BODY="$BODY - ### Issues Found (manual fix needed) - ${{ steps.fix.outputs.ISSUES }} - " - fi - - if [ -n "${{ steps.fix.outputs.DANGEROUS }}" ]; then - BODY="$BODY - ### ⚠️ Dangerous Patterns Detected - ${{ steps.fix.outputs.DANGEROUS }} - - _These bypass formal verification. See \`proven\` repo for alternatives._ - " - fi - - gh pr create \ - --title "🤖 Rhodibot: RSR compliance fixes" \ - --body "$BODY" \ - --base main \ - --head "$BRANCH" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Report (no changes needed) - if: steps.fix.outputs.CHANGED != 'true' - run: | - echo "✅ Repository is RSR-compliant. No fixes needed." - if [ -n "${{ steps.fix.outputs.ISSUES }}" ]; then - echo "⚠️ Issues found (manual fix needed):" - echo -e "${{ steps.fix.outputs.ISSUES }}" - fi - if [ -n "${{ steps.fix.outputs.DANGEROUS }}" ]; then - echo "⚠️ Dangerous patterns:" - echo -e "${{ steps.fix.outputs.DANGEROUS }}" - fi diff --git a/road-skate/.github/workflows/rust-ci.yml b/road-skate/.github/workflows/rust-ci.yml deleted file mode 100644 index 003d6113..00000000 --- a/road-skate/.github/workflows/rust-ci.yml +++ /dev/null @@ -1,69 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -# -# rust-ci.yml — Cargo build, test, clippy, and fmt for Rust projects. -# Only runs if Cargo.toml exists in the repo root. -name: Rust CI - -on: - pull_request: - branches: ['**'] - push: - branches: [main, master] - -permissions: - contents: read - -jobs: - check: - name: Cargo check + clippy + fmt - runs-on: ubuntu-latest - if: hashFiles('Cargo.toml') != '' - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable - with: - components: clippy, rustfmt - - - name: Cache cargo registry and build - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 - - - name: Cargo check - run: cargo check --all-targets 2>&1 - - - name: Cargo fmt - run: cargo fmt --all -- --check - - - name: Cargo clippy - run: cargo clippy --all-targets -- -D warnings - - test: - name: Cargo test - runs-on: ubuntu-latest - needs: check - if: hashFiles('Cargo.toml') != '' - - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable - - - name: Cache cargo registry and build - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2 - - - name: Run tests - run: cargo test --all-targets - - - name: Write summary - if: always() - run: | - echo "## Rust CI Results" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "- **cargo check**: passed" >> "$GITHUB_STEP_SUMMARY" - echo "- **cargo test**: completed" >> "$GITHUB_STEP_SUMMARY" diff --git a/road-skate/.github/workflows/scorecard-enforcer.yml b/road-skate/.github/workflows/scorecard-enforcer.yml deleted file mode 100644 index 124cdf86..00000000 --- a/road-skate/.github/workflows/scorecard-enforcer.yml +++ /dev/null @@ -1,88 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Prevention workflow - runs OpenSSF Scorecard and fails on low scores -name: OpenSSF Scorecard Enforcer - -on: - push: - branches: [main] - schedule: - - cron: '0 6 * * 1' # Weekly on Monday - workflow_dispatch: - -permissions: - contents: read - -jobs: - scorecard: - runs-on: ubuntu-latest - permissions: - security-events: write - id-token: write # For OIDC - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Run Scorecard - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 - with: - results_file: results.sarif - results_format: sarif - publish_results: false - - - name: Upload SARIF - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4 - with: - sarif_file: results.sarif - - - name: Check minimum score - run: | - # Parse score from results - SCORE=$(jq -r '.runs[0].tool.driver.properties.score // 0' results.sarif 2>/dev/null || echo "0") - - echo "OpenSSF Scorecard Score: $SCORE" - - # Minimum acceptable score (0-10 scale) - MIN_SCORE=5 - - if [ "$(echo "$SCORE < $MIN_SCORE" | bc -l)" = "1" ]; then - echo "::error::Scorecard score $SCORE is below minimum $MIN_SCORE" - exit 1 - fi - - # Check specific high-priority items - check-critical: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Check SECURITY.md exists - run: | - if [ ! -f "SECURITY.md" ]; then - echo "::error::SECURITY.md is required" - exit 1 - fi - - - name: Check LICENSE exists - run: | - if [ ! -f "LICENSE" ] && [ ! -f "LICENSE.txt" ] && [ ! -f "LICENSE.md" ]; then - echo "::error::LICENSE file is required for OpenSSF Best Practices" - exit 1 - fi - - - name: Check CONTRIBUTING exists - run: | - if [ ! -f "CONTRIBUTING.md" ] && [ ! -f "CONTRIBUTING.adoc" ]; then - echo "::error::CONTRIBUTING file is required for OpenSSF Best Practices" - exit 1 - fi - - - name: Check for pinned dependencies - run: | - # Check workflows for unpinned actions - unpinned=$(grep -r "uses:.*@v[0-9]" .github/workflows/*.yml 2>/dev/null | grep -v "#" | head -5 || true) - if [ -n "$unpinned" ]; then - echo "::error::Found unpinned actions — all actions MUST be SHA-pinned:" - echo "$unpinned" - exit 1 - fi diff --git a/road-skate/.github/workflows/scorecard.yml b/road-skate/.github/workflows/scorecard.yml deleted file mode 100644 index 22305e1c..00000000 --- a/road-skate/.github/workflows/scorecard.yml +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -name: OSSF Scorecard -on: - push: - branches: [main, master] - schedule: - - cron: '0 4 * * *' - workflow_dispatch: - -permissions: - contents: read - -jobs: - analysis: - runs-on: ubuntu-latest - permissions: - security-events: write - id-token: write - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Run Scorecard - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 - with: - results_file: results.sarif - results_format: sarif - - - name: Upload results - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.31.8 - with: - sarif_file: results.sarif diff --git a/road-skate/.github/workflows/secret-scanner.yml b/road-skate/.github/workflows/secret-scanner.yml deleted file mode 100644 index 7cb561df..00000000 --- a/road-skate/.github/workflows/secret-scanner.yml +++ /dev/null @@ -1,68 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Prevention workflow - scans for hardcoded secrets before they reach main -name: Secret Scanner - -on: - pull_request: - push: - branches: [main] - -permissions: - contents: read - -jobs: - trufflehog: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 # Full history for scanning - - - name: TruffleHog Secret Scan - uses: trufflesecurity/trufflehog@6c05c4a00b91aa542267d8e32a8254774799d68d # v3 - with: - extra_args: --only-verified --fail - - gitleaks: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - name: Gitleaks Secret Scan - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Rust-specific: Check for hardcoded crypto values - rust-secrets: - runs-on: ubuntu-latest - if: hashFiles('**/Cargo.toml') != '' - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Check for hardcoded secrets in Rust - run: | - # Patterns that suggest hardcoded secrets - PATTERNS=( - 'const.*SECRET.*=.*"' - 'const.*KEY.*=.*"[a-zA-Z0-9]{16,}"' - 'const.*TOKEN.*=.*"' - 'let.*api_key.*=.*"' - 'HMAC.*"[a-fA-F0-9]{32,}"' - 'password.*=.*"[^"]+"' - ) - - found=0 - for pattern in "${PATTERNS[@]}"; do - if grep -rn --include="*.rs" -E "$pattern" src/; then - echo "WARNING: Potential hardcoded secret found matching: $pattern" - found=1 - fi - done - - if [ $found -eq 1 ]; then - echo "::error::Potential hardcoded secrets detected. Use environment variables instead." - exit 1 - fi diff --git a/road-skate/.github/workflows/static-analysis-gate.yml b/road-skate/.github/workflows/static-analysis-gate.yml deleted file mode 100644 index 6a871b54..00000000 --- a/road-skate/.github/workflows/static-analysis-gate.yml +++ /dev/null @@ -1,432 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Static Analysis Gate — Required by branch protection rules. -# Runs panic-attack and hypatia, deposits findings for gitbot-fleet learning. -name: Static Analysis Gate - -on: - pull_request: - branches: ['**'] - push: - branches: [main, master] - -permissions: - contents: read - -jobs: - # --------------------------------------------------------------------------- - # Job 1: panic-attack assail - # --------------------------------------------------------------------------- - panic-attack-assail: - name: panic-attack assail - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - name: Install panic-attack (if available) - id: install - run: | - # Try to fetch the latest release binary from the org - PA_URL="https://github.com/hyperpolymath/panic-attack/releases/latest/download/panic-attack-linux-x86_64" - if curl -fsSL --head "$PA_URL" >/dev/null 2>&1; then - curl -fsSL -o /usr/local/bin/panic-attack "$PA_URL" - chmod +x /usr/local/bin/panic-attack - echo "installed=true" >> "$GITHUB_OUTPUT" - else - echo "::notice::panic-attack binary not available — skipping assail" - echo "installed=false" >> "$GITHUB_OUTPUT" - fi - - - name: Run panic-attack assail - id: assail - if: steps.install.outputs.installed == 'true' - run: | - set +e - panic-attack assail --format json . > panic-attack-findings.json 2>&1 - PA_EXIT=$? - set -e - - if [ ! -s panic-attack-findings.json ]; then - echo "[]" > panic-attack-findings.json - fi - - # Parse finding counts - TOTAL=$(jq '. | length' panic-attack-findings.json 2>/dev/null || echo 0) - CRITICAL=$(jq '[.[] | select(.severity == "critical")] | length' panic-attack-findings.json 2>/dev/null || echo 0) - HIGH=$(jq '[.[] | select(.severity == "high")] | length' panic-attack-findings.json 2>/dev/null || echo 0) - MEDIUM=$(jq '[.[] | select(.severity == "medium")] | length' panic-attack-findings.json 2>/dev/null || echo 0) - LOW=$(jq '[.[] | select(.severity == "low")] | length' panic-attack-findings.json 2>/dev/null || echo 0) - - echo "total=$TOTAL" >> "$GITHUB_OUTPUT" - echo "critical=$CRITICAL" >> "$GITHUB_OUTPUT" - echo "high=$HIGH" >> "$GITHUB_OUTPUT" - echo "medium=$MEDIUM" >> "$GITHUB_OUTPUT" - echo "low=$LOW" >> "$GITHUB_OUTPUT" - echo "exit_code=$PA_EXIT" >> "$GITHUB_OUTPUT" - - - name: Emit check annotations - if: steps.install.outputs.installed == 'true' - run: | - # Convert JSON findings into GitHub Actions annotations - jq -r '.[] | select(.file != null) | - if .severity == "critical" then - "::error file=\(.file),line=\(.line // 1)::[panic-attack] \(.message)" - elif .severity == "high" then - "::error file=\(.file),line=\(.line // 1)::[panic-attack] \(.message)" - else - "::warning file=\(.file),line=\(.line // 1)::[panic-attack] \(.message)" - end - ' panic-attack-findings.json || true - - - name: Write step summary - if: steps.install.outputs.installed == 'true' - run: | - cat <> "$GITHUB_STEP_SUMMARY" - ## panic-attack assail Results - - | Severity | Count | - |----------|-------| - | Critical | ${{ steps.assail.outputs.critical }} | - | High | ${{ steps.assail.outputs.high }} | - | Medium | ${{ steps.assail.outputs.medium }} | - | Low | ${{ steps.assail.outputs.low }} | - | **Total**| ${{ steps.assail.outputs.total }} | - EOF - - - name: Create stub findings (when panic-attack unavailable) - if: steps.install.outputs.installed != 'true' - run: | - echo "[]" > panic-attack-findings.json - echo "## panic-attack assail" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Skipped: panic-attack not available in this environment." >> "$GITHUB_STEP_SUMMARY" - - - name: Upload panic-attack findings - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - name: panic-attack-findings - path: panic-attack-findings.json - retention-days: 90 - - - name: Fail on critical findings - if: steps.install.outputs.installed == 'true' && steps.assail.outputs.critical > 0 - run: | - echo "::error::panic-attack found ${{ steps.assail.outputs.critical }} critical issue(s) — blocking merge" - exit 1 - - # --------------------------------------------------------------------------- - # Job 2: hypatia-scan - # --------------------------------------------------------------------------- - hypatia-scan: - name: Hypatia neurosymbolic scan - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - name: Setup Elixir for Hypatia scanner - id: beam - continue-on-error: true - uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.18.2 - with: - elixir-version: '1.19.4' - otp-version: '28.3' - - - name: Clone and build Hypatia - id: build - continue-on-error: true - run: | - git clone https://github.com/hyperpolymath/hypatia.git "$HOME/hypatia" 2>/dev/null || true - if [ -f "$HOME/hypatia/mix.exs" ]; then - cd "$HOME/hypatia" - # Build escript if neither hypatia nor hypatia-v2 exists - if [ ! -f hypatia ] && [ ! -f hypatia-v2 ]; then - mix deps.get - mix escript.build - fi - echo "ready=true" >> "$GITHUB_OUTPUT" - else - echo "::notice::Hypatia scanner not available — skipping scan" - echo "ready=false" >> "$GITHUB_OUTPUT" - fi - - - name: Run Hypatia scan - id: scan - if: steps.build.outputs.ready == 'true' - run: | - set +e - HYPATIA_FORMAT=json "$HOME/hypatia/hypatia-cli.sh" scan . > hypatia-findings.json 2>&1 - HYP_EXIT=$? - set -e - - if [ ! -s hypatia-findings.json ] || ! jq empty hypatia-findings.json 2>/dev/null; then - echo "[]" > hypatia-findings.json - fi - - TOTAL=$(jq '. | length' hypatia-findings.json 2>/dev/null || echo 0) - CRITICAL=$(jq '[.[] | select(.severity == "critical")] | length' hypatia-findings.json 2>/dev/null || echo 0) - HIGH=$(jq '[.[] | select(.severity == "high")] | length' hypatia-findings.json 2>/dev/null || echo 0) - MEDIUM=$(jq '[.[] | select(.severity == "medium")] | length' hypatia-findings.json 2>/dev/null || echo 0) - LOW=$(jq '[.[] | select(.severity == "low")] | length' hypatia-findings.json 2>/dev/null || echo 0) - - echo "total=$TOTAL" >> "$GITHUB_OUTPUT" - echo "critical=$CRITICAL" >> "$GITHUB_OUTPUT" - echo "high=$HIGH" >> "$GITHUB_OUTPUT" - echo "medium=$MEDIUM" >> "$GITHUB_OUTPUT" - echo "low=$LOW" >> "$GITHUB_OUTPUT" - - - name: Emit check annotations - if: steps.build.outputs.ready == 'true' - run: | - jq -r '.[] | select(.file != null) | - if .severity == "critical" then - "::error file=\(.file),line=\(.line // 1)::[hypatia] \(.message)" - elif .severity == "high" then - "::error file=\(.file),line=\(.line // 1)::[hypatia] \(.message)" - else - "::warning file=\(.file),line=\(.line // 1)::[hypatia] \(.message)" - end - ' hypatia-findings.json || true - - - name: Write step summary - if: steps.build.outputs.ready == 'true' - run: | - cat <> "$GITHUB_STEP_SUMMARY" - ## Hypatia Scan Results - - | Severity | Count | - |----------|-------| - | Critical | ${{ steps.scan.outputs.critical }} | - | High | ${{ steps.scan.outputs.high }} | - | Medium | ${{ steps.scan.outputs.medium }} | - | Low | ${{ steps.scan.outputs.low }} | - | **Total**| ${{ steps.scan.outputs.total }} | - EOF - - - name: Create stub findings (when Hypatia unavailable) - if: steps.build.outputs.ready != 'true' - run: | - echo "[]" > hypatia-findings.json - echo "## Hypatia Scan" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Skipped: Hypatia scanner not available in this environment." >> "$GITHUB_STEP_SUMMARY" - - - name: Upload hypatia findings - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - name: hypatia-findings - path: hypatia-findings.json - retention-days: 90 - - - name: Fail on critical security findings - if: steps.build.outputs.ready == 'true' && steps.scan.outputs.critical > 0 - run: | - echo "::error::Hypatia found ${{ steps.scan.outputs.critical }} critical security issue(s) — blocking merge" - exit 1 - - # --------------------------------------------------------------------------- - # Job 3: patch-bridge triage (CVE contextual assessment) - # --------------------------------------------------------------------------- - patch-bridge-triage: - name: Patch Bridge CVE triage - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - name: Install panic-attack (if available) - id: install - run: | - PA_URL="https://github.com/hyperpolymath/panic-attack/releases/latest/download/panic-attack-linux-x86_64" - if curl -fsSL --head "$PA_URL" >/dev/null 2>&1; then - curl -fsSL -o /usr/local/bin/panic-attack "$PA_URL" - chmod +x /usr/local/bin/panic-attack - echo "installed=true" >> "$GITHUB_OUTPUT" - else - echo "::notice::panic-attack binary not available — skipping Patch Bridge" - echo "installed=false" >> "$GITHUB_OUTPUT" - fi - - - name: Run Patch Bridge triage - id: triage - if: steps.install.outputs.installed == 'true' - run: | - set +e - panic-attack bridge triage --format json . > bridge-report.json 2>&1 - PB_EXIT=$? - set -e - - if [ ! -s bridge-report.json ] || ! jq empty bridge-report.json 2>/dev/null; then - echo '{"cves":[],"mitigated":0,"unmitigable":0,"concatenative":0,"informational":0}' > bridge-report.json - fi - - UNMITIGABLE=$(jq '.unmitigable // 0' bridge-report.json) - MITIGATED=$(jq '.mitigated // 0' bridge-report.json) - CONCATENATIVE=$(jq '.concatenative // 0' bridge-report.json) - INFORMATIONAL=$(jq '.informational // 0' bridge-report.json) - - echo "unmitigable=$UNMITIGABLE" >> "$GITHUB_OUTPUT" - echo "mitigated=$MITIGATED" >> "$GITHUB_OUTPUT" - echo "concatenative=$CONCATENATIVE" >> "$GITHUB_OUTPUT" - echo "informational=$INFORMATIONAL" >> "$GITHUB_OUTPUT" - - - name: Write step summary - if: steps.install.outputs.installed == 'true' - run: | - cat <> "$GITHUB_STEP_SUMMARY" - ## Patch Bridge CVE Triage - - | Classification | Count | - |----------------|-------| - | Unmitigable | ${{ steps.triage.outputs.unmitigable }} | - | Mitigated | ${{ steps.triage.outputs.mitigated }} | - | Concatenative | ${{ steps.triage.outputs.concatenative }} | - | Informational | ${{ steps.triage.outputs.informational }} | - - Unmitigable CVEs require dependency replacement or rearchitecture. - Mitigated CVEs have active controls with soundness proofs. - Concatenative risks are CVE combinations that multiply severity. - EOF - - - name: Create stub report (when unavailable) - if: steps.install.outputs.installed != 'true' - run: | - echo '{"cves":[],"mitigated":0,"unmitigable":0,"concatenative":0,"informational":0}' > bridge-report.json - echo "## Patch Bridge CVE Triage" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "Skipped: panic-attack not available in this environment." >> "$GITHUB_STEP_SUMMARY" - - - name: Upload bridge report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - name: bridge-report - path: bridge-report.json - retention-days: 90 - - - name: Fail on unmitigable CVEs in critical paths - if: steps.install.outputs.installed == 'true' && steps.triage.outputs.unmitigable > 0 - run: | - echo "::warning::Patch Bridge found ${{ steps.triage.outputs.unmitigable }} unmitigable CVE(s) — review required" - # Warning only, not blocking. Unmitigable means the developer needs - # to make an architectural decision, not that the PR is wrong. - - # --------------------------------------------------------------------------- - # Job 4: deposit-findings (combines + archives for gitbot-fleet) - # --------------------------------------------------------------------------- - deposit-findings: - name: Deposit findings for gitbot-fleet - runs-on: ubuntu-latest - needs: [panic-attack-assail, hypatia-scan, patch-bridge-triage] - if: always() - - steps: - - name: Download panic-attack findings - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 - with: - name: panic-attack-findings - path: findings/ - - - name: Download hypatia findings - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 - with: - name: hypatia-findings - path: findings/ - - - name: Download bridge report - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 - with: - name: bridge-report - path: findings/ - - - name: Combine findings into unified report - id: combine - run: | - PA_FILE="findings/panic-attack-findings.json" - HYP_FILE="findings/hypatia-findings.json" - - # Ensure both files exist and are valid JSON arrays - for f in "$PA_FILE" "$HYP_FILE"; do - if [ ! -s "$f" ] || ! jq empty "$f" 2>/dev/null; then - echo "[]" > "$f" - fi - done - - # Tag each finding with its source scanner - jq '[.[] | . + {"scanner": "panic-attack"}]' "$PA_FILE" > /tmp/pa-tagged.json - jq '[.[] | . + {"scanner": "hypatia"}]' "$HYP_FILE" > /tmp/hyp-tagged.json - - # Read bridge report (CVE triage, not findings array) - BRIDGE_FILE="findings/bridge-report.json" - if [ ! -s "$BRIDGE_FILE" ] || ! jq empty "$BRIDGE_FILE" 2>/dev/null; then - echo '{"cves":[],"mitigated":0,"unmitigable":0,"concatenative":0,"informational":0}' > "$BRIDGE_FILE" - fi - - # Build unified report envelope - jq -n \ - --arg repo "${{ github.repository }}" \ - --arg sha "${{ github.sha }}" \ - --arg ref "${{ github.ref }}" \ - --arg run_id "${{ github.run_id }}" \ - --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ - --slurpfile pa /tmp/pa-tagged.json \ - --slurpfile hyp /tmp/hyp-tagged.json \ - --slurpfile bridge "$BRIDGE_FILE" \ - '{ - schema_version: "1.1.0", - repository: $repo, - commit_sha: $sha, - ref: $ref, - run_id: $run_id, - timestamp: $ts, - findings: ($pa[0] + $hyp[0]), - patch_bridge: $bridge[0] - }' > findings/unified-findings.json - - TOTAL=$(jq '.findings | length' findings/unified-findings.json) - CRITICAL=$(jq '[.findings[] | select(.severity == "critical")] | length' findings/unified-findings.json) - HIGH=$(jq '[.findings[] | select(.severity == "high")] | length' findings/unified-findings.json) - MEDIUM=$(jq '[.findings[] | select(.severity == "medium")] | length' findings/unified-findings.json) - LOW=$(jq '[.findings[] | select(.severity == "low")] | length' findings/unified-findings.json) - - echo "total=$TOTAL" >> "$GITHUB_OUTPUT" - echo "critical=$CRITICAL" >> "$GITHUB_OUTPUT" - echo "high=$HIGH" >> "$GITHUB_OUTPUT" - echo "medium=$MEDIUM" >> "$GITHUB_OUTPUT" - echo "low=$LOW" >> "$GITHUB_OUTPUT" - - - name: Upload unified findings (fleet scanner picks these up) - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - name: unified-findings - path: findings/unified-findings.json - retention-days: 90 - - - name: Write deposit summary - run: | - cat <> "$GITHUB_STEP_SUMMARY" - ## Unified Findings Deposit - - **Repository:** ${{ github.repository }} - **Commit:** \`${{ github.sha }}\` - **Deposited at:** $(date -u +"%Y-%m-%d %H:%M:%S UTC") - - | Severity | Count | - |----------|-------| - | Critical | ${{ steps.combine.outputs.critical }} | - | High | ${{ steps.combine.outputs.high }} | - | Medium | ${{ steps.combine.outputs.medium }} | - | Low | ${{ steps.combine.outputs.low }} | - | **Total**| ${{ steps.combine.outputs.total }} | - - Findings saved as \`unified-findings\` artifact. - The gitbot-fleet scanner will ingest these on its next pass. - EOF diff --git a/road-skate/.gitignore b/road-skate/.gitignore deleted file mode 100644 index 7d0e3bf7..00000000 --- a/road-skate/.gitignore +++ /dev/null @@ -1,114 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# RSR-compliant .gitignore - -# OS & Editor -.DS_Store -Thumbs.db -*.swp -*.swo -*~ -.idea/ -.vscode/ -.direnv/ - -# Build -/target/ -/_build/ -/build/ -/dist/ -/out/ - -# Dependencies -/node_modules/ -/vendor/ -/deps/ -/.elixir_ls/ - -# Rust -# Cargo.lock # Keep for binaries - -# Elixir -/cover/ -/doc/ -*.ez -erl_crash.dump - -# Julia -*.jl.cov -*.jl.mem -/Manifest.toml - -# ReScript -/lib/bs/ -/.bsb.lock - -# Python (SaltStack only) -__pycache__/ -*.py[cod] -.venv/ - -# Ada/SPARK -*.ali -/obj/ -/bin/ - -# Nix -# flake.lock is ignored in the template repo because each project should -# generate its own lock file on first use. In derived projects, REMOVE this -# line and track flake.lock for reproducible builds. -flake.lock - -# Haskell -/.stack-work/ -/dist-newstyle/ - -# Chapel -*.chpl.tmp.* - -# Secrets -.env -.env.* -*.pem -*.key -secrets/ - -# Test/Coverage -/coverage/ -htmlcov/ - -# Logs -*.log -/logs/ - -# Maintenance local artifacts -.maintenance-perms-state.tsv -docs/reports/maintenance/*.json - -# Machine-readable locks -.machine_readable/.locks/ - -# Temp -/tmp/ -*.tmp -*.bak - -# Crash recovery artifacts -ai-cli-crash-capture/ - -# KDE metadata -.directory - -# Sync artifacts -sync_report*.txt - -# Hypatia scan cache (local-only) -.hypatia/ -.zig-cache/ -target/ -node_modules/ -_build/ -deps/ -.elixir_ls/ -.cache/ -build/ -dist/ diff --git a/road-skate/.gitlab-ci.yml b/road-skate/.gitlab-ci.yml deleted file mode 100644 index 7309fa90..00000000 --- a/road-skate/.gitlab-ci.yml +++ /dev/null @@ -1,175 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Primary CI/CD - GitLab is the source of truth - -stages: - - security - - lint - - test - - build - -variables: - CARGO_HOME: ${CI_PROJECT_DIR}/.cargo - -cache: - key: ${CI_COMMIT_REF_SLUG} - paths: - - .cargo/ - - target/ - -# ================== -# Security Scanning -# ================== - -trivy: - stage: security - image: aquasec/trivy:latest - script: - - trivy fs --exit-code 0 --severity HIGH,CRITICAL --format table . - - trivy fs --exit-code 1 --severity CRITICAL . - allow_failure: false - -gitleaks: - stage: security - image: zricethezav/gitleaks:latest - script: - - gitleaks detect --source . --verbose --redact - allow_failure: false - -semgrep: - stage: security - image: returntocorp/semgrep - script: - - semgrep --config auto --error . - allow_failure: true - -cargo-audit: - stage: security - image: rust:latest - script: - - cargo install cargo-audit - - cargo audit - rules: - - exists: - - Cargo.toml - -cargo-deny: - stage: security - image: rust:latest - script: - - cargo install cargo-deny - - cargo deny check - rules: - - exists: - - Cargo.toml - allow_failure: true - -mix-audit: - stage: security - image: elixir:latest - script: - - mix local.hex --force - - mix archive.install hex mix_audit --force - - mix deps.get - - mix deps.audit - rules: - - exists: - - mix.exs - allow_failure: true - -# ================== -# Linting -# ================== - -rustfmt: - stage: lint - image: rust:latest - script: - - rustup component add rustfmt - - cargo fmt -- --check - rules: - - exists: - - Cargo.toml - -clippy: - stage: lint - image: rust:latest - script: - - rustup component add clippy - - cargo clippy -- -D warnings - rules: - - exists: - - Cargo.toml - allow_failure: true - -mix-format: - stage: lint - image: elixir:latest - script: - - mix format --check-formatted - rules: - - exists: - - mix.exs - -credo: - stage: lint - image: elixir:latest - script: - - mix local.hex --force - - mix deps.get - - mix credo --strict - rules: - - exists: - - mix.exs - allow_failure: true - -# ================== -# Testing -# ================== - -cargo-test: - stage: test - image: rust:latest - script: - - cargo test --all-features - rules: - - exists: - - Cargo.toml - -mix-test: - stage: test - image: elixir:latest - script: - - mix local.hex --force - - mix deps.get - - mix test - rules: - - exists: - - mix.exs - -# ================== -# Build -# ================== - -cargo-build: - stage: build - image: rust:latest - script: - - cargo build --release - artifacts: - paths: - - target/release/ - expire_in: 1 week - rules: - - exists: - - Cargo.toml - -mix-build: - stage: build - image: elixir:latest - script: - - mix local.hex --force - - mix deps.get - - MIX_ENV=prod mix compile - rules: - - exists: - - mix.exs diff --git a/road-skate/.guix-channel b/road-skate/.guix-channel deleted file mode 100644 index dee209a4..00000000 --- a/road-skate/.guix-channel +++ /dev/null @@ -1,22 +0,0 @@ -;; SPDX-License-Identifier: MPL-2.0 -;; Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -;; -;; Guix channel definition for AffineScript-Vite -;; -;; To use this channel, add to ~/.config/guix/channels.scm: -;; -;; (channel -;; (name 'AffineScript-Vite) -;; (url "https://github.com/hyperpolymath/AffineScript-Vite") -;; (branch "main")) -;; -;; Then: guix pull - -(channel - (version 0) - (url "https://github.com/hyperpolymath/AffineScript-Vite") - (dependencies - (channel - (name 'guix) - (url "https://git.savannah.gnu.org/git/guix.git") - (branch "master")))) diff --git a/road-skate/.machine_readable/6a2/AGENTIC.a2ml b/road-skate/.machine_readable/6a2/AGENTIC.a2ml deleted file mode 100644 index ab45d06a..00000000 --- a/road-skate/.machine_readable/6a2/AGENTIC.a2ml +++ /dev/null @@ -1,51 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# AGENTIC.a2ml — AI agent constraints and capabilities -# Defines what AI agents can and cannot do in this repository. - -[metadata] -version = "0.1.0" -last-updated = "2026-04-11" - -[agent-permissions] -can-edit-source = true -can-edit-tests = true -can-edit-docs = true -can-edit-config = true -can-create-files = true - -[agent-constraints] -# What AI agents must NOT do: -# - Never use banned language patterns (believe_me, unsafeCoerce, etc.) -# - Never commit secrets or credentials -# - Never use banned languages (TypeScript, Python, Go, etc.) -# - Never place state files in repository root (must be in .machine_readable/) -# - Never use AGPL license (use MPL-2.0) - -[maintenance-integrity] -fail-closed = true -require-evidence-per-step = true -allow-silent-skip = false -require-rerun-after-fix = true -release-claim-requires-hard-pass = true - -# ============================================================================ -# METHODOLOGY (ADR-002) -# ============================================================================ -# Detailed methodology configuration lives in: -# .machine_readable/agent_instructions/methodology.a2ml -# .machine_readable/agent_instructions/coverage.a2ml -# .machine_readable/agent_instructions/debt.a2ml -# -# AGENTIC.a2ml declares WHAT agents can do (permissions, gating). -# agent_instructions/ declares HOW agents should work (methodology). - -[methodology] -instructions-dir = ".machine_readable/agent_instructions/" -default-mode = "hybrid" - -[automation-hooks] -# on-enter: Read 0-AI-MANIFEST.a2ml, then STATE.a2ml, then agent_instructions/ -# on-exit: Update STATE.a2ml, coverage.a2ml, and debt.a2ml with session outcomes -# on-commit: Run just validate-rsr diff --git a/road-skate/.machine_readable/6a2/ECOSYSTEM.a2ml b/road-skate/.machine_readable/6a2/ECOSYSTEM.a2ml deleted file mode 100644 index 3a8c0a15..00000000 --- a/road-skate/.machine_readable/6a2/ECOSYSTEM.a2ml +++ /dev/null @@ -1,26 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# ECOSYSTEM.a2ml — Project ecosystem position -# Relationships, dependencies, integration points. - -[metadata] -version = "0.1.0" -last-updated = "2026-04-11" - -[project] -name = "AffineScript-Vite" -purpose = "" # TODO: describe project purpose -role = "" # TODO: describe project role # e.g. ffi-infrastructure, cli-tool, library, service - -[position-in-ecosystem] -tier = "infrastructure" # 1 | 2 | infrastructure - -[related-projects] -# relationship types: sibling-standard, dependency, dependent, inspiration, potential-consumer -# - { name = "language-bridges", relationship = "sibling-standard" } -# - { name = "hypatia", relationship = "potential-consumer" } - -[integration-points] -# External systems this project connects to -# - { system = "gitbot-fleet", direction = "outbound", protocol = "repository_dispatch" } diff --git a/road-skate/.machine_readable/6a2/META.a2ml b/road-skate/.machine_readable/6a2/META.a2ml deleted file mode 100644 index d54cf762..00000000 --- a/road-skate/.machine_readable/6a2/META.a2ml +++ /dev/null @@ -1,53 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# META.a2ml — Project meta-level information -# Architecture decisions, design rationale, governance. - -[metadata] -version = "0.1.0" -last-updated = "2026-04-11" - -[project-info] -type = "library" # TODO: update type (library|binary|service|website|monorepo) # library | binary | monorepo | service | website -languages = [] # e.g. ["rust", "zig", "idris2"] -license = "MPL-2.0" -author = "hyperpolymath (hyperpolymath)" - -[architecture-decisions] -# ADR format: status = proposed | accepted | deprecated | superseded | rejected -# - { id = "ADR-001", title = "Use Zig for FFI", status = "accepted", date = "2026-02-14" } - -[development-practices] -build-tool = "just" -container-runtime = "podman" -ci-platform = "github-actions" -package-manager = "guix" # guix | nix | cargo | mix - -[maintenance-axes] -scoping-first = true -execution-order = "axis-1 > axis-2 > axis-3" -axis-1 = "must > intend > like" -axis-2 = "corrective > adaptive > perfective" -axis-3 = "systems > compliance > effects" - -[scoping] -sources = "README, roadmap, status docs, maintenance checklist, CI/security docs" -marker-scan = "TODO/FIXME/XXX/HACK/STUB/PARTIAL" -idris-unsound-scan = "believe_me/assert_total" - -[axis-2-maintenance-rules] -corrective-first = true -adaptive-second = true -adaptive-focus = "scope-change reconciliation, stale-reference removal, obsolete-work culling" -perfective-third = true -perfective-source = "axis-1 honest state after corrective/adaptive updates" - -[axis-3-audit-rules] -audit-focus = "systems in place, documentation explains actual state, safety/security accounted for, observed effects reviewed" -compliance-focus = "seams/compromises/exception register, bounded exceptions, anti-drift checks" -drift-risk-example = "single exception broadening into policy violation (e.g. ReScript->TypeScript spread)" -effects-evidence = "benchmark execution/results and maintainer status dialogue/review" - -[design-rationale] -# Key design decisions and their reasoning diff --git a/road-skate/.machine_readable/6a2/NEUROSYM.a2ml b/road-skate/.machine_readable/6a2/NEUROSYM.a2ml deleted file mode 100644 index 03c2192e..00000000 --- a/road-skate/.machine_readable/6a2/NEUROSYM.a2ml +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# NEUROSYM.a2ml — Neurosymbolic integration metadata -# Configuration for Hypatia scanning and symbolic reasoning. - -[metadata] -version = "0.1.0" -last-updated = "2026-04-11" - -[hypatia-config] -scan-enabled = true -scan-depth = "standard" # quick | standard | deep -report-format = "logtalk" - -[symbolic-rules] -# Custom symbolic rules for this project -# - { name = "no-unsafe-ffi", pattern = "believe_me|unsafeCoerce", severity = "critical" } - -[neural-config] -# Neural pattern detection settings -# confidence-threshold = 0.85 -# model = "hypatia-v2" diff --git a/road-skate/.machine_readable/6a2/PLAYBOOK.a2ml b/road-skate/.machine_readable/6a2/PLAYBOOK.a2ml deleted file mode 100644 index b6ce84ca..00000000 --- a/road-skate/.machine_readable/6a2/PLAYBOOK.a2ml +++ /dev/null @@ -1,35 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# PLAYBOOK.a2ml — Operational playbook -# Runbooks, incident response, deployment procedures. - -[metadata] -version = "0.1.0" -last-updated = "2026-04-11" - -[deployment] -# method = "gitops" # gitops | manual | ci-triggered -# target = "container" # container | binary | library | wasm - -[incident-response] -# 1. Check .machine_readable/STATE.a2ml for current status -# 2. Review recent commits and CI results -# 3. Run `just validate` to check compliance -# 4. Run `just security` to audit for vulnerabilities - -[release-process] -# 1. Update version in STATE.a2ml, META.a2ml, Justfile -# 2. Run `just release-preflight` (validate + quality + security + maint-hard-pass) -# 3. Optional local permission hardening: `just perms-snapshot && just perms-lock` -# 4. Tag and push -# 5. Restore local permissions if needed: `just perms-restore` -# 6. Run `just container-push` if applicable - -[maintenance-operations] -# Baseline audit: -# just maint-audit -# Hard release gate: -# just maint-hard-pass -# Permission audit: -# just perms-audit diff --git a/road-skate/.machine_readable/6a2/STATE.a2ml b/road-skate/.machine_readable/6a2/STATE.a2ml deleted file mode 100644 index 61ea39af..00000000 --- a/road-skate/.machine_readable/6a2/STATE.a2ml +++ /dev/null @@ -1,64 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# STATE.a2ml — Project state checkpoint (META-TEMPLATE) -# -# This is the STATE file for rsr-template-repo itself. -# When consumed by a new project, replace {{PLACEHOLDER}} tokens -# and customize sections below for the target project. - -[metadata] -project = "rsr-template-repo" -version = "0.2.0" -last-updated = "2026-02-28" -status = "active" # active | paused | archived - -[project-context] -name = "rsr-template-repo" -purpose = "Canonical RSR-compliant repository template providing scaffolding for all hyperpolymath projects — including CI/CD, AI manifests, ABI/FFI standards, container ecosystem, and governance infrastructure." -completion-percentage = 95 - -[position] -phase = "maintenance" # design | implementation | testing | maintenance | archived -maturity = "production" # experimental | alpha | beta | production | lts - -[route-to-mvp] -milestones = [ - { name = "Phase 0: Core scaffolding (justfile, CI/CD, .machine_readable)", completion = 100 }, - { name = "Phase 1: ABI/FFI standard (Idris2/Zig templates)", completion = 100 }, - { name = "Phase 1b: AI Gatekeeper Protocol (0-AI-MANIFEST.a2ml)", completion = 100 }, - { name = "Phase 1c: TOPOLOGY.md standard and guide", completion = 100 }, - { name = "Phase 1d: Maintenance gate (axes, checklist, approach)", completion = 100 }, - { name = "Phase 1e: Trustfile / contractiles", completion = 100 }, - { name = "Phase 2: Container ecosystem templates (stapeln)", completion = 100 }, - { name = "Phase 3: Multi-forge sync hardening", completion = 0 }, - { name = "Phase 4: Nix/Guix reproducible shells", completion = 50 }, -] - -[blockers-and-issues] -# No active blockers - -[critical-next-actions] -actions = [ - "Container templates complete — test with `just container-init`", - "Validate container templates across wolfi-base and static Chainguard images", - "Harden multi-forge sync for GitLab/Bitbucket mirroring edge cases", - "Expand Nix/Guix development shell templates", -] - -[maintenance-status] -last-run-utc = "never" -last-report = "docs/reports/maintenance/latest.json" -last-result = "unknown" # unknown | pass | warn | fail -open-warnings = 0 -open-failures = 0 - -[ecosystem] -part-of = ["RSR Framework", "stapeln ecosystem"] -depends-on = ["stapeln", "selur-compose", "cerro-torre", "svalinn", "vordr", "k9-svc"] - -# --------------------------------------------------------------------------- -# NOTE FOR CONSUMERS: When using this template to create a new repo, reset -# the fields above to your project's values and replace all {{PLACEHOLDER}} -# tokens. The milestones above describe the TEMPLATE's evolution, not yours. -# --------------------------------------------------------------------------- diff --git a/road-skate/.machine_readable/ADJUST.contractile b/road-skate/.machine_readable/ADJUST.contractile deleted file mode 100644 index d9c798ff..00000000 --- a/road-skate/.machine_readable/ADJUST.contractile +++ /dev/null @@ -1,126 +0,0 @@ -; SPDX-License-Identifier: MPL-2.0 -; ADJUST.contractile — Accessibility invariants for rsr-template-repo -; "ADJUST" = Accessibility & Digital Justice for Universal Software & Technology -; -; Part of the contractile family: MUST, TRUST, DUST, INTENT, ADJUST -; This file is machine-readable. LLM/SLM agents MUST NOT violate these invariants. - -; ── Definitions ────────────────────────────────────────────────── -; -; ADJUST (noun/verb) -; The accessibility contractile. Defines how software must adapt to serve -; all users regardless of ability, device, or context. Named for the verb -; "adjust" — to make suitable, to adapt, to accommodate — which is the -; core action of accessible design. -; -; Scope: -; ADJUST governs all user-facing interfaces: GUI, TUI, CLI, web, mobile, -; documentation, error messages, and installation flows. It applies to -; both human users and assistive technologies (screen readers, switch -; devices, braille displays, voice control). -; -; Relationship to other contractiles: -; - MUST: ADJUST invariants are a subset of MUST — violating ADJUST -; is a MUST violation. ADJUST exists separately because accessibility -; rules are numerous enough to warrant their own file, and because -; LLMs frequently forget accessibility unless explicitly reminded. -; - TRUST: ADJUST does not affect trust levels. All trust tiers must -; respect ADJUST invariants equally. -; - DUST: Deprecating a feature does not exempt it from ADJUST until -; it is fully removed. Deprecated UI must remain accessible. -; - INTENT: ADJUST supports the anti-purpose "this software is NOT -; only for able-bodied users with modern hardware." -; -; Standard: WCAG 2.2 Level AA (minimum) -; https://www.w3.org/WAI/WCAG22/quickref/?levels=aaa -; -; Why a separate file: -; Experience shows LLMs and developers alike treat accessibility as an -; afterthought. By placing invariants in a contractile that is loaded -; at session start, we make it structurally impossible to forget. -; -; ── End Definitions ────────────────────────────────────────────── - -(adjust-contractile - (version "1.0.0") - (full-name "Accessibility & Digital Justice for Universal Software & Technology") - (standard "WCAG-2.2-AA") - (repo "rsr-template-repo") - - (invariants - ; ── Visual ── - (adjust "colour-contrast-ratio >= 4.5:1 for normal text") - (adjust "colour-contrast-ratio >= 3:1 for large text (18pt+ or 14pt+ bold)") - (adjust "no information conveyed by colour alone") - (adjust "no flashing or strobing content (3 flashes/second max)") - (adjust "text resizable to 200% without loss of content or function") - (adjust "focus indicators visible on all interactive elements") - - ; ── Keyboard ── - (adjust "all interactive elements reachable via keyboard (Tab/Shift+Tab)") - (adjust "no keyboard traps — user can always Tab away") - (adjust "skip navigation link present on pages with repeated blocks") - (adjust "logical focus order follows visual reading order") - - ; ── Screen reader ── - (adjust "all images have meaningful alt text (or alt='' if decorative)") - (adjust "all form inputs have associated labels") - (adjust "ARIA landmarks used for page regions (main, nav, banner, etc.)") - (adjust "dynamic content updates announced via aria-live regions") - (adjust "semantic HTML used (headings, lists, tables) — not div soup") - - ; ── Interactive ── - (adjust "touch targets minimum 44x44px on mobile/touch interfaces") - (adjust "error messages identify the field and describe the error") - (adjust "error messages not conveyed by colour or position alone") - (adjust "form validation provides suggestions for correction") - - ; ── Media ── - (adjust "video has captions (closed or open)") - (adjust "audio-only content has text transcript") - (adjust "no autoplay of media with sound") - - ; ── Motion ── - (adjust "animations respect prefers-reduced-motion media query") - (adjust "no content depends on motion to convey meaning") - - ; ── CLI/TUI ── - (adjust "CLI output must not rely solely on colour (use symbols: [OK] [FAIL])") - (adjust "TUI must support high-contrast mode") - (adjust "all CLI commands support --help with plain-text output") - (adjust "error messages written in plain language, not jargon or codes alone") - - ; ── Documentation ── - (adjust "docs use clear language, short sentences, logical structure") - (adjust "code examples include comments explaining non-obvious steps") - (adjust "diagrams have text descriptions or alt text") - - ; ── Internationalisation (i18n) ── - (adjust "all user-facing strings externalisable for translation") - (adjust "no hardcoded English in error messages — use message keys") - (adjust "date/time/number formats locale-aware") - (adjust "RTL (right-to-left) layout support where applicable") - (adjust "Unicode handled correctly throughout (UTF-8 everywhere)") - ) - - (related-resources - ; LOL — super-parallel corpus crawler for 1500+ languages - ; Use for linguistic data, translation coverage, and i18n validation - (lol "standards/lol — multilingual NLP corpus, see README.adoc") - (polyglot-i18n "polyglot-i18n — i18n framework and WASM translation engine") - ) - - (enforcement - (ci "accessibility linting in quality.yml workflow") - (pr-block "PR blocked if accessibility regression detected") - (tool "axe-core or pa11y for automated checks on web UI") - (tool "CLI output inspected for colour-only signalling") - (manual "manual screen reader test before major releases") - ) - - (notes - "These are MINIMUM requirements. Exceeding them (AAA) is encouraged." - "When in doubt about an accessibility decision, ask — don't guess." - "Accessibility is not optional polish — it is a structural requirement." - ) -) diff --git a/road-skate/.machine_readable/CLADE.a2ml b/road-skate/.machine_readable/CLADE.a2ml deleted file mode 100644 index b14389ce..00000000 --- a/road-skate/.machine_readable/CLADE.a2ml +++ /dev/null @@ -1,26 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Clade declaration — part of the gv-clade-index registry -# See: https://github.com/hyperpolymath/gv-clade-index - -[identity] -uuid = "a5ea1382-a34c-5334-8a46-a2ebe904c810" -primary-forge = "github" -primary-owner = "hyperpolymath" -canonical-name = "rsr-template-repo" -prefixed-name = "rm-rsr-template-repo" - -[clade] -primary = "rm" -secondary = ["gv"] -assigned = "2026-03-16" -rationale = "" - -[forges] -github = "hyperpolymath/rsr-template-repo" -gitlab = "hyperpolymath/rsr-template-repo" -bitbucket = "hyperpolymath/rsr-template-repo" - -[lineage] -type = "standalone" -parent = "RSR template — scaffold for new repos" -born = "2026-03-16" diff --git a/road-skate/.machine_readable/ECOSYSTEM.a2ml b/road-skate/.machine_readable/ECOSYSTEM.a2ml deleted file mode 100644 index 31840780..00000000 --- a/road-skate/.machine_readable/ECOSYSTEM.a2ml +++ /dev/null @@ -1,8 +0,0 @@ -;; SPDX-License-Identifier: MPL-2.0 -;; Ecosystem position and relationships -(ecosystem - (version "1.0.0") - (name "affinescript-vite") - (type "library") - (purpose "{{REPO_DESCRIPTION}}") - (related-projects)) diff --git a/road-skate/.machine_readable/ENSAID_CONFIG.a2ml b/road-skate/.machine_readable/ENSAID_CONFIG.a2ml deleted file mode 100644 index ac6429b6..00000000 --- a/road-skate/.machine_readable/ENSAID_CONFIG.a2ml +++ /dev/null @@ -1,96 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# ENSAID_CONFIG.a2ml — eNSAID Environment Configuration -# Per-repo configuration for PanLL and eNSAID-compatible tools. -# -# Canonical location: .machine_readable/ENSAID_CONFIG.a2ml -# Spec: https://github.com/hyperpolymath/standards/tree/main/ensaid-config -# -# Naming convention: -# - UPPERCASE + underscore = non-executable machine-readable file -# - Lives in .machine_readable/ alongside STATE.a2ml, META.a2ml, etc. - -# ───────────────────────────────────────────────────────────────── -# [ensaid] — Core eNSAID identity and version -# ───────────────────────────────────────────────────────────────── -[ensaid] -version = "1.0.0" -tool = "panll" - -# ───────────────────────────────────────────────────────────────── -# [workspace] — Workspace mode, protection, and execution policy -# ───────────────────────────────────────────────────────────────── -[workspace] -mode = "rhodium" # rhodium | gold | silver | bronze -protection = "open" # open | guarded | locked -execution = "live" # live | dry-run | approval-required - -# ───────────────────────────────────────────────────────────────── -# [preferences] — User/repo-level display and behaviour preferences -# ───────────────────────────────────────────────────────────────── -[preferences] -humidity = "medium" # high | medium | low (drift aura intensity) -default-arrangement = "default-3-panel" # workspace arrangement ID -auto-connect = true # auto-connect panels to backends on load - -# ───────────────────────────────────────────────────────────────── -# [panels] — Panel visibility, enablement, and isolation overrides -# ───────────────────────────────────────────────────────────────── -[panels] -version = "1.0.0" - -# By default, all panels are available. Uncomment to restrict: -# [[panels.enabled]] -# id = "valence-shell" -# isolation = "native" -# auto-connect = true -# -# [[panels.enabled]] -# id = "editor-bridge" -# isolation = "native" -# auto-connect = true - -# Panels to hide for this repo context: -# [panels.disabled] -# ids = [] - -# ───────────────────────────────────────────────────────────────── -# [workflows] — Automation Router event-driven cross-panel rules -# ───────────────────────────────────────────────────────────────── -[workflows] -version = "1.0.0" - -# Example: rebuild on file save -# [[workflows.rule]] -# name = "build-on-save" -# trigger = { event = "file-changed", pattern = "src/**/*.res" } -# condition = { panel = "build-dashboard", field = "watchMode", equals = true } -# action = { panel = "build-dashboard", message = "TriggerBuild", args = { target = "game" } } -# approval = "auto-fire" # auto-fire | require-approval | approve-once | dry-run-first - -# ───────────────────────────────────────────────────────────────── -# [clades] — Panel clade trait and capability overrides -# ───────────────────────────────────────────────────────────────── -[clades] -version = "1.0.0" - -# Example: add a custom capability to a panel clade -# [[clades.override]] -# id = "build-dashboard" -# traits = { has-work-items = true } -# capabilities-add = ["CustomCheck"] - -# ───────────────────────────────────────────────────────────────── -# [portfolios] — Custom panel bundles for this repo's workflow -# ───────────────────────────────────────────────────────────────── -[portfolios] -version = "1.0.0" - -# Example: a custom portfolio for this project -# [[portfolios.custom]] -# id = "affinescript-vite-dev" -# name = "AffineScript-Vite Development" -# description = "Panels for AffineScript-Vite development" -# panels = ["valence-shell", "editor-bridge", "build-dashboard"] -# default-isolation = "native" diff --git a/road-skate/.machine_readable/INTENT.contractile b/road-skate/.machine_readable/INTENT.contractile deleted file mode 100644 index c899f0ea..00000000 --- a/road-skate/.machine_readable/INTENT.contractile +++ /dev/null @@ -1,72 +0,0 @@ -; SPDX-License-Identifier: MPL-2.0 -; INTENT.contractile — Purpose and scope for rsr-template-repo -; Helps LLM/SLM agents understand what this repo IS and IS NOT. -; -; Part of the contractile family: MUST, TRUST, DUST, INTENT, ADJUST - -; ── Definitions ────────────────────────────────────────────────── -; -; INTENT (noun) -; The purpose contractile. Defines what this repository IS, what it is -; NOT (anti-purpose), and which architectural decisions are load-bearing. -; Without INTENT, LLMs drift into scope creep, reverse key decisions, -; or add features that belong in a different repo. -; -; Scope: -; INTENT governs the conceptual boundaries of the project — its reason -; for existing, its domain, and its relationship to the ecosystem. -; It does NOT specify implementation details (that's MUST and code). -; -; Relationship to other contractiles: -; - MUST: INTENT explains WHY certain MUSTs exist. If you don't -; understand a MUST, read INTENT first. -; - TRUST: The "ask-before-touching" section in INTENT maps directly -; to TRUST.trust-deny for the most sensitive areas. -; - ADJUST: INTENT's anti-purpose should include "this software is -; NOT only for users with perfect vision/hearing/mobility." -; - DUST: When INTENT changes (repo pivots), related DUST entries -; should be created for the abandoned direction. -; -; ── End Definitions ────────────────────────────────────────────── - -(intent-contractile - (version "1.0.0") - (repo "rsr-template-repo") - - ; === Purpose (what this repo IS) === - (purpose - "{{ONE_PARAGRAPH_PURPOSE}}" - ) - - ; === Anti-Purpose (what this repo is NOT — prevents scope creep) === - (anti-purpose - "{{ONE_PARAGRAPH_ANTI_PURPOSE}}" - ; Examples: - ; "This is NOT a general-purpose database — it solves one specific problem." - ; "This is NOT a framework — it is a library with a focused API." - ; "This does NOT handle authentication — that is delegated to [other repo]." - ) - - ; === Key Architectural Decisions That Must Not Be Reversed === - (architectural-invariants - ; *REMINDER: List the foundational decisions* - ; ("Idris2 for ABI definitions — dependent types prove interface correctness") - ; ("Zig for FFI — zero-cost C ABI compatibility") - ; ("Elixir for supervision — OTP fault tolerance") - ) - - ; === Sensitive Areas (if in doubt, ask) === - (ask-before-touching - ; *REMINDER: List areas where LLMs should check before modifying* - ; "src/abi/ — formal proofs, changes require re-verification" - ; "ffi/zig/ — C ABI boundary, changes affect all language bindings" - ; ".machine_readable/ — checkpoint files, format is specified" - ) - - ; === Ecosystem Position === - (ecosystem - (belongs-to "{{MONOREPO_OR_STANDALONE}}") - (depends-on ("{{DEP1}}" "{{DEP2}}")) - (depended-on-by ("{{CONSUMER1}}" "{{CONSUMER2}}")) - ) -) diff --git a/road-skate/.machine_readable/META.a2ml b/road-skate/.machine_readable/META.a2ml deleted file mode 100644 index 6c59f950..00000000 --- a/road-skate/.machine_readable/META.a2ml +++ /dev/null @@ -1,30 +0,0 @@ -;; SPDX-License-Identifier: MPL-2.0 -;; Architecture decisions and development practices -(meta - (version "1.0.0") - (project "affinescript-vite") - (governance - (axis-1 "must > intend > like") - (axis-2 "corrective > adaptive > perfective") - (axis-3 "systems > compliance > effects")) - (auditing - (scoping-first true) - (idris-unsound-scan "believe_me/assert_total") - (audit-focus "systems in place, documentation explains actual state, safety/security accounted for, observed effects reviewed") - (compliance-focus "seams/compromises/exception register, bounded exceptions, anti-drift checks") - (effects-evidence "benchmark execution/results and maintainer status dialogue/review")) - (architecture-decisions) - (development-practices - (code-review "required") - (branch-protection "enabled") - (ci-cd "github-actions"))) - -;; RSR compliance strings for grep validation -;; axis-1 = "must > intend > like" -;; axis-2 = "corrective > adaptive > perfective" -;; axis-3 = "systems > compliance > effects" -;; scoping-first = true -;; idris-unsound-scan = "believe_me/assert_total" -;; audit-focus = "systems in place, documentation explains actual state, safety/security accounted for, observed effects reviewed" -;; compliance-focus = "seams/compromises/exception register, bounded exceptions, anti-drift checks" -;; effects-evidence = "benchmark execution/results and maintainer status dialogue/review" diff --git a/road-skate/.machine_readable/MUST.contractile b/road-skate/.machine_readable/MUST.contractile deleted file mode 100644 index 1160f0ae..00000000 --- a/road-skate/.machine_readable/MUST.contractile +++ /dev/null @@ -1,91 +0,0 @@ -; SPDX-License-Identifier: MPL-2.0 -; MUST.contractile — Baseline invariants for rsr-template-repo -; These constraints MUST NOT be violated. K9 validators enforce them. -; -; Part of the contractile family: MUST, TRUST, DUST, INTENT, ADJUST - -; ── Definitions ────────────────────────────────────────────────── -; -; MUST (noun/verb) -; The hard-constraint contractile. Defines invariants that are structurally -; required for the repository to function correctly and safely. Violating -; a MUST is always a bug — there are no "soft" MUSTs. -; -; Scope: -; MUST governs code, configuration, CI, and structure. It does NOT govern -; style, preference, or approach — those belong in CLAUDE.md or coding -; standards. MUST is for things that break the project if violated. -; -; Relationship to other contractiles: -; - TRUST: MUST is enforced regardless of trust level. Even maximal-trust -; agents cannot violate MUST constraints. -; - ADJUST: All ADJUST invariants are implicitly MUST invariants too. -; ADJUST exists separately for visibility. -; - INTENT: MUST protects the architectural decisions described in INTENT. -; - DUST: When a feature enters DUST (deprecation), its MUST constraints -; remain active until the feature is fully removed. -; -; Enforcement: -; K9 validators in contractiles/k9/ machine-check MUST constraints. -; CI runs these on every PR. Violations block merge. -; -; ── End Definitions ────────────────────────────────────────────── - -(must-contractile - (version "1.0.0") - (repo "rsr-template-repo") - - ; === Universal Invariants (apply to ALL repos) === - - (invariants - ; Paths - (must "no hardcoded absolute paths (/home/*, /mnt/*, /var/mnt/*)") - (must "all paths use env vars, XDG dirs, or relative references") - - ; Language policy - (must "no new TypeScript files") - (must "no new Python files") - (must "no new Go files") - (must "no npm/bun/yarn/pnpm dependencies — Deno only") - - ; Dangerous patterns - (must "no believe_me (Idris2)") - (must "no assert_total (Idris2)") - (must "no Admitted (Coq)") - (must "no sorry (Lean)") - (must "no unsafeCoerce (Haskell)") - (must "no Obj.magic (OCaml)") - (must "no unsafe {} blocks without safety comment (Rust)") - - ; License - (must "SPDX-License-Identifier header on every source file") - (must "no removal or modification of LICENSE file") - - ; Structure - (must ".machine_readable/ directory preserved") - (must "0-AI-MANIFEST.a2ml preserved") - (must "no SCM files in repo root — only in .machine_readable/") - - ; CI - (must "no removal of CI workflows without explicit approval") - (must "all GitHub Actions SHA-pinned") - - ; Code quality - (must "tests must not be deleted or weakened") - (must "generated code in generated/ directory only") - (must "no introduction of OWASP top 10 vulnerabilities") - - ; ABI/FFI (if applicable) - (must "no modification of ABI contracts without proof update") - (must "no removal of formal verification proofs") - ) - - ; === Project-Specific Invariants === - ; *REMINDER: Add invariants specific to this repo* - ; (must "# Add project-specific invariants here") - - (enforcement - (k9-validator "contractiles/k9/must-check.k9.ncl") - (ci "quality.yml runs must-check on every PR") - ) -) diff --git a/road-skate/.machine_readable/READINESS.md b/road-skate/.machine_readable/READINESS.md deleted file mode 100644 index e270d5d4..00000000 --- a/road-skate/.machine_readable/READINESS.md +++ /dev/null @@ -1,53 +0,0 @@ - - - -# affinescript-vite Component Readiness Assessment - -**Standard:** [Component Readiness Grades (CRG) v2.2](https://github.com/hyperpolymath/standards/tree/main/component-readiness-grades) -**Current Grade:** C -**Assessed:** 2026-04-06 -**Assessor:** Jonathan D.A. Jewell - ---- - -## Summary - -| Component | Grade | Release Stage | Evidence Summary | -|---------------------|-------|---------------|-------------------------------------------| -| Primary component | C | Alpha-stable | Dogfooded on own project; CI passing | - -**Overall:** Grade C — dogfooding confirmed, CI passing, deep annotation in place. - ---- - -## Grade C Evidence - -- Deployed and dogfooded on the affinescript-vite project itself -- CI passing (dogfood-gate, hypatia-scan, static-analysis-gate) -- TEST-NEEDS.md documents test matrix -- No home failures -- Deep code and folder annotation in place per CRG v2 requirements - ---- - -## Promotion Path to Grade B - -Grade B requires: **6+ diverse external targets tested, issues fed back**. - -Diversity means: different languages, different architectures, different use cases. - -To reach B: -1. Deploy on at least 6 external projects that differ meaningfully from each other -2. Confirm it works in each (or document failures) -3. Feed back any issues found (GitHub issues or PRs) -4. Update this file with the evidence - ---- - -## Concerns and Maintenance Notes - -*Document any known limitations, demotion risks, or maintenance concerns here.* - ---- - -## Run `just crg-badge` to generate the shields.io badge for your README. diff --git a/road-skate/.machine_readable/README.adoc b/road-skate/.machine_readable/README.adoc deleted file mode 100644 index 471d6c72..00000000 --- a/road-skate/.machine_readable/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= .machine_readable Pillar diff --git a/road-skate/.machine_readable/STATE.a2ml b/road-skate/.machine_readable/STATE.a2ml deleted file mode 100644 index 821be8fe..00000000 --- a/road-skate/.machine_readable/STATE.a2ml +++ /dev/null @@ -1,27 +0,0 @@ -;; SPDX-License-Identifier: MPL-2.0 -;; Project state — update throughout each session -(state - (metadata - (version "1.0.1") - (project "affinescript-vite") - (last-updated "2026-04-06")) - (project-context - (description "Vite plugin for AffineScript — enabling verified frontend development") - (primary-language "JavaScript + AffineScript (WASM)") - (status "testing-complete")) - (current-position - (phase "testing") - (completion-percentage 100) - (milestone "CRG C - Testing & Benchmarking complete")) - (testing-summary - (validation-script "scripts/validate-template.sh: PASS (0 errors)") - (workflow-tests "tests/workflows/validate_workflows_test.sh: PASS (21/21 workflows)") - (integration-tests "test/integration_test.zig: PASS (placeholder template)") - (e2e-tests "tests/e2e/template_instantiation_test.sh: READY") - (benchmarks "benches/template_bench.sh: PASS (5 suites)") - (zig-build "Zig 0.15.2 compatible: PASS")) - (critical-next-actions - ("Commit test suite" - "Push to GitHub" - "Verify CI workflows pass" - "Document test instantiation patterns"))) diff --git a/road-skate/.machine_readable/TOPOLOGY.md b/road-skate/.machine_readable/TOPOLOGY.md deleted file mode 100644 index c3107b39..00000000 --- a/road-skate/.machine_readable/TOPOLOGY.md +++ /dev/null @@ -1,33 +0,0 @@ - - - -# Architecture Topology - -## System Overview - -RSR (Rhodium Standard Repository) template provides the canonical scaffold for all hyperpolymath projects, with integrated CI/CD, documentation, and service discovery patterns. - -## Component Overview - -| Component | Language | Purpose | -|-----------|----------|---------| -| dogfood-gate workflow | YAML | Quality checks (CRG, security, linting) | -| eclexiaiser-validate job | YAML | Resource cost awareness scoring | -| Groove discovery | JSON | Service endpoint registration | - -## Data Flow - -``` -[Code Push] → [GitHub Actions] → [hypatia scan] → [eclexiaiser validate] → [Results] -``` - -## Integration Points - -- **Upstream**: Hypatia (neurosymbolic CI/CD), eclexiaiser (resource scoring) -- **Downstream**: All RSR-based repositories (500+ instances) - -## Deployment - -- Container: Stapeln Six ecosystem -- CI/CD: GitHub Actions → Hypatia scan → eclexiaiser-validate (6 scorecard dimensions) → Mirror -- Service Discovery: Groove protocol (.well-known/groove/manifest.json) diff --git a/road-skate/.machine_readable/TRUST.contractile b/road-skate/.machine_readable/TRUST.contractile deleted file mode 100644 index 52fd1f08..00000000 --- a/road-skate/.machine_readable/TRUST.contractile +++ /dev/null @@ -1,80 +0,0 @@ -; SPDX-License-Identifier: MPL-2.0 -; TRUST.contractile — Trust boundaries for rsr-template-repo -; Defines what LLM/SLM agents are trusted to do without asking. -; -; Part of the contractile family: MUST, TRUST, DUST, INTENT, ADJUST - -; ── Definitions ────────────────────────────────────────────────── -; -; TRUST (noun/verb) -; The permission contractile. Defines the boundary between what an AI -; agent may do autonomously and what requires human approval. Trust is -; graduated — not binary — with four levels from minimal to maximal. -; -; Trust levels: -; - maximal: Agent may read, build, test, lint, format, heal freely. -; Only destructive/external actions require approval. -; - standard: Agent may read and build. Test/lint need approval. -; - restricted: Agent may read only. All modifications need approval. -; - minimal: Agent may read specific files only. Everything else blocked. -; -; Scope: -; TRUST governs AI agent behaviour only. It does not affect human -; contributors — humans follow CONTRIBUTING.md and GOVERNANCE.adoc. -; -; Relationship to other contractiles: -; - MUST: Trust never overrides MUST. Even at maximal trust, MUST -; violations are blocked. -; - ADJUST: Trust does not exempt from ADJUST. All trust tiers must -; produce accessible output. -; - INTENT: TRUST.trust-deny protects the sensitive areas listed in -; INTENT.ask-before-touching. -; - DUST: Deprecated features have the same trust rules as active ones. -; -; ── End Definitions ────────────────────────────────────────────── - -(trust-contractile - (version "1.0.0") - (repo "rsr-template-repo") - - (trust-level "maximal") ; maximal | standard | restricted | minimal - - ; === Maximal Trust (default) === - ; LLM may freely do these without asking: - (trust-actions - "read" ; Read any file in the repo - "build" ; Run build commands - "test" ; Run test suites - "lint" ; Run linters and formatters - "format" ; Auto-format code - "doctor" ; Run self-diagnostics - "heal" ; Attempt automatic repair - "git-status" ; Check git status - "git-diff" ; View diffs - "git-log" ; View history - ) - - ; === Denied Actions (always require human approval) === - (trust-deny - "delete-branch" ; Could lose work - "force-push" ; Overwrites history - "modify-ci-secrets" ; Security sensitive - "publish" ; External visibility - "push-to-main" ; Protected branch - "delete-files-bulk" ; More than 5 files at once - "modify-license" ; Legal implications - "modify-security-policy" ; Security implications - "remove-proofs" ; Formal verification regression - "disable-ci-checks" ; Safety regression - ) - - ; === Trust Boundary === - (trust-boundary "repo") ; LLM confined to this repo unless explicitly told otherwise - - ; === Override === - ; Repos requiring tighter trust override these settings with justification: - ; (override - ; (trust-level "restricted") - ; (reason "Contains production secrets / handles PII / etc.") - ; ) -) diff --git a/road-skate/.machine_readable/agent_instructions/README.adoc b/road-skate/.machine_readable/agent_instructions/README.adoc deleted file mode 100644 index 6fa36e15..00000000 --- a/road-skate/.machine_readable/agent_instructions/README.adoc +++ /dev/null @@ -1,41 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -= Agent Instructions -:toc: preamble - -Methodology-aware configuration for AI agents. Read by any AI agent -(Claude, Gemini, Copilot, etc.) at session start. - -== Files - -[cols="1,3"] -|=== -| File | Purpose - -| `methodology.a2ml` -| Default mode, invariants, ring ceiling, priority weights, convergent budget - -| `coverage.a2ml` -| Session coverage tracking — what was visited, what was skipped, what has MUSTs - -| `debt.a2ml` -| Meander debt — things found but not fixed, carried between sessions -|=== - -== How Agents Use These - -1. Read `methodology.a2ml` at session start — know mode, invariants, ceiling -2. Read `coverage.a2ml` — know what was visited last time, what was skipped -3. Read `debt.a2ml` — know what's outstanding from previous sessions -4. At session end, update `coverage.a2ml` and `debt.a2ml` - -== Relationship to Other Files - -* `AGENTIC.a2ml` says WHAT agents can do (permissions, gating) -* `agent_instructions/` says HOW agents should work (methodology) -* `bot_directives/` says what the gitbot-fleet does (fleet-specific) -* `CLAUDE.md` says how Claude specifically should work (Claude-specific) - -== Reference - -ADR-002 in `standards/agentic-a2ml/docs/ADR-002-methodology-layer.adoc` diff --git a/road-skate/.machine_readable/agent_instructions/coverage.a2ml b/road-skate/.machine_readable/agent_instructions/coverage.a2ml deleted file mode 100644 index f382cfcc..00000000 --- a/road-skate/.machine_readable/agent_instructions/coverage.a2ml +++ /dev/null @@ -1,61 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# coverage.a2ml — Session coverage tracking -# Updated at the end of each AI agent session. -# Persists what was visited, what was skipped, and what has MUSTs. -# -# Reference: ADR-002 in standards/agentic-a2ml/docs/ - -[metadata] -version = "1.0.0" -last-updated = "{{CURRENT_DATE}}" - -# ============================================================================ -# COVERAGE STATE -# ============================================================================ -# Updated by agents at session end. Tracks which components have been -# visited and which have known MUSTs that were skipped. - -[coverage] -total-components = 0 -visited-components = 0 -coverage-percent = 0 - -# ============================================================================ -# VISITED COMPONENTS -# ============================================================================ -# Component → session date + ring reached -# Agents add entries as they work through components. -# -# Example: -# [coverage.visited.emergency-room] -# date = "2026-03-23" -# ring = 2 -# fixes = 3 -# notes = "boot-guardian built, shutdown-marshal built" - -# ============================================================================ -# SKIPPED COMPONENTS WITH MUSTS -# ============================================================================ -# Components with known MUSTs that were not visited in the most recent session. -# These become P1 inputs for the next session's Phase 0. -# -# Example: -# [coverage.skipped-musts.session-sentinel] -# priority = "P0" -# issue = "56 SIGABRTs in 4 days, D-Bus race condition" -# discovered = "2026-03-23" - -# ============================================================================ -# CHERRY-PICKING AUDIT -# ============================================================================ -# At session end, agents report whether they chose easy work over hard work. -# This is the accountability mechanism for the weighted priority system. -# -# [coverage.cherry-picking] -# easy-high-completed = 3 -# hard-high-completed = 1 -# easy-low-completed = 2 -# hard-low-deferred = 4 -# assessment = "Correctly prioritised — all MUST items addressed before COULDs" diff --git a/road-skate/.machine_readable/agent_instructions/debt.a2ml b/road-skate/.machine_readable/agent_instructions/debt.a2ml deleted file mode 100644 index d87daa79..00000000 --- a/road-skate/.machine_readable/agent_instructions/debt.a2ml +++ /dev/null @@ -1,49 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# debt.a2ml — Meander debt list -# Things found but not fixed. Carried between sessions. -# Becomes the next session's Phase 0 input. -# -# Reference: ADR-002 in standards/agentic-a2ml/docs/ - -[metadata] -version = "1.0.0" -last-updated = "{{CURRENT_DATE}}" - -# ============================================================================ -# DEBT ITEMS -# ============================================================================ -# Each item has: component, issue, effort (easy|medium|hard), impact (high|medium|low), -# priority (should|could), and discovered date. -# -# Items are consumed (removed) when fixed. New items are added at session end. -# The debt list prevents the "one more wave" loop — found things are persisted, -# not forgotten, and not used as justification for infinite meandering. - -# ============================================================================ -# SHOULD — would fix next wave -# ============================================================================ -# These are inputs for the next session if the user says "keep going". -# -# Example: -# [[debt.should]] -# component = "system-tools/monitoring/observatory" -# issue = "Stale duplicate of root observatory/" -# effort = "easy" -# impact = "medium" -# discovered = "2026-03-23" - -# ============================================================================ -# COULD — would fix eventually -# ============================================================================ -# These are low-priority items that don't justify a session on their own. -# They get picked up when an agent is in the area for other reasons. -# -# Example: -# [[debt.could]] -# component = "cicada" -# issue = "RSR_OUTLINE.adoc references banned AGPL-3.0" -# effort = "easy" -# impact = "low" -# discovered = "2026-03-23" diff --git a/road-skate/.machine_readable/agent_instructions/methodology.a2ml b/road-skate/.machine_readable/agent_instructions/methodology.a2ml deleted file mode 100644 index 5676f741..00000000 --- a/road-skate/.machine_readable/agent_instructions/methodology.a2ml +++ /dev/null @@ -1,107 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# methodology.a2ml — AI agent methodology configuration -# Declares how agents should approach work in this repository. -# Read at session start by any AI agent (Claude, Gemini, Copilot, etc.) -# -# Reference: ADR-002 in standards/agentic-a2ml/docs/ - -[metadata] -version = "1.0.0" -last-updated = "{{CURRENT_DATE}}" -spec = "https://github.com/hyperpolymath/standards/blob/main/agentic-a2ml/docs/ADR-002-methodology-layer.adoc" - -# ============================================================================ -# MODE SELECTION -# ============================================================================ -# convergent: find gaps, fill them, build infrastructure (default for ops/infra) -# divergent: find what's strongest, push it further (for research/creative) -# hybrid: audit 20% of budget, then focus 80% on top MUSTs (default for most) - -[methodology] -default-mode = "hybrid" -ring-ceiling = 2 # Hard ceiling for ring expansion (0-3) -wave-cap = 2 # Max waves before requiring user "keep going" -spike-required = true # Every session must ship code, not just designs - -# ============================================================================ -# PRIORITY WEIGHTS -# ============================================================================ -# MUST (3x): Blocking the current work → fix immediately -# SHOULD (2x): Degrading quality of current work → fix if in zone -# COULD (1x): Improving quality of adjacent work → add to debt list - -[methodology.priority-weights] -must = 3 -should = 2 -could = 1 - -# ============================================================================ -# CONVERGENT BUDGET (when mode = convergent or hybrid) -# ============================================================================ -# How to allocate effort across work types. -# Prevents over-polishing docs while structural work waits. - -[methodology.convergent-budget] -structural = 70 # % for new modules, compilation fixes, wiring, integration -corrective = 20 # % for bugs found, broken imports, stale references -perfective = 10 # % for SPDX headers, doc updates, formatting, style - -# ============================================================================ -# UNIQUE STRENGTH (when mode = divergent) -# ============================================================================ -# What makes this project special. Agents should DEEPEN this, not broaden it. -# Customise this per project — the template default is generic. - -[methodology.unique-strength] -description = "{{PROJECT_UNIQUE_STRENGTH}}" -deepen-not-broaden = true - -# ============================================================================ -# DIVERGENT INVARIANTS -# ============================================================================ -# Constraints that divergent mode must NOT violate. -# These are the riverbanks — diverge within them, not across. -# "Amplify uniqueness" means deepen, not broaden. -# -# Test before any divergent action: -# "Does this deepen the existing strength, or add a parallel strength?" -# If parallel → stop. Note as cross-project insight. - -[methodology.divergent-invariants] -rules = [ - # Customise per project. Examples: - # "Idris2 only for formal verification — no Lean4, Coq, Agda", - # "believe_me count must remain zero", - # "FFI architecture: Idris2 → RefC → Zig → C ABI (no shortcuts)", -] - -# Optional: language invariant for the core strength -# If set, divergent mode will not introduce other languages for this purpose -# language-invariant = "idris2" - -# ============================================================================ -# CONSTRAINT HINTS -# ============================================================================ -# Help Phase 0 find the critical chain faster. -# Updated at session end with newly discovered constraints. - -[methodology.known-constraints] -constraints = [ - # Customise per project. Examples: - # "End-to-end build has never been verified", - # "libproject.so does not exist yet — all bindings call stubs", -] - -# ============================================================================ -# STATE FILE VALIDATION -# ============================================================================ -# Phase 0 reads STATE.a2ml first but it may be broken. -# These rules detect corrupt/template/stale state files. - -[methodology.state-validation] -reject-if-contains = ["{{PLACEHOLDER}}", "{{PROJECT}}", "rsr-template-repo"] -reject-if-project-name-mismatch = true -staleness-threshold-days = 90 -fallback-files = ["TODO.md", "TODO.adoc", "ROADMAP.adoc", "README.adoc"] diff --git a/road-skate/.machine_readable/ai/.clinerules b/road-skate/.machine_readable/ai/.clinerules deleted file mode 100644 index 16934c0c..00000000 --- a/road-skate/.machine_readable/ai/.clinerules +++ /dev/null @@ -1,43 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# Authoritative source: docs/AI-CONVENTIONS.md - -# STARTUP: Read 0-AI-MANIFEST.a2ml first, then .machine_readable/STATE.a2ml. - -# LICENSE -# All original code: MPL-2.0. -# Never AGPL-3.0. MPL-2.0 only as platform-required fallback. -# SPDX header required on every source file. -# Copyright: hyperpolymath (hyperpolymath) - -# STATE FILES (.machine_readable/ ONLY) -# Never create in repo root: STATE.a2ml, META.a2ml, ECOSYSTEM.a2ml, -# AGENTIC.a2ml, NEUROSYM.a2ml, PLAYBOOK.a2ml. -# The .machine_readable/ directory is the single source of truth. - -# BANNED PATTERNS -# Idris2: believe_me, assert_total, assert_smaller, unsafePerformIO -# Haskell: unsafeCoerce, unsafePerformIO, undefined, error -# OCaml: Obj.magic, Obj.repr, Obj.obj -# Coq: Admitted -# Lean: sorry -# Rust: transmute (unless FFI with // SAFETY: comment) - -# BANNED LANGUAGES -# TypeScript -> ReScript -# Node.js / npm / bun -> Deno -# Go -> Rust -# Python -> Julia or Rust - -# CONTAINERS -# Runtime: Podman (never Docker). -# File: Containerfile (never Dockerfile). -# Base: cgr.dev/chainguard/wolfi-base:latest or cgr.dev/chainguard/static:latest. - -# ABI/FFI -# ABI: Idris2 with dependent types (src/interface/abi/). -# FFI: Zig with C ABI (src/interface/ffi/). -# Headers: src/interface/generated/. - -# BUILD: Use just (justfile) for all tasks. -# STYLE: Descriptive names. Document all files. SPDX headers everywhere. diff --git a/road-skate/.machine_readable/ai/.cursorrules b/road-skate/.machine_readable/ai/.cursorrules deleted file mode 100644 index 277ccc5c..00000000 --- a/road-skate/.machine_readable/ai/.cursorrules +++ /dev/null @@ -1,47 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# Authoritative source: docs/AI-CONVENTIONS.md - -# Read 0-AI-MANIFEST.a2ml in the repo root FIRST for canonical file locations. - -# LICENSE -# All original code: MPL-2.0 (SPDX header required on every file). -# Never use AGPL-3.0. Fallback to MPL-2.0 only when platform requires it. -# Copyright: hyperpolymath (hyperpolymath) - -# STATE FILES -# .a2ml metadata files go in .machine_readable/ ONLY. -# Never create STATE.a2ml, META.a2ml, ECOSYSTEM.a2ml, AGENTIC.a2ml, -# NEUROSYM.a2ml, or PLAYBOOK.a2ml in the repository root. - -# BANNED PATTERNS -# Idris2: believe_me, assert_total, assert_smaller, unsafePerformIO -# Haskell: unsafeCoerce, unsafePerformIO, undefined, error -# OCaml: Obj.magic, Obj.repr, Obj.obj -# Coq: Admitted -# Lean: sorry -# Rust: transmute (unless FFI with // SAFETY: comment) - -# BANNED LANGUAGES -# TypeScript -> use ReScript -# Node.js / npm / bun -> use Deno -# Go -> use Rust -# Python -> use Julia or Rust - -# CONTAINERS -# Runtime: Podman (never Docker) -# File: Containerfile (never Dockerfile) -# Base: cgr.dev/chainguard/wolfi-base:latest - -# ABI/FFI STANDARD -# ABI definitions: Idris2 with dependent types (src/interface/abi/) -# FFI implementation: Zig with C ABI (src/interface/ffi/) -# Generated C headers: src/interface/generated/ - -# BUILD SYSTEM -# Use just (justfile) for all build, test, lint, and format tasks. - -# CODE STYLE -# Use descriptive variable names. -# Annotate and document all files. -# Add SPDX-License-Identifier header to every source file. diff --git a/road-skate/.machine_readable/ai/.windsurfrules b/road-skate/.machine_readable/ai/.windsurfrules deleted file mode 100644 index 16934c0c..00000000 --- a/road-skate/.machine_readable/ai/.windsurfrules +++ /dev/null @@ -1,43 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# Authoritative source: docs/AI-CONVENTIONS.md - -# STARTUP: Read 0-AI-MANIFEST.a2ml first, then .machine_readable/STATE.a2ml. - -# LICENSE -# All original code: MPL-2.0. -# Never AGPL-3.0. MPL-2.0 only as platform-required fallback. -# SPDX header required on every source file. -# Copyright: hyperpolymath (hyperpolymath) - -# STATE FILES (.machine_readable/ ONLY) -# Never create in repo root: STATE.a2ml, META.a2ml, ECOSYSTEM.a2ml, -# AGENTIC.a2ml, NEUROSYM.a2ml, PLAYBOOK.a2ml. -# The .machine_readable/ directory is the single source of truth. - -# BANNED PATTERNS -# Idris2: believe_me, assert_total, assert_smaller, unsafePerformIO -# Haskell: unsafeCoerce, unsafePerformIO, undefined, error -# OCaml: Obj.magic, Obj.repr, Obj.obj -# Coq: Admitted -# Lean: sorry -# Rust: transmute (unless FFI with // SAFETY: comment) - -# BANNED LANGUAGES -# TypeScript -> ReScript -# Node.js / npm / bun -> Deno -# Go -> Rust -# Python -> Julia or Rust - -# CONTAINERS -# Runtime: Podman (never Docker). -# File: Containerfile (never Dockerfile). -# Base: cgr.dev/chainguard/wolfi-base:latest or cgr.dev/chainguard/static:latest. - -# ABI/FFI -# ABI: Idris2 with dependent types (src/interface/abi/). -# FFI: Zig with C ABI (src/interface/ffi/). -# Headers: src/interface/generated/. - -# BUILD: Use just (justfile) for all tasks. -# STYLE: Descriptive names. Document all files. SPDX headers everywhere. diff --git a/road-skate/.machine_readable/ai/0.2-AI-MANIFEST.a2ml b/road-skate/.machine_readable/ai/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 869cbee6..00000000 --- a/road-skate/.machine_readable/ai/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "ai-registry" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-registry for ai metadata. diff --git a/road-skate/.machine_readable/ai/AI.a2ml b/road-skate/.machine_readable/ai/AI.a2ml deleted file mode 100644 index c4da8dfc..00000000 --- a/road-skate/.machine_readable/ai/AI.a2ml +++ /dev/null @@ -1,37 +0,0 @@ - -# AI Assistant Instructions - -## Repository Focus -- `rsr-template-repo` is treated as a Rhodium Standard Repository; obey the Rhodium policies and keep `.machine_readable/` authoritative. -- All machine-readable content lives under `.machine_readable/` — state files (a2ml), bot directives, and contractiles. -- Prefer to keep generated files out of source control, and regenerate them with the documented commands before committing. - -## Workflow -1. Inspect `.machine_readable/STATE.a2ml` for blockers and next actions. -2. Respect any constraints listed inside `.machine_readable/AGENTIC.a2ml` when tooling changes are requested. -3. After finishing edits, update STATE with your outcomes and commit with a concise, imperative message. - -## Delivery Promises -- Mention in summaries whether STATE, `.machine_readable/contractiles/`, or `.machine_readable/bot_directives/` changed. -- Keep this file in sync with the repository's status; update it if the governance changes. - -[foundational-integrations] -# These tools form the architectural floor for all hyperpolymath repos. -# Integrate them incrementally as the project matures. - -proven = "Formally verified safety library — replace raw string/JSON/URL/crypto ops" -panic-attacker = "Static analysis — run `just assail` before every commit" -feedback-o-tron = "Autonomous bug filing — auto-report upstream dependency failures" -verisimdb = "Cross-repo analytics — emit scan results and build metrics" -vexometer = "Irritation surface analysis — measure friction in CLI/UI tools" -hypatia = "Neurosymbolic CI/CD — safety-triangle routing for automated fixes" -boj-server = "MCP gateway — all external service integrations route through BoJ" - -[floor-raise-checklist] -step-1 = "Ensure 0-AI-MANIFEST.a2ml exists at repo root" -step-2 = "Ensure Mustfile.a2ml + Trustfile.a2ml + Dustfile.a2ml in .machine_readable/contractiles/" -step-3 = "Add `assail` recipe to Justfile and wire into pre-commit hook" -step-4 = "Add proven integration reference in .machine_readable/integrations/" -step-5 = "Add verisimdb feed configuration" -step-6 = "Add feedback-o-tron integration for upstream reporting" -step-7 = "Add vexometer hooks for friction measurement (CLI/UI repos)" diff --git a/road-skate/.machine_readable/ai/PLACEHOLDERS.adoc b/road-skate/.machine_readable/ai/PLACEHOLDERS.adoc deleted file mode 100644 index ca63f47e..00000000 --- a/road-skate/.machine_readable/ai/PLACEHOLDERS.adoc +++ /dev/null @@ -1,142 +0,0 @@ -= Template Placeholders -# Template Placeholders - -All placeholders in this template follow the `{{PLACEHOLDER}}` pattern. -After cloning, replace them with your project-specific values. - -## Recommended: Interactive Bootstrap - -```bash -just init -``` - -This interactively prompts for all values, replaces every placeholder, -validates the result, and runs k9-svc checks if available. - -## Manual Replace - -```bash -# If you prefer manual replacement (run from repo root) - -sed -i 's/hyperpolymath/Jane Doe/g' $(grep -rl 'hyperpolymath' .) -sed -i 's/j.d.a.jewell@open.ac.uk/jane@example.org/g' $(grep -rl 'j.d.a.jewell@open.ac.uk' .) -sed -i 's/hyperpolymath/my-org/g' $(grep -rl 'hyperpolymath' .) -sed -i 's/AffineScript-Vite/my-project/g' $(grep -rl 'AffineScript-Vite' .) -sed -i 's/{{PROJECT}}/MY_PROJECT/g' $(grep -rl '{{PROJECT}}' .) -sed -i 's/affinescript-vite/my_project/g' $(grep -rl 'affinescript-vite' .) -sed -i 's/affinescript-vite/my-project/g' $(grep -rl 'affinescript-vite' .) -sed -i 's/github.com/github.com/g' $(grep -rl 'github.com' .) -sed -i "s/{{CURRENT_YEAR}}/$(date +%Y)/g" $(grep -rl '{{CURRENT_YEAR}}' .) -sed -i "s/{{CURRENT_DATE}}/$(date +%Y-%m-%d)/g" $(grep -rl '{{CURRENT_DATE}}' .) -``` - -## Placeholder Reference - -### Author & Copyright - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `hyperpolymath` | Full legal name | `Jane Doe` | SPDX headers (all files), MAINTAINERS.md, .mailmap, .reuse/dep5, docs/AI-CONVENTIONS.md | -| `j.d.a.jewell@open.ac.uk` | Primary contact email | `jane@example.org` | SPDX headers (all files), .mailmap, .reuse/dep5, .well-known/humans.txt | -| `{{AUTHOR_EMAIL_ALT}}` | Previous/secondary email (for .mailmap) | `old@example.com` | .mailmap | -| `{{AUTHOR_ORG}}` | Author's organization/affiliation | `Acme University` | project-metadata.k9.ncl | -| `{{AUTHOR_LAST}}` | Author surname (for citations) | `Doe` | docs/CITATIONS.adoc | -| `{{AUTHOR_FIRST}}` | Author first name (for citations) | `Jane` | docs/CITATIONS.adoc | -| `{{AUTHOR_INITIALS}}` | Author initials (for citations) | `J.` | docs/CITATIONS.adoc | - -### Project Identity - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `AffineScript-Vite` | Human-readable project name | `My Project` | SECURITY.md, CODE_OF_CONDUCT.md, TOPOLOGY.md, STATE.a2ml, Justfile, GOVERNANCE.md, MAINTAINERS.md, flake.nix, devcontainer.json | -| `{{PROJECT_DESCRIPTION}}` | One-line description | `A tool for X` | flake.nix | -| `{{PROJECT}}` | Uppercase identifier (for Idris2 modules, C macros) | `MY_PROJECT` | ABI-FFI-README.md, src/interface/abi/*.idr, src/interface/ffi/*.zig | -| `affinescript-vite` | Lowercase identifier (for C symbols, filenames) | `my_project` | ABI-FFI-README.md, src/interface/ffi/*.zig | -| `affinescript-vite` | Repository name (slug) | `my-project` | CONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md, cliff.toml | -| `hyperpolymath` | GitHub/GitLab org or username | `my-org` | SPDX headers, CONTRIBUTING.md, SECURITY.md, GOVERNANCE.md, MAINTAINERS.md, CODEOWNERS, mirror.yml, cliff.toml | -| `github.com` | Git forge domain | `github.com` | CONTRIBUTING.md | - -### Dates - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `{{CURRENT_YEAR}}` | Current year | `2026` | SPDX headers (all files), GOVERNANCE.md, MAINTAINERS.md | -| `{{CURRENT_DATE}}` | Current date (ISO) | `2026-02-14` | STATE.a2ml, MAINTAINERS.md | -| `{{DATE}}` | Last updated date | `2026-02-14` | TOPOLOGY.md, THREAT-MODEL.md | - -### Contact & Security - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `{{SECURITY_EMAIL}}` | Security contact email | `security@example.org` | SECURITY.md | -| `{{PGP_FINGERPRINT}}` | 40-char PGP fingerprint | `ABCD 1234 ...` | SECURITY.md | -| `{{PGP_KEY_URL}}` | URL to public PGP key | `https://keys.openpgp.org/...` | SECURITY.md | -| `https://github.com/hyperpolymath/affinescript-vite` | Project website | `https://example.org` | SECURITY.md | -| `{{CONDUCT_EMAIL}}` | Conduct reports email | `conduct@example.org` | CODE_OF_CONDUCT.md | -| `{{CONDUCT_TEAM}}` | Conduct committee name | `Code of Conduct Committee` | CODE_OF_CONDUCT.md | -| `{{RESPONSE_TIME}}` | SLA for initial response | `48 hours` | CODE_OF_CONDUCT.md | - -### Git - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `{{MAIN_BRANCH}}` | Main branch name | `main` | CONTRIBUTING.md | - -### Build - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `{{LICENSE}}` | License name | `MPL-2.0` | ABI-FFI-README.md | -| `{{PROJECT_PURPOSE}}` | One-line project description | `FFI bridges between languages` | STATE.a2ml | - -### AI Manifest - -| Placeholder | Description | Example | Files | -|---|---|---|---| -| `[YOUR-REPO-NAME]` | Repository name | `my-project` | 0-AI-MANIFEST.a2ml | -| `[DATE]` | Creation date | `2026-02-14` | 0-AI-MANIFEST.a2ml | -| `[YOUR-NAME/ORG]` | Maintainer name | `hyperpolymath` | 0-AI-MANIFEST.a2ml | - -### AI Installation Guide - -| Marker | Description | Files | -|---|---|---| -| `[TODO-AI-INSTALL]` | Unfilled section in AI installation guide | `docs/AI_INSTALLATION_GUIDE.adoc`, `docs/AI-INSTALL-README-SECTION.adoc`, `README.adoc` | - -These are **not** standard `{{PLACEHOLDER}}` markers -- they are TODO markers -that must be replaced with project-specific content before release. They mark -sections where the developer (or AI) must fill in: - -- What questions the AI should ask the user -- Exact prerequisite check and install commands -- Privacy notice specific to this project -- Complete installation command block -- Credential setup instructions (URLs, scopes, env vars) -- Verification commands and expected output -- Error handling table -- Example conversation - -**finishbot checks:** `just validate-ai-install` verifies no `[TODO-AI-INSTALL]` markers remain. - -## Deletion Markers - -Some files contain deletion instructions: - -| Marker | Meaning | File | -|---|---|---| -| `{{~ ... ~}}` | Delete this entire line after reading | ABI-FFI-README.md (line 1) | - -## Verification - -After replacing all placeholders, verify none remain: - -```bash -grep -rn '{{' . --include='*.md' --include='*.adoc' --include='*.a2ml' \ - --include='*.scm' --include='*.idr' --include='*.zig' --include='*.res' \ - --include='Justfile' --include='*.nix' --include='*.toml' --include='*.yml' \ - --include='*.yaml' --include='*.hs' --include='*.ncl' --include='*.txt' \ - --include='*.json' --include='Containerfile' --include='dep5' \ - | grep -v 'PLACEHOLDERS.md' | grep -v 'node_modules' -``` - -If the above command produces no output, all placeholders have been replaced. diff --git a/road-skate/.machine_readable/ai/README.adoc b/road-skate/.machine_readable/ai/README.adoc deleted file mode 100644 index 121bbc8a..00000000 --- a/road-skate/.machine_readable/ai/README.adoc +++ /dev/null @@ -1,22 +0,0 @@ -= AI Guidance Directory - -Put AI-facing instructions in this folder. - -Examples: - -* `CLAUDE.md` -* `COPILOT.md` -* `GEMINI.md` -* `AI.a2ml` -* `AI.djot` - -Avoid scattering agent instruction files around the repo root. - -Recommended machine read order: - -* `.machine_readable/anchors/ANCHOR.a2ml` -* `.machine_readable/policies/MAINTENANCE-AXES.a2ml` -* `.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml` -* `.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml` -* `.machine_readable/STATE.a2ml` -* `.machine_readable/META.a2ml` diff --git a/road-skate/.machine_readable/anchors/0.2-AI-MANIFEST.a2ml b/road-skate/.machine_readable/anchors/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 45038e1e..00000000 --- a/road-skate/.machine_readable/anchors/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "anchors-registry" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-registry for anchors metadata. diff --git a/road-skate/.machine_readable/anchors/ANCHOR.a2ml b/road-skate/.machine_readable/anchors/ANCHOR.a2ml deleted file mode 100644 index dfb23741..00000000 --- a/road-skate/.machine_readable/anchors/ANCHOR.a2ml +++ /dev/null @@ -1,62 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# ANCHOR.a2ml - authoritative anchor for this repository - -[metadata] -version = "1.0.0" -last-updated = "{{CURRENT_DATE}}" - -[anchor] -schema = "hyperpolymath.anchor/1" -repo = "hyperpolymath/affinescript-vite" -authority = "upstream-canonical" - -purpose = [ - "Define canonical semantics and policy boundaries for this repository.", - "Declare what downstream/satellite repos can extend but not redefine.", - "Provide a stable golden path and invariant contract for release readiness.", -] - -[identity] -project = "AffineScript-Vite" -kind = "{{PROJECT_KIND}}" # language | library | service | tool -one-sentence = "{{PROJECT_PURPOSE}}" -domain = "{{PROJECT_DOMAIN}}" - -[semantic-authority] -policy = "canonical" - -owns = [ - "Project semantics and specification", - "Invariant definitions and contractiles", - "Reference implementation behavior", -] - -[implementation-policy] -allowed = ["Rust", "Idris2", "Zig", "Scheme", "Shell", "Just", "AsciiDoc", "Markdown"] -forbidden = ["Node.js", "npm"] - -[golden-path] -smoke-test-command = [ - "just test", - "just quality", -] - -success-criteria = [ - "Core tests pass", - "Quality gates pass", - "No unresolved critical security findings", -] - -[satellite-policy] -must-pin-upstream = true -must-declare-authority = true -must-have-anchor = true -must-have-golden-path = true - -[semantic-authority-files] -language-spec = "SPECIFICATION.md" -formal-proofs = "docs/proofs/PROOFS.adoc" -type-theory = "docs/theory/THEORY.adoc" -algorithms = "docs/theory/ALGORITHMS.adoc" diff --git a/road-skate/.machine_readable/anchors/README.adoc b/road-skate/.machine_readable/anchors/README.adoc deleted file mode 100644 index 1b27c02d..00000000 --- a/road-skate/.machine_readable/anchors/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= anchors Registry diff --git a/road-skate/.machine_readable/compliance/PROOF-NEEDS.md b/road-skate/.machine_readable/compliance/PROOF-NEEDS.md deleted file mode 100644 index d16a9516..00000000 --- a/road-skate/.machine_readable/compliance/PROOF-NEEDS.md +++ /dev/null @@ -1,103 +0,0 @@ -# Proof Requirements — {{PROJECT}} - - - - -## Proof Tier - - -**Tier**: T3 — Standard - -## Proof Categories - -| Code | Meaning | Applies? | -|------|---------|----------| -| **TP** | Typing Proofs (type soundness, type safety) | Yes | -| **INV** | Invariant Proofs (state machines, monotonicity, bounds) | | -| **SEC** | Security Proofs (crypto, injection freedom, access control) | | -| **CONC** | Concurrency Proofs (linearizability, deadlock freedom) | | -| **ALG** | Algorithm Proofs (termination, correctness, bounds) | | -| **ABI** | ABI/FFI Proofs (memory layout, pointer safety, platform compat) | Yes | -| **DOM** | Domain-Specific Proofs (bespoke to this project) | | - -## Mandatory Proofs (All RSR Repos) - -These proofs come from the rsr-template-repo and MUST be present in every repo: - -### ABI/FFI Boundary Proofs (Idris2) - -| # | Proof | Status | File | -|---|-------|--------|------| -| ABI-1 | Non-null pointer proofs (`So (ptr /= 0)`) | Needed | `verification/proofs/idris2/ABI/Pointers.idr` | -| ABI-2 | Memory layout correctness (`HasSize`, `HasAlignment`) | Needed | `verification/proofs/idris2/ABI/Layout.idr` | -| ABI-3 | Platform type size proofs (per platform) | Needed | `verification/proofs/idris2/ABI/Platform.idr` | -| ABI-4 | FFI function return type proofs | Needed | `verification/proofs/idris2/ABI/Foreign.idr` | -| ABI-5 | C ABI compliance (`CABICompliant`, `FieldsAligned`) | Needed | `verification/proofs/idris2/ABI/Compliance.idr` | - -### Typing Proofs (Prover Varies) - -| # | Proof | Status | File | -|---|-------|--------|------| -| TP-1 | Core data type well-formedness | Needed | `verification/proofs/idris2/Types.idr` | -| TP-2 | Public API type safety (exported functions) | Needed | `verification/proofs/lean4/ApiTypes.lean` | - -## Project-Specific Proofs - - - - -| # | Proof Needed | Category | Prover | Priority | File(s) | -|---|-------------|----------|--------|----------|---------| -| | | | | | | - -## Dangerous Patterns (BANNED) - -The following MUST NOT appear anywhere in proof files: - -| Pattern | Language | Meaning | -|---------|----------|---------| -| `believe_me` | Idris2 | Unsafe cast / trust-me | -| `assert_total` | Idris2 | Skip totality check | -| `postulate` | Idris2/Agda | Unproven axiom | -| `sorry` | Lean4 | Incomplete proof | -| `Admitted` | Coq | Incomplete proof | -| `unsafeCoerce` | Haskell | Unsafe type cast | -| `Obj.magic` | OCaml/ReScript | Unsafe type cast | -| `unsafe` (unaudited) | Rust | Unsafe block without safety comment | - -CI will reject any PR introducing these patterns (enforced by `panic-attack assail`). - -## Prover Selection Guide - -| Use Case | Recommended Prover | Why | -|----------|-------------------|-----| -| ABI/FFI boundaries | **Idris2** | Dependent types model layouts precisely | -| Type system proofs | **Coq** or **Lean4** | Mature proof assistants for metatheory | -| Algebraic properties | **Lean4** | Good mathlib support | -| Inductive/coinductive | **Agda** | Native support for (co)induction | -| Distributed systems | **TLA+** | Model checking for protocols | -| Numerical properties | **Isabelle** | Strong real analysis library | - -## Proof File Locations - -``` -verification/proofs/ -├── idris2/ # Idris2 proofs (ABI, dependent types) -│ ├── ABI/ # ABI-specific proofs -│ └── *.idr # Project-specific Idris2 proofs -├── lean4/ # Lean4 proofs (algebra, lattices) -│ └── *.lean -├── agda/ # Agda proofs (induction, metatheory) -│ └── *.agda -├── coq/ # Coq proofs (type systems, compilation) -│ └── *.v -└── tlaplus/ # TLA+ specs (distributed protocols) - └── *.tla -``` - -## References - -- Master list: `~/Desktop/PROOF-REQUIREMENTS-MASTER.md` -- Proof status tracking: `PROOF-STATUS.md` (this repo) -- Proven library: `proven` repo (Idris2 verified foundations) -- Template: `rsr-template-repo/PROOF-NEEDS.md` diff --git a/road-skate/.machine_readable/compliance/PROOF-STATUS.md b/road-skate/.machine_readable/compliance/PROOF-STATUS.md deleted file mode 100644 index 2be9f552..00000000 --- a/road-skate/.machine_readable/compliance/PROOF-STATUS.md +++ /dev/null @@ -1,81 +0,0 @@ -# Proof Status — {{PROJECT}} - - - - -## Summary - -| Category | Total | Done | In Progress | Blocked | Remaining | -|----------|-------|------|-------------|---------|-----------| -| ABI/FFI (ABI) | 5 | 0 | 0 | 0 | 5 | -| Typing (TP) | 2 | 0 | 0 | 0 | 2 | -| Invariant (INV) | 0 | 0 | 0 | 0 | 0 | -| Security (SEC) | 0 | 0 | 0 | 0 | 0 | -| Concurrency (CONC) | 0 | 0 | 0 | 0 | 0 | -| Algorithm (ALG) | 0 | 0 | 0 | 0 | 0 | -| Domain (DOM) | 0 | 0 | 0 | 0 | 0 | -| **Total** | **7** | **0** | **0** | **0** | **7** | - -**Overall**: 0% proven - -## Proofs Done - - - - - -| ID | Proof | Prover | File | Date | Verified By | -|----|-------|--------|------|------|-------------| -| — | No proofs completed yet | — | — | — | — | - -## Proofs In Progress - -| ID | Proof | Prover | Assignee | Started | Blocker | -|----|-------|--------|----------|---------|---------| -| — | — | — | — | — | — | - -## Proofs Blocked - -| ID | Proof | Blocked By | Notes | -|----|-------|------------|-------| -| — | — | — | — | - -## Proofs Remaining - -| ID | Proof | Category | Prover | Priority | Est. Effort | -|----|-------|----------|--------|----------|-------------| -| ABI-1 | Non-null pointer proofs | ABI | Idris2 | P1 | 2h | -| ABI-2 | Memory layout correctness | ABI | Idris2 | P1 | 4h | -| ABI-3 | Platform type size proofs | ABI | Idris2 | P1 | 2h | -| ABI-4 | FFI function return type proofs | ABI | Idris2 | P1 | 2h | -| ABI-5 | C ABI compliance | ABI | Idris2 | P1 | 4h | -| TP-1 | Core data type well-formedness | TP | Idris2 | P1 | 4h | -| TP-2 | Public API type safety | TP | Lean4 | P2 | 4h | - -## Verification Commands - -```bash -# Check all Idris2 proofs -just proof-check-idris2 - -# Check all Lean4 proofs -just proof-check-lean4 - -# Check all Agda proofs -just proof-check-agda - -# Check all Coq proofs -just proof-check-coq - -# Run all proof checks -just proof-check-all - -# Scan for dangerous patterns -panic-attack assail --proofs-only -``` - -## Changelog - -| Date | Change | By | -|------|--------|-----| -| 2026-04-04 | Initial proof status tracking | Template | diff --git a/road-skate/.machine_readable/compliance/TEST-NEEDS.md b/road-skate/.machine_readable/compliance/TEST-NEEDS.md deleted file mode 100644 index ede88383..00000000 --- a/road-skate/.machine_readable/compliance/TEST-NEEDS.md +++ /dev/null @@ -1,107 +0,0 @@ -# TEST-NEEDS: rsr-template-repo - -## CRG Grade: C — ACHIEVED 2026-04-04 - -## Current State (Updated 2026-04-04) - -| Category | Count | Details | -|----------|-------|---------| -| **Source modules** | 6 | 3 Idris2 ABI (Foreign, Layout, Types), 2 Zig FFI (build, main), 1 Zig integration test template | -| **Unit tests** | 0 | None in main source (inline tests in main.zig) | -| **Integration tests** | 1 | test/integration_test.zig (documented template, 1 placeholder test) | -| **E2E tests** | 1 | tests/e2e/template_instantiation_test.sh (full instantiation + validation) | -| **Workflow tests** | 1 | tests/workflows/validate_workflows_test.sh (21 workflows validated) | -| **Validation tests** | 1 | scripts/validate-template.sh (8-phase comprehensive validation) | -| **Benchmarks** | 5 | benches/template_bench.sh (validation, Zig build, tests, workflows, instantiation) | -| **Fuzz tests** | 0 | README.adoc scaffold with harness instructions | - -## Completed Work (CRG C - Testing & Benchmarking) - -### Template Validation Script ✅ -- [x] `scripts/validate-template.sh` — 8-phase validation - - Phase 1: Core repository structure (root files, directories) - - Phase 2: Machine-readable metadata (.machine_readable/) - - Phase 3: GitHub Actions workflows (17 required + all present) - - Phase 4: Idris2 ABI and Zig FFI source files - - Phase 5: Placeholder token replacement (skipped in template) - - Phase 6: SPDX license headers (100% coverage, 6/6 files) - - Phase 7: Build system verification (zig build + idris2 syntax check) - - Phase 8: Documentation requirements (TOPOLOGY, ABI-FFI-README, etc) -- Status: **PASSING** (0 errors, 3 warnings about template placeholders) - -### E2E Template Instantiation Test ✅ -- [x] `tests/e2e/template_instantiation_test.sh` — full workflow - - Clones template to temp directory - - Replaces all {{PLACEHOLDER}} tokens with test values - - Validates resulting structure with scripts/validate-template.sh - - Verifies Zig build works after instantiation - - Checks no remaining placeholders - - Cleans up temp directory -- Status: **READY TO TEST** (can be verified by CI) - -### Workflow Validation Test ✅ -- [x] `tests/workflows/validate_workflows_test.sh` - - Validates all 21 workflows exist and have proper structure - - Checks SPDX headers, 'name' field - - Verifies all 15 required workflows present -- Status: **PASSING** (0 errors, 15/15 required workflows found) - -### Zig FFI Tests ✅ -- [x] `src/interface/ffi/test/integration_test.zig` — template with examples - - Converted from affinescript-vite placeholders to "template" namespace - - Added comprehensive comments for how to instantiate - - Tests grouped by category (lifecycle, operations, strings, errors, version, memory safety, threading) - - Compiles and passes placeholder test -- Status: **PASSING** (1 test: placeholder_test_implementation_required passes) - -### Benchmarks ✅ -- [x] `benches/template_bench.sh` — 5 benchmark suites - - Validation script: ~5.8s average (3 runs) - - Zig build: ~19ms (clean build) - - Zig tests: ~20ms - - Workflow validation: ~117ms - - Template instantiation: ~427ms -- Formats: human, json, csv -- Status: **PASSING** (all benchmarks execute) - -### Build System ✅ -- [x] `src/interface/ffi/build.zig` — updated for Zig 0.15.2 - - Simplified to test-only configuration - - Supports both unit tests and integration tests - - Works with `zig build` without errors -- Status: **PASSING** (builds successfully) - -## Test Results Summary - -``` -Validation Script: PASS (0 errors, 3 warnings) -Workflow Validation: PASS (21/21 workflows valid) -Integration Tests: PASS (1/1 placeholder test) -E2E Instantiation: READY (needs CI confirmation) -Benchmarks: PASS (5/5 benchmark suites) -Build System: PASS (zig build succeeds) -``` - -## CRG C Compliance - -- **Coverage**: 6/6 test categories (unit, integration, E2E, workflow, validation, benchmarks) -- **Documentation**: All test files have SPDX headers + inline documentation -- **Author Attribution**: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com> -- **License**: MPL-2.0 on all new files -- **Automation**: All scripts executable + working - -## FLAGGED ISSUES - ALL RESOLVED - -- ~~**Template repo used by ALL new repos has 0 validation tests**~~ → FIXED: 4 test suites + validation script -- ~~**fuzz/placeholder.txt**~~ → FIXED: replaced with README.adoc containing real harness instructions -- ~~**No E2E tests for template instantiation**~~ → FIXED: full E2E test suite -- ~~**Zig FFI integration tests are placeholders**~~ → FIXED: converted to documented template format - -## Next Steps (Future Sessions) - -- [ ] Integrate test scripts into CI/CD workflows -- [ ] Generate test coverage reports -- [ ] Add more specialized benchmarks (memory, threading stress) -- [ ] Document test instantiation patterns for new repos - -## Priority: P0 (COMPLETE) ✅ diff --git a/road-skate/.machine_readable/compliance/reuse/dep5 b/road-skate/.machine_readable/compliance/reuse/dep5 deleted file mode 100644 index 40b1097c..00000000 --- a/road-skate/.machine_readable/compliance/reuse/dep5 +++ /dev/null @@ -1,54 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: AffineScript-Vite -Upstream-Contact: hyperpolymath -Source: https://github.com/hyperpolymath/affinescript-vite - -# Default: all files are MPL-2.0 -Files: * -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Configuration files that cannot carry headers -Files: .editorconfig .gitignore .gitattributes .tool-versions .mailmap -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Machine-readable state files -Files: .machine_readable/*.a2ml -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Bot directives -Files: .machine_readable/bot_directives/* -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Contractiles -Files: .machine_readable/contractiles/* -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# GitHub/CI configuration -Files: .github/* .github/**/* -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Generated files -Files: generated/* -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Lockfiles and auto-generated -Files: *.lock Cargo.lock flake.lock -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Devcontainer config (JSON, no comments) -Files: .devcontainer/*.json -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 - -# Git-cliff config -Files: cliff.toml -Copyright: {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -License: MPL-2.0 diff --git a/road-skate/.machine_readable/compliance/rust/deny.toml b/road-skate/.machine_readable/compliance/rust/deny.toml deleted file mode 100644 index 0534a851..00000000 --- a/road-skate/.machine_readable/compliance/rust/deny.toml +++ /dev/null @@ -1,65 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# cargo-deny configuration for RSR-compliant repositories -# Run: cargo deny check -# Docs: https://embarkstudios.github.io/cargo-deny/ - -[graph] -targets = [] -all-features = true - -# --- Advisory database --------------------------------------------------- -[advisories] -db-path = "~/.cargo/advisory-db" -db-urls = ["https://github.com/rustsec/advisory-db"] -# Fail on any known vulnerability -vulnerability = "deny" -unmaintained = "warn" -yanked = "warn" -notice = "warn" - -# --- License policy ------------------------------------------------------- -[licenses] -unlicensed = "deny" -confidence-threshold = 0.8 - -allow = [ - "MPL-2.0", - "MPL-2.0", - "MIT", - "Apache-2.0", - "BSD-2-Clause", - "BSD-3-Clause", - "ISC", - "Zlib", - "Unicode-3.0", - "Unicode-DFS-2016", -] - -deny = [ - "AGPL-3.0-only", - "AGPL-3.0-or-later", -] - -copyleft = "warn" - -[[licenses.exceptions]] -allow = ["OpenSSL"] -name = "ring" - -# --- Crate bans ------------------------------------------------------------ -[bans] -multiple-versions = "warn" -wildcards = "allow" -highlight = "all" - -deny = [ - # Known-bad crates - { name = "openssl", wrappers = ["openssl-sys"] }, -] - -# --- Source restrictions ---------------------------------------------------- -[sources] -unknown-registry = "deny" -unknown-git = "warn" -allow-registry = ["https://github.com/rust-lang/crates.io-index"] -allow-git = [] diff --git a/road-skate/.machine_readable/configs/0.2-AI-MANIFEST.a2ml b/road-skate/.machine_readable/configs/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 6e41e6c2..00000000 --- a/road-skate/.machine_readable/configs/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "configs-registry" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-registry for configs metadata. diff --git a/road-skate/.machine_readable/configs/README.adoc b/road-skate/.machine_readable/configs/README.adoc deleted file mode 100644 index 616b9e76..00000000 --- a/road-skate/.machine_readable/configs/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= configs Registry diff --git a/road-skate/.machine_readable/configs/eclexiaiser.toml b/road-skate/.machine_readable/configs/eclexiaiser.toml deleted file mode 100644 index df7ace42..00000000 --- a/road-skate/.machine_readable/configs/eclexiaiser.toml +++ /dev/null @@ -1,26 +0,0 @@ -# eclexiaiser manifest — energy/carbon resource budgets -# SPDX-License-Identifier: MPL-2.0 - -[project] -name = "rsr-template-repo" - -[[functions]] -name = "build" -source = "src/interface/ffi/build.zig" -energy-budget-mj = 15.0 -carbon-budget-mg = 3.0 - -[[functions]] -name = "setError" -source = "src/interface/ffi/src/main.zig" -energy-budget-mj = 5.0 -carbon-budget-mg = 1.0 - -[carbon] -provider = "static" -region = "GB" -static-intensity = 200.0 - -[report] -format = "text" -include-recommendations = true diff --git a/road-skate/.machine_readable/configs/git-cliff/cliff.toml b/road-skate/.machine_readable/configs/git-cliff/cliff.toml deleted file mode 100644 index 5540fa36..00000000 --- a/road-skate/.machine_readable/configs/git-cliff/cliff.toml +++ /dev/null @@ -1,119 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# git-cliff configuration for conventional commit changelog generation. -# https://git-cliff.org/docs/configuration -# -# Placeholders — replace before first use: -# hyperpolymath — GitHub organization or username -# affinescript-vite — GitHub repository name - -[changelog] -# Changelog header -header = """ -# Changelog\n -All notable changes to this project will be documented in this file.\n -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).\n -\n -""" -# Template for the changelog body -# https://keats.github.io/tera/docs/#introduction -body = """ -{%- macro remote_url() -%} - https://github.com/hyperpolymath/affinescript-vite -{%- endmacro -%} - -{% if version -%} - ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }} -{% else -%} - ## [Unreleased] -{% endif -%} - -{% for group, commits in commits | group_by(attribute="group") %} - ### {{ group | striptags | trim }} - {% for commit in commits %} - - {% if commit.scope %}**{{ commit.scope }}:** {% endif %}\ - {% if commit.breaking %}[**BREAKING**] {% endif %}\ - {{ commit.message | upper_first }}\ - {%- if commit.links %} \ - ({% for link in commit.links %}[{{ link.text }}]({{ link.href }}){% endfor %}){% endif -%} - {% endfor %} -{% endfor %} - -{%- if github -%} -{% if github.contributors | filter(attribute="is_first_time", value=true) | length != 0 %} - ### New Contributors -{%- for contributor in github.contributors | filter(attribute="is_first_time", value=true) %} - * @{{ contributor.username }} made their first contribution - {%- if contributor.pr_number %} in \ - [#{{ contributor.pr_number }}]({{ self::remote_url() }}/pull/{{ contributor.pr_number }}) - {%- endif %} -{%- endfor %} -{% endif -%} -{% endif -%} - -""" -# Template for the changelog footer -footer = """ -{%- macro remote_url() -%} - https://github.com/hyperpolymath/affinescript-vite -{%- endmacro -%} - -{% for release in releases -%} - {% if release.version -%} - {% if release.previous.version -%} - [{{ release.version | trim_start_matches(pat="v") }}]: \ - {{ self::remote_url() }}/compare/{{ release.previous.version }}...{{ release.version }} - {% endif -%} - {% else -%} - {% if release.previous.version -%} - [Unreleased]: {{ self::remote_url() }}/compare/{{ release.previous.version }}...HEAD - {% endif -%} - {% endif -%} -{% endfor %} - -""" -# Remove leading and trailing whitespace from templates -trim = true - -[git] -# Parse conventional commits -# https://www.conventionalcommits.org -conventional_commits = true -# Filter out unconventional commits -filter_unconventional = true -# Process each line of a commit as an individual commit -split_commits = false -# Regex for commit preprocessing -commit_preprocessors = [ - # Remove issue numbers from commit messages - { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "" }, -] -# Regex for parsing and grouping commits -commit_parsers = [ - { message = "^feat", group = "Features" }, - { message = "^fix", group = "Bug Fixes" }, - { message = "^security", group = "Security" }, - { message = "^perf", group = "Performance" }, - { message = "^refactor", group = "Refactoring" }, - { message = "^docs", group = "Documentation" }, - { message = "^style", group = "Styling" }, - { message = "^test", group = "Testing" }, - { message = "^ci", group = "CI/CD" }, - { message = "^chore\\(release\\)", skip = true }, - { message = "^chore\\(deps.*\\)", skip = true }, - { message = "^chore\\(pr\\)", skip = true }, - { message = "^chore", group = "Miscellaneous" }, - { body = ".*security", group = "Security" }, -] -# Protect breaking changes from being skipped by a commit parser -protect_breaking_commits = false -# Filter out merge commits -filter_merge_commits = true -# Filter out commits by tag pattern (skip pre-releases) -# tag_pattern = "v[0-9].*" -# Regex for skipping tags -# skip_tags = "beta|alpha" -# Sort commits within each group by oldest first -sort_commits = "oldest" diff --git a/road-skate/.machine_readable/configs/selur-compose.toml b/road-skate/.machine_readable/configs/selur-compose.toml deleted file mode 100644 index 960ddbea..00000000 --- a/road-skate/.machine_readable/configs/selur-compose.toml +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -# -# Stapeln service definition for rsr-template-repo -# -# Usage: -# podman-compose -f selur-compose.toml up -d -# just stack-up - -[project] -name = "rsr-template-repo" - -[services.app] -build = { context = ".", dockerfile = "Containerfile" } -restart = "unless-stopped" -networks = ["default"] -healthcheck = { test = "exit 0", interval = "30s", timeout = "5s", retries = 3 } diff --git a/road-skate/.machine_readable/configs/stapeln.toml b/road-skate/.machine_readable/configs/stapeln.toml deleted file mode 100644 index eb3785ea..00000000 --- a/road-skate/.machine_readable/configs/stapeln.toml +++ /dev/null @@ -1,87 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# stapeln.toml — Layer-based container build for rsr-template-repo -# -# stapeln builds containers as composable layers (German: "to stack"). -# Each layer is independently cacheable, verifiable, and signable. - -[metadata] -name = "rsr-template-repo" -version = "0.1.0" -description = "rsr-template-repo container service" -author = "Jonathan D.A. Jewell " -license = "MPL-2.0" -registry = "ghcr.io/hyperpolymath" - -[build] -containerfile = "Containerfile" -context = "." -runtime = "podman" - -# ── Layer Definitions ────────────────────────────────────────── - -[layers.base] -description = "Chainguard Wolfi minimal base" -from = "cgr.dev/chainguard/wolfi-base:latest" -cache = true -verify = true - -[layers.toolchain] -description = "Build tools" -extends = "base" -packages = [] -cache = true - -[layers.build] -description = "rsr-template-repo build" -extends = "toolchain" -commands = [] - -[layers.runtime] -description = "Minimal runtime" -from = "cgr.dev/chainguard/wolfi-base:latest" -packages = ["ca-certificates", "curl"] -copy-from = [ - { layer = "build", src = "/app/", dst = "/app/" }, -] -entrypoint = ["/app/rsr-template-repo"] -user = "nonroot" - -# ── Security ─────────────────────────────────────────────────── - -[security] -non-root = true -read-only-root = false -no-new-privileges = true -cap-drop = ["ALL"] -seccomp-profile = "default" - -[security.signing] -algorithm = "ML-DSA-87" -provider = "cerro-torre" - -[security.sbom] -format = "spdx-json" -output = "sbom.spdx.json" -include-deps = true - -# ── Verification ─────────────────────────────────────────────── - -[verify] -vordr = true -svalinn = true -scan-on-build = true -fail-on = ["critical", "high"] - -# ── Targets ──────────────────────────────────────────────────── - -[targets.development] -layers = ["base", "chainguard-toolchain", "build"] -env = { LOG_LEVEL = "debug" } - -[targets.production] -layers = ["runtime"] -env = { LOG_LEVEL = "info" } - -[targets.test] -layers = ["base", "chainguard-toolchain", "build"] -env = { LOG_LEVEL = "debug" } diff --git a/road-skate/.machine_readable/contractiles/README.adoc b/road-skate/.machine_readable/contractiles/README.adoc deleted file mode 100644 index d40fcd18..00000000 --- a/road-skate/.machine_readable/contractiles/README.adoc +++ /dev/null @@ -1,19 +0,0 @@ -= Contractiles Template Set -:toc: -:sectnums: - -This directory contains the generalized contractiles templates. Copy the `.machine_readable/contractiles/` directory into a new repo to establish a consistent operational, validation, trust, recovery, and intent framework. - -== Fill-In Instructions - -1. Update the Mustfile to reflect your real invariants (paths, schema versions, ports). -2. Replace Trustfile.hs placeholders with your actual key paths and verification commands. -3. Adjust Dustfile handlers to match your rollback and recovery tooling. -4. Update Intentfile to mirror the roadmap you want the system to evolve toward. - -== Contents - -* `must/Mustfile` - required invariants and validations. -* `trust/Trustfile.hs` - cryptographic verification steps. -* `dust/Dustfile` - rollback and recovery semantics. -* `lust/Intentfile` - future intent and roadmap direction. diff --git a/road-skate/.machine_readable/contractiles/contractile.just b/road-skate/.machine_readable/contractiles/contractile.just deleted file mode 100644 index 9a5827ba..00000000 --- a/road-skate/.machine_readable/contractiles/contractile.just +++ /dev/null @@ -1,75 +0,0 @@ -# Auto-generated by: contractile gen-just -# Source directory: contractiles -# Re-generate with: contractile gen-just --dir contractiles -# -# SPDX-License-Identifier: MPL-2.0 - -# === DUST (Recovery & Rollback) === -# Source: Dustfile.a2ml - -# List available dust recovery actions -dust-status: - @echo ' dust-source-rollback: Revert all source changes to last commit [rollback]' - -# Revert all source changes to last commit -dust-source-rollback: - @echo 'Executing rollback for source-rollback' - git checkout HEAD -- . - - -# === INTEND (Declared Future Intent) === -# Source: Intentfile.a2ml - -# Display declared future intents -intend-list: - @echo '=== Declared Intent ===' - @echo '' - @echo 'Features:' - @echo '' - @echo 'Quality:' - - -# === MUST (Physical State Checks) === -# Source: Mustfile.a2ml - -# Run all must checks -must-check: must-license-present must-readme-present must-spdx-headers must-no-banned-files - @echo 'All must checks passed' - -# LICENSE file must exist -must-license-present: - test -f LICENSE - -# README must exist -must-readme-present: - test -f README.adoc || test -f README.md - -# Source files should have SPDX license headers -must-spdx-headers: - find . -name '*.rs' -o -name '*.res' -o -name '*.gleam' | head -20 | xargs -r grep -L 'SPDX-License-Identifier' | wc -l | grep -q '^0$' - -# No Dockerfiles or Makefiles -must-no-banned-files: - test ! -f Dockerfile && test ! -f Makefile - - -# === TRUST (Integrity & Provenance Verification) === -# Source: Trustfile.a2ml - -# Run all trust verifications -trust-verify: trust-license-content trust-no-secrets-committed trust-container-images-pinned - @echo 'All trust verifications passed' - -# LICENSE contains expected SPDX identifier -trust-license-content: - grep -q 'SPDX\|License\|MIT\|Apache\|PMPL\|MPL' LICENSE - -# No .env or credential files in repo -trust-no-secrets-committed: - test ! -f .env && test ! -f credentials.json && test ! -f .env.local - -# Containerfile base images use pinned digests -trust-container-images-pinned: - test ! -f Containerfile || grep -q '@sha256:' Containerfile - - diff --git a/road-skate/.machine_readable/contractiles/dust/Dustfile.a2ml b/road-skate/.machine_readable/contractiles/dust/Dustfile.a2ml deleted file mode 100644 index be38a8ca..00000000 --- a/road-skate/.machine_readable/contractiles/dust/Dustfile.a2ml +++ /dev/null @@ -1,44 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Dustfile — Cleanup and hygiene contract -# Author: Jonathan D.A. Jewell - -@abstract: -What should be cleaned up or removed from this repository. -These are housekeeping items, not blockers. -@end - -## Stale Files - -### no-stale-snapshots -- description: No dated status/completion files in root -- run: "! ls *-STATUS-*.md *-COMPLETION-*.md *-COMPLETE.md *-VERIFIED-*.md 2>/dev/null | head -1 | grep -q ." -- severity: info - -### no-ai-djot -- description: AI.djot is superseded by 0-AI-MANIFEST.a2ml -- run: test ! -f AI.djot -- severity: warning - -### no-next-steps -- description: NEXT_STEPS.md superseded by ROADMAP -- run: test ! -f NEXT_STEPS.md -- severity: info - -## Build Artifacts - -### no-tracked-artifacts -- description: No build artifacts tracked in git -- run: "! git ls-files lib/bs/ lib/ocaml/ target/release/ _build/ 2>/dev/null | head -1 | grep -q ." -- severity: warning - -## Format Duplicates - -### no-duplicate-contributing -- description: Only one CONTRIBUTING format (keep .md) -- run: "! (test -f CONTRIBUTING.md && test -f CONTRIBUTING.adoc)" -- severity: warning - -### no-duplicate-readme -- description: Only one README format -- run: "! (test -f README.md && test -f README.adoc && [ $(wc -l < README.md) -gt 5 ])" -- severity: warning diff --git a/road-skate/.machine_readable/contractiles/must/Mustfile.a2ml b/road-skate/.machine_readable/contractiles/must/Mustfile.a2ml deleted file mode 100644 index 215c5106..00000000 --- a/road-skate/.machine_readable/contractiles/must/Mustfile.a2ml +++ /dev/null @@ -1,69 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Mustfile — Physical state contract -# Author: Jonathan D.A. Jewell - -@abstract: -What MUST be true about this repository's files and configuration. -These are hard requirements — CI fails if any check fails. -@end - -## File Presence - -### license-present -- description: LICENSE file must exist -- run: test -f LICENSE -- severity: critical - -### readme-present -- description: README.adoc or README.md must exist -- run: test -f README.adoc || test -f README.md -- severity: critical - -### security-policy -- description: SECURITY.md must exist -- run: test -f SECURITY.md -- severity: critical - -### ai-manifest -- description: 0-AI-MANIFEST.a2ml must exist -- run: test -f 0-AI-MANIFEST.a2ml -- severity: critical - -### contributing -- description: CONTRIBUTING.md must exist (GitHub community health) -- run: test -f CONTRIBUTING.md -- severity: warning - -### editorconfig -- description: .editorconfig must exist -- run: test -f .editorconfig -- severity: warning - -## SPDX Compliance - -### spdx-headers -- description: All source files must have SPDX-License-Identifier -- run: "! find src/ -name '*.rs' -o -name '*.res' -o -name '*.idr' -o -name '*.zig' 2>/dev/null | head -20 | xargs grep -L 'SPDX-License-Identifier' 2>/dev/null | head -1 | grep -q ." -- severity: warning - -### no-agpl -- description: No AGPL-3.0 references in dotfiles -- run: "! grep -r 'AGPL-3.0' .gitignore .gitattributes .editorconfig 2>/dev/null | head -1 | grep -q ." -- severity: critical - -## Dangerous Patterns - -### no-believe-me -- description: No believe_me in Idris2 code -- run: "! grep -r 'believe_me' --include='*.idr' . 2>/dev/null | grep -v node_modules | head -1 | grep -q ." -- severity: critical - -### no-sorry -- description: No sorry in Lean code -- run: "! grep -r 'sorry' --include='*.lean' . 2>/dev/null | grep -v node_modules | head -1 | grep -q ." -- severity: critical - -### no-admitted -- description: No Admitted in Coq code -- run: "! grep -r 'Admitted' --include='*.v' . 2>/dev/null | grep -v node_modules | head -1 | grep -q ." -- severity: critical diff --git a/road-skate/.machine_readable/contractiles/trust/Trustfile.a2ml b/road-skate/.machine_readable/contractiles/trust/Trustfile.a2ml deleted file mode 100644 index 2e583a39..00000000 --- a/road-skate/.machine_readable/contractiles/trust/Trustfile.a2ml +++ /dev/null @@ -1,74 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Trustfile — Integrity and provenance verification -# Author: Jonathan D.A. Jewell - -@abstract: -Integrity invariants for this repository. These verify that the repo -has not been tampered with, secrets are not leaked, and provenance -is traceable. -@end - -## Secrets - -### no-secrets-committed -- description: No credential files in repo -- run: test ! -f .env && test ! -f credentials.json && test ! -f .env.local && test ! -f .env.production -- severity: critical - -### no-private-keys -- description: No private key files committed -- run: "! find . -name '*.pem' -o -name '*.key' -o -name 'id_rsa' -o -name 'id_ed25519' 2>/dev/null | grep -v node_modules | head -1 | grep -q ." -- severity: critical - -### no-tokens-in-source -- description: No hardcoded API tokens in source -- run: "! grep -rE '(api[_-]?key|secret|token|password)\s*[:=]\s*[\"'\\''][A-Za-z0-9]{16,}' --include='*.js' --include='*.ts' --include='*.res' --include='*.py' . 2>/dev/null | grep -v node_modules | head -1 | grep -q ." -- severity: critical - -## Provenance - -### author-correct -- description: Git author matches expected identity -- run: "git log -1 --format='%ae' | grep -qE '(hyperpolymath|j\\.d\\.a\\.jewell)'" -- severity: warning - -### license-content -- description: LICENSE contains expected identifier -- run: grep -q 'PMPL\|MPL\|MIT\|Apache\|LGPL' LICENSE -- severity: warning - -## Container Security - -### container-images-pinned -- description: Containerfile uses pinned base images -- run: test ! -f Containerfile || grep -q 'cgr.dev\|@sha256:' Containerfile -- severity: warning - -### no-dockerfile -- description: No Dockerfile (use Containerfile) -- run: test ! -f Dockerfile -- severity: warning - -## Dangerous Patterns - -### no-believe-me -- description: No believe_me, assert_total, Admitted, sorry, unsafeCoerce, Obj.magic -- run: "! grep -rE 'believe_me|assert_total|Admitted|sorry|unsafeCoerce|Obj\\.magic' --include='*.idr' --include='*.lean' --include='*.v' --include='*.ml' --include='*.hs' . 2>/dev/null | head -1 | grep -q ." -- severity: critical - -### no-unsafe-without-comment -- description: All unsafe blocks in Rust must have SAFETY comments -- run: "! grep -B1 'unsafe {' --include='*.rs' -r . 2>/dev/null | grep -v SAFETY | grep 'unsafe {' | head -1 | grep -q ." -- severity: warning - -## Service Security (if applicable) - -### localhost-only-bindings -- description: Backend services bind to 127.0.0.1 only -- run: "! grep -rE 'bind\\(\"0\\.0\\.0\\.0' --include='*.rs' --include='*.ex' --include='*.ts' . 2>/dev/null | head -1 | grep -q ." -- severity: critical - -### coordination-file-permissions -- description: Coordination/session files are owner-only (0600) -- run: test ! -d ~/.claude/coordination || find ~/.claude/coordination -type f ! -perm 600 2>/dev/null | wc -l | grep -q '^0$' -- severity: warning diff --git a/road-skate/.machine_readable/integrations/feedback-o-tron.a2ml b/road-skate/.machine_readable/integrations/feedback-o-tron.a2ml deleted file mode 100644 index 691bb72c..00000000 --- a/road-skate/.machine_readable/integrations/feedback-o-tron.a2ml +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# OPTIONAL: Feedback-o-Tron Integration — Autonomous Bug Reporting -# Delete this file if your project does not use feedback-o-tron. - -[integration] -name = "feedback-o-tron" -type = "bug-reporter" -repository = "https://github.com/hyperpolymath/feedback-o-tron" - -[reporting-config] -platforms = ["github", "gitlab", "bugzilla"] -deduplication = true -audit-logging = true -auto-file-upstream = "on-external-dependency-failure" diff --git a/road-skate/.machine_readable/integrations/groove.a2ml b/road-skate/.machine_readable/integrations/groove.a2ml deleted file mode 100644 index 15067acb..00000000 --- a/road-skate/.machine_readable/integrations/groove.a2ml +++ /dev/null @@ -1,38 +0,0 @@ -; SPDX-License-Identifier: MPL-2.0 -; Groove Protocol Manifest — declares API surfaces this project exposes. -; -; Used by V-triple connectors and the Groove bridge for snap-on/snap-off -; service discovery. Edit this file to match your project's actual APIs. -; -; See: https://github.com/hyperpolymath/standards/tree/main/groove-protocol - -(groove-manifest - (version "1.0") - - ; Service identity — replace affinescript-vite with your project name - (service "affinescript-vite") - (service-version "0.1.0") - - ; Primary port — MUST be unique across the ecosystem. - ; Check PORT-REGISTRY.md in the standards repo before assigning. - ; https://github.com/hyperpolymath/standards/blob/main/PORT-REGISTRY.md - (port 0) ; 0 = not assigned yet — run `just groove-setup` to assign - - ; API surfaces this project exposes (dodeca-API) - ; Remove lines for API types you don't use. - (api-surfaces - (rest (enabled true) (path "/api/v1")) - (grpc (enabled false) (port-offset 1)) - (graphql (enabled false) (path "/graphql")) - (websocket (enabled false) (path "/ws")) - (sse (enabled false) (path "/events")) - (groove (enabled true) (path "/.well-known/groove"))) - - ; Health endpoint — used by Groove discovery - (health "/health") - - ; Capabilities — what this service can do for others - (capabilities ()) - - ; Dependencies — what this service needs from others - (dependencies ())) diff --git a/road-skate/.machine_readable/integrations/proven.a2ml b/road-skate/.machine_readable/integrations/proven.a2ml deleted file mode 100644 index 96a8a7d8..00000000 --- a/road-skate/.machine_readable/integrations/proven.a2ml +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# OPTIONAL: Proven Integration — Formally Verified Safety Library -# Delete this file if your project does not use the proven library. -# See https://github.com/hyperpolymath/proven for details. - -[integration] -name = "proven" -type = "safety-library" -repository = "https://github.com/hyperpolymath/proven" -version = "1.2.0" - -[binding-policy] -approach = "thin-ffi-wrapper" -unsafe-patterns = "replace-with-proven-equivalent" -modules-available = ["SafeMath", "SafeString", "SafeJSON", "SafeURL", "SafeRegex", "SafeSQL", "SafeFile", "SafeTemplate", "SafeCrypto"] - -[adoption-guidance] -priority = "high" -scope = "all-string-json-url-crypto-operations" -migration = "incremental — replace unsafe patterns as encountered" diff --git a/road-skate/.machine_readable/integrations/verisimdb.a2ml b/road-skate/.machine_readable/integrations/verisimdb.a2ml deleted file mode 100644 index 78ca1f0e..00000000 --- a/road-skate/.machine_readable/integrations/verisimdb.a2ml +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# OPTIONAL: VeriSimDB Feed — Cross-Repo Analytics Data Store -# Delete this file if your project does not feed data to VeriSimDB. -# See https://github.com/hyperpolymath/nextgen-databases for details. - -[integration] -name = "verisimdb" -type = "data-feed" -repository = "https://github.com/hyperpolymath/nextgen-databases" -data-store = "verisimdb-data" - -[feed-config] -emit-scan-results = true -emit-build-metrics = true -emit-dependency-graph = true -format = "hexad" -destination = "verisimdb-data/feeds/" diff --git a/road-skate/.machine_readable/integrations/vexometer.a2ml b/road-skate/.machine_readable/integrations/vexometer.a2ml deleted file mode 100644 index 2f7ef802..00000000 --- a/road-skate/.machine_readable/integrations/vexometer.a2ml +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# OPTIONAL: Vexometer Integration — Irritation Surface Analysis -# Delete this file if your project does not use vexometer. - -[integration] -name = "vexometer" -type = "friction-measurement" -repository = "https://github.com/hyperpolymath/vexometer" - -[measurement-config] -dimensions = 10 -emit-isa-reports = true -lazy-eliminator = true -satellite-interventions = true - -[hooks] -cli-tools = "measure-on-error" -ui-panels = "measure-on-interaction" -build-failures = "measure-on-failure" diff --git a/road-skate/.machine_readable/policies/.maintenance-perms-ignore b/road-skate/.machine_readable/policies/.maintenance-perms-ignore deleted file mode 100644 index 2c8c4096..00000000 --- a/road-skate/.machine_readable/policies/.maintenance-perms-ignore +++ /dev/null @@ -1,5 +0,0 @@ -# Regex patterns for justified permission-policy exceptions. -# One pattern per line. -# Example: -# ^vendor/ -# ^third_party/ diff --git a/road-skate/.machine_readable/policies/0.2-AI-MANIFEST.a2ml b/road-skate/.machine_readable/policies/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 01a19140..00000000 --- a/road-skate/.machine_readable/policies/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "policies-registry" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-registry for policies metadata. diff --git a/road-skate/.machine_readable/policies/MAINTENANCE-AXES.a2ml b/road-skate/.machine_readable/policies/MAINTENANCE-AXES.a2ml deleted file mode 100644 index c4fe7544..00000000 --- a/road-skate/.machine_readable/policies/MAINTENANCE-AXES.a2ml +++ /dev/null @@ -1,54 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 hyperpolymath (hyperpolymath) -# -# Canonical maintenance governance model - -[metadata] -version = "1.0.0" -last-updated = "2026-04-06" -scope = "repo" - -[discovery] -human-entrypoints = [ - "README.adoc", - "docs/governance/MAINTENANCE-CHECKLIST.adoc", - "docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc", -] -machine-entrypoints = [ - ".machine_readable/policies/MAINTENANCE-AXES.a2ml", - ".machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml", - ".machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml", - ".machine_readable/META.a2ml", - ".machine_readable/ai/README.adoc", - ".machine_readable/bot_directives/README.scm", -] -bots = ["hypatia", "gitbot-fleet", "repo visitors"] - -[axes] -axis-1 = "must > intend > like" -axis-2 = "corrective > adaptive > perfective" -axis-3 = "systems > compliance > effects" -execution-order = "axis-1 > axis-2 > axis-3" - -[axis-1-scoping] -required = true -sources = "README, roadmap, status docs, maintenance checklist, CI/security docs" -markers = "TODO/FIXME/XXX/HACK/STUB/PARTIAL" -idris-unsound-markers = "believe_me/assert_total" -output = "scoped work assembly in must/intend/like buckets" - -[axis-2-maintenance] -corrective-first = true -adaptive-second = true -adaptive-focus = "scope changes, stale references, obsolete work culling" -perfective-third = true -perfective-source = "honest state from axis-1 after corrective/adaptive updates" - -[axis-3-audit] -systems-check = true -compliance-check = true -effects-check = true -compliance-focus = "seams/compromises/exception register and anti-drift" -compliance-tooling = "panic-attack" -effects-tooling = "ecological checking with sustainabot guidance" -effects-evidence = "benchmark evidence and maintainer dialogue/status review" diff --git a/road-skate/.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml b/road-skate/.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml deleted file mode 100644 index b6e7fd6c..00000000 --- a/road-skate/.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml +++ /dev/null @@ -1,159 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Cross-repo maintenance baseline (machine-readable canonical) - -[metadata] -version = "1.1.0" -last-updated = "2026-02-24" -scope = "cross-repo" -source-human = "docs/governance/MAINTENANCE-CHECKLIST.adoc" -companion-human = "docs/practice/SOFTWARE-DEVELOPMENT-APPROACH.adoc" -companion-machine = ".machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml" - -[policy] -single-source = true -notes = "Use this file as canonical machine policy and keep markdown synchronized." - -[maintenance-axes] -scoping-first = true -execution-order = ["scoping", "axis-1", "axis-2", "axis-3"] -axis-1 = "must > intend > like" -axis-2 = "corrective > adaptive > perfective" -axis-3 = "systems > compliance > effects" - -[scoping] -inputs_required = [ - "README", - "roadmap", - "status-docs", - "maintenance-checklist", - "ci-and-security-docs", -] - -marker_scan_required = [ - "TODO", - "FIXME", - "XXX", - "HACK", - "STUB", - "PARTIAL", -] - -idris_unsound_scan_required = [ - "believe_me", - "assert_total", -] - -scope_assembly_buckets = ["must", "intend", "like"] - -[axis-2-maintenance-rules] -corrective-first = true -adaptive-second = true -adaptive_examples = [ - "scope-change reconciliation", - "stale-reference removal", - "obsolete-work culling", -] -perfective-third = true -perfective_source = "axis-1 honest state after corrective/adaptive updates" - -[axis-3-audit-rules] -systems-check = true -documentation-honesty-check = true -safety-security-accounted-check = true -effects-review-check = true -benchmark-evidence-required = true -maintainer-dialogue-review-required = true -compliance-seams-check = true -exception-register-required = true -exception-bounded-scope-required = true -policy-drift-contamination-check = true -example-drift-risk = "single TypeScript exception causing broad ReScript->TypeScript migration" -compliance-tooling = "panic-attack" -effects-tooling = "ecological checking with sustainabot guidance" - -[generic-cleanup-finish-off] -root-cleanup-required = true -stale-work-cull-required = true -docs-parity-required = true -machine-human-sync-required = true -compliance-finish-off-required = true -effects-finish-off-required = true -release-prep-summary-required = true -next-actions-required = ["corrective", "adaptive", "perfective"] - -[must] -root_control_files = [ - ".gitignore", - ".gitattributes", - ".editorconfig", - ".tool-versions", - "Containerfile", - "Justfile", -] - -root_hosting_files = [ - "CNAME", - ".nojekyll", -] - -ownership_files = [ - "MAINTAINER", - ".github/CODEOWNERS", -] - -machine_readable_required = [ - ".machine_readable/anchors/ANCHOR.a2ml", - ".machine_readable/contractiles/", - ".machine_readable/ai/", - ".machine_readable/bot_directives/", -] - -contractiles_required = [ - "Mustfile", - "Trustfile", - "Intentfile", -] - -security_required = [ - ".well-known/security.txt", - "ci-security-scan", -] - -quality_gate_required = [ - "format", - "lint", - "unit-tests", - "integration-tests", - "p2p-tests", - "e2e-tests", - "bench-smoke", - "docs-check", - "security-scan", -] - -abi_ffi_policy = [ - "ABI Idris2 in src/interface/abi/*.idr", - "FFI Zig in ffi/**/*.zig", -] - -[should] -docs_primary_format = "adoc" -docs_structure = [ - "docs/theory", - "docs/practice", - "docs/whitepapers/academic", - "docs/whitepapers/industry", - "docs/proofs", - "docs/reports", -] - -root_minimization = true -well_known_metadata = true -roadmap_honesty_with_dates = true -ci_doc_format_policy = true - -[could] -generate_human_from_machine = true -mode_aware_bots = ["corrective", "adaptive", "perfective", "audit"] -topology_dashboard = true -exception_registry = true diff --git a/road-skate/.machine_readable/policies/README.adoc b/road-skate/.machine_readable/policies/README.adoc deleted file mode 100644 index b7e25f57..00000000 --- a/road-skate/.machine_readable/policies/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= policies Registry diff --git a/road-skate/.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml b/road-skate/.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml deleted file mode 100644 index d7967d22..00000000 --- a/road-skate/.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml +++ /dev/null @@ -1,53 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# General software development approach (machine-readable) - -[metadata] -version = "1.0.0" -last-updated = "2026-02-24" -scope = "cross-repo" -source-human = "docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc" - -[execution] -order = ["axis-1", "axis-2", "axis-3"] - -[axis-1] -name = "scope" -priority = "must > intend > like" -inputs = [ - "README", - "roadmap", - "status-docs", - "ci-and-security-docs", -] -marker-scan = ["TODO", "FIXME", "XXX", "HACK", "STUB", "PARTIAL"] -idris-unsound-scan = ["believe_me", "assert_total"] -output = "scoped-work-assembly" - -[axis-2] -name = "maintenance" -priority = "corrective > adaptive > perfective" -corrective = "defect/regression/safety/security fixes" -adaptive = "scope reconciliation, stale-reference removal, obsolete-work culling" -perfective = "quality improvements derived from axis-1 honest state" - -[axis-3] -name = "audit" -priority = "systems > compliance > effects" -systems = "required systems present and operating" -compliance = "exceptions explicit, bounded, and drift-resistant" -effects = "benchmark/operational impact evidence captured and reviewed" -compliance-tooling = "panic-attack" -effects-tooling = "ecological checking with sustainabot guidance" - -[cleanup-finish-off] -root-cleanup = true -stale-work-cull = true -docs-sync-human-machine = true -compliance-audit = true -effects-audit = true -release-summary = ["must", "should", "could"] -next-actions = ["corrective", "adaptive", "perfective"] - -[collaboration] -maintainer-dialogue-required = true -dialogue-topics = ["what changed", "why", "remaining risks"] diff --git a/road-skate/.machine_readable/scripts/0.2-AI-MANIFEST.a2ml b/road-skate/.machine_readable/scripts/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 615df84f..00000000 --- a/road-skate/.machine_readable/scripts/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,18 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "automation-scripts-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Internal automation logic for the project lifecycle, forge sync, - verification triggers, and maintenance. - -canonical_locations: - maintenance: "maintenance/" - lifecycle: "lifecycle/" - forge: "forge/" - verification: "verification/" diff --git a/road-skate/.machine_readable/scripts/forge/0.3-AI-MANIFEST.a2ml b/road-skate/.machine_readable/scripts/forge/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 4bbd6cf3..00000000 --- a/road-skate/.machine_readable/scripts/forge/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "automation-unit-forge" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Internal automation logic for project forge. diff --git a/road-skate/.machine_readable/scripts/forge/README.adoc b/road-skate/.machine_readable/scripts/forge/README.adoc deleted file mode 100644 index 31adef65..00000000 --- a/road-skate/.machine_readable/scripts/forge/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Forge Scripts diff --git a/road-skate/.machine_readable/scripts/forge/forge-sync.sh b/road-skate/.machine_readable/scripts/forge/forge-sync.sh deleted file mode 100755 index 330e54b3..00000000 --- a/road-skate/.machine_readable/scripts/forge/forge-sync.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: MPL-2.0 -# -# forge-sync.sh — Multi-forge mirroring script -# -# Synchronises the local repository with GitHub, GitLab, and Codeberg. -# Usage: ./forge-sync.sh - -set -euo pipefail - -REMOTES=("origin" "gitlab" "codeberg") - -echo "=== RSR Forge Synchronisation ===" - -for remote in "${REMOTES[@]}"; do - if git remote | grep -q "^$remote$"; then - echo "Pushing to $remote..." - git push "$remote" --all - git push "$remote" --tags - else - echo "Skip: Remote '$remote' not configured." - fi -done - -echo "Sync complete." diff --git a/road-skate/.machine_readable/scripts/forge/git-cleanup.sh b/road-skate/.machine_readable/scripts/forge/git-cleanup.sh deleted file mode 100755 index 4fec1a27..00000000 --- a/road-skate/.machine_readable/scripts/forge/git-cleanup.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -# git-cleanup.sh — Repository hygiene script -set -euo pipefail -echo "Cleaning up merged branches..." -git fetch -p -git branch --merged | grep -v "\*" | grep -v "main" | xargs -n 1 git branch -d || echo "No branches to clean." -echo "Pruning remote tracking branches..." -git remote prune origin diff --git a/road-skate/.machine_readable/scripts/lifecycle/0.3-AI-MANIFEST.a2ml b/road-skate/.machine_readable/scripts/lifecycle/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 3182d175..00000000 --- a/road-skate/.machine_readable/scripts/lifecycle/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "automation-unit-lifecycle" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Internal automation logic for project lifecycle. diff --git a/road-skate/.machine_readable/scripts/lifecycle/README.adoc b/road-skate/.machine_readable/scripts/lifecycle/README.adoc deleted file mode 100644 index 8d262b14..00000000 --- a/road-skate/.machine_readable/scripts/lifecycle/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Lifecycle Scripts diff --git a/road-skate/.machine_readable/scripts/lifecycle/install-tools.sh b/road-skate/.machine_readable/scripts/lifecycle/install-tools.sh deleted file mode 100755 index 408df642..00000000 --- a/road-skate/.machine_readable/scripts/lifecycle/install-tools.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: MPL-2.0 -# -# install-tools.sh — Developer toolchain installer -# -# Detects and installs the required project toolchain (asdf, nix, or guix). - -set -euo pipefail - -echo "=== RSR Toolchain Installer ===" - -if [ -f "flake.nix" ] && command -v nix &>/dev/null; then - echo "Nix detected. Setting up development shell..." - nix develop --command echo "Nix shell verified." -elif [ -f ".tool-versions" ] && command -v asdf &>/dev/null; then - echo "asdf detected. Installing plugins and tools..." - while read -r line; do - plugin=$(echo "$line" | awk '{print $1}') - asdf plugin add "$plugin" || true - done < .tool-versions - asdf install -else - echo "No standard toolchain (Nix/asdf) detected or installed." - echo "Please refer to README.adoc for manual setup instructions." -fi - -echo "Installer complete." diff --git a/road-skate/.machine_readable/scripts/maintenance/maint-assault.sh b/road-skate/.machine_readable/scripts/maintenance/maint-assault.sh deleted file mode 100644 index a00d3683..00000000 --- a/road-skate/.machine_readable/scripts/maintenance/maint-assault.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: MPL-2.0 -# -# maint-assault.sh — High-rigor stress testing using panic-attacker -# -# This script runs a full assault (static + dynamic) on the project binary -# to detect logic-based bug signatures and environmental vulnerabilities. - -set -euo pipefail - -BINARY_NAME="affinescript-vite" -REPORT_PATH="docs/reports/security/assault-latest.json" -PA_BIN="${PANIC_ATTACK_BIN:-panic-attack}" - -echo "=== High-Rigor Security Assault ===" - -# 1. Verify environment -if ! command -v "$PA_BIN" &>/dev/null; then - echo "Error: panic-attack tool not found." - echo "Please install it or set PANIC_ATTACK_BIN environment variable." - exit 1 -fi - -if [ ! -f "target/release/$BINARY_NAME" ]; then - echo "Warning: Release binary not found at target/release/$BINARY_NAME" - echo "Running build first..." - just build --release -fi - -# 2. Run Assault -echo "Initiating full assault on $BINARY_NAME..." -mkdir -p "$(dirname "$REPORT_PATH")" - -"$PA_BIN" assault "target/release/$BINARY_NAME" - --source . - --intensity medium - --duration 10 - --output "$REPORT_PATH" - -echo "" -echo "=== Assault Complete ===" -echo "Report generated: $REPORT_PATH" -echo "To review interactively, run:" -echo " $PA_BIN tui $REPORT_PATH" diff --git a/road-skate/.machine_readable/scripts/verification/0.3-AI-MANIFEST.a2ml b/road-skate/.machine_readable/scripts/verification/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 460e0694..00000000 --- a/road-skate/.machine_readable/scripts/verification/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "automation-unit-verification" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Internal automation logic for project verification. diff --git a/road-skate/.machine_readable/scripts/verification/README.adoc b/road-skate/.machine_readable/scripts/verification/README.adoc deleted file mode 100644 index 277b4aa6..00000000 --- a/road-skate/.machine_readable/scripts/verification/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Verification Scripts diff --git a/road-skate/.pre-commit-config.yaml b/road-skate/.pre-commit-config.yaml deleted file mode 100644 index 29d0fefa..00000000 --- a/road-skate/.pre-commit-config.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Pre-commit hooks for hyperpolymath RSR repos. -# Install: pip install pre-commit && pre-commit install -# Run manually: pre-commit run --all-files - -repos: - # --- Standard hooks --- - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 - hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-yaml - - id: check-json - - id: check-toml - - id: check-merge-conflict - - id: detect-private-key - - id: check-added-large-files - args: ['--maxkb=1024'] - - # --- A2ML manifest validation --- - - repo: https://github.com/hyperpolymath/a2ml-pre-commit - rev: main - hooks: - - id: validate-a2ml - name: Validate A2ML manifests - - # --- K9 contract validation --- - - repo: https://github.com/hyperpolymath/k9-pre-commit - rev: main - hooks: - - id: validate-k9 - name: Validate K9 contracts - - # --- Shell linting --- - - repo: https://github.com/shellcheck-py/shellcheck-py - rev: v0.10.0.1 - hooks: - - id: shellcheck - - # --- EditorConfig --- - - repo: https://github.com/editorconfig-checker/editorconfig-checker.python - rev: 3.2.1 - hooks: - - id: editorconfig-checker - exclude: '(\.git|node_modules|target|_build|deps|\.deno|external_corpora|\.lake)/' - - # --- Secret detection --- - - repo: https://github.com/gitleaks/gitleaks - rev: v8.24.3 - hooks: - - id: gitleaks diff --git a/road-skate/.tool-versions b/road-skate/.tool-versions deleted file mode 100644 index ce60c323..00000000 --- a/road-skate/.tool-versions +++ /dev/null @@ -1,10 +0,0 @@ -# Uncomment and customize for your project -# rust nightly -# just 1.40.0 -# nickel 1.10.0 -# gleam 1.8.0 -# elixir 1.18.0 -# erlang 27.2 -# zig 0.14.0 -# idris2 0.7.0 -rust nightly diff --git a/road-skate/.well-known/ai.txt b/road-skate/.well-known/ai.txt deleted file mode 100644 index 334b406f..00000000 --- a/road-skate/.well-known/ai.txt +++ /dev/null @@ -1,18 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# ai.txt - AI interaction policy -# See: https://site.spawning.ai/spawning-ai-txt - -User-Agent: * -Disallow-Training: yes -Disallow-Summarization: no -Disallow-Generation: yes - -# This project's code is licensed under MPL-2.0. -# AI agents may read and analyze this code for assisting contributors. -# AI agents must NOT use this code for model training without explicit consent. -# AI agents must preserve Emotional Lineage per PMPL Section 3. -# -# For AI agent integration instructions, see: -# 0-AI-MANIFEST.a2ml (universal AI entry point) -# AI.a2ml (Claude-specific instructions) -# .machine_readable/ (structured project state) diff --git a/road-skate/.well-known/humans.txt b/road-skate/.well-known/humans.txt deleted file mode 100644 index 068724d8..00000000 --- a/road-skate/.well-known/humans.txt +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# humanstxt.org - -/* TEAM */ -Maintainer: hyperpolymath (hyperpolymath) -Contact: j.d.a.jewell@open.ac.uk -From: United Kingdom - -/* SITE */ -Last update: {{CURRENT_DATE}} -Standards: RSR (Rhodium Standard Repository) -License: MPL-2.0 (Palimpsest MPL) -Components: Idris2 ABI, Zig FFI -Tools: just, Podman, Guix diff --git a/road-skate/.well-known/security.txt b/road-skate/.well-known/security.txt deleted file mode 100644 index ca321657..00000000 --- a/road-skate/.well-known/security.txt +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# RFC 9116 - security.txt -# https://securitytxt.org/ - -Contact: mailto:{{SECURITY_EMAIL}} -Expires: {{CURRENT_YEAR}}-12-31T23:59:59.000Z -Encryption: {{PGP_KEY_URL}} -Preferred-Languages: en -Canonical: https://github.com/hyperpolymath/affinescript-vite/.well-known/security.txt -Policy: https://github.com/hyperpolymath/affinescript-vite/blob/main/SECURITY.md -Hiring: https://https://github.com/hyperpolymath/affinescript-vite/careers diff --git a/road-skate/0-AI-MANIFEST.a2ml b/road-skate/0-AI-MANIFEST.a2ml deleted file mode 100644 index 60e63a94..00000000 --- a/road-skate/0-AI-MANIFEST.a2ml +++ /dev/null @@ -1,131 +0,0 @@ -# ⚠️ STOP - CRITICAL READING REQUIRED - -**THIS FILE MUST BE READ FIRST BY ALL AI AGENTS** - -## WHAT IS THIS? - -This is the AI manifest for **AffineScript-Vite**. It declares: -- Canonical file locations (where things MUST be, and nowhere else) -- Critical invariants (rules that must NEVER be violated) -- Repository structure and organization -- Key root audit documents that constrain release and publication claims - -## CANONICAL LOCATIONS (UNIVERSAL RULE) - -### Machine-Readable Metadata: `.machine_readable/` ONLY - -These 6 a2ml files MUST exist in `.machine_readable/` directory ONLY: -1. **STATE.a2ml** - Project state, progress, blockers -2. **META.a2ml** - Architecture decisions, governance -3. **ECOSYSTEM.a2ml** - Position in ecosystem, relationships -4. **AGENTIC.a2ml** - AI agent interaction patterns -5. **NEUROSYM.a2ml** - Neurosymbolic integration config -6. **PLAYBOOK.a2ml** - Operational runbook - -**CRITICAL:** If ANY of these files exist in the root directory, this is an ERROR. - -### Anchor File: `.machine_readable/anchors/ANCHOR.a2ml` ONLY - -Canonical authority and semantic-boundary declaration MUST exist at: - -` .machine_readable/anchors/ANCHOR.a2ml ` - -Do not place `ANCHOR.a2ml` at repository root. - -### Maintenance Policies: `.machine_readable/policies/` ONLY - -Canonical maintenance/governance files MUST exist under: - -` .machine_readable/policies/ ` - -Minimum required files: -- `MAINTENANCE-AXES.a2ml` -- `MAINTENANCE-CHECKLIST.a2ml` -- `SOFTWARE-DEVELOPMENT-APPROACH.a2ml` - -Do not place maintenance policy files in repository root. - -### Bot Directives: `.machine_readable/bot_directives/` ONLY - -Bot-specific instructions for your automated agents. - -### Contractiles: `.machine_readable/contractiles/` ONLY - -Policy enforcement contracts (k9, dust, lust, must, trust). - -### AI Configuration & Guides: `.machine_readable/ai/` ONLY - -- `AI.a2ml` - Language-specific or LLM-specific patterns -- `PLACEHOLDERS.md` - Bootstrap guide - -### Community & Forge Metadata: `.github/` ONLY - -- `CODEOWNERS` - Review assignments -- `MAINTAINERS` - Machine-readable contact list -- `SUPPORT` - Support channels -- `SECURITY.md` - Technical security policy -- `CONTRIBUTING.md` - Technical contribution manual -- `CODE_OF_CONDUCT.md` - Conduct rules - -### Agent Instructions: `.machine_readable/agent_instructions/` ONLY - -Methodology-aware AI agent configuration (ADR-002): -- `methodology.a2ml` - Mode, invariants, ring ceiling, priority weights -- `coverage.a2ml` - Session coverage tracking (visited, skipped, MUSTs) -- `debt.a2ml` - Meander debt carried between sessions - -Entry points: -- `0-AI-MANIFEST.a2ml` - THIS FILE (universal entry point, read FIRST) - -## CORE INVARIANTS - -1. **No state file duplication** - Root must NOT contain STATE.a2ml, META.a2ml, etc. -2. **Single source of truth** - `.machine_readable/` is authoritative -3. **No stale metadata** - If root state files exist, they are OUT OF DATE -4. **License consistency** - All code MPL-2.0 unless platform requires MPL-2.0 -5. **Author attribution** - Always "hyperpolymath " -6. **Container images** - MUST use Chainguard base (`cgr.dev/chainguard/wolfi-base:latest` or `cgr.dev/chainguard/static:latest`) -7. **Container runtime** - Podman, never Docker. Files are `Containerfile`, never `Dockerfile` -8. **Container orchestration** - `selur-compose`, never `docker-compose` - -## REPOSITORY STRUCTURE - -This repo follows the **Dual-Track** architecture: - -``` -AffineScript-Vite/ -├── 0-AI-MANIFEST.a2ml # THIS FILE (start here) -├── AUDIT.adoc # Root audit gate summary (read before making release/publication claims) -├── README.adoc # High-level pitch — excitement and awe (Rich Human) -├── EXPLAINME.adoc # Developer deep-dive — how it works (Rich Nerd) -├── ROADMAP.adoc # Future direction -├── CONTRIBUTING.adoc # Human contribution guide -├── GOVERNANCE.adoc # Decision-making model -├── Justfile # Task runner -├── Containerfile # OCI build -├── LICENSE # Primary license -├── src/ # Source code -│ └── interface/ # Verified Interface Seams -│ ├── abi/ # Idris2 ABI (The Spec) -│ ├── ffi/ # Zig FFI (The Bridge) -│ └── generated/ # C Headers (The Result) -├── container/ # Stapeln container ecosystem -├── docs/ # Technical depths -│ ├── attribution/ # Citations, owners, maintainers (adoc) -│ ├── architecture/ # Topology, diagrams -│ ├── theory/ # Domain theory -│ └── practice/ # Manuals -├── docs/legal/ # Legal exhibits and full texts -└── .machine_readable/ # ALL machine-readable metadata -``` - -## SESSION STARTUP CHECKLIST - -✅ Read THIS file (0-AI-MANIFEST.a2ml) first -✅ Read `AUDIT.adoc` before making release, stable, or publication claims -✅ Understand canonical location: `.machine_readable/` -✅ State understanding of canonical locations - -## ATTESTATION PROOF - -**"I have read the AI manifest. All machine-readable content (state files, anchors, policies, bot directives, contractiles, AI guides) is located in `.machine_readable/` ONLY, community metadata is in `.github/`, and `AUDIT.adoc` constrains release and publication claims. I will not create duplicate files in the root directory or make optimistic claims that bypass the audit gate."** diff --git a/road-skate/AUDIT.adoc b/road-skate/AUDIT.adoc deleted file mode 100644 index 491005a4..00000000 --- a/road-skate/AUDIT.adoc +++ /dev/null @@ -1,48 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) - -= Audit Gate -Codex -v1.0, 2026-03-30 -:toc: -:toclevels: 2 -:sectnums: - -== Purpose - -This root document exists so humans and bots can see the hard audit posture -without having to discover the standards repository first. - -Canonical source documents live in the `standards` repository. This file is a -repo-local audit gate summary for template users and automated agents. - -== Hard Rules - -* Do not call anything `stable`, `v1.0.0`, or full release unless the stable - release gate has been passed end to end. -* Do not publish implementation-facing work below `B` in CRG unless the work is - genuinely abstract and makes no implementation-readiness claim. -* `D` requires RSR compliance or a documented equivalent repository discipline. -* `C` requires deep code and folder annotation, not just local confidence. -* `B` means `beta-stable`: external breadth and safe broad trial, not merely - public visibility. -* Papers, whitepapers, release notes, and READMEs must not outrun the proofs, - tests, or artefacts that support their claims. -* Release paths must not ship with placeholders, stubs, `FIXME`, `XXX`, - template residue, fake fuzz, fake benches, or partial proof debt hidden as - if it were complete. - -== Canonical Standards - -Read these as the authoritative source: - -* `standards/component-readiness-grades/COMPONENT-READINESS-GRADES.md` -* `standards/release-pre-flight/V1-GATE.adoc` -* `standards/publication-pre-flight/PREFLIGHT.adoc` -* `standards/publication-pre-flight/ESTATE-AUDIT-BASELINE-2026-03-30.adoc` - -== Bot Requirement - -Bots operating in repositories derived from this template should treat this -document as a key root audit document and should not make optimistic release or -publication claims that conflict with it. diff --git a/road-skate/CHANGELOG.md b/road-skate/CHANGELOG.md deleted file mode 100644 index 81094769..00000000 --- a/road-skate/CHANGELOG.md +++ /dev/null @@ -1,11 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - - - - -## [Unreleased] diff --git a/road-skate/Containerfile b/road-skate/Containerfile deleted file mode 100644 index 00ba2e17..00000000 --- a/road-skate/Containerfile +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# Containerfile for AffineScript-Vite -# Build: podman build -t affinescript-vite:latest -f Containerfile . -# Run: podman run --rm -it affinescript-vite:latest -# Seal: selur seal affinescript-vite:latest - -# --- Build stage --- -FROM cgr.dev/chainguard/wolfi-base:latest AS build - -# TODO: Install build dependencies for your stack -# Examples: -# RUN apk add --no-cache rust cargo # Rust -# RUN apk add --no-cache elixir erlang # Elixir -# RUN apk add --no-cache zig # Zig - -WORKDIR /build -COPY . . - -# TODO: Replace with your build command -# Examples: -# RUN cargo build --release -# RUN mix deps.get && MIX_ENV=prod mix release -# RUN zig build -Doptimize=ReleaseSafe - -# --- Runtime stage --- -FROM cgr.dev/chainguard/static:latest - -# Copy built artifact from build stage -# TODO: Replace with your binary/artifact path -# Examples: -# COPY --from=build /build/target/release/affinescript-vite /usr/local/bin/ -# COPY --from=build /build/_build/prod/rel/affinescript-vite /app/ -# COPY --from=build /build/zig-out/bin/affinescript-vite /usr/local/bin/ - -# Non-root user (chainguard images default to nonroot) -USER nonroot - -# TODO: Replace with your entrypoint -# ENTRYPOINT ["/usr/local/bin/affinescript-vite"] diff --git a/road-skate/EXPLAINME.adoc b/road-skate/EXPLAINME.adoc deleted file mode 100644 index 7fcb1ae7..00000000 --- a/road-skate/EXPLAINME.adoc +++ /dev/null @@ -1,49 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -= {project-name} — Show Me The Receipts -:toc: -:icons: font - -The README makes claims. This file backs them up. - -For each headline feature: what makes it work, where the code is, and an honest -caveat. Link out to the technology's own docs rather than over-explaining. -Reference arXiv papers only where the approach is novel. Keep it brief — prove -the claim, don't write a textbook. - -== [Claim from README] - -[quote, README] -____ -Paste the specific claim here. -____ - -Brief explanation of _how_ — 2-4 sentences. Link to the technology -(https://elixir-lang.org[Elixir], https://ziglang.org[Zig], etc.) rather than -explaining it from scratch. - -**Caveat:** What doesn't this cover? Where are the limits? - -- Implementation: `path/to/code` -- Learn more: https://relevant-docs.example.com - -== Dogfooded Across The Account - -These aren't one-off choices — they're patterns used across hyperpolymath repos: - -[cols="1,2"] -|=== -| Technology | Also Used In - -| **[Tech 1]** | https://github.com/hyperpolymath/[repo1], https://github.com/hyperpolymath/[repo2] -| **[Tech 2]** | https://github.com/hyperpolymath/[repo3] -|=== - -== File Map - -[cols="1,2"] -|=== -| Path | Proves - -| `src/` | ... -| `ffi/` | ... -|=== diff --git a/road-skate/Justfile b/road-skate/Justfile deleted file mode 100644 index e4fe4ffa..00000000 --- a/road-skate/Justfile +++ /dev/null @@ -1,1481 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -# -# RSR Standard Justfile Template -# https://just.systems/man/en/ -# -# Copy this file to new projects and customize the placeholder values. -# -# Run `just` to see all available recipes -# Run `just cookbook` to generate docs/just-cookbook.adoc -# Run `just combinations` to see matrix recipe options - -set shell := ["bash", "-uc"] -set dotenv-load := true -set positional-arguments := true - -# Import auto-generated contractile recipes (must-check, trust-verify, etc.) -# Re-generate with: contractile gen-just -import? ".machine_readable/contractiles/contractile.just" - -# Project metadata — customize these -project := "road-skate" -OWNER := "hyperpolymath" -REPO := "road-skate" -version := "0.1.0" -tier := "infrastructure" # 1 | 2 | infrastructure - -# ═══════════════════════════════════════════════════════════════════════════════ -# DEFAULT & HELP -# ═══════════════════════════════════════════════════════════════════════════════ - -# Show all available recipes with descriptions -default: - @just --list --unsorted - -# Show detailed help for a specific recipe -help recipe="": - #!/usr/bin/env bash - if [ -z "{{recipe}}" ]; then - just --list --unsorted - echo "" - echo "Usage: just help " - echo " just cookbook # Generate full documentation" - echo " just combinations # Show matrix recipes" - else - just --show "{{recipe}}" 2>/dev/null || echo "Recipe '{{recipe}}' not found" - fi - -# Show this project's info -info: - @echo "Project: affinescript-vite" - @echo "Version: {{version}}" - @echo "RSR Tier: {{tier}}" - @echo "Recipes: "$(just --summary | wc -w)"" - @[ -f ".machine_readable/STATE.a2ml" ] && grep -oP 'phase\s*=\s*"\K[^"]+' .machine_readable/STATE.a2ml | head -1 | xargs -I{} printf "Phase: %s\n" "{}" || true - -# ═══════════════════════════════════════════════════════════════════════════════ -# INIT — Bootstrap a new project from this template -# ═══════════════════════════════════════════════════════════════════════════════ - -# Interactive project bootstrap — replaces all {{PLACEHOLDER}} tokens -init: - #!/usr/bin/env bash - set -euo pipefail - - echo "═══════════════════════════════════════════════════" - echo " RSR Project Bootstrap" - echo "═══════════════════════════════════════════════════" - echo "" - - # --- Load defaults from config (if exists) --- - # Create yours: ~/.config/rsr/defaults - # Format: OWNER=myorg AUTHOR="My Name" AUTHOR_EMAIL=me@example.org ... - DEFAULTS="${XDG_CONFIG_HOME:-$HOME/.config}/rsr/defaults" - if [ -f "$DEFAULTS" ]; then - echo "Loading defaults from "$DEFAULTS"" - # shellcheck source=/dev/null - source "$DEFAULTS" - echo "" - fi - - # --- Required values (pre-filled from defaults if available) --- - read -rp "Project name (human-readable, e.g. My Project): " PROJECT_NAME - [ -z "$PROJECT_NAME" ] && echo "Error: project name required" && exit 1 - - read -rp "Repository slug (e.g. my-project): " REPO - [ -z "$REPO" ] && echo "Error: repo slug required" && exit 1 - - read -rp "Owner [${OWNER:-}]: " _OWNER - OWNER="${_OWNER:-${OWNER:-}}" - [ -z "$OWNER" ] && echo "Error: owner required" && exit 1 - - read -rp "Author full name [${AUTHOR:-}]: " _AUTHOR - AUTHOR="${_AUTHOR:-${AUTHOR:-}}" - [ -z "$AUTHOR" ] && echo "Error: author name required" && exit 1 - - read -rp "Author email [${AUTHOR_EMAIL:-}]: " _AUTHOR_EMAIL - AUTHOR_EMAIL="${_AUTHOR_EMAIL:-${AUTHOR_EMAIL:-}}" - [ -z "$AUTHOR_EMAIL" ] && echo "Error: email required" && exit 1 - - # --- Optional values (pre-filled from defaults if available) --- - read -rp "Author organization [${AUTHOR_ORG:-none}]: " _AUTHOR_ORG - AUTHOR_ORG="${_AUTHOR_ORG:-${AUTHOR_ORG:-}}" - - read -rp "Previous/alt email [${AUTHOR_EMAIL_ALT:-none}]: " _AUTHOR_EMAIL_ALT - AUTHOR_EMAIL_ALT="${_AUTHOR_EMAIL_ALT:-${AUTHOR_EMAIL_ALT:-}}" - - read -rp "Project description []: " PROJECT_DESCRIPTION - - read -rp "Forge domain [${FORGE:-github.com}]: " _FORGE - FORGE="${_FORGE:-${FORGE:-github.com}}" - - read -rp "Security contact email [${SECURITY_EMAIL:-$AUTHOR_EMAIL}]: " _SECURITY_EMAIL - SECURITY_EMAIL="${_SECURITY_EMAIL:-${SECURITY_EMAIL:-$AUTHOR_EMAIL}}" - - read -rp "Conduct contact email [${CONDUCT_EMAIL:-$AUTHOR_EMAIL}]: " _CONDUCT_EMAIL - CONDUCT_EMAIL="${_CONDUCT_EMAIL:-${CONDUCT_EMAIL:-$AUTHOR_EMAIL}}" - - read -rp "Project type (library|binary|monorepo|service|website) [library]: " PROJECT_TYPE - PROJECT_TYPE="${PROJECT_TYPE:-library}" - - read -rp "Website URL [https://${FORGE}/${OWNER}/${REPO}]: " WEBSITE - WEBSITE="${WEBSITE:-https://${FORGE}/${OWNER}/${REPO}}" - - # --- Container values (optional — only relevant if container/ exists) --- - if [ -d "container" ]; then - echo "" - echo "── Container configuration (optional) ─────────" - read -rp "Service name [${REPO}]: " _SERVICE_NAME - SERVICE_NAME="${_SERVICE_NAME:-${REPO}}" - read -rp "Primary port [8080]: " _PORT - PORT="${_PORT:-8080}" - read -rp "Container registry [ghcr.io/${OWNER}]: " _REGISTRY - REGISTRY="${_REGISTRY:-ghcr.io/${OWNER}}" - else - SERVICE_NAME="${REPO}" - PORT="8080" - REGISTRY="ghcr.io/${OWNER}" - fi - - # --- Derived values --- - PROJECT_UPPER=$(echo "$REPO" | tr '[:lower:]-' '[:upper:]_') - PROJECT_LOWER=$(echo "$REPO" | tr '[:upper:]-' '[:lower:]_') - CURRENT_YEAR="$(date +%Y)" - CURRENT_DATE="$(date +%Y-%m-%d)" - VERSION="0.1.0" - - # Derive citation name parts (best-effort split on last space) - AUTHOR_LAST="${AUTHOR##* }" - AUTHOR_FIRST="${AUTHOR% *}" - FIRST_INITIAL="${AUTHOR_FIRST:0:1}." - if [ "$AUTHOR_LAST" = "$AUTHOR_FIRST" ]; then - AUTHOR_FIRST="$AUTHOR" - AUTHOR_LAST="" - FIRST_INITIAL="" - fi - - echo "" - echo "── Summary ──────────────────────────────────────" - echo " Project: "$PROJECT_NAME"" - echo " Repo: "$REPO"" - echo " Owner: "$OWNER"" - echo " Author: "$AUTHOR" <"$AUTHOR_EMAIL">" - [ -n "$AUTHOR_ORG" ] && echo " Organization: "$AUTHOR_ORG"" - echo " Forge: "$FORGE"" - echo " Year: "$CURRENT_YEAR"" - echo "────────────────────────────────────────────────" - echo "" - read -rp "Proceed? [Y/n] " CONFIRM - [[ "${CONFIRM:-Y}" =~ ^[Nn] ]] && echo "Aborted." && exit 0 - - echo "" - echo "Replacing placeholders..." - - # Brace tokens as variables (hex avoids just interpolation) - LB="{{" - RB="}}" - - # Build the sed expression list - # Note: using | as delimiter since URLs contain / - SED_ARGS=( - -e "s|${LB}PROJECT_NAME${RB}|"${PROJECT_NAME}"|g" - -e "s|${LB}PROJECT_DESCRIPTION${RB}|${PROJECT_DESCRIPTION}|g" - -e "s|${LB}PROJECT${RB}|${PROJECT_UPPER}|g" - -e "s|${LB}project${RB}|${PROJECT_LOWER}|g" - -e "s|${LB}REPO${RB}|${REPO}|g" - -e "s|${LB}OWNER${RB}|"${OWNER}"|g" - -e "s|${LB}AUTHOR${RB}|${AUTHOR}|g" - -e "s|${LB}AUTHOR_EMAIL${RB}|${AUTHOR_EMAIL}|g" - -e "s|${LB}AUTHOR_ORG${RB}|${AUTHOR_ORG}|g" - -e "s|${LB}AUTHOR_LAST${RB}|${AUTHOR_LAST}|g" - -e "s|${LB}AUTHOR_FIRST${RB}|${AUTHOR_FIRST}|g" - -e "s|${LB}AUTHOR_INITIALS${RB}|${FIRST_INITIAL}|g" - -e "s|${LB}FORGE${RB}|${FORGE}|g" - -e "s|${LB}CURRENT_YEAR${RB}|${CURRENT_YEAR}|g" - -e "s|${LB}CURRENT_DATE${RB}|${CURRENT_DATE}|g" - -e "s|${LB}DATE${RB}|${CURRENT_DATE}|g" - -e "s|${LB}SECURITY_EMAIL${RB}|${SECURITY_EMAIL}|g" - -e "s|${LB}CONDUCT_EMAIL${RB}|${CONDUCT_EMAIL}|g" - -e "s|${LB}LICENSE${RB}|MPL-2.0|g" - -e "s|${LB}CONDUCT_TEAM${RB}|Code of Conduct Committee|g" - -e "s|${LB}RESPONSE_TIME${RB}|48 hours|g" - -e "s|${LB}MAIN_BRANCH${RB}|main|g" - -e "s|${LB}PROJECT_PURPOSE${RB}|${PROJECT_DESCRIPTION}|g" - -e "s|${LB}PROJECT_ROLE${RB}|${PROJECT_TYPE}|g" - -e "s|${LB}PROJECT_TYPE${RB}|${PROJECT_TYPE}|g" - -e "s|${LB}WEBSITE${RB}|${WEBSITE}|g" - -e "s|${LB}SERVICE_NAME${RB}|${SERVICE_NAME}|g" - -e "s|${LB}PORT${RB}|${PORT}|g" - -e "s|${LB}REGISTRY${RB}|${REGISTRY}|g" - -e "s|${LB}IMAGE${RB}|${REGISTRY}/${SERVICE_NAME}|g" - -e "s|${LB}VERSION${RB}|${VERSION}|g" - -e "s|${LB}EMAIL${RB}|${AUTHOR_EMAIL}|g" - ) - [ -n "$AUTHOR_EMAIL_ALT" ] && SED_ARGS+=(-e "s|${LB}AUTHOR_EMAIL_ALT${RB}|${AUTHOR_EMAIL_ALT}|g") - - # Replace in all text files (skip .git, LICENSE text, and binaries) - find . -type f \ - -not -path './.git/*' \ - -not -name 'MPL-2.0.txt' \ - -not -name '*.png' -not -name '*.jpg' -not -name '*.gif' \ - -not -name '*.woff' -not -name '*.woff2' \ - | while read -r file; do - if file --brief "$file" | grep -qi 'text\|ascii\|utf'; then - sed -i "${SED_ARGS[@]}" "$file" - fi - done - - # Also replace [YOUR-REPO-NAME] and [YOUR-NAME/ORG] in AI manifest - sed -i "s|\[YOUR-REPO-NAME\]|"${PROJECT_NAME}"|g" 0-AI-MANIFEST.a2ml 2>/dev/null || true - sed -i "s|\[YOUR-NAME/ORG\]|"${OWNER}"|g" 0-AI-MANIFEST.a2ml 2>/dev/null || true - - echo "" - echo "── Validation ───────────────────────────────────" - - # Check for remaining placeholders - PATTERN="${LB}[A-Z_]*${RB}" - REMAINING=$(grep -rl "$PATTERN" . --include='*.md' --include='*.adoc' --include='*.yml' --include='*.yaml' --include='*.a2ml' --include='*.toml' --include='*.scm' --include='*.ncl' --include='*.nix' --include='*.json' --include='*.sh' 2>/dev/null | grep -v '.git/' | grep -v '.machine_readable/ai/PLACEHOLDERS.adoc' || true) - if [ -n "$REMAINING" ]; then - echo "WARNING: Remaining placeholders in:" - echo "$REMAINING" | sed 's/^/ /' - echo "" - echo "Run: grep -rn '$LB' . --include='*.md' to inspect" - else - echo "All placeholders replaced successfully!" - fi - - # K9-SVC validation (if available) - if command -v k9-svc >/dev/null 2>&1; then - echo "" - echo "Running k9-svc validation..." - k9-svc validate . 2>/dev/null || true - fi - - echo "" - echo "Running OpenSSF compliance verification..." - just verify - - echo "" - echo "Done! Next steps:" - echo " 1. Review changes: git diff" - echo " 2. Remove template cruft: rm .machine_readable/ai/PLACEHOLDERS.adoc" - echo " 3. Customize README.adoc for your project" - echo " 4. Commit: git add -A && git commit -m 'feat: initialize from RSR template'" - echo " 5. Push: git remote add origin git@${FORGE}:${OWNER}/${REPO}.git && git push -u origin main" - -# ═══════════════════════════════════════════════════════════════════════════════ -# GROOVE & V-TRIPLE SETUP -# ═══════════════════════════════════════════════════════════════════════════════ - -# Configure Groove protocol manifest (port assignment, API surfaces) -groove-setup: - #!/usr/bin/env bash - set -euo pipefail - MANIFEST=".machine_readable/integrations/groove.a2ml" - if [ ! -f "$MANIFEST" ]; then - echo "Error: $MANIFEST not found. Run 'just init' first." - exit 1 - fi - - echo "═══════════════════════════════════════════════════" - echo " Groove Protocol Setup" - echo "═══════════════════════════════════════════════════" - echo "" - echo "Check PORT-REGISTRY.md before assigning a port:" - echo " https://github.com/hyperpolymath/standards/blob/main/PORT-REGISTRY.md" - echo "" - - read -rp "Primary port for this service: " PORT - [ -z "$PORT" ] && echo "Error: port required" && exit 1 - - echo "" - echo "Which API surfaces does this project expose?" - read -rp " REST API? [Y/n]: " REST - read -rp " gRPC? [y/N]: " GRPC - read -rp " GraphQL? [y/N]: " GRAPHQL - read -rp " WebSocket? [y/N]: " WS - read -rp " SSE (Server-Sent Events)? [y/N]: " SSE - - # Update port in manifest - sed -i "s/(port 0)/(port "${PORT}")/" "$MANIFEST" - - # Update API surface flags - [[ "${GRPC,,}" == "y" ]] && sed -i 's/(grpc.*enabled false)/(grpc (enabled true)/' "$MANIFEST" - [[ "${GRAPHQL,,}" == "y" ]] && sed -i 's/(graphql.*enabled false)/(graphql (enabled true)/' "$MANIFEST" - [[ "${WS,,}" == "y" ]] && sed -i 's/(websocket.*enabled false)/(websocket (enabled true)/' "$MANIFEST" - [[ "${SSE,,}" == "y" ]] && sed -i 's/(sse.*enabled false)/(sse (enabled true)/' "$MANIFEST" - - echo "" - echo "Groove manifest updated: "$MANIFEST"" - echo "Port "${PORT}" assigned". Add to PORT-REGISTRY.md if not already there." - -# Check for template placeholders that haven't been replaced -verify-template: - #!/usr/bin/env bash - set -euo pipefail - echo "Checking for unreplaced template placeholders..." - FOUND=0 - - # Check for double-brace placeholder patterns - HITS=$(grep -rn '{{'{{'}}[A-Z_]*{{'}}'}}' --include="*.adoc" --include="*.md" --include="*.a2ml" \ - --include="*.scm" --include="*.toml" --include="*.yml" --include="*.yaml" \ - . 2>/dev/null | grep -v 'node_modules\|\.git/' | grep -v 'PLACEHOLDERS.adoc' || true) - if [ -n "$HITS" ]; then - echo "" - echo "⚠ Unreplaced placeholders found:" - echo "$HITS" | head -20 - FOUND=1 - fi - - # Check for template defaults still present - if grep -q 'rsr-template-repo' Justfile 2>/dev/null; then - echo "⚠ Justfile still references 'rsr-template-repo' — update project name" - FOUND=1 - fi - - # Check for port 0 in Groove manifest - if grep -q '(port 0)' .machine_readable/integrations/groove.a2ml 2>/dev/null; then - echo "⚠ Groove manifest has port 0 — run 'just groove-setup' to assign a port" - FOUND=1 - fi - - # Check for empty SCM files - for f in .machine_readable/6a2/STATE.a2ml .machine_readable/6a2/META.a2ml .machine_readable/6a2/ECOSYSTEM.a2ml; do - if [ -f "$f" ] && grep -q '{{'{{'}}' "$f" 2>/dev/null; then - echo "⚠ $f still has template placeholders" - FOUND=1 - fi - done - - if [ $FOUND -eq 0 ]; then - echo "✓ No template placeholders found — project is properly customised." - else - echo "" - echo "Run 'just init' to replace placeholders, or edit files manually." - exit 1 - fi - -# ═══════════════════════════════════════════════════════════════════════════════ -# PROJECT SELF-ASSESSMENT -# ═══════════════════════════════════════════════════════════════════════════════ - -# Analyse this project and advise what to keep, remove, or leave for later. -# Does NOT modify any files — only prints recommendations. -self-assess: - #!/usr/bin/env bash - set -euo pipefail - - echo "═══════════════════════════════════════════════════" - echo " RSR Project Self-Assessment" - echo "═══════════════════════════════════════════════════" - echo "" - echo "Scanning project structure to identify what's" - echo "relevant, removable, or worth keeping for later..." - echo "" - - # Detect project characteristics - HAS_RUST=false; [ -f "Cargo.toml" ] && HAS_RUST=true - HAS_ELIXIR=false; [ -f "mix.exs" ] && HAS_ELIXIR=true - HAS_RESCRIPT=false; [ -f "rescript.json" ] || [ -f "bsconfig.json" ] && HAS_RESCRIPT=true - HAS_IDRIS=false; ls *.ipkg >/dev/null 2>&1 && HAS_IDRIS=true - HAS_ZIG=false; [ -f "build.zig" ] || [ -d "ffi/zig" ] && HAS_ZIG=true - HAS_GLEAM=false; [ -f "gleam.toml" ] && HAS_GLEAM=true - HAS_CONTAINER=false; [ -f "Containerfile" ] || [ -f "container/Containerfile" ] && HAS_CONTAINER=true - HAS_TESTS=false; [ -d "test" ] || [ -d "tests" ] || [ -d "__tests__" ] && HAS_TESTS=true - HAS_API=false; grep -rq 'port\|listen\|endpoint' --include="*.exs" --include="*.rs" --include="*.toml" . 2>/dev/null && HAS_API=true - IS_LIBRARY=false; [ -f "Cargo.toml" ] && grep -q '\[lib\]' Cargo.toml 2>/dev/null && IS_LIBRARY=true - - echo "Detected: Rust=$HAS_RUST Elixir=$HAS_ELIXIR ReScript=$HAS_RESCRIPT" - echo " Idris=$HAS_IDRIS Zig=$HAS_ZIG Gleam=$HAS_GLEAM" - echo " Container=$HAS_CONTAINER Tests=$HAS_TESTS API=$HAS_API" - echo "" - - # ── ESSENTIAL (removing these breaks RSR compliance) ────────── - echo "── ESSENTIAL (removing breaks Rhodium Standard) ──────────" - echo "" - - for f in LICENSE SECURITY.md CODE_OF_CONDUCT.md CONTRIBUTING.md .editorconfig .gitignore; do - if [ -f "$f" ]; then - echo " ✓ "$f" — KEEP" (RSR required)" - else - echo " ✗ "$f" — MISSING" (RSR violation!)" - fi - done - - if [ -d ".machine_readable/6a2" ]; then - echo " ✓ .machine_readable/6a2/ — KEEP (SCM checkpoint files)" - else - echo " ✗ .machine_readable/6a2/ — MISSING (RSR violation!)" - fi - - if [ -d ".github/workflows" ]; then - WF_COUNT=$(ls .github/workflows/*.yml 2>/dev/null | wc -l) - echo " ✓ .github/workflows/ — KEEP ($WF_COUNT workflows, RSR CI/CD)" - fi - echo "" - - # ── RELEVANT (useful for your project type) ─────────────────── - echo "── RELEVANT (matches your project) ───────────────────────" - echo "" - - if $HAS_IDRIS && [ -d "src/interface/abi" ]; then - echo " ✓ src/interface/abi/ — KEEP (Idris2 ABI definitions)" - elif ! $HAS_IDRIS && [ -d "src/interface/abi" ]; then - echo " ? src/interface/abi/ — No Idris2 detected." - echo " → KEEP if you plan to add formal verification later." - echo " → SAFE TO REMOVE if this project will never use Idris2." - echo " ⚠ Consequence: no formally verified interface definitions." - fi - - if $HAS_ZIG && [ -d "src/interface/ffi" ]; then - echo " ✓ src/interface/ffi/ — KEEP (Zig FFI bridge)" - elif ! $HAS_ZIG && [ -d "src/interface/ffi" ]; then - echo " ? src/interface/ffi/ — No Zig detected." - echo " → KEEP if you plan C ABI interop later." - echo " → SAFE TO REMOVE if this is a pure web/scripting project." - echo " ⚠ Consequence: no C-compatible FFI bridge." - fi - - if $HAS_API && [ -f ".machine_readable/integrations/groove.a2ml" ]; then - PORT=$(grep '(port ' .machine_readable/integrations/groove.a2ml 2>/dev/null | sed 's/.*(port \([0-9]*\)).*/\1/') - if [ "$PORT" = "0" ]; then - echo " ⚠ groove.a2ml — Port not assigned. Run 'just groove-setup'." - else - echo " ✓ groove.a2ml — KEEP (Groove discovery on port $PORT)" - fi - elif $HAS_API; then - echo " ✗ groove.a2ml — MISSING. Your project has an API but no Groove manifest." - echo " → Run 'just groove-setup' to enable snap-on/snap-off discovery." - fi - - if $HAS_CONTAINER && [ -d "container" ]; then - echo " ✓ container/ — KEEP (Containerfile + compose)" - elif ! $HAS_CONTAINER && [ -d "container" ]; then - echo " ? container/ — No Containerfile detected in use." - echo " → KEEP if you plan to containerise later." - echo " → SAFE TO REMOVE for libraries and CLI tools." - fi - - echo "" - - # ── SAFE TO REMOVE (not relevant, no consequences) ──────────── - echo "── SAFE TO REMOVE (no RSR consequences) ──────────────────" - echo "" - - if ! $HAS_RESCRIPT && [ -d "examples" ] && ls examples/*.res >/dev/null 2>&1; then - echo " ○ examples/*.res — Template ReScript examples. Not your code." - fi - - if [ -f ".machine_readable/ai/PLACEHOLDERS.adoc" ]; then - echo " ○ .machine_readable/ai/PLACEHOLDERS.adoc — Template doc. Remove after init." - fi - - if [ -f "flake.nix" ] && ! command -v nix >/dev/null 2>&1; then - echo " ○ flake.nix — Nix flake. Safe to remove if you don't use Nix." - echo " → KEEP if others might build with Nix." - fi - - if [ -f "guix.scm" ] && ! command -v guix >/dev/null 2>&1; then - echo " ○ guix.scm — Guix package. Safe to remove if you don't use Guix." - echo " → KEEP if others might build with Guix." - fi - - echo "" - - # ── FUTURE VALUE (not needed now, worth keeping) ────────────── - echo "── KEEP FOR FUTURE (not active, but valuable later) ──────" - echo "" - - if [ -d ".machine_readable/contractiles" ]; then - echo " ◆ contractiles/ — Must/Trust/Dust/Lust contracts." - echo " Not enforced until you configure them, but ready when you need" - echo " automated compliance checking. Zero cost to keep." - fi - - if [ -d ".machine_readable/bot_directives" ]; then - echo " ◆ bot_directives/ — Gitbot fleet configuration." - echo " Not active until gitbot-fleet is connected. Keeps your repo" - echo " ready for automated maintenance when the fleet arrives." - fi - - if [ -d ".machine_readable/agent_instructions" ]; then - echo " ◆ agent_instructions/ — AI agent methodology config." - echo " Guides Claude/Gemini/etc on how to work in this repo." - echo " No cost to keep. Improves AI assistance quality." - fi - - if [ -d "docs/governance" ]; then - echo " ◆ docs/governance/ — TSDM, CRG, maintenance checklists." - echo " Not needed for solo projects. Essential when you add contributors." - fi - - if [ -d "verification" ]; then - echo " ◆ verification/ — Proofs, benchmarks, fuzzing, safety case." - echo " Empty scaffolds until you add formal verification." - echo " Worth keeping for any project that claims safety properties." - fi - - echo "" - echo "═══════════════════════════════════════════════════" - echo " Assessment complete. No files were modified." - echo "═══════════════════════════════════════════════════" - -# ═══════════════════════════════════════════════════════════════════════════════ -# OPENSSF COMPLIANCE VERIFICATION -# ═══════════════════════════════════════════════════════════════════════════════ - -# Verify OpenSSF Best Practices prerequisites — fails if any required file is missing -verify: - #!/usr/bin/env bash - set -euo pipefail - - echo "=== OpenSSF Best Practices Verification ===" - ERRORS=0 - - check_file() { - if [ ! -f "$1" ]; then - echo " FAIL: "$1" missing" - ERRORS=$((ERRORS + 1)) - else - echo " OK: "$1"" - fi - } - - # Accept either .md or .adoc for documentation files - check_either() { - if [ ! -f "$1" ] && [ ! -f "$2" ]; then - echo " FAIL: $1 (or $2) missing" - ERRORS=$((ERRORS + 1)) - else - local found="$1" - [ -f "$2" ] && found="$2" - [ -f "$1" ] && found="$1" - echo " OK: "$found"" - fi - } - - check_either "SECURITY.md" "SECURITY.adoc" - check_file "LICENSE" - check_either "CONTRIBUTING.md" "CONTRIBUTING.adoc" - check_either "README.adoc" "README.md" - check_file ".machine_readable/STATE.a2ml" - check_file ".machine_readable/META.a2ml" - check_file ".machine_readable/ECOSYSTEM.a2ml" - check_either "CHANGELOG.md" "CHANGELOG.adoc" - - # Check at least 1 workflow exists - WORKFLOW_COUNT=$(find .github/workflows -name '*.yml' -o -name '*.yaml' 2>/dev/null | wc -l) - if [ "$WORKFLOW_COUNT" -eq 0 ]; then - echo " FAIL: No workflows in .github/workflows/" - ERRORS=$((ERRORS + 1)) - else - echo " OK: .github/workflows/ ($WORKFLOW_COUNT workflows)" - fi - - echo "" - if [ "$ERRORS" -gt 0 ]; then - echo "FAIL: "$ERRORS" OpenSSF" prerequisites missing — repo cannot ship." - exit 1 - fi - echo "PASS: All OpenSSF Best Practices prerequisites satisfied." - -# ═══════════════════════════════════════════════════════════════════════════════ -# BUILD & COMPILE -# ═══════════════════════════════════════════════════════════════════════════════ - -# Build the project (compile main.as to wasm-gc) -build *args: - @echo "Building road-skate (WasmGC)..." - @dune exec --root ../affinescript affinescript -- compile game/main.as --wasm-gc -o game/main.wasm {{args}} - @echo "Build complete" - -# Run the dev server -dev: - @deno run --allow-all node_modules/vite/bin/vite.js game/ - -# Build in release mode with optimizations -build-release *args: - @echo "Building affinescript-vite (release)..." - # PENDING: Replace with your release build command - # Examples: - # cargo build --release {{args}} - # MIX_ENV=prod mix compile {{args}} - # zig build -Doptimize=ReleaseFast {{args}} - @echo "Release build complete" - -# Build and watch for changes (requires entr or similar) -build-watch: - @echo "Watching for changes..." - # PENDING: Customize file patterns for your language - # Examples: - # find src -name '*.rs' | entr -c just build - # mix compile --force --warnings-as-errors - # deno task dev - -# Clean build artifacts [reversible: rebuild with `just build`] -clean: - @echo "Cleaning..." - # PENDING: Customize for your build system - rm -rf target/ _build/ build/ dist/ out/ obj/ bin/ - -# Deep clean including caches [reversible: rebuild] -clean-all: clean - rm -rf .cache .tmp - -# ═══════════════════════════════════════════════════════════════════════════════ -# TEST & QUALITY -# ═══════════════════════════════════════════════════════════════════════════════ - -# Run all tests -test *args: - @echo "Running tests..." - # PENDING: Replace with your test command - # Examples: - # cargo test {{args}} - # mix test {{args}} - # zig build test {{args}} - # deno test {{args}} - @echo "Tests passed!" - -# Run tests with verbose output -test-verbose: - @echo "Running tests (verbose)..." - # PENDING: Replace with verbose test command - -# Smoke test -test-smoke: - @echo "Smoke test..." - # PENDING: Add basic sanity checks - -# Run end-to-end tests (full pipeline: build → run → verify) -e2e: - @echo "Running E2E tests..." - # PENDING: Replace with your E2E test command. Examples: - # bash tests/e2e.sh # Shell-based E2E - # npx playwright test # Browser E2E - # mix test test/integration/e2e_test.exs # Elixir E2E - # cargo test --test end_to_end # Rust E2E - @echo "E2E tests passed!" - -# Run aspect tests (cross-cutting concern validation) -aspect: - @echo "Running aspect tests..." - # PENDING: Replace with your aspect test command. Examples: - # bash tests/aspect_tests.sh # Shell-based aspect tests - # cargo test --test aspects # Rust aspect tests - # Aspect tests validate architectural invariants: - # - Thread safety (mutex in FFI modules) - # - ABI/FFI contract (declarations match exports) - # - SPDX compliance (all files have license headers) - # - No dangerous patterns (believe_me, assert_total, etc.) - @echo "Aspect tests passed!" - -# Run benchmarks (performance regression detection) -bench: - @echo "Running benchmarks..." - # PENDING: Replace with your benchmark command. Examples: - # cargo bench # Rust criterion - # zig build bench # Zig benchmarks - # mix run bench/benchmarks.exs # Elixir benchee - # deno bench # Deno bench - @echo "Benchmarks complete!" - -# Run readiness tests (Component Readiness Grade: D/C/B) -readiness: - @echo "Running readiness tests..." - # PENDING: Replace with your readiness test command. Examples: - # cargo test --test readiness -- --nocapture - @echo "Readiness tests complete!" - -# Print the current CRG grade (reads from READINESS.md '**Current Grade:** X' line) -crg-grade: - @grade=$$(grep -oP '(?<=\*\*Current Grade:\*\* )[A-FX]' READINESS.md 2>/dev/null | head -1); \ - [ -z "$$grade" ] && grade="X"; \ - echo "$$grade" - -# Print a shields.io CRG badge for embedding in README files -# Looks for '**Current Grade:** X' in READINESS.md; falls back to X -crg-badge: - @grade=$$(grep -oP '(?<=\*\*Current Grade:\*\* )[A-FX]' READINESS.md 2>/dev/null | head -1); \ - [ -z "$$grade" ] && grade="X"; \ - case "$$grade" in \ - A) color="brightgreen" ;; \ - B) color="green" ;; \ - C) color="yellow" ;; \ - D) color="orange" ;; \ - E) color="red" ;; \ - F) color="critical" ;; \ - *) color="lightgrey" ;; \ - esac; \ - echo "[![CRG $$grade](https://img.shields.io/badge/CRG-$$grade-$$color?style=flat-square)](https://github.com/hyperpolymath/standards/tree/main/component-readiness-grades)" - -# Run the full merge-requirement test suite (ALL categories) -# Per STANDING rule: P2P + E2E + aspect + execution + lifecycle + bench -test-all: test e2e aspect bench readiness - @echo "All test categories passed — safe to merge!" - -# Run all quality checks -quality: fmt-check lint test - @echo "All quality checks passed!" - -# Fix all auto-fixable issues [reversible: git checkout] -fix: fmt - @echo "Fixed all auto-fixable issues" - -# ═══════════════════════════════════════════════════════════════════════════════ -# LINT & FORMAT -# ═══════════════════════════════════════════════════════════════════════════════ - -# Format all source files [reversible: git checkout] -fmt: - @echo "Formatting source files..." - # PENDING: Replace with your formatter - # Examples: - # cargo fmt - # mix format - # gleam format - # deno fmt - -# Check formatting without changes -fmt-check: - @echo "Checking formatting..." - # PENDING: Replace with your format check - # Examples: - # cargo fmt --check - # mix format --check-formatted - # gleam format --check - -# Run linter -lint: - @echo "Linting source files..." - # PENDING: Replace with your linter - # Examples: - # cargo clippy -- -D warnings - # mix credo --strict - # gleam check - -# ═══════════════════════════════════════════════════════════════════════════════ -# RUN & EXECUTE -# ═══════════════════════════════════════════════════════════════════════════════ - -# Run the application -run *args: build - # PENDING: Replace with your run command - echo "Run not configured yet" - -# Run with verbose output -run-verbose *args: build - # PENDING: Replace with verbose run command - echo "Run not configured yet" - -# Install to user path -install: build-release - @echo "Installing affinescript-vite..." - # PENDING: Replace with your install command - -# ═══════════════════════════════════════════════════════════════════════════════ -# DEPENDENCIES -# ═══════════════════════════════════════════════════════════════════════════════ - -# Install/check all dependencies -deps: - @echo "Checking dependencies..." - # PENDING: Replace with your dependency check - # Examples: - # cargo check - # mix deps.get - # gleam deps download - @echo "All dependencies satisfied" - -# Audit dependencies for vulnerabilities -deps-audit: - @echo "Auditing for vulnerabilities..." - # PENDING: Replace with your audit command - # Examples: - # cargo audit - # mix audit - @command -v trivy >/dev/null && trivy fs --severity HIGH,CRITICAL --quiet . || true - @command -v gitleaks >/dev/null && gitleaks detect --source . --no-git --quiet || true - @echo "Audit complete" - -# ═══════════════════════════════════════════════════════════════════════════════ -# DOCUMENTATION -# ═══════════════════════════════════════════════════════════════════════════════ - -# Generate all documentation -docs: - @mkdir -p docs/generated docs/man - just cookbook - just man - @echo "Documentation generated in docs/" - -# Generate justfile cookbook documentation -cookbook: - #!/usr/bin/env bash - mkdir -p docs - OUTPUT="docs/just-cookbook.adoc" - echo "= affinescript-vite Justfile Cookbook" > "$OUTPUT" - echo ":toc: left" >> "$OUTPUT" - echo ":toclevels: 3" >> "$OUTPUT" - echo "" >> "$OUTPUT" - echo "Generated: $(date -Iseconds)" >> "$OUTPUT" - echo "" >> "$OUTPUT" - echo "== Recipes" >> "$OUTPUT" - echo "" >> "$OUTPUT" - just --list --unsorted | while read -r line; do - if [[ "$line" =~ ^[[:space:]]+([a-z_-]+) ]]; then - recipe="${BASH_REMATCH[1]}" - echo "=== $recipe" >> "$OUTPUT" - echo "" >> "$OUTPUT" - echo "[source,bash]" >> "$OUTPUT" - echo "----" >> "$OUTPUT" - echo "just $recipe" >> "$OUTPUT" - echo "----" >> "$OUTPUT" - echo "" >> "$OUTPUT" - fi - done - echo "Generated: "$OUTPUT"" - -# Generate man page -man: - #!/usr/bin/env bash - mkdir -p docs/man - cat > docs/man/affinescript-vite.1 << EOF - .TH affinescript-vite 1 "$(date +%Y-%m-%d)" "{{version}}" "affinescript-vite Manual" - .SH NAME - affinescript-vite \- RSR-compliant project - .SH SYNOPSIS - .B just - [recipe] [args...] - .SH DESCRIPTION - RSR (Rhodium Standard Repository) project managed with just. - .SH AUTHOR - $(git config user.name 2>/dev/null || echo "Author") <$(git config user.email 2>/dev/null || echo "email")> - EOF - echo "Generated: docs/man/affinescript-vite.1" - -# ═══════════════════════════════════════════════════════════════════════════════ -# CONTAINERS (stapeln ecosystem — Podman + Chainguard Wolfi) -# ═══════════════════════════════════════════════════════════════════════════════ - -# Initialise container templates — substitute placeholders with project values -container-init: - #!/usr/bin/env bash - set -euo pipefail - - if [ ! -d "container" ]; then - echo "Error: container/ directory not found." - echo "This repo may not have been created from rsr-template-repo." - exit 1 - fi - - echo "=== Container Template Initialisation ===" - echo "" - - # Load RSR defaults if available - DEFAULTS="${XDG_CONFIG_HOME:-$HOME/.config}/rsr/defaults" - if [ -f "$DEFAULTS" ]; then - echo "Loading defaults from "$DEFAULTS"" - # shellcheck source=/dev/null - source "$DEFAULTS" - echo "" - fi - - # Prompt for container-specific values - read -rp "Service name (e.g. my-api) [affinescript-vite]: " _SERVICE_NAME - SERVICE_NAME="${_SERVICE_NAME:-affinescript-vite}" - - read -rp "Primary port [8080]: " _PORT - PORT="${_PORT:-8080}" - - read -rp "Container registry [ghcr.io/${OWNER:-hyperpolymath}]: " _REGISTRY - REGISTRY="${_REGISTRY:-ghcr.io/${OWNER:-hyperpolymath}}" - - echo "" - echo " Service: "$SERVICE_NAME"" - echo " Port: "$PORT"" - echo " Registry: "$REGISTRY"" - echo "" - read -rp "Proceed? [Y/n] " CONFIRM - [[ "${CONFIRM:-Y}" =~ ^[Nn] ]] && echo "Aborted." && exit 0 - - echo "" - echo "Replacing container placeholders..." - - # Brace tokens as variables (hex escapes avoid just interpolation) - LB="{{" - RB="}}" - - SED_ARGS=( - -e "s|${LB}SERVICE_NAME${RB}|${SERVICE_NAME}|g" - -e "s|${LB}PORT${RB}|${PORT}|g" - -e "s|${LB}REGISTRY${RB}|${REGISTRY}|g" - ) - - find container/ -type f | while read -r file; do - if file --brief "$file" | grep -qi 'text\|ascii\|utf'; then - sed -i "${SED_ARGS[@]}" "$file" - fi - done - - echo "Container templates initialised." - echo "" - echo "Next steps:" - echo " 1. Edit container/Containerfile — add your build commands" - echo " 2. Edit container/entrypoint.sh — set your application binary" - echo " 3. Review container/compose.toml — adjust services and volumes" - echo " 4. Build: just container-build" - -# Build container image via cerro-torre pipeline -container-build *args: - #!/usr/bin/env bash - if [ -f "container/ct-build.sh" ]; then - cd container && ./ct-build.sh {{args}} - elif [ -f "container/Containerfile" ]; then - podman build -t affinescript-vite:latest -f container/Containerfile . - elif [ -f "Containerfile" ]; then - podman build -t affinescript-vite:latest -f Containerfile . - else - echo "No Containerfile found in container/ or project root" - exit 1 - fi - -# Verify compose configuration -container-verify: - #!/usr/bin/env bash - if [ ! -f "container/compose.toml" ]; then - echo "No container/compose.toml found" - exit 1 - fi - cd container - if command -v selur-compose &>/dev/null; then - selur-compose verify - else - echo "selur-compose not found, falling back to podman compose" - podman compose --file compose.toml config - fi - -# Start container stack -container-up *args: - #!/usr/bin/env bash - if [ ! -f "container/compose.toml" ]; then - echo "No container/compose.toml found" - exit 1 - fi - cd container - if command -v selur-compose &>/dev/null; then - selur-compose up {{args}} - else - podman compose --file compose.toml up {{args}} - fi - -# Stop container stack -container-down: - #!/usr/bin/env bash - cd container 2>/dev/null || { echo "No container/ directory"; exit 1; } - if command -v selur-compose &>/dev/null; then - selur-compose down - else - podman compose --file compose.toml down - fi - -# Sign and verify container bundle (build + pack + sign + verify) -container-sign: - #!/usr/bin/env bash - if [ -f "container/ct-build.sh" ]; then - cd container && ./ct-build.sh - else - echo "No container/ct-build.sh found" - exit 1 - fi - -# Push signed bundle to registry -container-push: - #!/usr/bin/env bash - if [ -f "container/ct-build.sh" ]; then - cd container && ./ct-build.sh --push - else - echo "No container/ct-build.sh found — falling back to podman push" - podman push affinescript-vite:latest - fi - -# Run container interactively (for debugging) -container-run *args: - podman run --rm -it affinescript-vite:latest {{args}} - -# ═══════════════════════════════════════════════════════════════════════════════ -# CI & AUTOMATION -# ═══════════════════════════════════════════════════════════════════════════════ - -# Run full CI pipeline locally -ci: deps quality - @echo "CI pipeline complete!" - -# Install git hooks -install-hooks: - @mkdir -p .git/hooks - @cat > .git/hooks/pre-commit << 'HOOKEOF' - #!/bin/bash - just fmt-check || exit 1 - just lint || exit 1 - just assail || exit 1 - HOOKEOF - @chmod +x .git/hooks/pre-commit - @echo "Git hooks installed" - -# ═══════════════════════════════════════════════════════════════════════════════ -# SECURITY -# ═══════════════════════════════════════════════════════════════════════════════ - -# Run security audit -security: deps-audit - @echo "=== Security Audit ===" - @command -v gitleaks >/dev/null && gitleaks detect --source . --verbose || true - @command -v trivy >/dev/null && trivy fs --severity HIGH,CRITICAL . || true - @echo "Security audit complete" - -# Generate SBOM -sbom: - @mkdir -p docs/security - @command -v syft >/dev/null && syft . -o spdx-json > docs/security/sbom.spdx.json || echo "syft not found" - -# ═══════════════════════════════════════════════════════════════════════════════ -# VALIDATION & COMPLIANCE -# ═══════════════════════════════════════════════════════════════════════════════ - -# Validate RSR compliance -validate-rsr: - #!/usr/bin/env bash - echo "=== RSR Compliance Check ===" - MISSING="" - for f in .editorconfig .gitignore Justfile README.adoc LICENSE 0-AI-MANIFEST.a2ml; do - [ -f "$f" ] || MISSING="$MISSING $f" - done - for f in .machine_readable/STATE.a2ml .machine_readable/META.a2ml .machine_readable/ECOSYSTEM.a2ml .machine_readable/anchors/ANCHOR.a2ml .machine_readable/policies/MAINTENANCE-AXES.a2ml .machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml .machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml; do - [ -f "$f" ] || MISSING="$MISSING $f" - done - for f in docs/legal/EXHIBIT-A-ETHICAL-USE.txt docs/legal/EXHIBIT-B-QUANTUM-SAFE.txt LICENSE; do - [ -f "$f" ] || MISSING="$MISSING $f" - done - for f in src/interface/abi src/interface/ffi src/interface/generated; do - [ -d "$f" ] || MISSING="$MISSING $f" - done - for f in docs/governance/MAINTENANCE-CHECKLIST.adoc docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc; do - [ -f "$f" ] || MISSING="$MISSING $f" - done - if [ -f ".machine_readable/META.a2ml" ]; then - grep -q 'axis-1 = "must > intend > like"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:axis-1" - grep -q 'axis-2 = "corrective > adaptive > perfective"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:axis-2" - grep -q 'axis-3 = "systems > compliance > effects"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:axis-3" - grep -q 'scoping-first = true' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:scoping-first" - grep -q 'idris-unsound-scan = "believe_me/assert_total"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:idris-unsound-scan" - grep -q 'audit-focus = "systems in place, documentation explains actual state, safety/security accounted for, observed effects reviewed"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:audit-focus" - grep -q 'compliance-focus = "seams/compromises/exception register, bounded exceptions, anti-drift checks"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:compliance-focus" - grep -q 'effects-evidence = "benchmark execution/results and maintainer status dialogue/review"' .machine_readable/META.a2ml || MISSING="$MISSING META.a2ml:effects-evidence" - grep -q 'compliance-tooling = "panic-attack"' .machine_readable/policies/MAINTENANCE-AXES.a2ml || MISSING="$MISSING MAINTENANCE-AXES.a2ml:compliance-tooling" - grep -q 'effects-tooling = "ecological checking with sustainabot guidance"' .machine_readable/policies/MAINTENANCE-AXES.a2ml || MISSING="$MISSING MAINTENANCE-AXES.a2ml:effects-tooling" - grep -q 'source-human = "docs/governance/MAINTENANCE-CHECKLIST.adoc"' .machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml || MISSING="$MISSING MAINTENANCE-CHECKLIST.a2ml:source-human" - grep -q 'source-human = "docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc"' .machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml || MISSING="$MISSING SOFTWARE-DEVELOPMENT-APPROACH.a2ml:source-human" - fi - if [ -n "$MISSING" ]; then - echo "MISSING:$MISSING" - exit 1 - fi - echo "RSR compliance: PASS" - -# Validate STATE.a2ml syntax -validate-state: - @if [ -f ".machine_readable/STATE.a2ml" ]; then \ - grep -q '^\[metadata\]' .machine_readable/STATE.a2ml && \ - grep -q 'project\s*=' .machine_readable/STATE.a2ml && \ - echo "STATE.a2ml: valid" || echo "STATE.a2ml: INVALID (missing required sections)"; \ - else \ - echo "No .machine_readable/STATE.a2ml found"; \ - fi - -# Validate AI installation guide completeness (finishbot pre-release check) -validate-ai-install: - #!/usr/bin/env bash - echo "=== AI Installation Guide Check ===" - GUIDE="docs/AI_INSTALLATION_GUIDE.adoc" - README="README.adoc" - ERRORS=0 - - # Check guide exists - if [ ! -f "$GUIDE" ]; then - echo "MISSING: "$GUIDE"" (create from template: docs/AI_INSTALLATION_GUIDE.adoc)" - ERRORS=$((ERRORS + 1)) - else - # Check for unfilled PENDING markers - PENDINGS=$(grep -c '\[PENDING-AI-INSTALL' "$GUIDE" 2>/dev/null || true) - if [ "$PENDINGS" -gt 0 ]; then - echo "INCOMPLETE: "$GUIDE"" has $PENDINGS unfilled [PENDING-AI-INSTALL] markers:" - grep -n '\[PENDING-AI-INSTALL' "$GUIDE" | head -10 - ERRORS=$((ERRORS + 1)) - else - echo "$GUIDE: complete (no PENDING markers)" - fi - - # Check AI implementation section exists - if ! grep -q 'ai-implementation' "$GUIDE" 2>/dev/null; then - echo "MISSING: [[ai-implementation]] anchor in $GUIDE" - ERRORS=$((ERRORS + 1)) - fi - - # Check privacy notice exists - if ! grep -qi 'privacy' "$GUIDE" 2>/dev/null; then - echo "MISSING: Privacy notice in $GUIDE" - ERRORS=$((ERRORS + 1)) - fi - - # Check install commands exist (not just placeholders) - if ! grep -q 'git clone' "$GUIDE" 2>/dev/null; then - echo "WARNING: No git clone command found in $GUIDE -- install commands may be incomplete" - fi - fi - - # Check README has AI install section - if [ -f "$README" ]; then - if ! grep -qi 'AI-Assisted Installation' "$README" 2>/dev/null; then - echo "MISSING: AI-Assisted Installation section in $README" - echo " Copy from docs/AI-INSTALL-README-SECTION.adoc" - ERRORS=$((ERRORS + 1)) - fi - - # Check README for unfilled PENDING markers - README_PENDINGS=$(grep -c '\[PENDING-AI-INSTALL' "$README" 2>/dev/null || true) - if [ "$README_PENDINGS" -gt 0 ]; then - echo "INCOMPLETE: $README has $README_PENDINGS unfilled [PENDING-AI-INSTALL] markers" - ERRORS=$((ERRORS + 1)) - fi - fi - - if [ "$ERRORS" -gt 0 ]; then - echo "" - echo "AI install guide: FAIL ($ERRORS issues)" - exit 1 - fi - echo "AI install guide: PASS" - -# Full validation suite -validate: validate-rsr validate-state validate-ai-install - @echo "All validations passed!" - -# ═══════════════════════════════════════════════════════════════════════════════ -# STATE MANAGEMENT -# ═══════════════════════════════════════════════════════════════════════════════ - -# Update STATE.a2ml timestamp -state-touch: - @if [ -f ".machine_readable/STATE.a2ml" ]; then \ - sed -i 's/last-updated = "[^"]*"/last-updated = "'"$(date +%Y-%m-%d)"'"/' .machine_readable/STATE.a2ml && \ - echo "STATE.a2ml timestamp updated"; \ - fi - -# Show current phase from STATE.a2ml -state-phase: - @grep -oP 'phase\s*=\s*"\K[^"]+' .machine_readable/STATE.a2ml 2>/dev/null | head -1 || echo "unknown" - -# ═══════════════════════════════════════════════════════════════════════════════ -# GUIX & NIX -# ═══════════════════════════════════════════════════════════════════════════════ - -# Enter Guix development shell (primary) -guix-shell: - guix shell -D -f guix.scm - -# Build with Guix -guix-build: - guix build -f guix.scm - -# Enter Nix development shell (fallback) -nix-shell: - @if [ -f "flake.nix" ]; then nix develop; else echo "No flake.nix"; fi - -# ═══════════════════════════════════════════════════════════════════════════════ -# HYBRID AUTOMATION -# ═══════════════════════════════════════════════════════════════════════════════ - -# Run local automation tasks -automate task="all": - #!/usr/bin/env bash - case "{{task}}" in - all) just fmt && just lint && just test && just docs && just state-touch ;; - cleanup) just clean && find . -name "*.orig" -delete && find . -name "*~" -delete ;; - update) just deps && just validate ;; - *) echo "Unknown: {{task}}. Use: all, cleanup, update" && exit 1 ;; - esac - -# ═══════════════════════════════════════════════════════════════════════════════ -# COMBINATORIC MATRIX RECIPES -# ═══════════════════════════════════════════════════════════════════════════════ - -# Build matrix: [debug|release] x [target] x [features] -build-matrix mode="debug" target="" features="": - @echo "Build matrix: mode="{{mode}}" target="{{target}}" features="{{features}}"" - -# Test matrix: [unit|integration|e2e|all] x [verbosity] x [parallel] -test-matrix suite="unit" verbosity="normal" parallel="true": - @echo "Test matrix: suite={{suite}} verbosity={{verbosity}} parallel={{parallel}}" - -# Container matrix: [build|run|push|shell|scan] x [registry] x [tag] -container-matrix action="build" registry="ghcr.io/hyperpolymath" tag="latest": - @echo "Container matrix: action={{action}} registry={{registry}} tag={{tag}}" - -# CI matrix: [lint|test|build|security|all] x [quick|full] -ci-matrix stage="all" depth="quick": - @echo "CI matrix: stage={{stage}} depth={{depth}}" - -# Show all matrix combinations -combinations: - @echo "=== Combinatoric Matrix Recipes ===" - @echo "" - @echo "Build Matrix: just build-matrix [debug|release] [target] [features]" - @echo "Test Matrix: just test-matrix [unit|integration|e2e|all] [verbosity] [parallel]" - @echo "Container: just container-matrix [build|run|push|shell|scan] [registry] [tag]" - @echo "CI Matrix: just ci-matrix [lint|test|build|security|all] [quick|full]" - -# ═══════════════════════════════════════════════════════════════════════════════ -# VERSION CONTROL -# ═══════════════════════════════════════════════════════════════════════════════ - -# Show git status -status: - @git status --short - -# Show recent commits -log count="20": - @git log --oneline -{{count}} - -# Generate CHANGELOG.md with git-cliff -changelog: - @command -v git-cliff >/dev/null || { echo "git-cliff not found — install: cargo install git-cliff"; exit 1; } - git cliff --config .machine_readable/configs/git-cliff/cliff.toml --output CHANGELOG.md - @echo "Generated CHANGELOG.md" - -# Preview changelog for unreleased commits (does not write) -changelog-preview: - @command -v git-cliff >/dev/null || { echo "git-cliff not found — install: cargo install git-cliff"; exit 1; } - git cliff --config .machine_readable/configs/git-cliff/cliff.toml --unreleased --strip header - -# Tag a new release (usage: just release-tag 1.2.3) -release-tag version: - #!/usr/bin/env bash - TAG="v{{version}}" - if git rev-parse "$TAG" >/dev/null 2>&1; then - echo "Tag $TAG already exists" - exit 1 - fi - just changelog - git add CHANGELOG.md - git commit -m "chore(release): prepare $TAG" - git tag -a "$TAG" -m "Release $TAG" - echo "Created tag $TAG — push with: git push origin main --tags" - -# ═══════════════════════════════════════════════════════════════════════════════ -# UTILITIES -# ═══════════════════════════════════════════════════════════════════════════════ - -# Count lines of code -loc: - @find . \( -name "*.rs" -o -name "*.ex" -o -name "*.exs" -o -name "*.res" -o -name "*.gleam" -o -name "*.zig" -o -name "*.idr" -o -name "*.hs" -o -name "*.ncl" -o -name "*.scm" -o -name "*.adb" -o -name "*.ads" \) -not -path './target/*' -not -path './_build/*' 2>/dev/null | xargs -r wc -l 2>/dev/null | tail -1 || echo "0" - -# Show PENDING comments -todos: - @grep -rn "PENDING\|FIXME\|HACK\|XXX" --include="*.rs" --include="*.ex" --include="*.res" --include="*.gleam" --include="*.zig" --include="*.idr" --include="*.hs" . 2>/dev/null || echo "No PENDINGs" - -# Open in editor -edit: - ${EDITOR:-code} . - -# Run high-rigor security assault using panic-attacker -maint-assault: - @./.machine_readable/scripts/maintenance/maint-assault.sh - -# Run panic-attacker pre-commit scan (foundational floor-raise requirement) -assail: - @command -v panic-attack >/dev/null 2>&1 && panic-attack assail . || echo "WARN: panic-attack not found — install from https://github.com/hyperpolymath/panic-attacker" - - -# Self-diagnostic — checks dependencies, permissions, paths -doctor: - @echo "Running diagnostics for rsr-template-repo..." - @echo "Checking required tools..." - @command -v just >/dev/null 2>&1 && echo " [OK] just" || echo " [FAIL] just not found" - @command -v git >/dev/null 2>&1 && echo " [OK] git" || echo " [FAIL] git not found" - @echo "Checking for hardcoded paths..." - @grep -rn '$HOME\|$ECLIPSE_DIR' --include='*.rs' --include='*.ex' --include='*.res' --include='*.gleam' --include='*.sh' . 2>/dev/null | head -5 || echo " [OK] No hardcoded paths" - @echo "Diagnostics complete." - -# Guided tour of key features -tour: - @echo "=== rsr-template-repo Tour ===" - @echo "" - @echo "1. Project structure:" - @ls -la - @echo "" - @echo "2. Available commands: just --list" - @echo "" - @echo "3. Read README.adoc for full overview" - @echo "4. Read EXPLAINME.adoc for architecture decisions" - @echo "5. Run 'just doctor' to check your setup" - @echo "" - @echo "Tour complete! Try 'just --list' to see all available commands." - -# Open feedback channel with diagnostic context -help-me: - @echo "=== rsr-template-repo Help ===" - @echo "Platform: $(uname -s) $(uname -m)" - @echo "Shell: $SHELL" - @echo "" - @echo "To report an issue:" - @echo " https://github.com/hyperpolymath/rsr-template-repo/issues/new" - @echo "" - @echo "Include the output of 'just doctor' in your report." - -# ═══════════════════════════════════════════════════════════════════════════════ -# FORMAL VERIFICATION (PROOFS) -# ═══════════════════════════════════════════════════════════════════════════════ - -# Check all formal proofs (Idris2 + Lean4 + Agda + Coq) -proof-check-all: proof-check-idris2 proof-check-lean4 proof-check-agda proof-check-coq proof-scan-dangerous - @echo "=== All proof checks complete ===" - -# Check Idris2 proofs (ABI, types, dependent type proofs) -proof-check-idris2: - #!/usr/bin/env bash - set -euo pipefail - echo "=== Checking Idris2 proofs ===" - if ! command -v idris2 &>/dev/null; then - echo "SKIP: idris2 not installed" - exit 0 - fi - ERRORS=0 - for f in "$(find verification/proofs/idris2 -name '*.idr' 2>/dev/null)"; do - echo -n " Checking "$f" ... " - if idris2 --check "$f" 2>/dev/null; then - echo "OK" - else - echo "FAIL" - ERRORS=$((ERRORS + 1)) - fi - done - if [ "$ERRORS" -gt 0 ]; then - echo "FAIL: "$ERRORS" Idris2" proof(s) failed" - exit 1 - fi - echo "PASS: All Idris2 proofs verified" - -# Check Lean4 proofs -proof-check-lean4: - #!/usr/bin/env bash - set -euo pipefail - echo "=== Checking Lean4 proofs ===" - if ! command -v lean &>/dev/null; then - echo "SKIP: lean not installed" - exit 0 - fi - ERRORS=0 - for f in "$(find verification/proofs/lean4 -name '*.lean' 2>/dev/null)"; do - echo -n " Checking "$f" ... " - if lean "$f" 2>/dev/null; then - echo "OK" - else - echo "FAIL" - ERRORS=$((ERRORS + 1)) - fi - done - if [ "$ERRORS" -gt 0 ]; then - echo "FAIL: "$ERRORS" Lean4 proof(s) failed" - exit 1 - fi - echo "PASS: All Lean4 proofs verified" - -# Check Agda proofs -proof-check-agda: - #!/usr/bin/env bash - set -euo pipefail - echo "=== Checking Agda proofs ===" - if ! command -v agda &>/dev/null; then - echo "SKIP: agda not installed" - exit 0 - fi - ERRORS=0 - for f in "$(find verification/proofs/agda -name '*.agda' 2>/dev/null)"; do - echo -n " Checking "$f" ... " - if agda --safe "$f" 2>/dev/null; then - echo "OK" - else - echo "FAIL" - ERRORS=$((ERRORS + 1)) - fi - done - if [ "$ERRORS" -gt 0 ]; then - echo "FAIL: "$ERRORS" Agda proof(s) failed" - exit 1 - fi - echo "PASS: All Agda proofs verified" - -# Check Coq proofs -proof-check-coq: - #!/usr/bin/env bash - set -euo pipefail - echo "=== Checking Coq proofs ===" - if ! command -v coqc &>/dev/null; then - echo "SKIP: coqc not installed" - exit 0 - fi - ERRORS=0 - for f in "$(find verification/proofs/coq -name '*.v' 2>/dev/null)"; do - echo -n " Checking "$f" ... " - if coqc "$f" 2>/dev/null; then - echo "OK" - else - echo "FAIL" - ERRORS=$((ERRORS + 1)) - fi - done - if [ "$ERRORS" -gt 0 ]; then - echo "FAIL: "$ERRORS" Coq proof(s) failed" - exit 1 - fi - echo "PASS: All Coq proofs verified" - -# Scan for dangerous patterns in proof files (believe_me, sorry, Admitted, etc.) -proof-scan-dangerous: - #!/usr/bin/env bash - set -euo pipefail - echo "=== Scanning for dangerous patterns in proofs ===" - DANGEROUS=0 - PATTERNS="believe_me|assert_total|postulate|sorry|Admitted|unsafeCoerce|Obj\.magic" - for f in "$(find verification/proofs -name '*.idr' -o -name '*.lean' -o -name '*.agda' -o -name '*.v' 2>/dev/null)"; do - MATCHES=$(grep -nE "$PATTERNS" "$f" 2>/dev/null || true) - if [ -n "$MATCHES" ]; then - echo " DANGEROUS: "$f"" - echo "$MATCHES" | sed 's/^/ /' - DANGEROUS=$((DANGEROUS + 1)) - fi - done - if [ "$DANGEROUS" -gt 0 ]; then - echo "FAIL: $DANGEROUS file(s) contain dangerous patterns" - exit 1 - fi - echo "PASS: No dangerous patterns found in proofs" - -# Show proof status summary -proof-status: - #!/usr/bin/env bash - echo "=== Proof Status ===" - echo "" - echo "Idris2: $(find verification/proofs/idris2 -name '*.idr' 2>/dev/null | wc -l) files" - echo "Lean4: $(find verification/proofs/lean4 -name '*.lean' 2>/dev/null | wc -l) files" - echo "Agda: $(find verification/proofs/agda -name '*.agda' 2>/dev/null | wc -l) files" - echo "Coq: $(find verification/proofs/coq -name '*.v' 2>/dev/null | wc -l) files" - echo "TLA+: $(find verification/proofs/tlaplus -name '*.tla' 2>/dev/null | wc -l) files" - echo "" - if [ -f PROOF-STATUS.md ]; then - grep -E "^\| \*\*Total\*\*" PROOF-STATUS.md 2>/dev/null || echo "(No summary row in PROOF-STATUS.md)" - else - echo "(No PROOF-STATUS.md found)" - fi diff --git a/road-skate/LICENSE b/road-skate/LICENSE deleted file mode 100644 index 4a7f1aa6..00000000 --- a/road-skate/LICENSE +++ /dev/null @@ -1,408 +0,0 @@ -SPDX-License-Identifier: MPL-2.0 -SPDX-FileCopyrightText: 2024-2026 Jonathan D.A. Jewell (hyperpolymath) - ------------------------------------------------------------------------- -PREFERRED LICENCE: Palimpsest License (MPL-2.0) ------------------------------------------------------------------------- - -This work is governed by the Palimpsest License (MPL-2.0) as -its primary intended licence. MPL-2.0 extends the Mozilla -Public License 2.0 (MPL-2.0) with additional provisions for ethical use, -post-quantum cryptographic provenance, and emotional lineage protection. -The canonical PMPL text and stewardship information are maintained at: - https://github.com/hyperpolymath/palimpsest-license - ------------------------------------------------------------------------- -FALLBACK LICENCE: Mozilla Public License 2.0 (MPL-2.0) ------------------------------------------------------------------------- - -Because MPL-2.0 is not yet recognised by the Open Source -Initiative (OSI) or equivalent bodies, this work also carries MPL-2.0 -as its legally-recognised fallback licence. - -In any jurisdiction, platform, or context where MPL-2.0 is -not accepted as a valid licence, or where an OSI-approved licence is -required, this work is instead governed by the Mozilla Public License, -Version 2.0. - -MPL-2.0 was chosen as the fallback because MPL-2.0 is -explicitly based on and extends MPL-2.0; it is therefore the closest -recognised equivalent to the intended licence. - -The complete MPL-2.0 text follows below. - ------------------------------------------------------------------------- - -Mozilla Public License Version 2.0 -================================== - -1. Definitions --------------- - -1.1. "Contributor" - means each individual or legal entity that creates, contributes to - the creation of, or owns Covered Software. - -1.2. "Contributor Version" - means the combination of the Contributions of others (if any) used - by a Contributor and that particular Contributor's Contribution. - -1.3. "Contribution" - means Covered Software of a particular Contributor. - -1.4. "Covered Software" - means Source Code Form to which the initial Contributor has attached - the notice in Exhibit A, the Executable Form of such Source Code - Form, and Modifications of such Source Code Form, in each case - including portions thereof. - -1.5. "Incompatible With Secondary Licenses" - means - - (a) that the initial Contributor has attached the notice described - in Exhibit B to the Covered Software; or - - (b) that the Covered Software was made available under the terms of - version 1.1 or earlier of the License, but not also under the - terms of a Secondary License. - -1.6. "Executable Form" - means any form of the work other than Source Code Form. - -1.7. "Larger Work" - means a work that combines Covered Software with other material, in - a separate file or files, that is not Covered Software. - -1.8. "License" - means this document. - -1.9. "Licensable" - means having the right to grant, to the maximum extent possible, - whether at the time of the initial grant or subsequently, any and - all of the rights conveyed by this License. - -1.10. "Modifications" - means any of the following: - - (a) any file in Source Code Form that results from an addition to, - deletion from, or modification of the contents of Covered - Software; or - - (b) any new file in Source Code Form that contains any Covered - Software. - -1.11. "Patent Claims" of a Contributor - means any patent claim(s), including without limitation, method, - process, and apparatus claims, in any patent Licensable by such - Contributor that would be infringed, but for the grant of the - License, by the making, using, selling, offering for sale, having - made, import, or transfer of either its Contributions or its - Contributor Version. - -1.12. "Secondary License" - means either the GNU General Public License, Version 2.0, the GNU - Lesser General Public License, Version 2.1, the GNU Affero General - Public License, Version 3.0, or any later versions of those - licenses. - -1.13. "Source Code Form" - means the form of the work preferred for making modifications. - -1.14. "You" (or "Your") - means an individual or a legal entity exercising rights under - this License. For legal entities, "You" includes any entity that - controls, is controlled by, or is under common control with You. - For the purposes of this definition, "control" means (a) the power, - direct or indirect, to cause the direction or management of such - entity, whether by contract or otherwise, or (b) ownership of more - than fifty percent (50%) of the outstanding shares or beneficial - ownership of such entity. - -2. License Grants and Conditions ---------------------------------- - -2.1. Grants - -Each Contributor hereby grants You a world-wide, royalty-free, -non-exclusive license: - -(a) under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or - as part of a Larger Work; and - -(b) under Patent Claims of such Contributor to make, use, sell, offer - for sale, have made, import, and otherwise transfer either its - Contributions or its Contributor Version. - -2.2. Effective Date - -The licenses granted in Section 2.1 with respect to any Contribution -become effective for each Contribution on the date the Contributor first -distributes such Contribution. - -2.3. Limitations on Grant Scope - -The licenses granted in this Section 2 are the only rights granted -under this License. No additional rights or licenses will be implied -from the distribution or licensing of Covered Software under this -License. Notwithstanding Section 2.1(b) above, no patent license is -granted by a Contributor: - -(a) for any code that a Contributor has removed from Covered Software; - or - -(b) for infringements caused by: (i) Your and any other third party's - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - -(c) under Patent Claims infringed by Covered Software in the absence - of its Contributions. - -This License does not grant any rights in the trademarks, service -marks, or logos of any Contributor (except as may be necessary to -comply with the notice requirements in Section 3.4). - -2.4. Subsequent Licenses - -No Contributor makes additional grants as a result of Your choice to -distribute the Covered Software under a subsequent version of this -License (see Section 10.2) or under the terms of a Secondary License -(if permitted under the terms of Section 3.3). - -2.5. Representation - -Each Contributor represents that the Contributor believes its -Contributions are its original creation(s) or it has sufficient rights -to grant the rights to its Contributions conveyed by this License. - -2.6. Fair Use - -This License is not intended to limit any rights You have under -applicable copyright doctrines of fair use, fair dealing, or other -equivalents. - -2.7. Conditions - -Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses -granted in Section 2.1. - -3. Responsibilities --------------------- - -3.1. Distribution of Source Form - -All distribution of Covered Software in Source Code Form, including any -Modifications that You create or to which You contribute, must be under -the terms of this License. You must inform recipients that the Source -Code Form of the Covered Software is governed by the terms of this -License, and how they can obtain a copy of this License. You may not -attempt to alter or restrict the recipients' rights in the Source Code -Form. - -3.2. Distribution of Executable Form - -If You distribute Covered Software in Executable Form then: - -(a) such Covered Software must also be made available in Source Code - Form, as described in Section 3.1, and You must inform recipients - of the Executable Form how they can obtain a copy of such Source - Code Form by reasonable means in a timely manner, at a charge no - more than the cost of distribution to the recipient; and - -(b) You may distribute such Executable Form under the terms of this - License, or sublicense it under different terms, provided that the - license for the Executable Form does not attempt to limit or alter - the recipients' rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - -You may create and distribute a Larger Work under terms of Your choice, -provided that You also comply with the requirements of this License for -the Covered Software. If the Larger Work is a combination of Covered -Software with a work governed by one or more Secondary Licenses, and -the Covered Software is not Incompatible With Secondary Licenses, this -License permits You to additionally distribute such Covered Software -under the terms of such Secondary License(s), so that the recipient of -the Larger Work may, at their option, further distribute the Covered -Software under the terms of either this License or such Secondary -License(s). - -3.4. Notices - -You may not remove or alter the substance of any license notices -(including copyright notices, patent notices, disclaimers of warranty, -or limitations of liability) contained within the Source Code Form of -the Covered Software, except that You may alter any license notices to -the extent required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - -You may choose to offer, and to charge a fee for, warranty, support, -indemnity or liability obligations to one or more recipients of -Covered Software. However, You may do so only on Your own behalf, and -not on behalf of any Contributor. You must make it absolutely clear -that any such warranty, support, indemnity, or liability obligation is -offered by You alone, and You hereby agree to indemnify every -Contributor for any liability incurred by such Contributor as a result -of warranty, support, indemnity or liability terms You offer. You may -include additional disclaimers of warranty and limitations of liability -specific to any jurisdiction. - -4. Inability to Comply Due to Statute or Regulation ------------------------------------------------------ - -If it is impossible for You to comply with any of the terms of this -License with respect to some or all of the Covered Software due to -statute, judicial order, or regulation then You must: (a) comply with -the terms of this License to the maximum extent possible; and (b) -describe the limitations and the code they affect. Such description -must be placed in a text file included with all distributions of the -Covered Software under this License. Except to the extent prohibited -by statute or regulation, such description must be sufficiently -detailed for a recipient of ordinary skill to be able to understand it. - -5. Termination --------------- - -5.1. The rights granted under this License will terminate automatically -if You fail to comply with any of its terms. However, if You become -compliant, then the rights granted under this License from a particular -Contributor are reinstated (a) provisionally, unless and until such -Contributor explicitly and finally terminates Your grants, and (b) on -an ongoing basis, if such Contributor fails to notify You of the -non-compliance by some reasonable means prior to 60 days after You have -come back into compliance. Moreover, Your grants from a particular -Contributor are reinstated on an ongoing basis if such Contributor -notifies You of the non-compliance by some reasonable means, this is -the first time You have received notice of non-compliance with this -License from such Contributor, and You become compliant prior to 30 -days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a -patent infringement claim (excluding declaratory judgment actions, -counter-claims, and cross-claims) alleging that a Contributor Version -directly or indirectly infringes any patent, then the rights granted to -You by any and all Contributors for the Covered Software under Section -2.1 of this License shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all -end user license agreements (excluding distributors and resellers) -which have been validly granted by You or Your distributors under this -License prior to termination shall survive termination. - -************************************************************************ -* * -* 6. Disclaimer of Warranty * -* ------------------------- * -* * -* Covered Software is provided under this License on an "as is" * -* basis, without warranty of any kind, either expressed, implied, or * -* statutory, including, without limitation, warranties that the * -* Covered Software is free of defects, merchantable, fit for a * -* particular purpose or non-infringing. The entire risk as to the * -* quality and performance of the Covered Software is with You. * -* Should any Covered Software prove defective in any respect, You * -* (not any Contributor) assume the cost of any necessary servicing, * -* repair, or correction. This disclaimer of warranty constitutes an * -* essential part of this License. No use of any Covered Software is * -* authorized under this License except under this disclaimer. * -* * -************************************************************************ - -************************************************************************ -* * -* 7. Limitation of Liability * -* -------------------------- * -* * -* Under no circumstances and under no legal theory, whether tort * -* (including negligence), contract, or otherwise, shall any * -* Contributor, or anyone who distributes Covered Software as * -* permitted above, be liable to You for any direct, indirect, * -* special, incidental, or consequential damages of any character * -* including, without limitation, damages for lost profits, loss of * -* goodwill, work stoppage, computer failure or malfunction, or any * -* and all other commercial damages or losses, even if such party * -* shall have been informed of the possibility of such damages. This * -* limitation of liability shall not apply to liability for death or * -* personal injury resulting from such party's negligence to the * -* extent applicable law prohibits such limitation. Some * -* jurisdictions do not allow the exclusion or limitation of * -* incidental or consequential damages, so this exclusion and * -* limitation may not apply to You. * -* * -************************************************************************ - -8. Litigation -------------- - -Any litigation relating to this License may be brought only in the -courts of a jurisdiction where the defendant maintains its principal -place of business and such litigation shall be governed by laws of that -jurisdiction, without reference to its conflict-of-law provisions. -Nothing in this Section shall prevent a party's ability to bring -cross-claims or counter-claims. - -9. Miscellaneous ------------------ - -This License represents the complete agreement concerning the subject -matter hereof. If any provision of this License is held to be -unenforceable, such provision shall be reformed only to the extent -necessary to make it enforceable. Any law or regulation which provides -that the language of a contract shall be construed against the drafter -shall not be used to construe this License against a Contributor. - -10. Versions of the License ----------------------------- - -10.1. New Versions - -Mozilla Foundation is the license steward. Except as provided in -Section 10.3, no one other than the license steward has the right to -modify or publish new versions of this License. Each version will be -given a distinguishing version number. - -10.2. Effect of New Versions - -You may distribute the Covered Software under the terms of the version -of the License under which You originally received the Covered Software, -or under the terms of any subsequent version published by the license -steward. - -10.3. Modified Versions - -If you create software not governed by this License, and you want to -create a new license for such software, you may create and use a -modified version of this License if you rename the license and remove -any references to the name of the license steward (except to note that -such modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary -Licenses - -If You choose to distribute Source Code Form that is Incompatible With -Secondary Licenses under the terms of this version of the License, the -notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice -------------------------------------------- - - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular -file, then You may include the notice in a location (such as a LICENSE -file in a relevant directory) where a recipient would be likely to -look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - "Incompatible With Secondary Licenses" Notice ----------------------------------------------------------- - - This Source Code Form is "Incompatible With Secondary Licenses", as - defined by the Mozilla Public License, v. 2.0. diff --git a/road-skate/QUICKSTART-DEV.adoc b/road-skate/QUICKSTART-DEV.adoc deleted file mode 100644 index 511a925b..00000000 --- a/road-skate/QUICKSTART-DEV.adoc +++ /dev/null @@ -1,111 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Template: QUICKSTART-DEV.adoc — clone → build → test → PR -// Replace rsr-template-repo, {{BUILD_CMD}}, {{TEST_CMD}}, {{LANG_STACK}} with actuals -= rsr-template-repo — Quick Start for Developers -:toc: -:toclevels: 2 - -== Tech Stack - -{{LANG_STACK}} - -== Set Up Development Environment - -=== Option A: Guix (preferred) - -[source,bash] ----- -guix shell ----- - -=== Option B: Nix (fallback) - -[source,bash] ----- -nix develop ----- - -=== Option C: Manual - -[source,bash] ----- -git clone https://github.com/hyperpolymath/rsr-template-repo.git -cd rsr-template-repo -just setup-dev ----- - -== Build - -[source,bash] ----- -{{BUILD_CMD}} ----- - -== Test - -[source,bash] ----- -{{TEST_CMD}} ----- - -== Project Structure - -[source] ----- -rsr-template-repo/ -├── src/ # Source code -├── src/abi/ # Idris2 ABI definitions (if applicable) -├── ffi/zig/ # Zig FFI bridge (if applicable) -├── tests/ # Test suite -├── docs/ # Documentation -├── .machine_readable/ # Checkpoint files (STATE, META, ECOSYSTEM) -├── Justfile # Task runner recipes -├── guix.scm # Guix environment -├── flake.nix # Nix environment (fallback) -└── 0-AI-MANIFEST.a2ml # AI agent entry point ----- - -== Key Recipes - -[source,bash] ----- -just build # Build the project -just test # Run tests -just doctor # Self-diagnostic -just lint # Lint and format -just panic-scan # Security scan via panic-attacker -just tour # Guided tour of the codebase ----- - -== Before Submitting a PR - -[source,bash] ----- -just lint # Format and lint -just test # All tests pass -just panic-scan # No new security issues ----- - -== Contractile Invariants - -Read `.machine_readable/MUST.contractile` before making changes. -Key invariants that must never be violated: - -{{MUST_INVARIANTS}} - -== LLM/AI Agent Development - -If using an AI assistant, load the warmup context first: - -[source,bash] ----- -just llm-context # Outputs role-appropriate context ----- - -Or read `0-AI-MANIFEST.a2ml` and `.claude/CLAUDE.md` directly. - -== Get Help - -* **Architecture**: link:EXPLAINME.adoc[EXPLAINME.adoc] -* **Wiki**: https://github.com/hyperpolymath/rsr-template-repo/wiki -* **Report issue**: `just help-me` diff --git a/road-skate/QUICKSTART-MAINTAINER.adoc b/road-skate/QUICKSTART-MAINTAINER.adoc deleted file mode 100644 index 3424f2db..00000000 --- a/road-skate/QUICKSTART-MAINTAINER.adoc +++ /dev/null @@ -1,129 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Template: QUICKSTART-MAINTAINER.adoc — packaging, deploying, and maintaining -// Replace rsr-template-repo, {{PACKAGE_NAME}}, {{DEPS}} with actuals -= rsr-template-repo — Quick Start for Platform Maintainers -:toc: -:toclevels: 2 - -== Overview - -This guide covers packaging, deploying, and maintaining rsr-template-repo for -distribution on your platform. - -== Runtime Dependencies - -{{DEPS}} - -== Build from Source - -[source,bash] ----- -git clone https://github.com/hyperpolymath/rsr-template-repo.git -cd rsr-template-repo -just build-release ----- - -Output: `{{BUILD_OUTPUT_PATH}}` - -== Packaging - -=== Guix - -[source,bash] ----- -guix build -f guix.scm ----- - -=== Nix - -[source,bash] ----- -nix build ----- - -=== Container (Stapeln) - -[source,bash] ----- -just stapeln-export # Generates Containerfile -podman build -t rsr-template-repo . ----- - -=== Manual Package - -[source,bash] ----- -just install --prefix=/usr/local ----- - -Files installed: - -[cols="1,2"] -|=== -| Path | Contents - -| `$PREFIX/bin/` -| Executables - -| `$PREFIX/share/{{PACKAGE_NAME}}/` -| Data files, assets - -| `$PREFIX/share/doc/{{PACKAGE_NAME}}/` -| Documentation - -| `$PREFIX/share/applications/` -| .desktop file (Linux, if GUI) - -| `$PREFIX/share/man/man1/` -| Man pages -|=== - -== Configuration - -Default config location: `$XDG_CONFIG_HOME/{{PACKAGE_NAME}}/config.toml` - -Fallback: `$HOME/.config/{{PACKAGE_NAME}}/config.toml` - -== Health Checks - -[source,bash] ----- -just doctor # Full diagnostic -just run --version # Version check -just run --selftest # Built-in self-test ----- - -== Updating - -[source,bash] ----- -git pull -just build-release -just install --prefix=/usr/local ----- - -Or via OPSM: `opsm update {{PACKAGE_NAME}}` - -== Security Notes - -* License: MPL-2.0 (Palimpsest License) -* All dependencies SHA-pinned -* `panic-attacker` scan results: link:INSTALL-SECURITY-REPORT.adoc[] -* OpenSSF Scorecard: see badge in README - -== Multi-Instance Deployment - -For deploying multiple instances (e.g., different users or tenants): - -[source,bash] ----- -just install --prefix=/opt/{{PACKAGE_NAME}}-instance1 --config=/etc/{{PACKAGE_NAME}}/instance1.toml -just install --prefix=/opt/{{PACKAGE_NAME}}-instance2 --config=/etc/{{PACKAGE_NAME}}/instance2.toml ----- - -Each instance has isolated config, data, and logs. - -== Reporting Issues - -* Upstream: https://github.com/hyperpolymath/rsr-template-repo/issues -* With diagnostic: `just help-me` (pre-fills context) diff --git a/road-skate/QUICKSTART-USER.adoc b/road-skate/QUICKSTART-USER.adoc deleted file mode 100644 index c85eabee..00000000 --- a/road-skate/QUICKSTART-USER.adoc +++ /dev/null @@ -1,124 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Template: QUICKSTART-USER.adoc — 5-minute path to working software -// Replace rsr-template-repo, Rsr Template Repo — See README.adoc for details., just run, Rsr Template Repo started successfully. with actuals -= rsr-template-repo — Quick Start for Users -:toc: -:toclevels: 2 - -== What is rsr-template-repo? - -Rsr Template Repo — See README.adoc for details. - -== Prerequisites - -Before you begin, ensure you have: - -* **just** — task runner (https://github.com/casey/just[install guide]) -* Platform-specific requirements listed below - -[cols="1,3"] -|=== -| Platform | Additional Requirements - -| Linux -| See README.adoc - -| macOS -| See README.adoc - -| Windows -| See README.adoc -|=== - -== Install - -=== Option 1: Standard Install (recommended) - -[source,bash] ----- -# Clone and set up -git clone https://github.com/hyperpolymath/rsr-template-repo.git -cd rsr-template-repo -just setup ----- - -The setup script will: - -* Detect your platform and shell -* Install missing dependencies (with your permission) -* Configure the application -* Offer install location choices -* Run a self-diagnostic to verify everything works - -=== Option 2: Container (via Stapeln) - -[source,bash] ----- -just stapeln-run ----- - -=== Option 3: Portable (no system changes) - -[source,bash] ----- -just install --portable --prefix=./rsr-template-repo-portable ----- - -== First Run - -[source,bash] ----- -just run ----- - -Expected output: - -[source] ----- -Rsr Template Repo started successfully. ----- - -== Self-Diagnostic - -If something isn't working: - -[source,bash] ----- -just doctor ----- - -This checks all dependencies, permissions, paths, and connectivity. -If it finds issues, it will suggest fixes. - -To attempt automatic repair: - -[source,bash] ----- -just heal ----- - -== Get Help - -* **In-app**: `just run --help` -* **Guided tour**: `just tour` -* **Report a problem**: `just help-me` (pre-fills diagnostic context) -* **Wiki**: https://github.com/hyperpolymath/rsr-template-repo/wiki - -== Uninstall - -[source,bash] ----- -just uninstall ----- - -You will be asked: - -1. Which uninstall tier (Bennett reversible, parameter-based, standard, or secure) -2. Whether to include or exclude your data -3. Whether to clear caches and LLM models - -== Next Steps - -* Read the link:README.adoc[README] for full feature overview -* Read the link:EXPLAINME.adoc[EXPLAINME] for architecture and design decisions -* Try `just tour` for a guided walkthrough diff --git a/road-skate/README.adoc b/road-skate/README.adoc deleted file mode 100644 index 726f9d8b..00000000 --- a/road-skate/README.adoc +++ /dev/null @@ -1,94 +0,0 @@ -= AffineScript-Vite -:toc: macro -:toclevels: 3 -:icons: font - -image:https://img.shields.io/badge/License-AGPL--3.0-blue.svg[License: AGPL-3.0] -image:https://img.shields.io/badge/CRG-C-yellow.svg?style=flat-square[Component Readiness Grade: C,link="https://github.com/hyperpolymath/standards/tree/main/component-readiness-grades"] -image:https://img.shields.io/badge/Vite-Plugin-orange.svg[Vite Plugin] -image:https://img.shields.io/badge/Language-AffineScript-red.svg[AffineScript] - -**Bring the power of AffineScript to your Vite-powered frontend.** - -AffineScript-Vite is the official Vite plugin for integrating link:https://github.com/hyperpolymath/nextgen-languages/tree/main/affinescript[AffineScript] into your web applications. It handles the compilation of `.as` and `.affine` files into optimized WebAssembly and JavaScript, enabling near-instant Hot Module Replacement (HMR) for your game logic. - -== Why AffineScript with Vite? - -Vite provides the fastest developer experience for the web. AffineScript provides the most correct developer experience for game logic. Together, they enable a "Fast & Safe" workflow: - -* ✅ **Near-Instant HMR**: Changes to your `.as` files are compiled and reloaded in milliseconds. -* ✅ **Type-Safe Frontend**: Catch protocol bugs, resource leaks, and invalid state transitions before they hit the browser. -* ✅ **Optimized WASM**: Leverage AffineScript's native WASM backend for high-performance game loops. -* ✅ **Zero Configuration**: Sensible defaults for the hyperpolymath ecosystem (Gossamer, Burble). - -== Installation - -[source,bash] ----- -# Using Deno (Recommended) -deno add npm:affinescript-vite - -# Using Bun -bun add affinescript-vite - -# Using NPM -npm install affinescript-vite ----- - -== Usage - -Add the plugin to your `vite.config.js`: - -[source,javascript] ----- -import { defineConfig } from 'vite'; -import affinePlugin from 'affinescript-vite'; - -export default defineConfig({ - plugins: [ - affinePlugin({ - // Optional: path to your affinescript compiler binary - compilerPath: 'affinescript' - }) - ] -}); ----- - -Then import your AffineScript files directly in your JavaScript or ReScript: - -[source,javascript] ----- -import gameLogic from './logic.as'; - -// gameLogic is now available as a WASM module or JS bridge -gameLogic.init(); ----- - -== Configuration Options - -[cols="1,1,2"] -|=== -|Option |Default |Description - -|`compilerPath` -|`'affinescript'` -|The path to the AffineScript compiler executable. - -|`wasm` -|`true` -|Whether to compile to WebAssembly (true) or JavaScript (false). - -|`strict` -|`true` -|Enforce strict affine and quantity checks during dev. -|=== - -== License - -This project is licensed under **AGPL-3.0-or-later**. - -== See Also - -* link:ROADMAP.adoc[Roadmap] -* link:https://github.com/hyperpolymath/nextgen-languages/tree/main/affinescript[AffineScript Language] -* link:https://github.com/hyperpolymath/gossamer[Gossamer Desktop Shell] diff --git a/road-skate/ROADMAP.adoc b/road-skate/ROADMAP.adoc deleted file mode 100644 index e69071af..00000000 --- a/road-skate/ROADMAP.adoc +++ /dev/null @@ -1,27 +0,0 @@ -= AffineScript-Vite Roadmap -:toc: macro -:toclevels: 2 - -== Phase 1: Foundation (Current) -- [x] Basic Vite plugin structure -- [x] Handle `.as` and `.affine` file extensions -- [x] Deno 2.0 runtime support -- [x] Initial GitHub repository setup - -== Phase 2: Compiler Integration (Q2 2026) -- [ ] Direct invocation of `affinescript` OCaml compiler -- [ ] WASM output bundling for browser consumption -- [ ] JavaScript bridge generation for game logic -- [ ] Source map support for `.as` files - -== Phase 3: Developer Experience (Q3 2026) -- [ ] Advanced HMR (Hot Module Replacement) with state preservation -- [ ] In-browser error reporting and diagnostic overlays -- [ ] Integration with `rescript-vite` for hybrid projects -- [ ] Starter templates for Gossamer and Burble - -== Phase 4: Optimization & Ecosystem (Q4 2026) -- [ ] Tree-shaking for AffineScript standard library -- [ ] Optimized WASM delivery via CDN/Subresource Integrity -- [ ] Support for custom algebraic effect handlers in Vite dev server -- [ ] Community-driven plugin hooks for game asset management diff --git a/road-skate/benches/template_bench.sh b/road-skate/benches/template_bench.sh deleted file mode 100755 index 20fdf3ce..00000000 --- a/road-skate/benches/template_bench.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -euo pipefail -REPO_ROOT="${1:-.}" -echo "--- Benchmarking ---" -START=$(date +%s%N) -bash scripts/validate-rsr.sh "$REPO_ROOT" > /dev/null -END=$(date +%s%N) -DIFF=$(( (END - START) / 1000000 )) -echo "Validation: ${DIFF}ms" -echo "--- Done ---" diff --git a/road-skate/container/.gatekeeper.yaml b/road-skate/container/.gatekeeper.yaml deleted file mode 100644 index d1ad1a36..00000000 --- a/road-skate/container/.gatekeeper.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# Svalinn gatekeeper policy for AffineScript-Vite -# -# Controls which operations are permitted through the edge gateway. -# This template provides moderate security defaults — not wide-open test -# mode, but not production-hardened either. Tighten the values below -# before deploying to production. -# -# See: stapeln/container-stack/svalinn/ - -version: "1.0" - -# ============================================================================ -# Authentication -# ============================================================================ -# -# Define which endpoints require authentication and at what level. - -auth: - # Public endpoints — no authentication required. - # Health and readiness probes must always be public so that - # orchestrators (selur, Podman, k8s) can check service status. - public: - - path: "/health" - methods: ["GET"] - - path: "/ready" - methods: ["GET"] - - path: "/metrics" - methods: ["GET"] - - # Endpoints requiring JWT or OAuth2 authentication. - # Svalinn validates the token before forwarding the request. - authenticated: - - path: "/api/v1/*" - methods: ["GET", "POST", "PUT", "DELETE"] - -# ============================================================================ -# Rate Limiting -# ============================================================================ -# -# Protects backend services from overload. Values here are moderate -# defaults — adjust based on your service capacity. - -rate_limits: - # Global limit: applied to all authenticated clients. - global: - requests_per_second: 500 - burst: 1000 - - # Write operations: stricter limit to protect data stores. - writes: - paths: ["/api/v1/*"] - methods: ["POST", "PUT", "DELETE"] - requests_per_second: 100 - burst: 200 - -# ============================================================================ -# Container Trust -# ============================================================================ -# -# Svalinn verifies that all .ctp bundles in the stack are signed by -# trusted keys and carry the required attestations. - -trust: - # Only accept .ctp bundles signed by these keys. - trusted_signers: - - key_id: "{{SERVICE_NAME}}-release" - algorithm: "Ed25519" - public_key_file: "/etc/svalinn/keys/{{SERVICE_NAME}}-release.pub" - - # Require these attestations on all .ctp bundles. - required_attestations: - - "source-signature" - - "sbom-complete" - - # Reject unsigned or untrusted images. - reject_unsigned: true - -# ============================================================================ -# Request Validation -# ============================================================================ -# -# Input validation at the gateway layer — catches malformed requests -# before they reach the application. - -validation: - # Maximum request body size. - max_body_size: "8MB" - - # Reject requests with NaN or Infinity in numeric fields. - reject_nan_inf: true - - # Maximum result limit per list/search query. - max_result_limit: 500 - -# ============================================================================ -# CORS -# ============================================================================ -# -# Cross-Origin Resource Sharing policy. The defaults below allow all -# origins — restrict to your frontend domain(s) in production. - -cors: - allow_origins: ["*"] - allow_methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"] - allow_headers: ["Content-Type", "Authorization"] - max_age: 3600 - -# ============================================================================ -# Logging -# ============================================================================ -# -# Structured logging for svalinn itself. Audit paths log all requests -# (including body hashes) for post-incident investigation. - -logging: - format: "json" - level: "info" - # Log all write operations for audit trail. - audit_paths: - - "/api/v1/*" diff --git a/road-skate/container/0.1-AI-MANIFEST.a2ml b/road-skate/container/0.1-AI-MANIFEST.a2ml deleted file mode 100644 index ccb5bc51..00000000 --- a/road-skate/container/0.1-AI-MANIFEST.a2ml +++ /dev/null @@ -1,143 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "container-templates" -version: "1.0.0" -context: - - "https://a2ml.org/ns/v2" - - "https://stapeln.dev/ns/v1" - ---- -### [AI_MANIFEST] -description: | - Container templates for the stapeln container ecosystem. This directory - provides Podman-Chainguard-stapeln templates that are customised via - `just container-init` or `just init` during project bootstrap. - - All files use {{PLACEHOLDER}} tokens that are substituted with project- - specific values during initialisation. - -purpose: | - Provide a complete, security-first container deployment story for any - RSR-compliant repository. The templates cover the full lifecycle: - build, sign, verify, deploy, monitor, and govern. - -canonical_locations: - compose: "container/compose.toml" - containerfile: "container/Containerfile" - manifest: "container/manifest.toml" - gatekeeper: "container/.gatekeeper.yaml" - build_pipeline: "container/ct-build.sh" - entrypoint: "container/entrypoint.sh" - monitoring: "container/vordr.toml" - deployment: "container/deploy.k9.ncl" - example: "container/compose.example.toml" - ---- -### [FILE_RELATIONSHIPS] -files: - - name: "compose.toml" - role: "Orchestration" - description: | - selur-compose stack definition. Declares services, volumes, networks, - and health checks. References the Containerfile for image builds and - .gatekeeper.yaml for svalinn policy. - depends_on: ["Containerfile", ".gatekeeper.yaml"] - - - name: "Containerfile" - role: "Image Build" - description: | - Multi-stage OCI container build. Stage 1 compiles the application on - wolfi-base; Stage 2 copies the binary into a minimal runtime image. - Copies entrypoint.sh, .gatekeeper.yaml, and manifest.toml into the - final image. - depends_on: ["entrypoint.sh", ".gatekeeper.yaml", "manifest.toml"] - - - name: "manifest.toml" - role: "Bundle Metadata" - description: | - Cerro-torre .ctp bundle manifest. Describes provenance, dependencies, - attestations, and runtime security profile. Used by `ct pack` and - `ct verify`. - depends_on: [] - - - name: ".gatekeeper.yaml" - role: "Gateway Policy" - description: | - Svalinn edge gateway policy. Controls authentication, rate limiting, - container trust, request validation, CORS, and audit logging. - depends_on: [] - - - name: "ct-build.sh" - role: "Build Pipeline" - description: | - Shell script implementing the 5-stage pipeline: build (Podman), - pack (cerro-torre .ctp), sign (Ed25519), verify, push (optional). - Degrades gracefully when cerro-torre tools are not installed. - depends_on: ["Containerfile", "manifest.toml"] - - - name: "entrypoint.sh" - role: "Container Entrypoint" - description: | - Startup script with signal handling (SIGTERM, SIGINT), logging, and - exec into the main application process. - depends_on: [] - - - name: "vordr.toml" - role: "Runtime Monitoring" - description: | - Vordr monitoring configuration. Health endpoint probing, crash - detection, resource thresholds, and structured log output. - depends_on: [] - - - name: "deploy.k9.ncl" - role: "Deployment Component" - description: | - k9-svc deployment specification at Hunt trust level. Full pedigree - (L1-L5), environment configs, container config, and rolling - deployment strategy. - depends_on: ["compose.toml", "ct-build.sh"] - - - name: "compose.example.toml" - role: "Example" - description: | - Fully-commented multi-service example (Rust API + Elixir worker + - svalinn gateway). Copy to compose.toml and customise. - depends_on: [] - ---- -### [STAPELN_ECOSYSTEM] -overview: | - The stapeln container ecosystem comprises six tools: - - selur — Container orchestration with zero-copy IPC. Reads compose.toml. - cerro-torre — Verified container packaging (.ctp bundles), Ed25519 signing. - svalinn — Policy-driven edge gateway (auth, rate limits, CORS, trust). - vordr — Runtime monitoring (health, crashes, resources, logs). - rokur — Secrets management (runtime injection, no baked secrets). - k9-svc — Nickel deployment components (Kennel/Yard/Hunt trust levels). - -invariants: - - "Base images MUST be cgr.dev/chainguard/wolfi-base or cgr.dev/chainguard/static" - - "Container runtime is Podman — never Docker" - - "Containerfile — never Dockerfile" - - "All images run as non-root (appuser or project-specific user)" - - ".ctp bundles are signed with Ed25519 via cerro-torre" - - "Health endpoints (/health, /ready) must always be public (no auth)" - ---- -### [USAGE] -initialisation: | - Run `just container-init` to substitute all {{PLACEHOLDER}} tokens with - project-specific values. This is also run as part of `just init`. - -development: | - 1. `just container-build` — Build the container image - 2. `just container-verify` — Verify compose configuration - 3. `just container-up` — Start the stack locally - 4. `just container-down` — Stop the stack - -production: | - 1. `just container-sign` — Build, sign, verify .ctp bundle - 2. `just container-push` — Push signed bundle to registry - 3. `selur-compose up` — Deploy on target host diff --git a/road-skate/container/Containerfile b/road-skate/container/Containerfile deleted file mode 100644 index 4376faf4..00000000 --- a/road-skate/container/Containerfile +++ /dev/null @@ -1,136 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# AffineScript-Vite Container Image -# -# Multi-stage build template for Chainguard Wolfi base images. -# Customise the builder stage for your language and copy the -# resulting binary/release into the minimal runtime stage. -# -# Build with Podman: -# podman build -t {{SERVICE_NAME}}:latest -f container/Containerfile . -# -# Run: -# podman run -p {{PORT}}:{{PORT}} {{SERVICE_NAME}}:latest -# -# Run with persistent volume: -# podman run -p {{PORT}}:{{PORT}} -v {{SERVICE_NAME}}-data:/data {{SERVICE_NAME}}:latest - -# ============================================================================ -# Stage 1: Builder -# ============================================================================ -# -# Install build tools and compile the application. -# This stage is discarded after the build — only the compiled output -# is copied into the runtime stage. -# -# Language-specific examples (uncomment the one you need): -# -# --- Rust --- -# RUN apk add --no-cache rust pkgconf build-base -# COPY Cargo.toml Cargo.lock ./ -# COPY src/ ./src/ -# RUN cargo build --release -# # Output: /build/target/release/{{SERVICE_NAME}} -# -# --- Elixir --- -# RUN apk add --no-cache erl27-elixir-1.18 erlang-27 erlang-27-dev git build-base -# COPY mix.exs mix.lock ./ -# COPY lib/ ./lib/ -# COPY config/ ./config/ -# ENV MIX_ENV=prod -# RUN mix local.hex --force && mix local.rebar --force && \ -# mix deps.get --only prod && mix compile && mix release -# # Output: /build/_build/prod/rel/{{SERVICE_NAME}}/ -# -# --- Zig --- -# RUN apk add --no-cache zig build-base -# COPY build.zig build.zig.zon ./ -# COPY src/ ./src/ -# RUN zig build -Doptimize=ReleaseFast -# # Output: /build/zig-out/bin/{{SERVICE_NAME}} -# -FROM cgr.dev/chainguard/wolfi-base:latest AS builder - -# TODO: Install your language toolchain -RUN apk add --no-cache build-base - -WORKDIR /build - -# TODO: Copy source files and build -COPY . . -# RUN - -# ============================================================================ -# Stage 2: Runtime -# ============================================================================ -# -# Minimal production image. Only the compiled binary/release and runtime -# dependencies are included. No compilers, no source code, no build tools. -# -FROM cgr.dev/chainguard/wolfi-base:latest - -# OCI image labels (compatible with cerro-torre .ctp bundle metadata) -LABEL org.opencontainers.image.title="AffineScript-Vite" \ - org.opencontainers.image.description="{{PROJECT_DESCRIPTION}}" \ - org.opencontainers.image.url="https://github.com/hyperpolymath/affinescript-vite" \ - org.opencontainers.image.source="https://github.com/hyperpolymath/affinescript-vite" \ - org.opencontainers.image.vendor="hyperpolymath" \ - org.opencontainers.image.licenses="{{LICENSE}}" \ - org.opencontainers.image.authors="hyperpolymath " \ - dev.cerrotorre.manifest="container/manifest.toml" \ - dev.cerrotorre.gatekeeper="container/.gatekeeper.yaml" \ - dev.stapeln.compose="container/compose.toml" - -# Install minimal runtime dependencies. -# Adjust this list for your application: -# - ca-certificates: TLS root certificates -# - curl: health check probe -# - libstdc++: C++ standard library (if needed by native deps) -# - ncurses: terminal UI (if needed, e.g. Elixir IEx) -RUN apk add --no-cache ca-certificates curl - -# Create non-root user for the application. -# Running as root inside containers is a security anti-pattern. -RUN addgroup -S appuser && adduser -S appuser -G appuser - -WORKDIR /app - -# TODO: Copy compiled binary/release from builder stage. -# Examples: -# COPY --from=builder /build/target/release/{{SERVICE_NAME}} /app/{{SERVICE_NAME}} -# COPY --from=builder /build/_build/prod/rel/{{SERVICE_NAME}} /app/release/ -# COPY --from=builder /build/zig-out/bin/{{SERVICE_NAME}} /app/{{SERVICE_NAME}} - -# Copy entrypoint script -COPY container/entrypoint.sh /app/entrypoint.sh -RUN chmod +x /app/entrypoint.sh - -# Copy stapeln integration files (svalinn gatekeeper policy, cerro-torre manifest) -COPY container/.gatekeeper.yaml /etc/svalinn/gatekeeper.yaml -COPY container/manifest.toml /app/manifest.toml - -# Create data directory for persistent storage (mountable volume) -RUN mkdir -p /data && chown appuser:appuser /data - -# Set ownership of the application directory -RUN chown -R appuser:appuser /app - -# Environment variables — customise for your application -ENV APP_HOST=[::] -ENV APP_PORT={{PORT}} -ENV APP_LOG_FORMAT=json -ENV APP_DATA_DIR=/data - -# Declare /data as a volume for persistent storage -VOLUME ["/data"] - -# Run as non-root -USER appuser - -# Expose the application port -EXPOSE {{PORT}} - -# Health check — the application must respond 2xx at /health -HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ - CMD curl -sf http://localhost:${APP_PORT}/health || exit 1 - -ENTRYPOINT ["/app/entrypoint.sh"] diff --git a/road-skate/container/README.adoc b/road-skate/container/README.adoc deleted file mode 100644 index d234919a..00000000 --- a/road-skate/container/README.adoc +++ /dev/null @@ -1,179 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -= AffineScript-Vite Container Templates -:toc: left -:toclevels: 3 -:sectnums: - -== Overview - -This directory contains container templates for the -https://github.com/hyperpolymath/stapeln[stapeln] container ecosystem. -The stapeln stack provides verified container packaging, edge gateway -policies, runtime monitoring, and supply-chain signing for Podman-based -deployments using https://www.chainguard.dev/[Chainguard] Wolfi base images. - -All files use `{{PLACEHOLDER}}` tokens that are replaced by `just container-init` -(or by the top-level `just init` during project bootstrap). - -== File Reference - -[cols="1,3"] -|=== -| File | Purpose - -| `compose.toml` -| **selur-compose** stack definition. Declares services, volumes, networks, - and health checks. The primary orchestration file for local and production - deployment. Use `selur-compose up` or fall back to `podman compose`. - -| `compose.example.toml` -| Concrete multi-service example with detailed comments. Copy and customise - for your own stack. Not used directly by any tooling. - -| `Containerfile` -| Multi-stage OCI container build specification. Stage 1 builds the - application; Stage 2 produces a minimal runtime image on - `cgr.dev/chainguard/wolfi-base`. Uses Podman (never Docker). - -| `manifest.toml` -| **cerro-torre** bundle metadata. Describes the `.ctp` verified container - package: provenance, dependencies, attestations, and runtime security - profile. Used by `ct pack` and `ct verify`. - -| `.gatekeeper.yaml` -| **svalinn** edge gateway policy. Controls authentication, rate limiting, - container trust, request validation, CORS, and audit logging at the - network boundary. - -| `ct-build.sh` -| Build, sign, and verify pipeline script. Five stages: build (Podman), - pack (cerro-torre `.ctp`), sign (Ed25519), verify, and push (optional). - Gracefully degrades when cerro-torre tools are not installed. - -| `entrypoint.sh` -| Container entrypoint with signal handling (SIGTERM, SIGINT), startup - logging, and `exec` into the main application process. - -| `vordr.toml` -| **vordr** runtime monitoring configuration. Defines health endpoints, - crash detection, resource thresholds, and log output. - -| `deploy.k9.ncl` -| **k9-svc** deployment component at Hunt trust level. Full pedigree - (L1--L5), environment configs (dev/staging/prod), container - configuration, and rolling deployment strategy. - -| `0-AI-MANIFEST.a2ml` -| AI-readable manifest describing the container directory, file - interconnections, and the stapeln ecosystem. -|=== - -== The stapeln Ecosystem - -The stapeln container ecosystem comprises six interconnected tools: - -**selur** (compose):: - Container orchestration with zero-copy IPC for co-located services. - Reads `compose.toml` files. Falls back to standard Podman Compose - when the selur driver is unavailable. - -**cerro-torre** (bundles and signing):: - Verified container packaging. Produces `.ctp` bundles from OCI images, - signs them with Ed25519, and verifies the full chain. Tools: `ct pack`, - `ct sign`, `ct verify`, `ct push`, `ct explain`. - -**svalinn** (edge gateway):: - Policy-driven reverse proxy. Enforces authentication, rate limiting, - CORS, and container trust policies defined in `.gatekeeper.yaml`. - -**vordr** (monitoring):: - Runtime container monitoring. Watches health endpoints, detects crashes, - tracks resource usage, and emits structured logs. - -**rokur** (secrets):: - Secrets management for container deployments. Injects secrets at runtime - without baking them into images. Currently a stub/placeholder. - -**k9-svc** (deployment components):: - Nickel-based deployment specification. Components declare their pedigree - (identity, target, security, validation, recipes) and execute at one of - three trust levels: Kennel (data only), Yard (evaluation), Hunt (full - execution with cryptographic handshake). - -== How to Initialise - -[source,bash] ----- -# Option 1: During project bootstrap (includes all placeholders) -just init - -# Option 2: Container-specific initialisation -just container-init ----- - -The `container-init` recipe prompts for container-specific values -(service name, port, registry) and substitutes all `{{PLACEHOLDER}}` -tokens in the `container/` directory. - -== Development Workflow - -[source,bash] ----- -# 1. Build the container image -just container-build - -# 2. Verify the compose configuration -just container-verify - -# 3. Start the stack locally -just container-up --detach - -# 4. Check logs -podman compose --file container/compose.toml logs -f - -# 5. Stop the stack -just container-down ----- - -== Production Deployment - -[source,bash] ----- -# 1. Build, sign, and verify the .ctp bundle -just container-sign - -# 2. Push the signed bundle to the registry -just container-push - -# 3. Deploy on the target host -selur-compose up --detach ----- - -For k9-svc managed deployments: - -[source,bash] ----- -# Validate the deployment component -nickel typecheck container/deploy.k9.ncl - -# Deploy (requires Hunt-level authorisation) -k9-svc deploy container/deploy.k9.ncl --env production ----- - -== Base Images - -All Containerfiles use Chainguard Wolfi base images: - -* **Builder stage:** `cgr.dev/chainguard/wolfi-base:latest` -* **Runtime stage:** `cgr.dev/chainguard/wolfi-base:latest` (or - `cgr.dev/chainguard/static:latest` for statically-linked binaries) - -Chainguard images are minimal, CVE-free, and rebuilt daily. They use the -`apk` package manager (Alpine-compatible). - -== Container Runtime - -This project uses **Podman** (never Docker). All scripts, compose files, -and documentation reference Podman commands. The OCI Containerfile format -is compatible with Podman, Docker, and nerdctl. diff --git a/road-skate/container/compose.example.toml b/road-skate/container/compose.example.toml deleted file mode 100644 index 506dac36..00000000 --- a/road-skate/container/compose.example.toml +++ /dev/null @@ -1,135 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# Example selur-compose configuration — multi-service stack -# -# This is a concrete, fully-commented example showing a Rust API + Elixir -# worker + svalinn gateway deployment. Copy this file to compose.toml and -# customise for your project. -# -# Usage: -# cp compose.example.toml compose.toml -# # Edit service names, ports, images -# selur-compose up --detach - -version = "1.0" - -# ============================================================================ -# Services -# ============================================================================ - -# Rust API service — the primary HTTP/gRPC backend. -# Handles incoming requests, data storage, and core business logic. -[services.rust-api] -image = "ghcr.io/hyperpolymath/myproject-api:latest.ctp" - -# Map host port 8080 to container port 8080. -# Use ["[::]:8080:8080"] for explicit IPv6 binding. -ports = ["8080:8080"] - -# Environment variables passed into the container at startup. -# These override defaults in the Containerfile ENV directives. -environment = { - RUST_LOG = "info", # Rust log level (trace, debug, info, warn, error) - APP_HOST = "[::]", # Listen on all interfaces (IPv4 + IPv6) - APP_PORT = "8080", # Internal container port - APP_LOG_FORMAT = "json", # Structured logging for selur/vordr - APP_DATA_DIR = "/data", # Persistent data directory (matches VOLUME) -} - -# Bind-mount a named volume for persistent data. -# Format: "volume-name:/container/path" -volumes = ["api-data:/data"] - -# Restart policy: "always" ensures the service comes back after crashes. -# Other options: "no", "on-failure", "unless-stopped" -restart = "always" - -# Health check: selur/Podman uses this to determine if the service is ready. -# The service must respond 2xx to this endpoint within the timeout. -healthcheck = { test = "curl -sf https://localhost:8080/health", interval = "30s", timeout = "5s", retries = 3 } - -# --- - -# Elixir worker service — background processing, event handling, coordination. -# Runs as an OTP release with supervision trees for fault tolerance. -[services.elixir-worker] -image = "ghcr.io/hyperpolymath/myproject-worker:latest.ctp" - -# Separate port for the worker's admin/metrics endpoint. -ports = ["4000:4000"] - -# The worker connects to the Rust API over the internal selur network. -# Service names resolve as hostnames within the compose network. -environment = { - API_URL = "https://rust-api:8080/api/v1", # Internal service discovery - MIX_ENV = "prod", # Elixir release mode - APP_LOG_FORMAT = "json", # Match structured logging format - POOL_SIZE = "10", # DB connection pool size -} - -# depends_on ensures the Rust API starts before the worker. -# Note: This only waits for the container to start, not for the health check. -# Use healthcheck + startup probes for true readiness gating. -depends_on = ["rust-api"] - -restart = "always" -healthcheck = { test = "curl -sf https://localhost:4000/health", interval = "30s", timeout = "5s", retries = 3 } - -# --- - -# Svalinn edge gateway — reverse proxy with policy enforcement. -# All external traffic enters through svalinn, which: -# 1. Terminates TLS (auto-provisioned certificates) -# 2. Validates JWT/OAuth2 authentication -# 3. Enforces rate limits from .gatekeeper.yaml -# 4. Routes requests to the appropriate backend service -# 5. Logs all write operations for audit -[services.svalinn] -image = "ghcr.io/hyperpolymath/svalinn:latest.ctp" - -# External-facing ports: HTTPS (443) and HTTP->HTTPS redirect (80). -ports = ["443:443", "80:80"] - -environment = { - # Backend routing: svalinn proxies to internal services. - SVALINN_BACKEND = "https://rust-api:8080", - SVALINN_WORKER_BACKEND = "https://elixir-worker:4000", - - # Policy file: mounted from the svalinn-config volume. - SVALINN_POLICY_FILE = "/etc/svalinn/gatekeeper.yaml", - - # Auto-provision TLS certificates (Let's Encrypt). - SVALINN_TLS_AUTO = "true", -} - -# Mount .gatekeeper.yaml as read-only policy configuration. -volumes = ["svalinn-config:/etc/svalinn:ro"] - -# Svalinn starts last — it needs both backends to be running. -depends_on = ["rust-api", "elixir-worker"] -restart = "always" -healthcheck = { test = "curl -sf https://localhost:80/health", interval = "30s", timeout = "5s", retries = 3 } - -# ============================================================================ -# Volumes -# ============================================================================ - -# Persistent storage for the Rust API (database files, indexes, WAL). -[volumes.api-data] -driver = "local" - -# Read-only policy configuration for svalinn gateway. -# Populate with: cp .gatekeeper.yaml /path/to/svalinn-config/gatekeeper.yaml -[volumes.svalinn-config] -driver = "local" - -# ============================================================================ -# Networks -# ============================================================================ - -# selur network: zero-copy IPC between services on the same host. -# When the selur driver is not installed, falls back to standard bridge -# networking (TCP over localhost). Performance is slightly lower but -# functionality is identical. -[networks.default] -driver = "selur" diff --git a/road-skate/container/compose.toml b/road-skate/container/compose.toml deleted file mode 100644 index 02ebcd31..00000000 --- a/road-skate/container/compose.toml +++ /dev/null @@ -1,70 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# AffineScript-Vite selur-compose configuration -# -# Orchestrates the container stack as verified container bundles (.ctp). -# Uses selur zero-copy IPC between services on the same host. -# -# Usage: -# selur-compose up # Start all services -# selur-compose up --detach # Start in background -# selur-compose verify # Verify all .ctp signatures -# selur-compose ps # Check status -# selur-compose logs -f {{SERVICE_NAME}} # Stream logs -# selur-compose down # Stop all services -# -# Fallback (when selur is not installed): -# podman compose --file compose.toml up --detach - -version = "1.0" - -# ============================================================================ -# Services -# ============================================================================ - -# Primary application service -[services.{{SERVICE_NAME}}] -image = "{{REGISTRY}}/{{SERVICE_NAME}}:latest.ctp" -ports = ["{{PORT}}:{{PORT}}"] -environment = { - APP_HOST = "[::]", - APP_PORT = "{{PORT}}", - APP_LOG_FORMAT = "json", - APP_DATA_DIR = "/data", -} -volumes = ["{{SERVICE_NAME}}-data:/data"] -restart = "always" -healthcheck = { test = "curl -sf http://localhost:{{PORT}}/health", interval = "30s", timeout = "5s", retries = 3 } - -# Svalinn edge gateway: validates requests, enforces policies, TLS termination -[services.svalinn] -image = "ghcr.io/hyperpolymath/svalinn:latest.ctp" -ports = ["443:443", "80:80"] -environment = { - SVALINN_BACKEND = "http://{{SERVICE_NAME}}:{{PORT}}", - SVALINN_POLICY_FILE = "/etc/svalinn/gatekeeper.yaml", - SVALINN_TLS_AUTO = "true", -} -volumes = ["svalinn-config:/etc/svalinn:ro"] -depends_on = ["{{SERVICE_NAME}}"] -restart = "always" -healthcheck = { test = "curl -sf http://localhost:80/health", interval = "30s", timeout = "5s", retries = 3 } - -# ============================================================================ -# Volumes -# ============================================================================ - -[volumes.{{SERVICE_NAME}}-data] -driver = "local" - -[volumes.svalinn-config] -driver = "local" - -# ============================================================================ -# Networks -# ============================================================================ - -# Use selur zero-copy IPC for inter-service communication on the same host. -# Falls back to standard bridge networking when selur driver is unavailable. -[networks.default] -driver = "selur" diff --git a/road-skate/container/ct-build.sh b/road-skate/container/ct-build.sh deleted file mode 100755 index 91dad3a7..00000000 --- a/road-skate/container/ct-build.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: MPL-2.0 -# -# AffineScript-Vite — Cerro Torre build, sign, and verify pipeline -# -# Builds the container image, packages it as a verified .ctp bundle, -# signs it with Ed25519, and verifies the result. Gracefully degrades -# when cerro-torre tools are not installed. -# -# Prerequisites: -# - podman (container build — required) -# - ct (cerro-torre CLI: pack, sign, verify — optional) -# - cerro-sign (Ed25519 signing — optional, ct sign used as fallback) -# -# Usage: -# ./ct-build.sh # Build + sign (local only) -# ./ct-build.sh --push # Build + sign + push to registry -# CT_KEY_ID=my-key ./ct-build.sh # Use specific signing key -# -# Environment variables: -# CT_KEY_ID — Signing key identifier (default: {{SERVICE_NAME}}-release) -# CT_REGISTRY — OCI registry to push to (default: {{REGISTRY}}) -# CT_TAG — Image tag (default: latest) - -set -euo pipefail - -# --------------------------------------------------------------------------- -# Configuration -# --------------------------------------------------------------------------- - -SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" -REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" - -PUSH="" -for arg in "$@"; do - if [ "$arg" = "--push" ]; then - PUSH="--push" - fi -done - -CT_KEY_ID="${CT_KEY_ID:-{{SERVICE_NAME}}-release}" -CT_REGISTRY="${CT_REGISTRY:-{{REGISTRY}}}" -CT_TAG="${CT_TAG:-latest}" - -IMAGE_NAME="{{SERVICE_NAME}}" -FULL_IMAGE="${CT_REGISTRY}/${IMAGE_NAME}:${CT_TAG}" -CTP_FILE="${SCRIPT_DIR}/${IMAGE_NAME}-${CT_TAG}.ctp" - -echo "=== AffineScript-Vite Cerro Torre Build Pipeline ===" -echo " Image: ${FULL_IMAGE}" -echo " Key: ${CT_KEY_ID}" -echo " Bundle: ${CTP_FILE}" -echo "" - -# --------------------------------------------------------------------------- -# Step 1: Build container image with Podman -# --------------------------------------------------------------------------- - -echo "--- Step 1: Building container image ---" - -podman build \ - -t "${FULL_IMAGE}" \ - -f "${SCRIPT_DIR}/Containerfile" \ - "${REPO_ROOT}" - -echo " Built: ${FULL_IMAGE}" -echo "" - -# --------------------------------------------------------------------------- -# Step 2: Pack into .ctp bundle -# --------------------------------------------------------------------------- - -echo "--- Step 2: Packing into .ctp bundle ---" - -if command -v ct &>/dev/null; then - ct pack "${FULL_IMAGE}" -o "${CTP_FILE}" - echo " Packed: ${CTP_FILE}" -else - echo " SKIP: ct not found (install cerro-torre CLI from stapeln/container-stack/cerro-torre)" - echo " The container image is built and tagged but not packed as a .ctp bundle." - echo " To pack manually: ct pack ${FULL_IMAGE} -o ${CTP_FILE}" - echo "" - if [ "$PUSH" = "--push" ]; then - echo "--- Pushing unsigned OCI image (no .ctp) ---" - podman push "${FULL_IMAGE}" - echo " Pushed: ${FULL_IMAGE} (unsigned OCI — not a .ctp bundle)" - fi - echo "" - echo "=== Build complete (without .ctp signing) ===" - exit 0 -fi - -echo "" - -# --------------------------------------------------------------------------- -# Step 3: Sign the .ctp bundle -# --------------------------------------------------------------------------- - -echo "--- Step 3: Signing .ctp bundle ---" - -if command -v cerro-sign &>/dev/null; then - cerro-sign sign "${CTP_FILE}" --key-id "${CT_KEY_ID}" - echo " Signed: ${CTP_FILE} (key: ${CT_KEY_ID})" -elif command -v ct &>/dev/null; then - ct sign "${CTP_FILE}" --key "${CT_KEY_ID}" - echo " Signed: ${CTP_FILE} (key: ${CT_KEY_ID})" -else - echo " SKIP: cerro-sign not found (install from stapeln/container-stack/cerro-torre)" -fi - -echo "" - -# --------------------------------------------------------------------------- -# Step 4: Verify the .ctp bundle -# --------------------------------------------------------------------------- - -echo "--- Step 4: Verifying .ctp bundle ---" - -if command -v ct &>/dev/null; then - ct verify "${CTP_FILE}" - echo " Verified: ${CTP_FILE}" -else - echo " SKIP: ct not found" -fi - -echo "" - -# --------------------------------------------------------------------------- -# Step 5: Push to registry (optional) -# --------------------------------------------------------------------------- - -if [ "$PUSH" = "--push" ]; then - echo "--- Step 5: Pushing to registry ---" - - if command -v ct &>/dev/null; then - ct push "${CTP_FILE}" "${FULL_IMAGE}" - echo " Pushed: ${FULL_IMAGE}" - else - # Fall back to podman push (unsigned OCI image) - echo " ct not available, falling back to podman push (unsigned)" - podman push "${FULL_IMAGE}" - echo " Pushed: ${FULL_IMAGE} (unsigned OCI — not a .ctp bundle)" - fi - echo "" -fi - -# --------------------------------------------------------------------------- -# Summary -# --------------------------------------------------------------------------- - -echo "=== Build pipeline complete ===" -echo " Image: ${FULL_IMAGE}" -echo " Bundle: ${CTP_FILE}" -echo "" -echo " To deploy with selur-compose:" -echo " cd container && selur-compose up" -echo "" -echo " To verify at any time:" -echo " ct verify ${CTP_FILE}" -echo "" -echo " To explain the verification chain:" -echo " ct explain ${CTP_FILE}" diff --git a/road-skate/container/deploy.k9.ncl b/road-skate/container/deploy.k9.ncl deleted file mode 100644 index 0926fdf9..00000000 --- a/road-skate/container/deploy.k9.ncl +++ /dev/null @@ -1,166 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# deploy.k9.ncl — AffineScript-Vite deployment component (Hunt level) -# -# k9-svc deployment specification with full pedigree (L1-L5). -# Security Level: 'Hunt (requires cryptographic handshake for execution). -# -# WARNING: This component can execute shell commands! -# It requires explicit authorisation via the Leash system. -# -# Usage: -# nickel typecheck container/deploy.k9.ncl -# k9-svc validate container/deploy.k9.ncl -# k9-svc deploy container/deploy.k9.ncl --env production - -# The component's pedigree (self-description across five layers) -let component_pedigree = { - # ───────────────────────────────────────────────────────────── - # L1: The Snout — Identity - # ───────────────────────────────────────────────────────────── - metadata = { - name = "{{SERVICE_NAME}}-deploy", - version = "{{VERSION}}", - breed = "application/vnd.k9+nickel", - magic_number = "K9!", - description = "AffineScript-Vite deployment component (Hunt level)", - }, - - # ───────────────────────────────────────────────────────────── - # L2: The Scent — Target Environment - # ───────────────────────────────────────────────────────────── - target = { - os = 'Linux, - is_edge = false, - requires_podman = true, - min_memory_mb = 256, - }, - - # ───────────────────────────────────────────────────────────── - # L3: The Leash — Security - # ───────────────────────────────────────────────────────────── - security = { - trust_level = 'Hunt, - allow_network = true, - allow_filesystem_write = true, - allow_subprocess = true, - # In production, replace with a real Ed25519 signature. - signature = "PLACEHOLDER-SIGNATURE-REQUIRED-FOR-HUNT", - }, - - # ───────────────────────────────────────────────────────────── - # L4: The Gut — Self-Validation - # ───────────────────────────────────────────────────────────── - validation = { - checksum = "sha256:placeholder", - pedigree_version = "1.0.0", - hunt_authorized = false, # Must be set true after handshake - }, - - # ───────────────────────────────────────────────────────────── - # L5: The Muscle — Deployment Recipes - # ───────────────────────────────────────────────────────────── - recipes = { - install = "just container-build", - validate = "just container-verify", - deploy = "just container-up", - migrate = "just container-build && just container-up", - }, -} in - -# Deployment configuration -let deployment = { - # Target environments (dev / staging / production) - environments = { - dev = { - replicas = 1, - memory = "256Mi", - cpu = "100m", - image_tag = "dev", - }, - staging = { - replicas = 2, - memory = "512Mi", - cpu = "250m", - image_tag = "staging", - }, - production = { - replicas = 3, - memory = "1Gi", - cpu = "500m", - image_tag = "latest", - }, - }, - - # Container configuration - container = { - image = "{{REGISTRY}}/{{SERVICE_NAME}}", - port = {{PORT}}, - health_check = "/health", - readiness_check = "/ready", - }, - - # Deployment strategy - strategy = { - type = "rolling", - max_surge = 1, - max_unavailable = 0, - }, -} in - -# Deployment scripts (executed at Hunt level) -let scripts = { - # Pre-deployment validation - pre_deploy = m%" -#!/bin/sh -set -eu -echo "K9: Pre-deployment validation for {{SERVICE_NAME}}..." -cd container && selur-compose verify || podman compose --file compose.toml config -echo "K9: Validation passed." -"%, - - # Deployment script - deploy = m%" -#!/bin/sh -set -eu -ENV="${1:-dev}" -echo "K9: Deploying {{SERVICE_NAME}} to $ENV environment..." -cd container -./ct-build.sh -selur-compose up --detach || podman compose --file compose.toml up --detach -echo "K9: Deployment to $ENV complete." -"%, - - # Rollback script - rollback = m%" -#!/bin/sh -set -eu -echo "K9: Rolling back {{SERVICE_NAME}} deployment..." -cd container -selur-compose down || podman compose --file compose.toml down -echo "K9: Rollback complete." -"%, -} in - -# Export the component -{ - pedigree = component_pedigree, - deployment = deployment, - scripts = scripts, - - # Security check: this component requires Hunt level - required_level = 'Hunt, - - # Warning for users - warning = m%" -WARNING: This is a Hunt-level component. - -It can execute shell commands and modify your system. -Before running, ensure you have: - -1. Reviewed the deployment scripts above -2. Verified the signature (when implemented) -3. Explicitly authorised Hunt-level execution - -Run with: k9-svc authorize container/deploy.k9.ncl && k9-svc deploy container/deploy.k9.ncl -"%, -} diff --git a/road-skate/container/entrypoint.sh b/road-skate/container/entrypoint.sh deleted file mode 100755 index cd9151da..00000000 --- a/road-skate/container/entrypoint.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh -# SPDX-License-Identifier: MPL-2.0 -# AffineScript-Vite container entrypoint -# -# Handles signal propagation, startup logging, and health check -# preparation before exec-ing into the main application process. - -set -e - -# --------------------------------------------------------------------------- -# Signal handling -# --------------------------------------------------------------------------- -# -# Trap SIGTERM and SIGINT so that the application can shut down gracefully -# when Podman sends stop signals (e.g. `podman stop`, `selur-compose down`). - -cleanup() { - echo "Received shutdown signal — stopping {{SERVICE_NAME}}..." - # If the main process is backgrounded, kill it here: - # kill "$MAIN_PID" 2>/dev/null || true - # wait "$MAIN_PID" 2>/dev/null || true - exit 0 -} -trap cleanup TERM INT - -# --------------------------------------------------------------------------- -# Startup logging -# --------------------------------------------------------------------------- - -echo "Starting {{SERVICE_NAME}}..." -echo " Host: ${APP_HOST:-[::]}" -echo " Port: ${APP_PORT:-{{PORT}}}" -echo " Data: ${APP_DATA_DIR:-/data}" -echo " Log: ${APP_LOG_FORMAT:-json}" - -# --------------------------------------------------------------------------- -# Health check preparation -# --------------------------------------------------------------------------- -# -# Ensure the data directory exists and is writable. -# The VOLUME directive in the Containerfile creates /data, but a bind-mount -# might replace it with an empty directory owned by root. - -if [ -d "${APP_DATA_DIR:-/data}" ]; then - if [ ! -w "${APP_DATA_DIR:-/data}" ]; then - echo "WARNING: ${APP_DATA_DIR:-/data} is not writable by $(whoami)" - fi -fi - -# --------------------------------------------------------------------------- -# Exec into main process -# --------------------------------------------------------------------------- -# -# Replace the entrypoint shell with the application process so that -# signals are delivered directly and PID 1 is the application. -# -# TODO: Replace the command below with your application binary. -# Examples: -# exec /app/{{SERVICE_NAME}} -# exec /app/release/bin/{{SERVICE_NAME}} start -# exec /app/{{SERVICE_NAME}} serve --host "${APP_HOST}" --port "${APP_PORT}" - -exec "$@" diff --git a/road-skate/container/manifest.toml b/road-skate/container/manifest.toml deleted file mode 100644 index d88091b8..00000000 --- a/road-skate/container/manifest.toml +++ /dev/null @@ -1,62 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# Cerro Torre manifest for AffineScript-Vite .ctp bundle -# -# This manifest describes the container image for verified -# container packaging. Used by `ct pack` to create .ctp bundles. - -[metadata] -name = "{{SERVICE_NAME}}" -version = "{{VERSION}}" -revision = 1 -summary = "{{PROJECT_DESCRIPTION}}" -description = """ -AffineScript-Vite — containerised service packaged as a verified -cerro-torre .ctp bundle with Ed25519 signing and full provenance -tracking. -""" -license = "{{LICENSE}}" -homepage = "https://github.com/hyperpolymath/affinescript-vite" -maintainer = "hyperpolymath <{{EMAIL}}>" - -[provenance] -upstream = "https://github.com/hyperpolymath/affinescript-vite" -import_date = {{CURRENT_DATE}}T00:00:00Z - -[dependencies] -runtime = ["ca-certificates", "curl"] -build = [] - -[build] -system = "podman" - -[build.environment] -APP_HOST = "[::]" -APP_PORT = "{{PORT}}" - -[outputs] -primary = "{{SERVICE_NAME}}" -split = [] - -[attestations] -require = ["source-signature", "sbom-complete"] -recommend = ["security-audit", "reproducible-build"] - -# Runtime security profile -[security] -user = "appuser" -group = "appuser" -read_only_root = false -no_new_privileges = true - -[security.capabilities] -drop = ["ALL"] -add = ["NET_BIND_SERVICE"] - -[security.network] -listen_tcp = [{{PORT}}] - -[security.filesystem] -read = ["/app/", "/data/"] -write = ["/data/", "/tmp/"] -execute = ["/app/entrypoint.sh"] diff --git a/road-skate/container/vordr.toml b/road-skate/container/vordr.toml deleted file mode 100644 index 09324dcb..00000000 --- a/road-skate/container/vordr.toml +++ /dev/null @@ -1,100 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# -# Vordr runtime monitoring configuration for AffineScript-Vite -# -# Vordr watches container health, detects crashes, tracks resource usage, -# and emits structured logs. It runs alongside the application stack and -# provides runtime observability without requiring in-process agents. -# -# Usage: -# vordr watch --config container/vordr.toml -# vordr status -# vordr report - -[metadata] -name = "{{SERVICE_NAME}}" -version = "{{VERSION}}" - -# ============================================================================ -# Health Monitoring -# ============================================================================ -# -# Vordr periodically probes these endpoints. If a probe fails beyond the -# failure_threshold, vordr emits an alert and (optionally) restarts the -# container via Podman. - -[health] -# Primary health endpoint — must return 2xx. -endpoint = "http://localhost:{{PORT}}/health" -interval = "30s" -timeout = "5s" -failure_threshold = 3 - -# Readiness endpoint — checked during startup and after restarts. -readiness_endpoint = "http://localhost:{{PORT}}/ready" -readiness_timeout = "10s" - -# Action on failure: "alert" (log + notify) or "restart" (alert + podman restart). -on_failure = "alert" - -# ============================================================================ -# Crash Detection -# ============================================================================ -# -# Monitors container state via Podman. Detects OOM kills, segfaults, -# and unexpected exits. - -[crash_detection] -enabled = true -# Maximum restarts within the window before vordr stops restarting. -max_restarts = 5 -restart_window = "10m" - -# ============================================================================ -# Resource Thresholds -# ============================================================================ -# -# Alert when resource usage exceeds these thresholds. Values are percentages -# of the container's cgroup limits (or host limits if uncapped). - -[resources] -cpu_warn = 80 # Percentage — warn at 80% sustained CPU. -cpu_critical = 95 # Percentage — critical alert at 95%. -memory_warn = 75 # Percentage of memory limit. -memory_critical = 90 -disk_warn = 80 # Percentage of volume usage. -disk_critical = 95 - -# Sample interval for resource metrics. -sample_interval = "15s" - -# ============================================================================ -# Log Output -# ============================================================================ -# -# Vordr emits its own logs (not the application's) in structured format. - -[logging] -format = "json" -level = "info" -# Write vordr logs to stdout (captured by Podman) and optionally to file. -output = "stdout" -# file = "/var/log/vordr/{{SERVICE_NAME}}.log" - -# ============================================================================ -# Notifications (optional) -# ============================================================================ -# -# Uncomment and configure to receive alerts via webhook or email. - -# [notifications.webhook] -# url = "https://example.com/hooks/vordr" -# method = "POST" -# headers = { "Content-Type" = "application/json" } -# on = ["failure", "recovery", "resource_critical"] - -# [notifications.email] -# to = "{{EMAIL}}" -# from = "vordr@{{SERVICE_NAME}}.local" -# smtp = "smtp://localhost:25" -# on = ["failure", "resource_critical"] diff --git a/road-skate/docs/0.1-AI-MANIFEST.a2ml b/road-skate/docs/0.1-AI-MANIFEST.a2ml deleted file mode 100644 index 7f79301e..00000000 --- a/road-skate/docs/0.1-AI-MANIFEST.a2ml +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "docs-pillar" -level: 1 -parent: "../0-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Technical documentation hub. The root contains high-level orientation - (README, Quickstart, State-Visualizer). Specialized tracks live in - subdirectories. - -canonical_locations: - quickstart: "QUICKSTART.adoc" - state_visualizer: "STATE-VISUALIZER.adoc" - governance: "governance/" - architecture: "architecture/" - decisions: "decisions/" - theory: "theory/" - practice: "practice/" - developer: "developer/" - attribution: "attribution/" - reports: "reports/" - whitepapers: "whitepapers/" - standards: "standards/" - legal: "legal/" - wikis: "wikis/" - -invariants: - - "Primary documentation format MUST be AsciiDoc (.adoc)" - - "Root docs/ MUST only contain pillar entry points" diff --git a/road-skate/docs/QUICKSTART.adoc b/road-skate/docs/QUICKSTART.adoc deleted file mode 100644 index b20b3d0a..00000000 --- a/road-skate/docs/QUICKSTART.adoc +++ /dev/null @@ -1,24 +0,0 @@ -= Quickstart -:toc: preamble - -Get up and running in 60 seconds. - -== Prerequisites - -* Git 2.40+ -* just (command runner) -* Your language toolchain (see Justfile for details) - -== From Template (New Project) - -[source,bash] ----- -git clone https://github.com/hyperpolymath/rsr-template-repo my-project -cd my-project -rm -rf .git && git init -b main -just init # interactive placeholder replacement ----- - -== Project Structure - -See README.adoc in the root for the Dual-Track architecture summary. diff --git a/road-skate/docs/README.adoc b/road-skate/docs/README.adoc deleted file mode 100644 index df45be70..00000000 --- a/road-skate/docs/README.adoc +++ /dev/null @@ -1,14 +0,0 @@ -= Documentation Layout - -Primary tracks: - -* `theory/` for formal and conceptual material -* `practice/` for operational and implementation material -* `maintenance/` for baseline checklists and release hard-pass runbooks -* `whitepapers/academic/` for research-facing whitepapers -* `whitepapers/industry/` for industry/outreach whitepapers - -Core docs: - -* `maintenance/MAINTENANCE-CHECKLIST.md` -* `practice/SOFTWARE-DEVELOPMENT-APPROACH.adoc` diff --git a/road-skate/docs/RSR_OUTLINE.adoc b/road-skate/docs/RSR_OUTLINE.adoc deleted file mode 100644 index e07a65e4..00000000 --- a/road-skate/docs/RSR_OUTLINE.adoc +++ /dev/null @@ -1,290 +0,0 @@ -= RSR Template Repository - -image:[Palimpsest-MPL-1.0,link="https://github.com/hyperpolymath/palimpsest-license"] image:[Palimpsest,link="https://github.com/hyperpolymath/palimpsest-license"] -:toc: -:sectnums: - -// Badges -image:https://img.shields.io/badge/RSR-Infrastructure-cd7f32[RSR Infrastructure] -image:https://img.shields.io/badge/Phase-Maintenance-brightgreen[Phase] -image:https://img.shields.io/badge/Guix-Primary-purple?logo=gnu[Guix] - -== Overview - -**The canonical template for RSR (Rhodium Standard Repository) projects.** - -This repository provides the standardized structure, configuration, and tooling for all RSR-compliant repos. Use it to: - -* Bootstrap new projects with RSR compliance -* Reference the standard directory structure -* Copy configuration templates (Justfile, STATE.a2ml, etc.) - -== Quick Start - -[source,bash] ----- -# Clone the template -git clone https://github.com/hyperpolymath/RSR-template-repo my-project -cd my-project - -# Remove template git history -rm -rf .git -git init - -# Interactive bootstrap — replaces all placeholders -just init - -# Enter development environment -guix shell -D -f guix.scm - -# Validate compliance -just validate-rsr ----- - -== What's Included - -[cols="1,3"] -|=== -|File/Directory |Purpose - -|`.editorconfig` -|Editor configuration (indent, charset) - -|`.gitignore` -|Standard ignore patterns - -|`.gitattributes` -|Line endings, diff drivers, binary detection - -|`.guix-channel` -|Guix channel definition - -|`.well-known/` -|RFC-compliant metadata (security.txt, ai.txt, humans.txt) - -|`.machine_readable/` -|All machine-readable content: state files (6 a2ml), `bot_directives/`, `contractiles/` - -|`docs/` -|Documentation directory - -|`guix.scm` -|Guix package definition - -|`Justfile` -|Task runner with 40+ recipes - -|`Containerfile` -|Container build (Wolfi base, Podman) - -|`LICENSE` -|MPL-2.0 (Palimpsest MPL) - -|`EXHIBIT-A-ETHICAL-USE.txt` -|Ethical use guidelines (LICENSE Exhibit A) - -|`EXHIBIT-B-QUANTUM-SAFE.txt` -|Quantum-safe provenance spec (LICENSE Exhibit B) - -|`README.adoc` -|Project overview - -|`TOPOLOGY.md` -|Architecture diagram and completion dashboard - -|`PLACEHOLDERS.md` -|Template variable reference and replacement guide - -|`0-AI-MANIFEST.a2ml` -|Universal AI agent entry point - -|`AI.a2ml` -|Claude-specific instructions - -|`src/abi/` -|Idris2 ABI definitions (Types, Layout, Foreign) - -|`ffi/zig/` -|Zig FFI implementation - -|`generated/abi/` -|Auto-generated C headers from Idris2 ABI -|=== - -== Justfile Features - -The template Justfile provides: - -* **Combinatoric matrix recipes** for build, test, container, CI -* **Cookbook generation**: `just cookbook` -> `docs/just-cookbook.adoc` -* **Man page generation**: `just man` -> `docs/man/project.1` -* **RSR validation**: `just validate-rsr` -* **STATE.a2ml management**: `just state-touch`, `just state-phase` -* **Container support**: `just container-build`, `just container-push` -* **CI matrix**: `just ci-matrix [stage] [depth]` - -=== Key Recipes - -[source,bash] ----- -just # Show all recipes -just help # Detailed help -just info # Project info -just combinations # Show matrix options - -just build # Build (debug) -just test # Run tests -just quality # Format + lint + test -just ci # Full CI pipeline - -just validate # RSR + STATE validation -just docs # Generate all docs -just cookbook # Generate Justfile docs - -just guix-shell # Guix dev environment -just container-build # Build container ----- - -== Directory Structure - -[source] ----- -project/ -├── .editorconfig # Editor settings -├── .gitignore # Git ignore -├── .gitattributes # Line endings, diff drivers -├── .guix-channel # Guix channel -├── .well-known/ # RFC metadata -│ ├── ai.txt -│ ├── humans.txt -│ └── security.txt -├── .machine_readable/ # ALL machine-readable content -│ ├── STATE.a2ml # Project state, progress, blockers -│ ├── META.a2ml # Architecture decisions, governance -│ ├── ECOSYSTEM.a2ml # Ecosystem position, relationships -│ ├── AGENTIC.a2ml # AI agent interaction patterns -│ ├── NEUROSYM.a2ml # Neurosymbolic integration config -│ ├── PLAYBOOK.a2ml # Operational runbook -│ ├── bot_directives/ # Per-bot rules and constraints -│ └── contractiles/ # Policy enforcement contracts -│ ├── k9/ # Security levels (Kennel/Yard/Hunt) -│ ├── dust/Dustfile # Recovery and rollback -│ ├── lust/Intentfile # Future intent declarations -│ ├── must/Mustfile # Invariant checks -│ └── trust/Trustfile.hs # Cryptographic verification -├── docs/ # Documentation -│ ├── CITATIONS.adoc -│ ├── TOPOLOGY-GUIDE.adoc -│ ├── generated/ -│ └── man/ -├── src/abi/ # Idris2 ABI definitions -│ ├── Types.idr -│ ├── Layout.idr -│ └── Foreign.idr -├── ffi/zig/ # Zig FFI implementation -│ ├── build.zig -│ ├── src/main.zig -│ └── test/integration_test.zig -├── generated/abi/ # Auto-generated C headers -├── examples/ # Example code -├── guix.scm # Guix package -├── Justfile # Task runner -├── Containerfile # Container build -├── LICENSE # MPL-2.0 -├── EXHIBIT-A-ETHICAL-USE.txt # Ethical use guidelines -├── EXHIBIT-B-QUANTUM-SAFE.txt # Quantum-safe provenance -├── README.adoc # Overview -├── TOPOLOGY.md # Architecture + completion -├── PLACEHOLDERS.md # Template variable guide -├── 0-AI-MANIFEST.a2ml # Universal AI entry point -└── AI.a2ml # Claude-specific instructions ----- - -== RSR Compliance - -=== Language Tiers - -* **Tier 1** (Gold): Rust, Elixir, Zig, Ada, Haskell, ReScript, Gleam -* **Tier 2** (Silver): Nickel, Guile Scheme, Nix, Idris2, OCaml -* **Infrastructure**: Guix channels, derivations, Julia batch scripts - -=== Required Files - -* `.editorconfig` -* `.gitignore` -* `Justfile` -* `README.adoc` -* `LICENSE` (MPL-2.0) -* `.machine_readable/STATE.a2ml` -* `.well-known/security.txt` -* `.well-known/ai.txt` -* `.well-known/humans.txt` -* `guix.scm` OR `flake.nix` - -=== Prohibited - -* Python outside `salt/` directory -* TypeScript/JavaScript (use ReScript) -* CUE (use Guile/Nickel) -* `Dockerfile` (use `Containerfile`) -* npm, Bun, pnpm, yarn (use Deno) -* Go (use Rust) - -== STATE.a2ml - -The STATE.a2ml file tracks project state: - -[source] ----- -# STATE — Project State Checkpoint -# Format: a2ml (AI-readable markup) - -project: v-graphql -version: 0.1.0 -last-updated: 2026-02-14 -status: active - -phase: implementation -maturity: beta - -ecosystem: - part-of: RSR Framework - depends-on: [] - -milestones: - - name: Initial setup - completion: 100 - - name: Core implementation - completion: 0 ----- - -== Badge Schema - -Generate badges from STATE.a2ml: - -[source,bash] ----- -just badges standard ----- - -See `docs/BADGE_SCHEMA.adoc` for the full badge taxonomy. - -== Ecosystem Integration - -This template is part of: - -* **STATE.a2ml Ecosystem**: Conversation checkpoints -* **RSR Framework**: Repository standards -* **Consent-Aware-HTTP**: .well-known compliance -* **Hypatia**: Neurosymbolic security scanning -* **gitbot-fleet**: Bot orchestration - -== License - -SPDX-License-Identifier: MPL-2.0 - -== Links - -* https://github.com/hyperpolymath/elegant-STATE[elegant-STATE] - STATE tooling -* https://github.com/hyperpolymath/conative-gating[conative-gating] - Policy enforcement -* https://rhodium.sh[Rhodium Standard] - RSR documentation diff --git a/road-skate/docs/STATE-VISUALIZER.adoc b/road-skate/docs/STATE-VISUALIZER.adoc deleted file mode 100644 index 422fcd5c..00000000 --- a/road-skate/docs/STATE-VISUALIZER.adoc +++ /dev/null @@ -1,128 +0,0 @@ -= Project State Visualizer -[source] ----- - - - - -# RSR Template Repo — Project Topology - -## System Architecture - -``` - ┌─────────────────────────────────────────┐ - │ NEW REPOSITORY │ - │ (Consumer of this Template) │ - └───────────────────┬─────────────────────┘ - │ Scaffolding - ▼ - ┌─────────────────────────────────────────┐ - │ RSR TEMPLATE HUB │ - │ │ - │ ┌───────────┐ ┌───────────────────┐ │ - │ │ AI Gate- │ │ ABI / FFI │ │ - │ │ keeper │ │ Standard │ │ - │ │ (0-AI-M) │ │ (Idris2/Zig) │ │ - │ └─────┬─────┘ └────────┬──────────┘ │ - │ │ │ │ - │ ┌─────▼─────┐ ┌────────▼──────────┐ │ - │ │ Topology │ │ SCM / 6SCM │ │ - │ │ Guide │ │ Metadata │ │ - │ │ (Visual) │ │ (machine_read) │ │ - │ └─────┬─────┘ └────────┬──────────┘ │ - │ │ │ │ - │ ┌─────▼─────────────────▼──────────┐ │ - │ │ CONTAINER ECOSYSTEM │ │ - │ │ ┌──────────┐ ┌───────────────┐ │ │ - │ │ │ Podman / │ │ selur-compose │ │ │ - │ │ │ OCI │ │ cerro-torre │ │ │ - │ │ │ Build │ │ svalinn/vordr │ │ │ - │ │ └──────────┘ └───────────────┘ │ │ - │ │ ct-build.sh deploy.k9.ncl │ │ - │ └──────────────────────────────────┘ │ - └────────│─────────────────│──────────────┘ - │ │ - ▼ ▼ - ┌─────────────────────────────────────────┐ - │ PLATFORM INTEGRATION │ - │ ┌───────────┐ ┌───────────┐ ┌───────┐│ - │ │ GitHub │ │ GitLab │ │ Nix / ││ - │ │ Workflows │ │ CI/CD │ │ Guix ││ - │ └───────────┘ └───────────┘ └───────┘│ - └─────────────────────────────────────────┘ - - ┌─────────────────────────────────────────┐ - │ REPO INFRASTRUCTURE │ - │ Justfile / Mustfile .machine_readable/ │ - │ Codeowners / Reuse 0-AI-MANIFEST.a2ml │ - └─────────────────────────────────────────┘ -``` - -## Completion Dashboard - -``` -COMPONENT STATUS NOTES -───────────────────────────────── ────────────────── ───────────────────────────────── -CORE STANDARDS - ABI/FFI Standard (Idris2/Zig) ██████████ 100% Universal interface stable - AI Gatekeeper (0-AI-MANIFEST) ██████████ 100% Universal entry point active - TOPOLOGY.md Standard ██████████ 100% Visual summary guide active - 6SCM Metadata Structure ██████████ 100% Machine-readable state stable - -INFRASTRUCTURE - Justfile Automation ██████████ 100% Standard build/verify tasks - CI/CD Workflow Templates ██████████ 100% GH/GL scaffolding verified - Multi-Forge Sync ██████████ 100% Hub-and-spoke mirroring stable - -CONTAINER ECOSYSTEM (Phase 2) - Containerfile (OCI build) ██████████ 100% Multi-stage Chainguard base - selur-compose orchestration ██████████ 100% Template + concrete example - cerro-torre manifest ██████████ 100% Bundle metadata & signing - svalinn gateway policy ██████████ 100% .gatekeeper.yaml active - vordr runtime monitoring ██████████ 100% Runtime config template - k9-svc deployment (Nickel) ██████████ 100% Hunt-level deploy descriptor - ct-build.sh pipeline ██████████ 100% Build/sign/verify script - Justfile container-* recipes ██████████ 100% 8 recipes integrated - Trustfile CONTAINER_SUPPLY_CHAIN ██████████ 100% Supply chain section added - -REPO INFRASTRUCTURE - .machine_readable/ ██████████ 100% STATE/META/ECOSYSTEM active - Governance & License ██████████ 100% PMPL & Ethical use verified - Development Shells (Nix/Guix) ██████████ 100% Reproducible env stable - -───────────────────────────────────────────────────────────────────────────── -OVERALL: ██████████ 100% RSR Template Stable & Certified -``` - -## Key Dependencies - -``` -Philosophy ──────► RSR Standard ──────► Template Scaffolding ──► New Repo - │ │ │ │ - ▼ ▼ ▼ ▼ -CCCP Policy ─────► 0-AI-MANIFEST ────────► Justfile ──────────► Compliance - │ - ▼ - Container Ecosystem - ┌──────────┼──────────┐ - ▼ ▼ ▼ - selur-compose cerro- svalinn/ - (orchestrate) torre vordr - (sign) (monitor) - │ - ▼ - k9-svc deploy -``` - -## Update Protocol - -This file is maintained by both humans and AI agents. When updating: - -1. **After completing a component**: Change its bar and percentage -2. **After adding a component**: Add a new row in the appropriate section -3. **After architectural changes**: Update the ASCII diagram -4. **Date**: Update the `Last updated` comment at the top of this file - -Progress bars use: `█` (filled) and `░` (empty), 10 characters wide. -Percentages: 0%, 10%, 20%, ... 100% (in 10% increments). ----- diff --git a/road-skate/docs/architecture/0.2-AI-MANIFEST.a2ml b/road-skate/docs/architecture/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 028b503d..00000000 --- a/road-skate/docs/architecture/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "architecture-track" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Documentation track for system architecture and threat models. - -canonical_locations: - threat_model: "THREAT-MODEL.adoc" - -invariants: - - "Visual diagrams MUST include ASCII or Mermaid representations" diff --git a/road-skate/docs/architecture/THREAT-MODEL.adoc b/road-skate/docs/architecture/THREAT-MODEL.adoc deleted file mode 100644 index 946b6f2f..00000000 --- a/road-skate/docs/architecture/THREAT-MODEL.adoc +++ /dev/null @@ -1,162 +0,0 @@ -= Threat Model - - - -# Threat Model: AffineScript-Vite - -## Document Info - -| Field | Value | -|---------------|--------------------------------| -| Project | AffineScript-Vite | -| Version | 1.0 | -| Last Reviewed | {{DATE}} | -| Author | hyperpolymath | -| Methodology | STRIDE | - -## Scope - -### In Scope - -- Application source code and build pipeline -- CI/CD workflows (GitHub Actions) -- Container images and runtime environment -- Secrets and credential management -- Dependencies (direct and transitive) -- Deployment artifacts (binaries, containers, SBOM) - -### Out of Scope - -- Physical security of hosting infrastructure -- GitHub/GitLab platform-level vulnerabilities -- End-user device security -- Social engineering attacks against maintainers (handled by org policy) - -## System Overview - -Brief description of AffineScript-Vite and its architecture. - -> See [STATE-VISUALIZER.adoc](../STATE-VISUALIZER.adoc) for the full architecture diagram and completion dashboard. - -## Assets - -| Asset | Classification | Owner | Notes | -|----------------------|----------------|-------------|--------------------------------------------| -| Source code | Internal | Maintainers | Public repos are still internal-integrity | -| Signing keys | Restricted | Release lead | Signing keys (e.g., Ed25519), GPG keys | -| CI/CD secrets | Restricted | Maintainers | GITHUB_TOKEN, deploy tokens, PATs | -| User/contributor data | Confidential | Org | Emails, contributor identity | -| Build artifacts | Internal | CI pipeline | Binaries, WASM bundles | -| Container images | Internal | CI pipeline | Chainguard-based, signed via image signing tool | -| SBOM / provenance | Public | CI pipeline | SLSA attestations | -| Dependencies | Public | Lockfile | Cargo.lock, deno.lock, gleam.toml | -| Infrastructure config | Confidential | Maintainers | Containerfiles, compose files, orchestration config | - -## Trust Boundaries - -| Boundary | From (Lower Trust) | To (Higher Trust) | -|-----------------------------|---------------------------|----------------------------| -| Pull request submission | External contributor | Repository codebase | -| CI/CD workflow execution | Workflow definition | Runner with secrets access | -| Container build boundary | Build stage | Runtime stage | -| External API calls | Third-party service | Application internals | -| User input (CLI/Web) | End user | Application logic | -| Dependency resolution | Package registry | Build environment | -| Forge mirroring | GitHub | GitLab / Bitbucket | - -## Threat Actors - -| Actor | Motivation | Capability | -|--------------------------|-------------------------------|------------| -| Script kiddie | Vandalism, clout | Low | -| Disgruntled contributor | Sabotage, backdoor insertion | Medium | -| Supply chain attacker | Wide-impact compromise | High | -| Nation state | Espionage, disruption | Very High | -| Automated bot | Credential stuffing, spam PRs | Low-Medium | - -## STRIDE Analysis - -### Spoofing - -| Threat | Affected Asset | Likelihood | Impact | Risk | Mitigation | -|---------------------------------|-------------------|------------|--------|--------|------------------------------------------------| -| Unsigned commits impersonate maintainer | Source code | Medium | High | High | Require GPG-signed commits; vigilant code review | -| Forged bot actions (automated agents) | CI/CD pipeline | Low | High | Medium | Bot tokens scoped minimally; audit bot activity | -| Spoofed package registry identity | Dependencies | Low | High | Medium | Pin dependencies by hash; verify provenance | - -### Tampering - -| Threat | Affected Asset | Likelihood | Impact | Risk | Mitigation | -|---------------------------------|-------------------|------------|--------|--------|------------------------------------------------| -| Malicious pull request | Source code | Medium | High | High | Branch protection; required reviews; CodeQL | -| Dependency poisoning (typosquat) | Dependencies | Medium | High | High | Lockfiles; secret-scanner; security scans | -| Tampered container base image | Container images | Low | High | Medium | Chainguard images; image signing verification | -| Workflow file modification | CI/CD pipeline | Low | High | Medium | CODEOWNERS on .github/; workflow-linter | - -### Repudiation - -| Threat | Affected Asset | Likelihood | Impact | Risk | Mitigation | -|---------------------------------|-------------------|------------|--------|--------|------------------------------------------------| -| Unlogged deployment | Build artifacts | Medium | Medium | Medium | SLSA provenance; deployment audit trail | -| Denied merge of vulnerable code | Source code | Low | Medium | Low | Git history is immutable; signed commits | -| Secret rotation without record | CI/CD secrets | Low | Low | Low | Secret rotation logged in STATE.a2ml | - -### Information Disclosure - -| Threat | Affected Asset | Likelihood | Impact | Risk | Mitigation | -|---------------------------------|-------------------|------------|--------|--------|------------------------------------------------| -| Secrets leaked in git history | CI/CD secrets | Medium | High | High | TruffleHog in CI; secret-scanner workflow | -| Verbose error messages in prod | Application logic | Medium | Medium | Medium | Sanitize outputs; structured logging | -| SBOM reveals internal structure | Infrastructure | Low | Low | Low | Accepted risk; SBOM is intentionally public | - -### Denial of Service - -| Threat | Affected Asset | Likelihood | Impact | Risk | Mitigation | -|---------------------------------|-------------------|------------|--------|--------|------------------------------------------------| -| CI resource exhaustion (fork bomb in PR) | CI/CD pipeline | Medium | Medium | Medium | Concurrency limits; timeout on workflows | -| Spam issues/PRs flooding triage | Maintainer time | Medium | Low | Low | GitHub rate limits; bot auto-close stale | -| Large binary commits bloating repo | Source code | Low | Medium | Low | .gitattributes LFS policy; pre-commit hooks | - -### Elevation of Privilege - -| Threat | Affected Asset | Likelihood | Impact | Risk | Mitigation | -|---------------------------------|-------------------|------------|--------|--------|------------------------------------------------| -| Workflow injection via PR title/body | CI/CD pipeline | Medium | High | High | Never interpolate PR fields in `run:`; use env vars | -| GITHUB_TOKEN over-scoped | CI/CD secrets | Medium | High | High | `permissions: read-all` default; per-job scoping | -| Container escape | Runtime environment | Low | High | Medium | Hardened container runtime; read-only rootfs; no-new-privileges | -| Compromised action dependency | CI/CD pipeline | Medium | High | High | SHA-pin all actions; never use `@latest` tags | - -## Mitigations in Place - -- **SLSA Provenance**: Build attestations via slsa-github-generator -- **Secret Scanning**: TruffleHog + secret-scanner workflow on every push -- **Static Analysis**: CodeQL on supported languages -- **Supply Chain**: OpenSSF Scorecard (scorecard.yml + scorecard-enforcer.yml) -- **Container Signing**: Ed25519 signatures on all published images (optional: use your signing tool) -- **Container Runtime**: Hardened container runtime with formal verification (optional) -- **Dependency Pinning**: All GitHub Actions SHA-pinned; lockfiles committed -- **Workflow Validation**: workflow-linter.yml checks all workflow changes -- **Security Scanning**: Neurosymbolic scanning (hypatia-scan.yml, optional) -- **Bot Governance**: Bot orchestration with confidence thresholds (optional) -- **Edge Security**: Gateway with policy enforcement (optional, where applicable) -- **SBOM**: Generated and published with releases - -## Residual Risks - -| Risk | Accepted Because | Review Trigger | -|-----------------------------------------------|---------------------------------------------------|-------------------------| -| Zero-day in GitHub Actions runner | Platform responsibility; no feasible mitigation | GitHub advisory | -| Maintainer account compromise | Mitigated by 2FA requirement; residual remains | Any suspicious activity | -| Transitive dependency vulnerability (0-day) | Lockfiles limit blast radius; scanning catches known CVEs | CVE database update | -| SBOM exposes internal component names | Transparency is a design goal | Policy change | - -## Review Schedule - -This threat model should be reviewed: - -- **Quarterly** as a standing item -- **When architecture changes** (new services, new trust boundaries, new deployment targets) -- **Before major releases** (v1.0, v2.0, etc.) -- **After any security incident** affecting this project or its dependencies - -Reviewer should update the "Last Reviewed" date and version in Document Info above. diff --git a/road-skate/docs/attribution/0.2-AI-MANIFEST.a2ml b/road-skate/docs/attribution/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 52beaea4..00000000 --- a/road-skate/docs/attribution/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "attribution-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-unit of the docs pillar focusing on attribution. diff --git a/road-skate/docs/attribution/CITATION.cff b/road-skate/docs/attribution/CITATION.cff deleted file mode 100644 index 324120c9..00000000 --- a/road-skate/docs/attribution/CITATION.cff +++ /dev/null @@ -1,17 +0,0 @@ -cff-version: 1.2.0 -message: "If you use this software, please cite it as below." -authors: -- family-names: "{{AUTHOR_LAST}}" - given-names: "{{AUTHOR_FIRST}}" - orcid: "https://orcid.org/0000-0000-0000-0000" # Placeholder -title: "AffineScript-Vite" -version: 0.1.0 -date-released: {{CURRENT_DATE}} -url: "https://github.com/hyperpolymath/affinescript-vite" -repository-code: "https://github.com/hyperpolymath/affinescript-vite" -license: MPL-2.0 -keywords: - - "rsr" - - "formal-verification" - - "neurosymbolic" - - "provenance" diff --git a/road-skate/docs/attribution/CITATIONS.adoc b/road-skate/docs/attribution/CITATIONS.adoc deleted file mode 100644 index cefafb2d..00000000 --- a/road-skate/docs/attribution/CITATIONS.adoc +++ /dev/null @@ -1,35 +0,0 @@ -= AffineScript-Vite - Citation Guide -:toc: - -== BibTeX - -[source,bibtex] ----- -@software{AffineScript-Vite_{{CURRENT_YEAR}}, - author = {{{AUTHOR_LAST}}, {{AUTHOR_FIRST}}}, - title = {AffineScript-Vite}, - year = {{{CURRENT_YEAR}}}, - url = {https://github.com/hyperpolymath/AffineScript-Vite}, - license = {MPL-2.0} -} ----- - -== Harvard Style - -{{AUTHOR_LAST}}, {{AUTHOR_INITIALS}} ({{CURRENT_YEAR}}) _AffineScript-Vite_ [Computer software]. Available at: https://github.com/hyperpolymath/AffineScript-Vite - -== OSCOLA - -hyperpolymath, 'AffineScript-Vite' ({{CURRENT_YEAR}}) - -== MLA - -{{AUTHOR_LAST}}, {{AUTHOR_FIRST}} "AffineScript-Vite." {{CURRENT_YEAR}}, github.com/hyperpolymath/AffineScript-Vite. - -== APA 7 - -{{AUTHOR_LAST}}, {{AUTHOR_INITIALS}} ({{CURRENT_YEAR}}). _AffineScript-Vite_ [Computer software]. GitHub. https://github.com/hyperpolymath/AffineScript-Vite - -== See Also - -* link:CITATION.cff[CITATION.cff] diff --git a/road-skate/docs/attribution/CODEOWNERS.adoc b/road-skate/docs/attribution/CODEOWNERS.adoc deleted file mode 100644 index 3714055f..00000000 --- a/road-skate/docs/attribution/CODEOWNERS.adoc +++ /dev/null @@ -1,19 +0,0 @@ -= Code Ownership -:icons: font - -This project utilizes a formally defined code ownership structure to ensure that specific components are reviewed by domain experts. - -== Authority Model - -Our ownership model is based on the "Perimeter" architecture: -* **Perimeter 1 (Core):** Strictly controlled by Lead Maintainers. -* **Perimeter 2 (Extensions):** Maintained by component owners. -* **Perimeter 3 (Community):** Open for broader community participation. - -== Automated Enforcement - -The technical rules for automatic review assignments are maintained in the machine-readable link:../../.github/CODEOWNERS[.github/CODEOWNERS] file. GitHub uses this to automatically notify owners when changes are proposed to their sections. - -== Component Owners - -A full list of maintainers and their contact information can be found in link:MAINTAINERS.adoc[MAINTAINERS.adoc]. diff --git a/road-skate/docs/attribution/MAINTAINERS.adoc b/road-skate/docs/attribution/MAINTAINERS.adoc deleted file mode 100644 index a173cdf0..00000000 --- a/road-skate/docs/attribution/MAINTAINERS.adoc +++ /dev/null @@ -1,47 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -= Maintainers -:toc: preamble - -This document lists the maintainers of this project and their responsibilities. - -== Current Maintainers - -[cols="2,3,2",options="header"] -|=== -| Name | Role | Contact - -| hyperpolymath -| Lead Maintainer -| https://github.com/hyperpolymath[@hyperpolymath] -|=== - -== Responsibilities - -Maintainers are responsible for: - -* Reviewing and merging pull requests -* Triaging issues and feature requests -* Ensuring code quality and security standards -* Managing releases and versioning -* Upholding the project's code of conduct - -== Becoming a Maintainer - -Contributors who demonstrate: - -* Consistent, high-quality contributions -* Understanding of the project's goals and standards -* Constructive participation in discussions -* Commitment to the project's long-term health - -May be invited to become maintainers at the discretion of existing maintainers. - -== Decision Making - -* Routine decisions (bug fixes, minor improvements) can be made by any maintainer -* Significant changes require discussion and consensus among maintainers -* Breaking changes or major features should be discussed in issues before implementation - -== Contact - -For questions about project governance, open an issue or contact the maintainers listed above. diff --git a/road-skate/docs/attribution/README.adoc b/road-skate/docs/attribution/README.adoc deleted file mode 100644 index b095612c..00000000 --- a/road-skate/docs/attribution/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= attribution Unit diff --git a/road-skate/docs/decisions/0.2-AI-MANIFEST.a2ml b/road-skate/docs/decisions/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index ac26298b..00000000 --- a/road-skate/docs/decisions/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "decisions-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-unit of the docs pillar focusing on decisions. diff --git a/road-skate/docs/decisions/0000-template.adoc b/road-skate/docs/decisions/0000-template.adoc deleted file mode 100644 index 1e2b6710..00000000 --- a/road-skate/docs/decisions/0000-template.adoc +++ /dev/null @@ -1,35 +0,0 @@ -= Architecture Decision Record: 0000-template - - - -# [NUMBER]. [TITLE] - -Date: YYYY-MM-DD - -## Status - -[Proposed | Accepted | Deprecated | Superseded by [ADR-NNNN](NNNN-title.md) | Rejected] - -## Context - -What is the issue that we're seeing that is motivating this decision or change? - -## Decision - -What is the change that we're proposing and/or doing? - -## Consequences - -What becomes easier or more difficult to do because of this change? - -### Positive - -- ... - -### Negative - -- ... - -### Neutral - -- ... diff --git a/road-skate/docs/decisions/0001-adopt-rsr-standard.adoc b/road-skate/docs/decisions/0001-adopt-rsr-standard.adoc deleted file mode 100644 index 091ee5a2..00000000 --- a/road-skate/docs/decisions/0001-adopt-rsr-standard.adoc +++ /dev/null @@ -1,86 +0,0 @@ -= Architecture Decision Record: 0001-adopt-rsr-standard - - - -# 1. Adopt Rhodium Standard Repository (RSR) Template - -Date: 2026-02-14 - -## Status - -Accepted - -## Context - -Managing multiple repositories with an ad-hoc approach led to significant -inconsistencies across the ecosystem. Common problems included: - -- Missing or incomplete configuration files (SECURITY.md, CONTRIBUTING.md, - .editorconfig, etc.) -- State files (STATE.a2ml, META.a2ml, ECOSYSTEM.a2ml) placed in the repository - root instead of the canonical `.machine_readable/` directory -- Duplicate or conflicting workflow definitions across repos -- No standardized entry point for AI agents interacting with repositories -- Inconsistent bot directive configurations leading to unreliable automation -- No contractile enforcement or Justfile automation - -Without a single source of truth for repository structure, each new repo -required manual setup and inevitably drifted from best practices over time. - -## Decision - -Adopt the Rhodium Standard Repository (RSR) template (`rsr-template-repo`) as -the canonical starting point for all new repositories. Existing repositories -will migrate incrementally as they receive active development. - -The RSR template provides: - -- **Machine-readable state files** in `.machine_readable/` (STATE.a2ml, - ECOSYSTEM.a2ml, META.a2ml, AGENTIC.a2ml, NEUROSYM.a2ml, PLAYBOOK.a2ml) -- **AI manifest** (`0-AI-MANIFEST.a2ml`) as a universal entry point for all - AI agents -- **Bot directives** in `.machine_readable/bot_directives/` for bot orchestration integration -- **Contractiles** in `.machine_readable/contractiles/` (k9, dust, lust, must, trust) for - policy enforcement -- **Standardized workflows** (16+ GitHub Actions workflows, all SHA-pinned) -- **Justfile automation** with standard recipes for common tasks -- **Security and governance files**: SECURITY.md, CONTRIBUTING.md, - CODE_OF_CONDUCT.md, LICENSE (MPL-2.0) -- **Architecture Decision Records** in `docs/decisions/` - -New repositories are created by cloning the template: - -```bash -git clone https://github.com/hyperpolymath/rsr-template-repo new-repo-name -cd new-repo-name -rm -rf .git && git init -``` - -## Consequences - -### Positive - -- Consistency across all repositories, enforced from creation -- Automated compliance checking via `rsr-antipattern.yml` workflow -- Bot fleet can operate reliably across all repos with predictable structure -- AI agents (Claude, Gemini, etc.) have a standardized entry point via - `0-AI-MANIFEST.a2ml` -- New contributors can onboard faster with familiar, documented structure -- Reduced maintenance burden: fix once in template, propagate to all repos -- Machine-readable state enables tooling and automation pipelines - -### Negative - -- Migration effort for existing repos requires time and attention -- Learning curve for contributors unfamiliar with RSR conventions -- Template updates need propagation mechanism to existing repos -- Some repos may have unique needs that do not fit the standard template - without customization - -### Neutral - -- Existing CI/CD pipelines continue to work; RSR workflows are additive -- Third-party dependencies retain their original licenses regardless of - repo structure -- ADR process itself is part of the template, enabling future decisions - to be recorded consistently diff --git a/road-skate/docs/decisions/README.adoc b/road-skate/docs/decisions/README.adoc deleted file mode 100644 index 153a5e78..00000000 --- a/road-skate/docs/decisions/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= decisions Unit diff --git a/road-skate/docs/developer/0.2-AI-MANIFEST.a2ml b/road-skate/docs/developer/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index c16fcc74..00000000 --- a/road-skate/docs/developer/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "developer-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-unit of the docs pillar focusing on developer. diff --git a/road-skate/docs/developer/ABI-FFI-README.adoc b/road-skate/docs/developer/ABI-FFI-README.adoc deleted file mode 100644 index 06ea6180..00000000 --- a/road-skate/docs/developer/ABI-FFI-README.adoc +++ /dev/null @@ -1,384 +0,0 @@ -= ABI/FFI Standards -{{~ Aditionally delete this line and fill out the template below ~}} - -# {{PROJECT}} ABI/FFI Documentation - -## Overview - -This library follows the **Hyperpolymath RSR Standard** for ABI and FFI design: - -- **ABI (Application Binary Interface)** defined in **Idris2** with formal proofs -- **FFI (Foreign Function Interface)** implemented in **Zig** for C compatibility -- **Generated C headers** bridge Idris2 ABI to Zig FFI -- **Any language** can call through standard C ABI - -## Architecture - -``` -┌─────────────────────────────────────────────┐ -│ ABI Definitions (Idris2) │ -│ src/abi/ │ -│ - Types.idr (Type definitions) │ -│ - Layout.idr (Memory layout proofs) │ -│ - Foreign.idr (FFI declarations) │ -└─────────────────┬───────────────────────────┘ - │ - │ generates (at compile time) - ▼ -┌─────────────────────────────────────────────┐ -│ C Headers (auto-generated) │ -│ generated/abi/affinescript-vite.h │ -└─────────────────┬───────────────────────────┘ - │ - │ imported by - ▼ -┌─────────────────────────────────────────────┐ -│ FFI Implementation (Zig) │ -│ ffi/zig/src/main.zig │ -│ - Implements C-compatible functions │ -│ - Zero-cost abstractions │ -│ - Memory-safe by default │ -└─────────────────┬───────────────────────────┘ - │ - │ compiled to libaffinescript-vite.so/.a - ▼ -┌─────────────────────────────────────────────┐ -│ Any Language via C ABI │ -│ - Rust, ReScript, Julia, Python, etc. │ -└─────────────────────────────────────────────┘ -``` - -## Directory Structure - -``` -affinescript-vite/ -├── src/ -│ ├── abi/ # ABI definitions (Idris2) -│ │ ├── Types.idr # Core type definitions with proofs -│ │ ├── Layout.idr # Memory layout verification -│ │ └── Foreign.idr # FFI function declarations -│ └── lib/ # Core library (any language) -│ -├── ffi/ -│ └── zig/ # FFI implementation (Zig) -│ ├── build.zig # Build configuration -│ ├── build.zig.zon # Dependencies -│ ├── src/ -│ │ └── main.zig # C-compatible FFI implementation -│ ├── test/ -│ │ └── integration_test.zig -│ └── include/ -│ └── affinescript-vite.h # C header (optional, can be generated) -│ -├── generated/ # Auto-generated files -│ └── abi/ -│ └── affinescript-vite.h # Generated from Idris2 ABI -│ -└── bindings/ # Language-specific wrappers (optional) - ├── rust/ - ├── rescript/ - └── julia/ -``` - -## Why Idris2 for ABI? - -### 1. **Formal Verification** - -Idris2's dependent types allow proving properties about the ABI at compile-time: - -```idris --- Prove struct size is correct -public export -exampleStructSize : HasSize ExampleStruct 16 - --- Prove field alignment is correct -public export -fieldAligned : Divides 8 (offsetOf ExampleStruct.field) - --- Prove ABI is platform-compatible -public export -abiCompatible : Compatible (ABI 1) (ABI 2) -``` - -### 2. **Type Safety** - -Encode invariants that C/Zig cannot express: - -```idris --- Non-null pointer guaranteed at type level -data Handle : Type where - MkHandle : (ptr : Bits64) -> {auto 0 nonNull : So (ptr /= 0)} -> Handle - --- Array with length proof -data Buffer : (n : Nat) -> Type where - MkBuffer : Vect n Byte -> Buffer n -``` - -### 3. **Platform Abstraction** - -Platform-specific types with compile-time selection: - -```idris -CInt : Platform -> Type -CInt Linux = Bits32 -CInt Windows = Bits32 - -CSize : Platform -> Type -CSize Linux = Bits64 -CSize Windows = Bits64 -``` - -### 4. **Safe Evolution** - -Prove that new ABI versions are backward-compatible: - -```idris --- Compiler enforces compatibility -abiUpgrade : ABI 1 -> ABI 2 -abiUpgrade old = MkABI2 { - -- Must preserve all v1 fields - v1_compat = old, - -- Can add new fields - new_features = defaults -} -``` - -## Why Zig for FFI? - -### 1. **C ABI Compatibility** - -Zig exports C-compatible functions naturally: - -```zig -export fn library_function(param: i32) i32 { - return param * 2; -} -``` - -### 2. **Memory Safety** - -Compile-time safety without runtime overhead: - -```zig -// Null check enforced at compile time -const handle = init() orelse return error.InitFailed; -defer free(handle); -``` - -### 3. **Cross-Compilation** - -Built-in cross-compilation to any platform: - -```bash -zig build -Dtarget=x86_64-linux -zig build -Dtarget=aarch64-macos -zig build -Dtarget=x86_64-windows -``` - -### 4. **Zero Dependencies** - -No runtime, no libc required (unless explicitly needed): - -```zig -// Minimal binary size -pub const lib = @import("std"); -// Only includes what you use -``` - -## Building - -### Build FFI Library - -```bash -cd ffi/zig -zig build # Build debug -zig build -Doptimize=ReleaseFast # Build optimized -zig build test # Run tests -``` - -### Generate C Header from Idris2 ABI - -```bash -cd src/abi -idris2 --cg c-header Types.idr -o ../../generated/abi/affinescript-vite.h -``` - -### Cross-Compile - -```bash -cd ffi/zig - -# Linux x86_64 -zig build -Dtarget=x86_64-linux - -# macOS ARM64 -zig build -Dtarget=aarch64-macos - -# Windows x86_64 -zig build -Dtarget=x86_64-windows -``` - -## Usage - -### From C - -```c -#include "affinescript-vite.h" - -int main() { - void* handle = affinescript-vite_init(); - if (!handle) return 1; - - int result = affinescript-vite_process(handle, 42); - if (result != 0) { - const char* err = affinescript-vite_last_error(); - fprintf(stderr, "Error: %s\n", err); - } - - affinescript-vite_free(handle); - return 0; -} -``` - -Compile with: -```bash -gcc -o example example.c -laffinescript-vite -L./zig-out/lib -``` - -### From Idris2 - -```idris -import {{PROJECT}}.ABI.Foreign - -main : IO () -main = do - Just handle <- init - | Nothing => putStrLn "Failed to initialize" - - Right result <- process handle 42 - | Left err => putStrLn $ "Error: " ++ errorDescription err - - free handle - putStrLn "Success" -``` - -### From Rust - -```rust -#[link(name = "affinescript-vite")] -extern "C" { - fn affinescript-vite_init() -> *mut std::ffi::c_void; - fn affinescript-vite_free(handle: *mut std::ffi::c_void); - fn affinescript-vite_process(handle: *mut std::ffi::c_void, input: u32) -> i32; -} - -fn main() { - unsafe { - let handle = affinescript-vite_init(); - assert!(!handle.is_null()); - - let result = affinescript-vite_process(handle, 42); - assert_eq!(result, 0); - - affinescript-vite_free(handle); - } -} -``` - -### From Julia - -```julia -const libaffinescript-vite = "libaffinescript-vite" - -function init() - handle = ccall((:affinescript-vite_init, libaffinescript-vite), Ptr{Cvoid}, ()) - handle == C_NULL && error("Failed to initialize") - handle -end - -function process(handle, input) - result = ccall((:affinescript-vite_process, libaffinescript-vite), Cint, (Ptr{Cvoid}, UInt32), handle, input) - result -end - -function cleanup(handle) - ccall((:affinescript-vite_free, libaffinescript-vite), Cvoid, (Ptr{Cvoid},), handle) -end - -# Usage -handle = init() -try - result = process(handle, 42) - println("Result: $result") -finally - cleanup(handle) -end -``` - -## Testing - -### Unit Tests (Zig) - -```bash -cd ffi/zig -zig build test -``` - -### Integration Tests - -```bash -cd ffi/zig -zig build test-integration -``` - -### ABI Verification (Idris2) - -```idris --- Compile-time verification -%runElab verifyABI - --- Runtime checks -main : IO () -main = do - verifyLayoutsCorrect - verifyAlignmentsCorrect - putStrLn "ABI verification passed" -``` - -## Contributing - -When modifying the ABI/FFI: - -1. **Update ABI first** (`src/abi/*.idr`) - - Modify type definitions - - Update proofs - - Ensure backward compatibility - -2. **Generate C header** - ```bash - idris2 --cg c-header src/abi/Types.idr -o generated/abi/affinescript-vite.h - ``` - -3. **Update FFI implementation** (`ffi/zig/src/main.zig`) - - Implement new functions - - Match ABI types exactly - -4. **Add tests** - - Unit tests in Zig - - Integration tests - - ABI verification tests - -5. **Update documentation** - - Function signatures - - Usage examples - - Migration guide (if breaking changes) - -## License - -{{LICENSE}} - -## See Also - -- [Idris2 Documentation](https://idris2.readthedocs.io) -- [Zig Documentation](https://ziglang.org/documentation/master/) -- [Rhodium Standard Repositories](https://github.com/hyperpolymath/rhodium-standard-repositories) diff --git a/road-skate/docs/developer/README.adoc b/road-skate/docs/developer/README.adoc deleted file mode 100644 index 1d00529d..00000000 --- a/road-skate/docs/developer/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= developer Unit diff --git a/road-skate/docs/governance/0.1-AI-MANIFEST.a2ml b/road-skate/docs/governance/0.1-AI-MANIFEST.a2ml deleted file mode 100644 index 6e373bd2..00000000 --- a/road-skate/docs/governance/0.1-AI-MANIFEST.a2ml +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-pillar" -level: 1 -parent: "../0-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Primary governance pillar implementing the Triaxial Software Development - Methodology (TSDM). Contains planning, maintenance, and audit tracks. - -canonical_locations: - tsdm_spec: "TSDM.adoc" - planning: "planning/" - maintenance: "maintenance/" - audit: "audit/" - crg: "CRG-CRITERIA.adoc" - checklist: "MAINTENANCE-CHECKLIST.adoc" - approach: "SOFTWARE-DEVELOPMENT-APPROACH.adoc" diff --git a/road-skate/docs/governance/CRG-CRITERIA.a2ml b/road-skate/docs/governance/CRG-CRITERIA.a2ml deleted file mode 100644 index 61625859..00000000 --- a/road-skate/docs/governance/CRG-CRITERIA.a2ml +++ /dev/null @@ -1,108 +0,0 @@ -; SPDX-License-Identifier: MPL-2.0 -; Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) - -; Component Readiness Grades (CRG) — Machine-readable specification -; Format: A2ML (AI-to-Machine Language) -; Standard: CRG v1.0 - -(standard - (name "Component Readiness Grades") - (abbreviation "CRG") - (version "1.0") - (date "2026-02-28") - (author "Jonathan D.A. Jewell ") - (license "MPL-2.0") - (family "RSR")) - -(grades - (grade - (code X) - (name "Untested") - (release-stage #f) - (ordinal 0) - (description "No testing has been performed. Status unknown.") - (evidence-required "none") - (minimum-for #f)) - (grade - (code F) - (name "Harmful / Wasteful") - (release-stage #f) - (ordinal 1) - (description "Actively harmful, wasteful, or better handled externally. Reject, deprecate, or delegate.") - (evidence-required "documented test results showing harm, waste, or redundancy; comparison with alternatives") - (minimum-for #f)) - (grade - (code E) - (name "Minimal / Salvageable") - (release-stage "pre-alpha") - (ordinal 2) - (description "Does something slight. Barely functional. Needs redesign or major work.") - (evidence-required "at least one successful test case; documented failures and limitations") - (minimum-for #f)) - (grade - (code D) - (name "Partial / Inconsistent") - (release-stage "alpha") - (ordinal 3) - (description "Works on some things but not systematically.") - (evidence-required "matrix of tested scenarios; documented scope vs actual capabilities") - (minimum-for "alpha")) - (grade - (code C) - (name "Self-Validated") - (release-stage "beta") - (ordinal 4) - (description "Tested on the tool/project itself (dogfooding). Reliable in home context.") - (evidence-required "active dogfooding; CI integration or equivalent; no known failures in home context") - (minimum-for "beta")) - (grade - (code B) - (name "Broadly Validated") - (release-stage "release-candidate") - (ordinal 5) - (description "Tested on at least 6 disparate, unrelated targets.") - (evidence-required "list of 6+ diverse targets with test results; evidence of feedback incorporation") - (minimum-for "release-candidate")) - (grade - (code A) - (name "Field-Proven") - (release-stage "stable") - (ordinal 6) - (description "Real-world external feedback confirms value. Does no harm in the wild.") - (evidence-required "real-world usage data; feedback incorporation evidence; no unresolved harm reports") - (minimum-for "stable"))) - -(transitions - (promotion - (from X) (to E) (requirement "Run at least one test. Document results.")) - (promotion - (from X) (to F) (requirement "Evaluate and determine harmful or wasteful.")) - (promotion - (from E) (to D) (requirement "Fix critical failures. Document scope.")) - (promotion - (from D) (to C) (requirement "Dogfood on own project. Fix what breaks.")) - (promotion - (from C) (to B) (requirement "Test on 6+ diverse external targets. Fix what breaks.")) - (promotion - (from B) (to A) (requirement "Ship. Collect external feedback. Demonstrate no harm.")) - (demotion - (from A) (to B) (trigger "External feedback dries up or reveals no longer useful.")) - (demotion - (from A) (to F) (trigger "External feedback reveals component causes harm.")) - (demotion - (from B) (to C) (trigger "Broad validation reveals unfixed failures.")) - (demotion - (from C) (to D) (trigger "Home context changes and component no longer reliable.")) - (demotion - (from C) (to F) (trigger "Dogfooding reveals net negative.")) - (demotion - (from D) (to E) (trigger "Scope narrows to barely functional.")) - (demotion - (from any) (to F) (trigger "Better external alternative makes this pure opportunity cost."))) - -(conformance - (rule "Each assessable component MUST have a grade from {X, F, E, D, C, B, A}.") - (rule "Each grade above X MUST be supported by evidence per section 4.") - (rule "Assessments MUST be recorded in a version-controlled location.") - (rule "Assessments MUST be reviewed at least once per release cycle.") - (rule "Release stages MUST respect minimum grade thresholds.")) diff --git a/road-skate/docs/governance/CRG-CRITERIA.adoc b/road-skate/docs/governance/CRG-CRITERIA.adoc deleted file mode 100644 index f8264e6d..00000000 --- a/road-skate/docs/governance/CRG-CRITERIA.adoc +++ /dev/null @@ -1,39 +0,0 @@ -= Component Readiness Grades (CRG) Criteria -:toc: preamble -:icons: font - -This document defines the quality assessment criteria for individual project components. - -== Grade Definitions - -[cols="1,2,3,4",options="header"] -|=== -| Grade | Name | Release Stage | Meaning - -| **A** | Field-Proven | Stable | Real-world feedback amassed; no harm in wild. -| **B** | Broadly Validated | Release Candidate | Tested on 6+ diverse external targets. -| **C** | Self-Validated | Beta | Reliable in home context (dogfooded). -| **D** | Partial | Alpha | Works on some inputs/cases but not systematically. -| **E** | Minimal | Pre-alpha | Barely functional; needs major work. -| **F** | Harmful/Wasteful | Reject/Delegate | Redundant or negative value. -| **X** | Untested | — | Status completely unknown. -|=== - -== Core Principles - -1. **Assess components, not projects:** Each feature gets its own grade. -2. **Evidence over intuition:** Every grade above X requires documented evidence. -3. **Honest assessment:** Grade the component as it is today, not as you hope it will be. -4. **Grades are earned and can be lost:** Regressions lead to demotion. - -== Assessment Checklist - -1. Has it been tested at all? (No → **X**) -2. Does it cause harm or duplicate something better? (Yes → **F**) -3. Does it do something, however slight? (Barely → **E**) -4. Does it work on some things but not others? (Partial → **D**) -5. Does it work reliably on our own project? (Dogfooded → **C**) -6. Has it been tested on 6+ diverse external targets? (Broad → **B**) -7. Do external users confirm it works and is useful? (Field-proven → **A**) - -See link:READINESS.adoc[READINESS.adoc] for the current project assessment. diff --git a/road-skate/docs/governance/MAINTENANCE-CHECKLIST.a2ml b/road-skate/docs/governance/MAINTENANCE-CHECKLIST.a2ml deleted file mode 100644 index eaee7205..00000000 --- a/road-skate/docs/governance/MAINTENANCE-CHECKLIST.a2ml +++ /dev/null @@ -1,159 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Cross-repo maintenance baseline (machine-readable canonical) - -[metadata] -version = "1.1.0" -last-updated = "2026-02-24" -scope = "cross-repo" -source-human = "docs/maintenance/MAINTENANCE-CHECKLIST.adoc" -companion-human = "docs/practice/SOFTWARE-DEVELOPMENT-APPROACH.adoc" -companion-machine = ".machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml" - -[policy] -single-source = true -notes = "Use this file as canonical machine policy and keep markdown synchronized." - -[maintenance-axes] -scoping-first = true -execution-order = ["scoping", "axis-1", "axis-2", "axis-3"] -axis-1 = "must > intend > like" -axis-2 = "corrective > adaptive > perfective" -axis-3 = "systems > compliance > effects" - -[scoping] -inputs_required = [ - "README", - "roadmap", - "status-docs", - "maintenance-checklist", - "ci-and-security-docs", -] - -marker_scan_required = [ - "TODO", - "FIXME", - "XXX", - "HACK", - "STUB", - "PARTIAL", -] - -idris_unsound_scan_required = [ - "believe_me", - "assert_total", -] - -scope_assembly_buckets = ["must", "intend", "like"] - -[axis-2-maintenance-rules] -corrective-first = true -adaptive-second = true -adaptive_examples = [ - "scope-change reconciliation", - "stale-reference removal", - "obsolete-work culling", -] -perfective-third = true -perfective_source = "axis-1 honest state after corrective/adaptive updates" - -[axis-3-audit-rules] -systems-check = true -documentation-honesty-check = true -safety-security-accounted-check = true -effects-review-check = true -benchmark-evidence-required = true -maintainer-dialogue-review-required = true -compliance-seams-check = true -exception-register-required = true -exception-bounded-scope-required = true -policy-drift-contamination-check = true -example-drift-risk = "single TypeScript exception causing broad ReScript->TypeScript migration" -compliance-tooling = "panic-attack" -effects-tooling = "ecological checking with sustainabot guidance" - -[generic-cleanup-finish-off] -root-cleanup-required = true -stale-work-cull-required = true -docs-parity-required = true -machine-human-sync-required = true -compliance-finish-off-required = true -effects-finish-off-required = true -release-prep-summary-required = true -next-actions-required = ["corrective", "adaptive", "perfective"] - -[must] -root_control_files = [ - ".gitignore", - ".gitattributes", - ".editorconfig", - ".tool-versions", - "Containerfile", - "Justfile", -] - -root_hosting_files = [ - "CNAME", - ".nojekyll", -] - -ownership_files = [ - "MAINTAINER", - ".github/CODEOWNERS", -] - -machine_readable_required = [ - ".machine_readable/anchors/ANCHOR.a2ml", - ".machine_readable/contractiles/", - ".machine_readable/ai/", - ".machine_readable/bot_directives/", -] - -contractiles_required = [ - "Mustfile", - "Trustfile", - "Intentfile", -] - -security_required = [ - ".well-known/security.txt", - "ci-security-scan", -] - -quality_gate_required = [ - "format", - "lint", - "unit-tests", - "integration-tests", - "p2p-tests", - "e2e-tests", - "bench-smoke", - "docs-check", - "security-scan", -] - -abi_ffi_policy = [ - "ABI Idris2 in src/interface/abi/*.idr", - "FFI Zig in ffi/**/*.zig", -] - -[should] -docs_primary_format = "adoc" -docs_structure = [ - "docs/theory", - "docs/practice", - "docs/whitepapers/academic", - "docs/whitepapers/industry", - "docs/proofs", - "docs/reports", -] - -root_minimization = true -well_known_metadata = true -roadmap_honesty_with_dates = true -ci_doc_format_policy = true - -[could] -generate_human_from_machine = true -mode_aware_bots = ["corrective", "adaptive", "perfective", "audit"] -topology_dashboard = true -exception_registry = true diff --git a/road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc b/road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc deleted file mode 100644 index 4b760b51..00000000 --- a/road-skate/docs/governance/MAINTENANCE-CHECKLIST.adoc +++ /dev/null @@ -1,569 +0,0 @@ -= Maintenance Checklist -# Maintenance Checklist (Cross-Repo) - -Use this as a repeatable maintenance runbook for any repo. - -Companion policy: - -- `docs/practice/SOFTWARE-DEVELOPMENT-APPROACH.adoc` (human-readable) -- `.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml` (machine-readable) - -## Canonical Repo Baseline (Final) - -Apply this baseline to every repo unless an explicit exception is recorded. - -### Three-Axis Default Model - -- [ ] Axis 1 (scope priority, runs first): `must > intend > like` -- [ ] Axis 2 (maintenance priority): `corrective > adaptive > perfective` -- [ ] Axis 3 (audit priority): `systems > compliance > effects` -- [ ] Perfective items are derived from Axis 1 honest state (not started independently). - -### Axis 1 Scoping Pass (Mandatory) - -Before Axis 2/3 execution, assemble a scoped worklist from evidence: - -- [ ] Read and reconcile: `README`, roadmap, status docs, maintenance checklist, and current CI/security docs. -- [ ] Scan for unfinished markers: `PENDING`, `FIXME`, `XXX`, `HACK`, `STUB`, `PARTIAL`. -- [ ] If Idris is present, scan unsoundness markers: `b_me`, `a_total`. -- [ ] Identify declared intent vs actual implementation (docs honesty check). -- [ ] Produce a scope assembly artifact with prioritized entries under: - - `must` (release blockers / safety / correctness) - - `intend` (planned near-term) - - `like` (nice-to-have) - -### Axis 2 Maintenance Execution Rules - -- [ ] Corrective first: fix breakage, defects, regressions, safety issues. -- [ ] Adaptive second: reconcile changed scope, remove stale references, cull no-longer-relevant work. -- [ ] Perfective third: only from current honest state established by Axis 1 and updated by corrective/adaptive actions. - -### Axis 3 Audit Rules - -- [ ] Verify systems are in place and actually operating. -- [ ] Verify documentation explains the real/current state (not aspirational-only), including documented exceptions. -- [ ] Verify safety and security controls are present, active, and evidenced. -- [ ] Verify observed effects/impacts are captured and reviewed. -- [ ] Effects audit includes: - - benchmark execution and recorded results (with before/after where relevant) - - explicit maintainer dialogue/status review on what changed, why, and next risks -- [ ] Audit compliance seams/compromises explicitly: - - policy exceptions are recorded with rationale, scope, and expiry/review - - exception does not silently broaden into general policy drift - - language-policy contamination checks run (example: a single TS exception must not trigger broad TypeScript conversion) - - run `panic-attack` as the compliance-audit scanner - - run ecological checking under effects (using sustainabot guidance as current baseline) - -### Generic Cleanup And Finish-Off Pass - -Run this pass at the end of a corrective/adaptive/perfective cycle: - -- [ ] Root cleanup: - - keep only required control/entry files in root - - move non-essential docs/reports/fixtures to canonical folders -- [ ] Remove or archive stale work: - - close out completed PENDING/STUB/PARTIAL items - - cull obsolete references, dead files, and superseded plans -- [ ] Documentation finish-off: - - ensure README, roadmap, status, and wiki match actual implementation state - - ensure machine-readable policy/state files match human docs -- [ ] Security/compliance finish-off: - - run compliance scanner (`panic-attack`) and resolve high-priority findings - - verify exception register and seams/compromises are explicitly bounded -- [ ] Effects finish-off: - - run benchmark/effects checks and record evidence - - conduct explicit maintainer review dialogue (what changed, why, remaining risks) -- [ ] Release-prep finish-off: - - produce Must/Should/Could summary - - produce immediate corrective/adaptive/perfective next-actions list - -### Must - -- [ ] Keep required control files at repository root: - - `.gitignore`, `.gitattributes`, `.editorconfig`, `.tool-versions` - - `Containerfile` - - `.containerignore` (or `.dockerignore` only when required for compatibility) - - `CNAME` and `.nojekyll` when using GitHub Pages/custom domain - - `Justfile` (root by convention) -- [ ] Keep ownership/governance files present: - - `MAINTAINER` in root - - `.github/CODEOWNERS` -- [ ] Keep machine-readable canonical structure under `.machine_readable/`: - - state/meta/ecosystem files (`*.a2ml` or repo standard) - - `anchors/ANCHOR.a2ml` - - `contractiles/` (`must`, `trust`, `lust`, and related) - - `ai/` for AI guidance files - - `bot_directives/` for bot control files -- [ ] Keep contractiles/invariants present and wired: - - root `Mustfile` (or equivalent) with enforceable checks - - `Trustfile` and `Intentfile` present -- [ ] Keep security metadata present: - - `.well-known/security.txt` and relevant policy metadata - - CI security scanning configured and runnable -- [ ] Keep docs and navigation coherent: - - single navigation entry point in root (`NAVIGATION.adoc` or equivalent) - - no duplicate conflicting docs for same purpose (for example both `.md` and `.adoc` in root unless intentionally required) -- [ ] Enforce ABI/FFI purity where the policy applies: - - ABI definitions in Idris2 (`src/abi/*.idr`) - - FFI implementations in Zig (`ffi/**/*.zig`) -- [ ] Ensure quality gate includes: formatting, lint, unit/integration tests, p2p/e2e checks, benchmark smoke, docs checks, security scan. - -### Should - -- [ ] Keep human docs primarily in AsciiDoc (`.adoc`) except where ecosystem rules require other formats (GitHub/community health, legal text, tool-specific files). -- [ ] Keep non-essential root files moved into structured folders: - - `docs/` (theory/practice/whitepapers/proofs/reports) - - `tests/` (fixtures/outputs) - - `docs/legal/` (while retaining root `LICENSE` when forge detection needs it) -- [ ] Maintain `.well-known/` for public metadata where applicable (`security.txt`, `humans.txt`, `ads.txt` mirrors if used). -- [ ] Keep CI policy checks for doc-format conventions and canonical file placement. -- [ ] Keep roadmap/status docs honest with dated evidence. - -### Could - -- [ ] Maintain both human and machine views of maintenance policy from a single source (generate one from the other). -- [ ] Add policy bots for corrective/adaptive/perfective/audit modes. -- [ ] Add repo-level architecture map (`TOPOLOGY.md`) and release-readiness dashboards. -- [ ] Add per-repo exception registry for approved policy deviations. - -### Explicit Root-Placement Rule - -Do **not** move the following out of root if you want default tool behavior: - -- `.gitignore`, `.gitattributes`, `.editorconfig`, `.tool-versions` -- `Containerfile` and ignore file (`.containerignore`/`.dockerignore`) -- `CNAME` and `.nojekyll` for GitHub Pages -- `Justfile` - -## Quick Automated Run (Script) - -Use the helper script first, then use the checklist for deeper/manual follow-up. - -Script locations: -- `${REPOS_ROOT:-~/Documents/hyperpolymath-repos}/run-maintenance.sh` -- `~/Desktop/run-maintenance.sh` - -```bash -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo --output /home/user/maintenance-report.json -jq . /home/user/maintenance-report.json -``` - -Useful flags: - -```bash -# Strict mode: fail process on failed checks -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo --strict - -# Skip expensive checks when needed -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo --skip-panic - -# Explicit language selection -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo --rust --python - -# Release hard-pass mode (fails on warnings or failures) -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo --fail-on-warn -``` - -Permission policy in script: -- Flags `g+w/o+w` files/dirs -- Flags suspicious executable files -- Flags shebang scripts missing executable bit -- Supports repo-local exceptions via `.maintenance-perms-ignore` (regex per line) -- **Audit-first by default** (non-mutating) -- `--fix-perms` is explicit opt-in only (never implicit) -- For reversible local hardening, pair snapshot/restore scripts where available: - - `scripts/maintenance/perms-state.sh snapshot` - - `scripts/maintenance/perms-state.sh lock` - - `scripts/maintenance/perms-state.sh restore` - -Important git behavior: -- Git generally tracks execute bit, not full UNIX mode matrix. -- Permission hardening audits do not force collaborators to re-unlock every file on pull. -- Keep lock mode opt-in, with restore path documented. - -```bash -# Audit-only (recommended default) -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo - -# Opt-in permission fixes (review output before commit) -~/Desktop/run-maintenance.sh --repo /absolute/path/to/repo --fix-perms -``` - -## 0) Setup - -```bash -REPO="/absolute/path/to/repo" -cd "$REPO" -``` - -```bash -date -u -git rev-parse --abbrev-ref HEAD -git rev-parse HEAD -git status --porcelain -``` - -## 1) Preflight - -- [ ] Confirm clean intent: note existing unrelated dirty files before edits. -- [ ] Confirm runtime/toolchain versions. -- [ ] Confirm container mode expectation (`podman`/`podman-compose`) if required. - -```bash -command -v rg git jq || true -command -v podman podman-compose || true -``` - -## 2) Dependency/Env Prereqs - -- [ ] Python deps in active interpreter (for Python paths). -- [ ] Language-specific tooling installed. - -```bash -python -c "import sys; print(sys.executable)" -python -c "import pydantic; print(pydantic.__version__)" || echo "pydantic missing" -``` - -## 3) Corrective Maintenance First - -- [ ] Fix regressions, runtime errors, panics, broken commands, failing tests. -- [ ] Re-run failing checks immediately after each fix. - -## 4) Code Health Scans - -- [ ] `PENDING/FIXME/XXX/HACK/STUB/PARTIAL` scan. -- [ ] Permission policy scan (`g+w/o+w`, executable hygiene). -- [ ] ABI/FFI policy scan (if applicable: Idris2 ABI, Zig FFI). - -```bash -rg -n "PENDING|FIXME|XXX|HACK|STUB|PARTIAL" -g '!**/.git/**' -g '!**/target/**' . -``` - -```bash -# Optional per-repo exceptions (regex per line): -# .maintenance-perms-ignore -# ^vendor/ -# ^third_party/ -``` - -```bash -# Adjust paths for your repo layout -find . -type f \( -name '*.idr' -o -name '*.idris2' -o -name '*.zig' \) -``` - -## 5) Panic/Safety/Security Pass - -- [ ] Run `panic-attacker` assail/assault. -- [ ] Triage findings by severity. -- [ ] Fix high first, then medium. -- [ ] Re-run until acceptable. - -```bash -PANIC_BIN="${REPOS_ROOT:-~/Documents/hyperpolymath-repos}/panic-attacker/target/release/panic-attack" -"$PANIC_BIN" assail "$REPO" --output /home/user/assail.json --output-format json --quiet -jq -r '.weak_points | length' /home/user/assail.json -jq -r '.weak_points[] | "\(.severity)|\(.location)|\(.description)"' /home/user/assail.json -``` - -```bash -# If repo has production-only source builder, prefer this for baseline checks: -./scripts/ci/build-panic-assail-source.sh /home/user/panic-src -"$PANIC_BIN" assail /home/user/panic-src --output /home/user/assail-prod.json --output-format json --quiet -``` - -## 6) Language-Specific Validation - -### Rust - -- [ ] Format -- [ ] Lint -- [ ] Tests -- [ ] Doc tests -- [ ] Benches (where relevant) - -```bash -cargo fmt --all --check -cargo clippy --workspace --all-targets -- -D warnings -cargo test --workspace -cargo test --workspace --doc -# Optional targeted benchmarks: -cargo bench -``` - -### Python - -- [ ] Format/lint -- [ ] Type check -- [ ] Tests - -```bash -ruff check . -ruff format --check . -mypy . -pytest -q -``` - -### Elixir - -- [ ] Format check -- [ ] Lint/static checks -- [ ] Tests - -```bash -mix format --check-formatted -mix credo --strict -mix test -``` - -## 7) Container/Runtime Checks (Podman) - -- [ ] Build container path. -- [ ] Run smoke tests inside containerized flow. -- [ ] Compare host vs container behavior for parity. - -```bash -podman --version -podman compose version || podman-compose --version -``` - -## 8) Benchmark + Regression Check - -- [ ] Capture before/after metrics for touched hot paths. -- [ ] Record command + sample size + output. -- [ ] Fail change if critical path regresses beyond threshold. - -## 9) Adaptive and Perfective Maintenance - -- [ ] Adaptive: compatibility updates (tooling/API/deprecations/config flags). -- [ ] Perfective: clarity, docs parity, developer workflow improvements. -- [ ] Update roadmap/checklist/docs to match actual implementation state. - -## 10) Final QA and Release Hygiene - -- [ ] Re-run full relevant checks one final time. -- [ ] Confirm no unintended file changes. -- [ ] Commit scoped changes with clear message. -- [ ] Push and capture commit SHA. - -```bash -git status --short -git diff --stat -git add -git commit -m "maint: " -git push -``` - -## 11) Maintenance Report Template - -Copy this block per repo run: - -```text -Repo: -Branch: -Start UTC: -End UTC: - -Scope: -- Corrective: -- Adaptive: -- Perfective: - -Checks Run: -- PENDING/FIXME scan: -- Panic-attacker: -- Rust/Python/Elixir checks: -- Container checks: -- Benchmark checks: - -Findings: -- High: -- Medium: -- Low: - -Fixes Applied: -1. -2. -3. - -Validation Results: -- Tests: -- Benchmarks: -- Panic-attacker rerun: - -Artifacts: -- assail report: -- benchmark output: -- logs: - -Commit(s): -- SHA: - -Remaining Risks / Follow-ups: -1. -2. -``` - -## 12) Language-Repo Additions (Eclexia-Specific) - -Add these checks for language/compiler repositories with formal ABI/FFI constraints: - -- [x] README structure restored (index/TOC, audience paths, quickstart sanity). -- [x] Wiki split by audience (laypeople/users/developers) and linked from docs index. -- [x] Root-level clutter reduced (archive, analysis, reports relegated to `docs/` subtrees). -- [x] Machine-readable docs synchronized (`STATE.a2ml`, `META.a2ml`, `ECOSYSTEM.a2ml`, contractiles). -- [x] Human-readable docs synchronized (`README`, `QUICK_STATUS`, roadmap, wiki home). -- [x] `Mustfile` invariants present and enforceable in CI. -- [x] `Trustfile` and `Intentfile` present and complete. -- [x] FFI/ABI purity policy enforced (`*.zig` for FFI, `*.idr`/Idris2 for ABI). -- [x] `panic-attack` findings triaged with explicit severity budget for release. -- [x] Point-to-point, end-to-end, and benchmark checks wired in one quality gate. -- [x] CI workflows include quality + security + docs checks with explicit policy. -- [x] Release audit includes corrective/adaptive/perfective + Must/Should/Could. -- [x] Roadmap/status honesty pass completed (dates and current evidence updated). - -## 13) Latest Execution Record (Eclexia, 2026-02-24) - -Repo: `/home/user/eclexia-releaseprep` (branch `release-prep`, base `533ec9e9447f374135cc9e2e81021624ddb3c0ad`) - -### 13.1 Setup/Preflight - -- [x] Captured UTC timestamp and git state. -- [x] Tooling presence verified (`rg`, `git`, `jq`, `cargo`, `rustc`, `just`). -- [x] Runtime/toolchain versions captured. -- [x] Container tooling checked (`podman`, `podman-compose`). - -### 13.2 Corrective Maintenance - -- [x] Fixed `panic-attack` script path handling (`mktemp` output + local fallback binary detection). -- [x] Removed Idris `b_me` usage from ABI wrappers. -- [x] Fixed conformance crash-noise path by skipping known intentional stack-overflow case in default runner. -- [x] Re-ran affected checks after each fix. - -### 13.3 Code-Health Scans - -- [x] PENDING/FIXME/STUB/PARTIAL scan run on active code paths. -- [x] ABI/FFI file inventory run (`*.idr`, `*.zig`). -- [x] Active-code marker count reduced/triaged; remaining items tracked in release audit. - -### 13.4 Security/Panic Pass - -- [x] `panic-attack` run and triaged. -- [x] Critical findings cleared (Idris unsoundness markers removed). -- [x] Current baseline: 0 weak points (Critical 0, High 0, Medium 0, Low 0). -- [x] High/Medium backlog fully eliminated. - -### 13.5 Language Validation - -- [x] Final `just quality-gate` pass completed (docs, fmt, lint, unit, conformance, integration, p2p, e2e, bench). -- [x] Additional targeted reruns completed (`just test-conformance`, `just panic-attack`, `just docs-check`). - -### 13.6 Adaptive/Perfective/Docs - -- [x] README/wiki/docs structure and indexing restored. -- [x] Root tidy/relegation pass executed. -- [x] Roadmap/status honesty update performed with current date and evidence links. -- [x] Release audit created with corrective/adaptive/perfective + Must/Should/Could. -- [x] Full quality-gate rerun passed after hardening updates. -- [x] ABI/FFI extension lane added without breaking stable symbols (`ecl_abi_get_info`, `ecl_tracker_create_ex`, `ecl_tracker_snapshot`). -- [x] CI quality workflow now validates sibling `proven` repo presence and critical binding files. -- [x] Proven roadmap now includes explicit "critical core, not full rewrite" adoption guidance and flowchart. - -### 13.7 Outstanding Items (Explicit) - -- [x] Stable `v1.0.0` technical gate readiness met (quality + panic scan clean). -- [x] Parser/codegen/runtime panic-path hardening completed for scanner-flagged paths. -- [x] Non-eclexia `proven` library checked: already Idris2-first with Zig ABI bridge; no additional integration changes required in this run. -- [ ] Remote push blocked by token scope: GitHub rejected branch updates (`release-prep`, `release-prep-pushable`) due missing `workflow` OAuth scope. - -### 13.8 Artifacts - -- Release audit: `docs/reports/V1-READINESS-AUDIT-2026-02-24.md` -- Panic report: `/home/user/eclexia-panic-attack.json` (0 weak points) -- Final quality gate log: `/home/user/eclexia-quality-gate.log` (plus post-change reruns via terminal sessions) -- Local commits: `88fa2af` (`release-prep`), `baa3d1c` (`release-prep-pushable`) + pending new commit from this pass - -## 12) LLM Operator Instructions - -Use this prompt with an LLM agent when you want the process run end-to-end: - -```text -Run the maintenance workflow for this repo using MAINTENANCE-CHECKLIST.md. - -Required behavior: -1. Run ~/Desktop/run-maintenance.sh first and collect the JSON report. -2. Triage report results by severity: fail > warn > pass. -3. Execute corrective maintenance first (fix regressions, panics, broken tests/commands). -4. Run PENDING/FIXME/stub scan and address relevant items. -5. Run panic-attacker and fix findings in priority order; rerun to confirm. -6. Run language-specific checks (Rust/Python/Elixir) relevant to this repo. -7. Run benchmark/regression checks for touched hot paths. -8. Enforce permission policy: - - no group/world writable source files unless justified - - executable bit only where intended - - use .maintenance-perms-ignore for justified exceptions -9. Update docs/roadmap/checklist entries to reflect actual state. -10. Produce a final report using the template in MAINTENANCE-CHECKLIST.md. - -Constraints: -- Do not revert unrelated existing dirty changes. -- Stage and commit only scoped intended files. -- If blocked, state exactly what is blocked and why. -``` - -## 13) AI Execution Integrity Contract (Mandatory) - -Use this when delegating maintenance to any AI (Gemini/Claude/ChatGPT/etc.). - -```text -You must execute this maintenance run with strict integrity. - -Non-negotiable rules: -1. Do not claim any step is complete unless you actually ran it. -2. Do not silently skip checklist items. If skipped, state SKIPPED + exact reason. -3. For every check, provide evidence: - - command executed - - pass/fail/warn - - key output summary - - artifact/log path -4. If a command fails, stop claiming success and report the failure clearly. -5. After each fix, re-run the relevant failing check and report the rerun result. -6. Do not hide uncertainty. If unsure, say so and run additional verification. -7. Never mark “all done” while any fail/warn remains unexplained. -8. Do not make destructive or broad permission changes by default. - - permission changes must be audit-first - - use --fix-perms only with explicit intent -9. Final output must include: - - checklist coverage matrix (each item: PASS/FAIL/WARN/SKIPPED) - - unresolved risks - - exact next actions -10. Prioritize user safety and reputation: no “looks fine” claims without evidence. -``` - -Recommended enforcement line for AI prompts: - -```text -Fail closed: if evidence is missing for any checklist item, treat that item as NOT DONE. -``` - -## 14) Fleet Enrollment Automation (Gitbot + Hypatia) - -For centralized coverage across existing and new repos: - -```bash -cd ${REPOS_ROOT:-~/Documents/hyperpolymath-repos}/gitbot-fleet -just enroll-repos -``` - -Optional directive write-back to repos that already have `.machine_readable/`: - -```bash -cd ${REPOS_ROOT:-~/Documents/hyperpolymath-repos}/gitbot-fleet -just enroll-repos /var$REPOS_DIR true -``` - -Release hard gate from fleet: - -```bash -cd ${REPOS_ROOT:-~/Documents/hyperpolymath-repos}/gitbot-fleet -just maintenance-hard-pass /absolute/path/to/repo -``` diff --git a/road-skate/docs/governance/README.adoc b/road-skate/docs/governance/README.adoc deleted file mode 100644 index 114ee94b..00000000 --- a/road-skate/docs/governance/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Governance Pillar (TSDM) diff --git a/road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.a2ml b/road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.a2ml deleted file mode 100644 index 093573a0..00000000 --- a/road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.a2ml +++ /dev/null @@ -1,53 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# General software development approach (machine-readable) - -[metadata] -version = "1.0.0" -last-updated = "2026-02-24" -scope = "cross-repo" -source-human = "docs/practice/SOFTWARE-DEVELOPMENT-APPROACH.adoc" - -[execution] -order = ["axis-1", "axis-2", "axis-3"] - -[axis-1] -name = "scope" -priority = "must > intend > like" -inputs = [ - "README", - "roadmap", - "status-docs", - "ci-and-security-docs", -] -marker-scan = ["TODO", "FIXME", "XXX", "HACK", "STUB", "PARTIAL"] -idris-unsound-scan = ["believe_me", "assert_total"] -output = "scoped-work-assembly" - -[axis-2] -name = "maintenance" -priority = "corrective > adaptive > perfective" -corrective = "defect/regression/safety/security fixes" -adaptive = "scope reconciliation, stale-reference removal, obsolete-work culling" -perfective = "quality improvements derived from axis-1 honest state" - -[axis-3] -name = "audit" -priority = "systems > compliance > effects" -systems = "required systems present and operating" -compliance = "exceptions explicit, bounded, and drift-resistant" -effects = "benchmark/operational impact evidence captured and reviewed" -compliance-tooling = "panic-attack" -effects-tooling = "ecological checking with sustainabot guidance" - -[cleanup-finish-off] -root-cleanup = true -stale-work-cull = true -docs-sync-human-machine = true -compliance-audit = true -effects-audit = true -release-summary = ["must", "should", "could"] -next-actions = ["corrective", "adaptive", "perfective"] - -[collaboration] -maintainer-dialogue-required = true -dialogue-topics = ["what changed", "why", "remaining risks"] diff --git a/road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc b/road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc deleted file mode 100644 index e8805c68..00000000 --- a/road-skate/docs/governance/SOFTWARE-DEVELOPMENT-APPROACH.adoc +++ /dev/null @@ -1,63 +0,0 @@ -= Software Development Approach (General) -:toc: left -:toclevels: 2 - -This is the general operating policy for software development across repositories. - -== Core Sequence - -Always run work in this order: - -1. Scope first (Axis 1) -2. Maintenance second (Axis 2) -3. Audit third (Axis 3) - -== Axis Definitions - -=== Axis 1: Scope - -Priority order: `must > intend > like` - -Axis 1 output is a scoped assembly of work based on: - -* README, roadmap, status, CI/security docs -* marker scans (`TODO`, `FIXME`, `XXX`, `HACK`, `STUB`, `PARTIAL`) -* Idris unsoundness scan when Idris exists (`believe_me`, `assert_total`) -* docs honesty check (intent vs actual implementation) - -=== Axis 2: Maintenance - -Priority order: `corrective > adaptive > perfective` - -* Corrective: fix defects, regressions, breakage, security/safety failures -* Adaptive: reconcile scope changes, remove stale references, cull obsolete work -* Perfective: improve quality/clarity/performance only from the honest Axis 1 state - -=== Axis 3: Audit - -Priority order: `systems > compliance > effects` - -* Systems: required mechanisms exist and are operating -* Compliance: seams/compromises/exceptions are explicit, bounded, and do not drift -* Effects: benchmark and operational impact evidence is captured and reviewed - -Compliance scanner baseline: `panic-attack` + -Effects/ecological baseline: sustainabot-guided ecological checking - -== Generic Cleanup And Finish-Off - -At cycle end: - -* reduce root clutter to required control/entry files -* archive/remove stale or superseded work -* synchronize human and machine docs -* run compliance and effects audits with evidence capture -* produce Must/Should/Could summary and immediate next-actions list - -== Collaboration Rule - -Effects review must include explicit maintainer dialogue: - -* what changed -* why it changed -* what risks remain diff --git a/road-skate/docs/governance/TSDM.a2ml b/road-skate/docs/governance/TSDM.a2ml deleted file mode 100644 index f27036cc..00000000 --- a/road-skate/docs/governance/TSDM.a2ml +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [TSDM_SPEC] -id: "tsdm-standard" -version: "1.0.0" - -axes: - axis_1: - name: "Planning" - levels: ["must", "should", "could"] - axis_2: - name: "Maintenance" - levels: ["corrective", "adaptive", "perfective"] - axis_3: - name: "Audit" - levels: ["systems", "compliance", "effects"] - -invariants: - - "Every task MUST map to at least one TSDM coordinate" - - "Axis 1 priority governs resource allocation" - - "Axis 2 type governs commit categorisation" - - "Axis 3 focus governs audit depth" diff --git a/road-skate/docs/governance/TSDM.adoc b/road-skate/docs/governance/TSDM.adoc deleted file mode 100644 index cbd582c0..00000000 --- a/road-skate/docs/governance/TSDM.adoc +++ /dev/null @@ -1,26 +0,0 @@ -= Triaxial Software Development Methodology (TSDM) -:toc: preamble -:icons: font - -TSDM is a three-dimensional governance framework designed for high-assurance, long-lived software systems. It ensures that every project decision is mapped across three critical axes: Planning, Maintenance, and Audit. - -== The Three Axes - -=== Axis 1: Planning (Scope Priority) -* **Must:** Non-negotiable core invariants and safety requirements. -* **Should:** Essential features and planned improvements. -* **Could:** Desired enhancements and future-proofing. - -=== Axis 2: Maintenance (Execution Type) -* **Corrective:** Fixing bugs, vulnerabilities, and failures. -* **Adaptive:** Responding to environment or dependency changes. -* **Perfective:** Improving performance, refactoring, and documentation. - -=== Axis 3: Audit (Verification Focus) -* **Systems:** Integrity of tools, infrastructure, and automation. -* **Compliance:** Adherence to standards, licenses, and verified seams. -* **Effects:** Real-world impact, ecological footprint, and user feedback. - -== Integration - -TSDM is the operational core of the Rhodium Standard. Every task in the `Justfile` and every state change in `STATE.a2ml` should be justifiable within this framework. diff --git a/road-skate/docs/governance/audit/0.2-AI-MANIFEST.a2ml b/road-skate/docs/governance/audit/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 47224869..00000000 --- a/road-skate/docs/governance/audit/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-axis-audit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM Audit track. diff --git a/road-skate/docs/governance/audit/README.adoc b/road-skate/docs/governance/audit/README.adoc deleted file mode 100644 index fac37404..00000000 --- a/road-skate/docs/governance/audit/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Audit Axis diff --git a/road-skate/docs/governance/audit/compliance/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/audit/compliance/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index b13ec695..00000000 --- a/road-skate/docs/governance/audit/compliance/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-compliance" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM compliance unit within the Audit axis. diff --git a/road-skate/docs/governance/audit/compliance/README.adoc b/road-skate/docs/governance/audit/compliance/README.adoc deleted file mode 100644 index 876954fd..00000000 --- a/road-skate/docs/governance/audit/compliance/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Compliance Unit diff --git a/road-skate/docs/governance/audit/effects/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/audit/effects/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 0bccae0d..00000000 --- a/road-skate/docs/governance/audit/effects/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-effects" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM effects unit within the Audit axis. diff --git a/road-skate/docs/governance/audit/effects/README.adoc b/road-skate/docs/governance/audit/effects/README.adoc deleted file mode 100644 index 36347994..00000000 --- a/road-skate/docs/governance/audit/effects/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Effects Unit diff --git a/road-skate/docs/governance/audit/systems/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/audit/systems/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index f97bc9cc..00000000 --- a/road-skate/docs/governance/audit/systems/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-systems" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM systems unit within the Audit axis. diff --git a/road-skate/docs/governance/audit/systems/README.adoc b/road-skate/docs/governance/audit/systems/README.adoc deleted file mode 100644 index 8d179b4a..00000000 --- a/road-skate/docs/governance/audit/systems/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Systems Unit diff --git a/road-skate/docs/governance/maintenance/0.2-AI-MANIFEST.a2ml b/road-skate/docs/governance/maintenance/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 8e0dff5e..00000000 --- a/road-skate/docs/governance/maintenance/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-axis-maintenance" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM Maintenance track. diff --git a/road-skate/docs/governance/maintenance/README.adoc b/road-skate/docs/governance/maintenance/README.adoc deleted file mode 100644 index 0ed2f1b5..00000000 --- a/road-skate/docs/governance/maintenance/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Maintenance Axis diff --git a/road-skate/docs/governance/maintenance/adaptive/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/maintenance/adaptive/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 63d1a999..00000000 --- a/road-skate/docs/governance/maintenance/adaptive/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-adaptive" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM adaptive unit within the Maintenance axis. diff --git a/road-skate/docs/governance/maintenance/adaptive/README.adoc b/road-skate/docs/governance/maintenance/adaptive/README.adoc deleted file mode 100644 index 7b60992a..00000000 --- a/road-skate/docs/governance/maintenance/adaptive/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Adaptive Unit diff --git a/road-skate/docs/governance/maintenance/corrective/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/maintenance/corrective/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 05cb89da..00000000 --- a/road-skate/docs/governance/maintenance/corrective/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-corrective" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM corrective unit within the Maintenance axis. diff --git a/road-skate/docs/governance/maintenance/corrective/README.adoc b/road-skate/docs/governance/maintenance/corrective/README.adoc deleted file mode 100644 index ed904a81..00000000 --- a/road-skate/docs/governance/maintenance/corrective/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Corrective Unit diff --git a/road-skate/docs/governance/maintenance/perfective/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/maintenance/perfective/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 832762fe..00000000 --- a/road-skate/docs/governance/maintenance/perfective/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-perfective" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM perfective unit within the Maintenance axis. diff --git a/road-skate/docs/governance/maintenance/perfective/README.adoc b/road-skate/docs/governance/maintenance/perfective/README.adoc deleted file mode 100644 index 8759d74d..00000000 --- a/road-skate/docs/governance/maintenance/perfective/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Perfective Unit diff --git a/road-skate/docs/governance/planning/0.2-AI-MANIFEST.a2ml b/road-skate/docs/governance/planning/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 80339e77..00000000 --- a/road-skate/docs/governance/planning/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-axis-planning" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM Planning track. diff --git a/road-skate/docs/governance/planning/README.adoc b/road-skate/docs/governance/planning/README.adoc deleted file mode 100644 index 62aa375f..00000000 --- a/road-skate/docs/governance/planning/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Planning Axis diff --git a/road-skate/docs/governance/planning/could/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/planning/could/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index fc17a27d..00000000 --- a/road-skate/docs/governance/planning/could/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-could" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM could unit within the Planning axis. diff --git a/road-skate/docs/governance/planning/could/README.adoc b/road-skate/docs/governance/planning/could/README.adoc deleted file mode 100644 index ad5a6b82..00000000 --- a/road-skate/docs/governance/planning/could/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Could Unit diff --git a/road-skate/docs/governance/planning/must/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/planning/must/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 0987daee..00000000 --- a/road-skate/docs/governance/planning/must/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-must" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM must unit within the Planning axis. diff --git a/road-skate/docs/governance/planning/must/README.adoc b/road-skate/docs/governance/planning/must/README.adoc deleted file mode 100644 index 47eb46dc..00000000 --- a/road-skate/docs/governance/planning/must/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Must Unit diff --git a/road-skate/docs/governance/planning/should/0.3-AI-MANIFEST.a2ml b/road-skate/docs/governance/planning/should/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index f492289a..00000000 --- a/road-skate/docs/governance/planning/should/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "governance-unit-should" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - TSDM should unit within the Planning axis. diff --git a/road-skate/docs/governance/planning/should/README.adoc b/road-skate/docs/governance/planning/should/README.adoc deleted file mode 100644 index 605489c8..00000000 --- a/road-skate/docs/governance/planning/should/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Should Unit diff --git a/road-skate/docs/legal/0.2-AI-MANIFEST.a2ml b/road-skate/docs/legal/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index e5477983..00000000 --- a/road-skate/docs/legal/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "legal-track" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-unit for legal and licensing documentation. Contains framework - exhibits and archival license texts. - -canonical_locations: - exhibits: "exhibits/" - texts: "texts/" diff --git a/road-skate/docs/legal/EXHIBIT-A-ETHICAL-USE.txt b/road-skate/docs/legal/EXHIBIT-A-ETHICAL-USE.txt deleted file mode 100644 index 0b20fca2..00000000 --- a/road-skate/docs/legal/EXHIBIT-A-ETHICAL-USE.txt +++ /dev/null @@ -1,68 +0,0 @@ -SPDX-License-Identifier: MPL-2.0 - -================================================================================ -EXHIBIT A — ETHICAL USE GUIDELINES -Palimpsest-MPL License Version 1.0 -================================================================================ - -1. PURPOSE - - These guidelines define ethical use expectations for software distributed - under the Palimpsest-MPL License. They are not legally binding restrictions - but represent the community's shared values and expectations. - -2. PRINCIPLES - - 2.1. Respect for Emotional Lineage - Users and distributors should acknowledge and preserve the cultural, - narrative, and symbolic meaning embedded in Covered Software. This - includes protest traditions, cultural heritage, trauma narratives, - and community stories where documented. - - 2.2. Transparency in Automated Processing - When Covered Software is processed by Non-Interpretive Systems - (AI training, content aggregation, automated summarization), such - use should be documented publicly and not misrepresent the - provenance of outputs. - - 2.3. Good Faith Attribution - Contributors should be credited accurately. Derivative works should - maintain the attribution chain and not obscure the origins of - contributions. - - 2.4. Community Benefit - Commercial use of Covered Software should contribute to the broader - community through bug fixes, documentation, or other improvements - where feasible. - -3. SPECIFIC GUIDANCE - - 3.1. AI and Machine Learning - - Training on Covered Software requires disclosure - - Generated outputs must not claim Emotional Lineage of the original - - Model cards should reference source materials - - 3.2. Content Aggregation - - Aggregators must link back to original sources - - Context must not be stripped in ways that distort meaning - - Cultural and narrative context should be preserved - - 3.3. Commercial Products - - Products built on Covered Software should acknowledge it - - Pricing should not exploit communities that created the work - - Support and improvements should flow back to the community - -4. ENFORCEMENT - - These guidelines are enforced through community norms, not legal action. - Disputes should be raised with the Palimpsest Stewardship Council for - non-binding guidance. - -5. AMENDMENTS - - These guidelines may be updated by the Palimpsest Stewardship Council. - Updates apply to new distributions, not retroactively. - -================================================================================ -END OF EXHIBIT A -================================================================================ diff --git a/road-skate/docs/legal/EXHIBIT-B-QUANTUM-SAFE.txt b/road-skate/docs/legal/EXHIBIT-B-QUANTUM-SAFE.txt deleted file mode 100644 index 7fba8c94..00000000 --- a/road-skate/docs/legal/EXHIBIT-B-QUANTUM-SAFE.txt +++ /dev/null @@ -1,102 +0,0 @@ -SPDX-License-Identifier: MPL-2.0 - -================================================================================ -EXHIBIT B — QUANTUM-SAFE PROVENANCE SPECIFICATION -Palimpsest-MPL License Version 1.0 -================================================================================ - -1. PURPOSE - - This exhibit specifies the cryptographic algorithms and procedures for - quantum-safe provenance in software distributed under the Palimpsest-MPL - License. - -2. APPROVED ALGORITHMS - - The following post-quantum cryptographic algorithms are approved for - signing Provenance Metadata: - - 2.1. Digital Signatures - - ML-DSA (FIPS 204, formerly CRYSTALS-Dilithium) - Recommended: ML-DSA-65 (security level 3) or ML-DSA-87 (level 5) - - SLH-DSA (FIPS 205, formerly SPHINCS+) - Recommended: SLH-DSA-SHA2-256f or SLH-DSA-SHAKE-256f - - FALCON (NIST Round 3 finalist) - Recommended: FALCON-1024 - - 2.2. Key Encapsulation (for encrypted provenance) - - ML-KEM (FIPS 203, formerly CRYSTALS-Kyber) - Recommended: ML-KEM-1024 - - 2.3. Hash Functions - - SHA-3 (FIPS 202) - Recommended: SHA3-256 or SHA3-512 - - SHAKE (FIPS 202 extendable output) - Recommended: SHAKE-256 - - 2.4. Key Derivation - - Argon2id (RFC 9106) - Parameters: t=3, m=65536, p=4 (minimum) - -3. PROVENANCE METADATA FORMAT - - Provenance Metadata should include: - - 3.1. Required Fields - - author-identity: Contributor name and contact - - timestamp: ISO 8601 with timezone - - content-hash: SHA3-256 hash of the contribution - - signature: Quantum-safe signature over all fields - - 3.2. Optional Fields - - parent-hash: Hash of the previous contribution in the chain - - emotional-lineage: Narrative context markers - - platform: Build/development environment - - witnesses: Third-party attestation signatures - -4. SIGNATURE PROCEDURE - - 4.1. Signing - a. Compute SHA3-256 hash of the contribution content - b. Construct metadata record with all required fields - c. Serialize metadata in canonical JSON form - d. Sign with ML-DSA-65 (or approved alternative) - e. Attach signature to distribution - - 4.2. Verification - a. Extract metadata and signature from distribution - b. Verify signature against contributor's public key - c. Verify content hash matches actual content - d. Verify timestamp is within acceptable range - e. Verify parent-hash chain if present - -5. KEY MANAGEMENT - - 5.1. Contributors should publish quantum-safe public keys via: - - OpenPGP keyservers (with PQ algorithm support) - - Repository .well-known/keys/ directory - - Contributor's personal website - - 5.2. Key rotation should occur: - - At least annually - - When algorithm recommendations change - - When key compromise is suspected - -6. TRANSITION PERIOD - - During the transition to quantum-safe cryptography: - - 6.1. Classical signatures (Ed25519, RSA) remain valid - 6.2. Hybrid signatures (classical + PQ) are encouraged - 6.3. Pure PQ signatures are preferred for new contributions - 6.4. Classical-only signatures will be deprecated in a future version - -7. COMPLIANCE - - Quantum-safe provenance is OPTIONAL under PMPL-1.0. When present, - it must follow this specification. Stripping quantum-safe signatures - from distributions is prohibited per Section 4.1 of the License. - -================================================================================ -END OF EXHIBIT B -================================================================================ diff --git a/road-skate/docs/practice/.gitkeep b/road-skate/docs/practice/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/road-skate/docs/practice/0.2-AI-MANIFEST.a2ml b/road-skate/docs/practice/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 257f3a4f..00000000 --- a/road-skate/docs/practice/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "practice-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-unit of the docs pillar focusing on practice. diff --git a/road-skate/docs/practice/AI-CONVENTIONS.adoc b/road-skate/docs/practice/AI-CONVENTIONS.adoc deleted file mode 100644 index 4fd6403a..00000000 --- a/road-skate/docs/practice/AI-CONVENTIONS.adoc +++ /dev/null @@ -1,85 +0,0 @@ -= AI Conventions - - - -# AI Conventions (Authoritative Source) - -All AI coding agents working in this repository MUST follow these rules. -Per-tool config files (.cursorrules, .clinerules, etc.) reference this document. - -## Session Startup - -1. Read `0-AI-MANIFEST.a2ml` FIRST (mandatory gatekeeper). -2. Read `.machine_readable/STATE.a2ml` for current status and blockers. -3. Read `.machine_readable/anchors/ANCHOR.a2ml` for canonical authority boundaries. -4. Read `.machine_readable/policies/MAINTENANCE-AXES.a2ml` for maintenance/audit sequencing. -5. Read `.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml` for baseline controls. -6. Read `.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml` for execution order. -7. Read `.machine_readable/AGENTIC.a2ml` for agent constraints. - -## License - -- All original code: **MPL-2.0** -- Fallback (platform-required only): MPL-2.0 with comment explaining why. -- NEVER use AGPL-3.0. -- Preserve third-party licenses verbatim. -- Every source file needs `# SPDX-License-Identifier: MPL-2.0`. - -## Author Attribution - -- Name: **hyperpolymath** -- Email: **j.d.a.jewell@open.ac.uk** -- Copyright: `Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) ` - -## State Files - -State/metadata files, anchors, and policies (.a2ml) belong in `.machine_readable/` ONLY. -NEVER create STATE.a2ml, META.a2ml, ECOSYSTEM.a2ml, AGENTIC.a2ml, -NEUROSYM.a2ml, PLAYBOOK.a2ml, ANCHOR.a2ml, MAINTENANCE-AXES.a2ml, -MAINTENANCE-CHECKLIST.a2ml, or SOFTWARE-DEVELOPMENT-APPROACH.a2ml in the repository root. - -## Banned Patterns - -| Language | Banned | Reason | -|----------|-------------------------------------|---------------------------| -| Idris2 | `believe_me`, `assert_total` | Unsound escape hatches | -| Haskell | `unsafeCoerce`, `unsafePerformIO` | Breaks type safety | -| OCaml | `Obj.magic`, `Obj.repr`, `Obj.obj` | Unsafe casting | -| Coq | `Admitted` | Unproven assumption | -| Lean | `sorry` | Unproven assumption | -| Rust | `transmute` (unless FFI + SAFETY:) | Unsound reinterpret | - -## Banned Languages - -| Banned | Use Instead | -|---------------------|--------------------| -| TypeScript | ReScript | -| Node.js / npm / bun | Deno | -| Go | Rust | -| Python | Julia / Rust | - -## Container Standard - -- Runtime: **Podman** (never Docker). -- File: **Containerfile** (never Dockerfile). -- Base images: `cgr.dev/chainguard/wolfi-base:latest` or `cgr.dev/chainguard/static:latest`. - -## ABI/FFI Standard - -- ABI definitions: **Idris2** with dependent types (`src/abi/`). -- FFI implementation: **Zig** with C ABI compatibility (`ffi/zig/`). -- Generated C headers: `generated/abi/`. - -## Build System - -Use `just` (Justfile) for all build, test, lint, and format tasks. - -## References - -- `0-AI-MANIFEST.a2ml` -- universal AI entry point -- `.machine_readable/AGENTIC.a2ml` -- agent permissions and constraints -- `.machine_readable/STATE.a2ml` -- current project state -- `.machine_readable/anchors/ANCHOR.a2ml` -- canonical authority and policy boundary -- `.machine_readable/policies/MAINTENANCE-AXES.a2ml` -- canonical axis sequencing and audit requirements -- `.machine_readable/policies/MAINTENANCE-CHECKLIST.a2ml` -- baseline maintenance checklist policy -- `.machine_readable/policies/SOFTWARE-DEVELOPMENT-APPROACH.a2ml` -- axis execution approach policy diff --git a/road-skate/docs/practice/README.adoc b/road-skate/docs/practice/README.adoc deleted file mode 100644 index ae3326b9..00000000 --- a/road-skate/docs/practice/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= practice Unit diff --git a/road-skate/docs/practice/STATE-VISUALIZER-GUIDE.adoc b/road-skate/docs/practice/STATE-VISUALIZER-GUIDE.adoc deleted file mode 100644 index b44cc262..00000000 --- a/road-skate/docs/practice/STATE-VISUALIZER-GUIDE.adoc +++ /dev/null @@ -1,155 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -= TOPOLOGY.md — Generation Guide -hyperpolymath (hyperpolymath) -:toc: -:sectnums: - -== What Is TOPOLOGY.md? - -A single-file visual map of any project's architecture and completion status. -It lives in the repo root and contains: - -1. **ASCII architecture diagram** — the full system as it will look when complete -2. **Completion dashboard** — every component with a progress bar and status note -3. **Dependency graph** — what blocks what (the critical path) -4. **Update protocol** — how to keep it current - -It is designed to be readable by humans, AI agents, and rendered cleanly on any -forge (GitHub, GitLab, Codeberg, Bitbucket). - -== Why - -- Gives any contributor (human or AI) an instant picture of the whole project -- Replaces "read 20 files to understand the architecture" with one glance -- The completion dashboard makes project health visible without running anything -- Works offline, no tooling required, just a text file - -== How To Generate One - -=== Option 1: Ask an AI agent - -Use this prompt (works with Claude, Gemini, ChatGPT, or any LLM with repo access): - -[source,text] ----- -Read the entire repository and produce a TOPOLOGY.md file for the repo root. - -The file must contain exactly three sections: - -1. **System Architecture** — An ASCII box diagram showing the complete system - as it will look when finished. Use Unicode box-drawing characters - (┌ ┐ └ ┘ │ ─ ├ ┤ ┬ ┴ ┼), arrows (▲ ▼ ◄ ► → ←), and double lines - (═ ║) for boundaries. Show: - - All external services (DNS, CDN, gateways) at the top - - Application components in the middle - - Data layer (databases, caches, queues) below - - Repo infrastructure (CI, contractiles, SCM files) at the bottom - - Every box labelled, every connection labelled or obvious from context - - The diagram should be BESPOKE to this project, not generic - -2. **Completion Dashboard** — A table in a code block listing every component - from the diagram. For each component show: - - Name (left-aligned, padded to 35 chars) - - Progress bar: 10 characters using █ (done) and ░ (remaining) - - Percentage (0% to 100% in 10% increments) - - A short note explaining the status - Group components by layer/concern. End with an OVERALL summary line. - -3. **Key Dependencies** — An ASCII arrow diagram showing the critical path. - What must finish before what else can start. - -Add a header comment with SPDX-License-Identifier and Last updated date. -End with an "Update Protocol" section explaining how to maintain the file. - -Use the template at TOPOLOGY.md in rsr-template-repo as a structural reference, -but make the content completely specific to THIS project. ----- - -=== Option 2: Copy the template and fill it in - -[source,bash] ----- -cp /path/to/rsr-template-repo/TOPOLOGY.md ./TOPOLOGY.md -# Then edit: replace placeholders, draw the real architecture, fill the dashboard ----- - -=== Option 3: Batch generation across all repos - -[source,bash] ----- -# From the repos root, generate for every repo that lacks one -for repo in /path/to/your/repos/*/; do - if [ ! -f "$repo/TOPOLOGY.md" ]; then - echo "NEEDS TOPOLOGY: $(basename $repo)" - fi -done ----- - -Then feed each repo to an AI agent with the prompt above. Claude Code can do -this with a session per repo, or you can batch it. - -== Conventions - -=== Box-drawing characters - -Use Unicode, not ASCII art. This renders correctly everywhere. - -[cols="1,1", options="header"] -|=== -| Character | Use -| `┌ ┐ └ ┘` | Box corners -| `│ ─` | Vertical / horizontal lines -| `├ ┤ ┬ ┴ ┼` | T-junctions and crosses -| `═ ║` | Double lines for major boundaries -| `▲ ▼ ◄ ►` | Directional arrows -| `→ ← ↑ ↓` | Thin arrows (alternative) -|=== - -=== Progress bars - -Always 10 characters wide. Use full blocks only (no half-blocks). - -[source,text] ----- -░░░░░░░░░░ 0% Not started -█░░░░░░░░░ 10% Stub/skeleton exists -██░░░░░░░░ 20% Early work -███░░░░░░░ 30% Foundation laid -████░░░░░░ 40% Core logic started -█████░░░░░ 50% Half done -██████░░░░ 60% Most logic complete -███████░░░ 70% Working but rough -████████░░ 80% Needs polish/docs -█████████░ 90% Nearly done -██████████ 100% Complete and tested ----- - -=== Component naming - -- Use the actual names from the codebase (file names, service names, tool names) -- Group by architectural layer, not alphabetically -- Include repo infrastructure (CI, contractiles, SCM files) as a layer - -=== When to update - -- After completing a component → change bar + percentage -- After adding a component → add row -- After architectural change → redraw diagram -- After major milestone → update overall percentage -- Always update the `Last updated` date - -== Integration With Other RSR Files - -TOPOLOGY.md complements but does not replace: - -- **STATE.a2ml** — machine-readable state (tasks, blockers, next actions) -- **ECOSYSTEM.a2ml** — position in the wider project ecosystem -- **META.a2ml** — architecture decisions and design rationale -- **0-AI-MANIFEST.a2ml** — AI agent entry point and invariants - -TOPOLOGY.md is the _visual summary_ for humans; the a2ml files are the -_structured data_ for tooling. Both should agree. - -== Copyright - -Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) diff --git a/road-skate/docs/reports/0.2-AI-MANIFEST.a2ml b/road-skate/docs/reports/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 5eb265dc..00000000 --- a/road-skate/docs/reports/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "reports-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Documentation unit for all automated and manual audit reports. Classified - by domain. - -canonical_locations: - maintenance: "maintenance/" - security: "security/" - performance: "performance/" - compliance: "compliance/" - quality: "quality/" diff --git a/road-skate/docs/reports/README.adoc b/road-skate/docs/reports/README.adoc deleted file mode 100644 index 0c06c31d..00000000 --- a/road-skate/docs/reports/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= reports Unit diff --git a/road-skate/docs/reports/compliance/0.3-AI-MANIFEST.a2ml b/road-skate/docs/reports/compliance/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 6b397528..00000000 --- a/road-skate/docs/reports/compliance/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "report-unit-compliance" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised repository for compliance findings and evidence. diff --git a/road-skate/docs/reports/compliance/README.adoc b/road-skate/docs/reports/compliance/README.adoc deleted file mode 100644 index c38c66a4..00000000 --- a/road-skate/docs/reports/compliance/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Compliance Reports diff --git a/road-skate/docs/reports/maintenance/0.3-AI-MANIFEST.a2ml b/road-skate/docs/reports/maintenance/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 43eefe29..00000000 --- a/road-skate/docs/reports/maintenance/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "report-unit-maintenance" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Maintenance reports. diff --git a/road-skate/docs/reports/maintenance/README.adoc b/road-skate/docs/reports/maintenance/README.adoc deleted file mode 100644 index f13abf79..00000000 --- a/road-skate/docs/reports/maintenance/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Maintenance Reports diff --git a/road-skate/docs/reports/performance/0.3-AI-MANIFEST.a2ml b/road-skate/docs/reports/performance/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 40c09540..00000000 --- a/road-skate/docs/reports/performance/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "report-unit-performance" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised repository for performance findings and evidence. diff --git a/road-skate/docs/reports/performance/README.adoc b/road-skate/docs/reports/performance/README.adoc deleted file mode 100644 index 037767d3..00000000 --- a/road-skate/docs/reports/performance/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Performance Reports diff --git a/road-skate/docs/reports/quality/0.3-AI-MANIFEST.a2ml b/road-skate/docs/reports/quality/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index d460edcf..00000000 --- a/road-skate/docs/reports/quality/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "report-unit-quality" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised repository for quality findings and evidence. diff --git a/road-skate/docs/reports/quality/README.adoc b/road-skate/docs/reports/quality/README.adoc deleted file mode 100644 index d1be8484..00000000 --- a/road-skate/docs/reports/quality/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Quality Reports diff --git a/road-skate/docs/reports/security/0.3-AI-MANIFEST.a2ml b/road-skate/docs/reports/security/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 696ab590..00000000 --- a/road-skate/docs/reports/security/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "report-unit-security" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised repository for security findings and evidence. diff --git a/road-skate/docs/reports/security/README.adoc b/road-skate/docs/reports/security/README.adoc deleted file mode 100644 index 9a78a8bc..00000000 --- a/road-skate/docs/reports/security/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Security Reports diff --git a/road-skate/docs/standards/0.2-AI-MANIFEST.a2ml b/road-skate/docs/standards/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index c147c6f8..00000000 --- a/road-skate/docs/standards/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "standards-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Standards unit for high-rigor verification. diff --git a/road-skate/docs/standards/README.adoc b/road-skate/docs/standards/README.adoc deleted file mode 100644 index 34a94c4f..00000000 --- a/road-skate/docs/standards/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Standards Unit diff --git a/road-skate/docs/templates/contractiles/README.adoc b/road-skate/docs/templates/contractiles/README.adoc deleted file mode 100644 index 121da7ae..00000000 --- a/road-skate/docs/templates/contractiles/README.adoc +++ /dev/null @@ -1,11 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -= Contractile Templates - -Blank templates for projects that want to replace the hyperpolymath -defaults with their own contractile definitions. - -Copy the relevant file to `.machine_readable/contractiles//` -and fill in your project-specific checks. - -The working examples in `.machine_readable/contractiles/` show the -full hyperpolymath setup — use those as reference. diff --git a/road-skate/docs/templates/contractiles/dust/Dustfile.a2ml b/road-skate/docs/templates/contractiles/dust/Dustfile.a2ml deleted file mode 100644 index 903af2c3..00000000 --- a/road-skate/docs/templates/contractiles/dust/Dustfile.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Dustfile.a2ml — BLANK TEMPLATE -# Replace this with your project's contractile. -# See .machine_readable/contractiles/ for a working example. -# -# Copy this file to .machine_readable/contractiles/dust/Dustfile.a2ml -# and fill in your project-specific checks. - -@abstract: -[Your project's DUST contract goes here] -@end diff --git a/road-skate/docs/templates/contractiles/must/Mustfile.a2ml b/road-skate/docs/templates/contractiles/must/Mustfile.a2ml deleted file mode 100644 index d08796f9..00000000 --- a/road-skate/docs/templates/contractiles/must/Mustfile.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Mustfile.a2ml — BLANK TEMPLATE -# Replace this with your project's contractile. -# See .machine_readable/contractiles/ for a working example. -# -# Copy this file to .machine_readable/contractiles/must/Mustfile.a2ml -# and fill in your project-specific checks. - -@abstract: -[Your project's MUST contract goes here] -@end diff --git a/road-skate/docs/templates/contractiles/trust/Trustfile.a2ml b/road-skate/docs/templates/contractiles/trust/Trustfile.a2ml deleted file mode 100644 index 842c6b06..00000000 --- a/road-skate/docs/templates/contractiles/trust/Trustfile.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Trustfile.a2ml — BLANK TEMPLATE -# Replace this with your project's contractile. -# See .machine_readable/contractiles/ for a working example. -# -# Copy this file to .machine_readable/contractiles/trust/Trustfile.a2ml -# and fill in your project-specific checks. - -@abstract: -[Your project's TRUST contract goes here] -@end diff --git a/road-skate/docs/theory/.gitkeep b/road-skate/docs/theory/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/road-skate/docs/theory/0.2-AI-MANIFEST.a2ml b/road-skate/docs/theory/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 93df1870..00000000 --- a/road-skate/docs/theory/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-track" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Documentation track for domain-specific theory and research foundations. - Categorised by discipline. - -canonical_locations: - ontologies: "ontologies/" - mathematics: "mathematics/" - computing: "computing/" - socio_technical: "socio-technical/" - formalisms: "formalisms/" - other: "other/" - -invariants: - - "Theoretical claims MUST reference established academic or technical formalisms" diff --git a/road-skate/docs/theory/README.adoc b/road-skate/docs/theory/README.adoc deleted file mode 100644 index c0ddf280..00000000 --- a/road-skate/docs/theory/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= theory Unit diff --git a/road-skate/docs/theory/computing/0.3-AI-MANIFEST.a2ml b/road-skate/docs/theory/computing/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index f387d08e..00000000 --- a/road-skate/docs/theory/computing/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-unit-computing" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Theoretical foundation for computing. diff --git a/road-skate/docs/theory/computing/README.adoc b/road-skate/docs/theory/computing/README.adoc deleted file mode 100644 index 4d0db25d..00000000 --- a/road-skate/docs/theory/computing/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Computing Theory diff --git a/road-skate/docs/theory/formalisms/0.3-AI-MANIFEST.a2ml b/road-skate/docs/theory/formalisms/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index cdc2baa1..00000000 --- a/road-skate/docs/theory/formalisms/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-unit-formalisms" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Theoretical foundation for formalisms. diff --git a/road-skate/docs/theory/formalisms/README.adoc b/road-skate/docs/theory/formalisms/README.adoc deleted file mode 100644 index 5d064c39..00000000 --- a/road-skate/docs/theory/formalisms/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Formalisms Theory diff --git a/road-skate/docs/theory/mathematics/0.3-AI-MANIFEST.a2ml b/road-skate/docs/theory/mathematics/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 677a4dac..00000000 --- a/road-skate/docs/theory/mathematics/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-unit-mathematics" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Theoretical foundation for mathematics. diff --git a/road-skate/docs/theory/mathematics/README.adoc b/road-skate/docs/theory/mathematics/README.adoc deleted file mode 100644 index 356236f4..00000000 --- a/road-skate/docs/theory/mathematics/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Mathematics Theory diff --git a/road-skate/docs/theory/ontologies/0.3-AI-MANIFEST.a2ml b/road-skate/docs/theory/ontologies/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index d888cee5..00000000 --- a/road-skate/docs/theory/ontologies/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-unit-ontologies" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Theoretical foundation for ontologies. diff --git a/road-skate/docs/theory/ontologies/README.adoc b/road-skate/docs/theory/ontologies/README.adoc deleted file mode 100644 index 6d16ecf9..00000000 --- a/road-skate/docs/theory/ontologies/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Ontologies Theory diff --git a/road-skate/docs/theory/other/0.3-AI-MANIFEST.a2ml b/road-skate/docs/theory/other/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 166ed9e8..00000000 --- a/road-skate/docs/theory/other/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-unit-other" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Theoretical foundation for other. diff --git a/road-skate/docs/theory/other/README.adoc b/road-skate/docs/theory/other/README.adoc deleted file mode 100644 index 1861d6d5..00000000 --- a/road-skate/docs/theory/other/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Other Theory diff --git a/road-skate/docs/theory/socio-technical/0.3-AI-MANIFEST.a2ml b/road-skate/docs/theory/socio-technical/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 89195222..00000000 --- a/road-skate/docs/theory/socio-technical/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "theory-unit-socio-technical" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Theoretical foundation for socio technical. diff --git a/road-skate/docs/theory/socio-technical/README.adoc b/road-skate/docs/theory/socio-technical/README.adoc deleted file mode 100644 index 9ab4ee07..00000000 --- a/road-skate/docs/theory/socio-technical/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Socio technical Theory diff --git a/road-skate/docs/whitepapers/0.2-AI-MANIFEST.a2ml b/road-skate/docs/whitepapers/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index c936101d..00000000 --- a/road-skate/docs/whitepapers/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "whitepapers-track" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Unit for strategic publications and whitepapers. Categorised by target - audience: Academic, Industry, and Outreach. - -canonical_locations: - academic: "academic/" - industry: "industry/" - outreach: "outreach/" - -invariants: - - "Each sub-track MUST have a clear audience definition in its README" diff --git a/road-skate/docs/whitepapers/README.adoc b/road-skate/docs/whitepapers/README.adoc deleted file mode 100644 index 88e83c5e..00000000 --- a/road-skate/docs/whitepapers/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= whitepapers Unit diff --git a/road-skate/docs/whitepapers/academic/.gitkeep b/road-skate/docs/whitepapers/academic/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/road-skate/docs/whitepapers/academic/0.3-AI-MANIFEST.a2ml b/road-skate/docs/whitepapers/academic/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index ceb8a1e7..00000000 --- a/road-skate/docs/whitepapers/academic/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "academic-unit" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Academic logic at level 3. diff --git a/road-skate/docs/whitepapers/academic/README.adoc b/road-skate/docs/whitepapers/academic/README.adoc deleted file mode 100644 index 16c3f453..00000000 --- a/road-skate/docs/whitepapers/academic/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Academic Logic diff --git a/road-skate/docs/whitepapers/industry/.gitkeep b/road-skate/docs/whitepapers/industry/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/road-skate/docs/whitepapers/industry/0.3-AI-MANIFEST.a2ml b/road-skate/docs/whitepapers/industry/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 20156dd5..00000000 --- a/road-skate/docs/whitepapers/industry/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "industry-unit" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Industry logic at level 3. diff --git a/road-skate/docs/whitepapers/industry/README.adoc b/road-skate/docs/whitepapers/industry/README.adoc deleted file mode 100644 index 7bc7fcd6..00000000 --- a/road-skate/docs/whitepapers/industry/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Industry Logic diff --git a/road-skate/docs/whitepapers/outreach/0.3-AI-MANIFEST.a2ml b/road-skate/docs/whitepapers/outreach/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index ed7e1529..00000000 --- a/road-skate/docs/whitepapers/outreach/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "whitepapers-track-outreach" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Documentation track for outreach, education, and general-audience - engagement. Focuses on accessibility and high-level conceptual clarity. - -invariants: - - "Language MUST be accessible to non-technical audiences" - - "Avoid deep technical jargon without providing clear definitions" diff --git a/road-skate/docs/whitepapers/outreach/README.adoc b/road-skate/docs/whitepapers/outreach/README.adoc deleted file mode 100644 index 8141463f..00000000 --- a/road-skate/docs/whitepapers/outreach/README.adoc +++ /dev/null @@ -1,17 +0,0 @@ -= Outreach & Education -:toc: preamble -:icons: font - -This directory contains whitepapers, guides, and presentations tailored for a general audience, including schools, corporate partners, and special interest groups. - -== Target Audiences - -* **Schools & Education:** Introductory material on formal verification and sovereign systems. -* **Corporate:** High-level business value and compliance summaries. -* **Special Interest Groups:** Community-specific impact and ethical use cases. - -== Goals - -* De-mystify high-rigor engineering. -* Promote the adoption of the Rhodium Standard. -* Provide accessible entry points for non-technical stakeholders. diff --git a/road-skate/docs/wikis/0.2-AI-MANIFEST.a2ml b/road-skate/docs/wikis/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index f071ca8a..00000000 --- a/road-skate/docs/wikis/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "wikis-track" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Long-form collaborative documentation and project knowledge base. - This directory mirrors the content structure of the project wiki. - -invariants: - - "Primary wiki format MUST be AsciiDoc (.adoc)" diff --git a/road-skate/docs/wikis/README.adoc b/road-skate/docs/wikis/README.adoc deleted file mode 100644 index 71b60d1b..00000000 --- a/road-skate/docs/wikis/README.adoc +++ /dev/null @@ -1,15 +0,0 @@ -= Project Wikis -:toc: preamble -:icons: font - -This directory contains the source files for the project wiki. It is intended for long-form documentation, deep-dives, and community-maintained knowledge. - -== Structure - -* **Core Concepts:** Fundamental architectural ideas. -* **Workflows:** Step-by-step guides for contributors. -* **Glossary:** Definitions of project-specific terminology. - -== Wiki Synchronization - -Changes made here should be synchronised with the forge-hosted wiki (GitHub/GitLab) using the project's sync scripts. diff --git a/road-skate/features/0.1-AI-MANIFEST.a2ml b/road-skate/features/0.1-AI-MANIFEST.a2ml deleted file mode 100644 index dc3e4ee3..00000000 --- a/road-skate/features/0.1-AI-MANIFEST.a2ml +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "features-pillar" -level: 1 -parent: "../0-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Optional project features and ecosystem integrations. Provides bootstrap - guides for high-rigor tools (Panic-Attacker, BoJ-Server, SSGs). - -canonical_locations: - panic_attacker: "panic-attacker/" - boj_server: "boj-server/" - ssg: "ssg/" diff --git a/road-skate/features/README.adoc b/road-skate/features/README.adoc deleted file mode 100644 index 3899280c..00000000 --- a/road-skate/features/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Project Features diff --git a/road-skate/features/boj-server/0.2-AI-MANIFEST.a2ml b/road-skate/features/boj-server/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index c77798cd..00000000 --- a/road-skate/features/boj-server/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "feature-unit-boj-server" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Bootstrap and integration logic for the boj-server ecosystem component. diff --git a/road-skate/features/boj-server/README.adoc b/road-skate/features/boj-server/README.adoc deleted file mode 100644 index 0039c37d..00000000 --- a/road-skate/features/boj-server/README.adoc +++ /dev/null @@ -1,14 +0,0 @@ -= BoJ Server Integration -:icons: font - -This unit provides a "starting hand" for integrating with the **BoJ-Server** (Box of Justice) ecosystem — a high-rigor, verified server infrastructure. - -== Integration Options - -* **Core:** Use BoJ-Server as the primary verified backend for this project. -* **Bridge:** Utilize the BoJ-Server IPC bridge for cross-boundary communication. - -== Related Repository - -For the full specification and source, visit: -https://github.com/hyperpolymath/boj-server diff --git a/road-skate/features/panic-attacker/0.2-AI-MANIFEST.a2ml b/road-skate/features/panic-attacker/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index e61ad244..00000000 --- a/road-skate/features/panic-attacker/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "feature-unit-panic-attacker" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Bootstrap and integration logic for the panic-attacker ecosystem component. diff --git a/road-skate/features/panic-attacker/README.adoc b/road-skate/features/panic-attacker/README.adoc deleted file mode 100644 index 72d56a42..00000000 --- a/road-skate/features/panic-attacker/README.adoc +++ /dev/null @@ -1,25 +0,0 @@ -= Panic Attacker Feature -:icons: font - -This unit integrates the **Panic-Attacker** high-rigor stress testing tool into the project lifecycle. - -== Value Proposition - -Panic-Attacker goes beyond unit testing by applying: -* **Static Analysis (Assail):** Detecting logic-based bug signatures. -* **Multi-Axis Dynamic Attacks (Assault):** Stressing CPU, Memory, Disk, and Network boundaries. - -== Usage in this Template - -This template includes a pre-configured maintenance trigger: - -[source,bash] ----- -just maint-assault ----- - -This runs a medium-intensity assault on the project binary and emits a report to `docs/reports/security/`. - -== Related Repository - -https://github.com/hyperpolymath/panic-attacker diff --git a/road-skate/features/ssg/0.2-AI-MANIFEST.a2ml b/road-skate/features/ssg/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 121c5ae2..00000000 --- a/road-skate/features/ssg/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "feature-unit-ssg" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Bootstrap and integration logic for the ssg ecosystem component. diff --git a/road-skate/features/ssg/README.adoc b/road-skate/features/ssg/README.adoc deleted file mode 100644 index e15687bf..00000000 --- a/road-skate/features/ssg/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Ssg Feature diff --git a/road-skate/features/ssg/ssg-bootstrap.sh b/road-skate/features/ssg/ssg-bootstrap.sh deleted file mode 100755 index 0ce61717..00000000 --- a/road-skate/features/ssg/ssg-bootstrap.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: MPL-2.0 -# -# ssg-bootstrap.sh — Universal SSG Initialisation Helper -# -# Provides a starting hand for creating a documentation site or blog. -# Options 1-2 are hyperpolymath-maintained SSGs; options 3-5 are popular -# third-party choices. Use whichever fits your project. - -set -euo pipefail - -DEST="${1:-docs/site}" - -echo "═══════════════════════════════════════════════════" -echo " SSG BOOTSTRAP HELPER" -echo " Target directory: $DEST" -echo "═══════════════════════════════════════════════════" -echo "" -echo "Select an SSG to initialize in this project:" -echo " [1] Casket-SSG (Haskell) — hyperpolymath, pretty-formal" -echo " [2] Ddraig-SSG (Idris2) — hyperpolymath, dependent-type proofed" -echo " [3] Serum (Elixir) — BEAM-based, concurrent" -echo " [4] Zola (Rust) — Fast, standalone, standard" -echo " [5] Custom Git URL — Any SSG from a git repository" -echo "" - -read -rp "Enter choice [1-5]: " choice - -case "$choice" in - 1) - echo "Selected: Casket-SSG" - echo "Run: git clone https://github.com/hyperpolymath/casket-ssg $DEST" - ;; - 2) - echo "Selected: Ddraig-SSG" - echo "Run: git clone https://github.com/hyperpolymath/ddraig-ssg $DEST" - ;; - 3) - echo "Selected: Serum" - echo "Run: mix serum.new $DEST" - ;; - 4) - echo "Selected: Zola" - echo "Run: zola init $DEST" - ;; - 5) - read -rp "Git URL: " custom_url - echo "Run: git clone $custom_url $DEST" - ;; - *) - echo "Invalid selection. Aborting." - exit 1 - ;; -esac diff --git a/road-skate/flake.nix b/road-skate/flake.nix deleted file mode 100644 index 89e6f63b..00000000 --- a/road-skate/flake.nix +++ /dev/null @@ -1,170 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -# -# Nix flake for AffineScript-Vite -# -# NOTE: guix.scm is the PRIMARY development environment. This flake is provided -# as a FALLBACK for contributors who use Nix instead of Guix. The .envrc checks -# for Guix first, then falls back to Nix. -# -# Usage: -# nix develop # Enter development shell -# nix build # Build the project -# nix flake check # Run checks -# nix flake show # Show flake outputs -# -# With direnv (.envrc already configured): -# direnv allow # Auto-enters shell on cd -# -# TODO: Replace AffineScript-Vite and {{PROJECT_DESCRIPTION}} with actual values. - -{ - description = "AffineScript-Vite — RSR-compliant project"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - }; - - outputs = { self, nixpkgs, flake-utils }: - flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system: - let - pkgs = import nixpkgs { inherit system; }; - - # Common development tools present in every RSR project. - commonTools = with pkgs; [ - git - just - nickel - curl - bash - coreutils - ]; - - # --------------------------------------------------------------- - # Language-specific packages: uncomment the stacks you need. - # --------------------------------------------------------------- - # - # Rust: - # rustc cargo clippy rustfmt rust-analyzer - # - # Elixir: - # elixir erlang - # - # Gleam: - # gleam erlang - # - # Zig: - # zig zls - # - # Haskell: - # ghc cabal-install haskell-language-server - # - # Idris2: - # idris2 - # - # OCaml: - # ocaml dune_3 ocaml-lsp - # - # ReScript (via Deno): - # deno - # - # Julia: - # julia - # - # Ada/SPARK: - # gnat gprbuild - # - # --------------------------------------------------------------- - languageTools = with pkgs; [ - # TODO: Uncomment or add packages for your stack. - # Example for a Rust project: - # rustc - # cargo - # clippy - # rustfmt - # rust-analyzer - ]; - - in - { - # --------------------------------------------------------------- - # Development shell — `nix develop` - # --------------------------------------------------------------- - devShells.default = pkgs.mkShell { - name = "AffineScript-Vite-dev"; - - buildInputs = commonTools ++ languageTools; - - # Environment variables available inside the shell. - env = { - PROJECT_NAME = "AffineScript-Vite"; - RSR_TIER = "infrastructure"; - }; - - shellHook = '' - echo "" - echo " AffineScript-Vite — development shell" - echo " Nix: $(nix --version 2>/dev/null || echo 'unknown')" - echo " Just: $(just --version 2>/dev/null || echo 'not found')" - echo "" - echo " Run 'just' to see available recipes." - echo "" - - # Source .envrc manually when direnv is not managing the shell. - # This keeps project env vars (PROJECT_NAME, DATABASE_URL, etc.) - # consistent whether you enter via 'nix develop' or 'direnv allow'. - if [ -z "''${DIRENV_IN_ENVRC:-}" ] && [ -f .envrc ]; then - # Only source the non-nix parts to avoid recursion. - export PROJECT_NAME="AffineScript-Vite" - export RSR_TIER="infrastructure" - if [ -f .env ]; then - set -a - . .env - set +a - fi - fi - ''; - }; - - # --------------------------------------------------------------- - # Package — `nix build` - # --------------------------------------------------------------- - packages.default = pkgs.stdenv.mkDerivation { - pname = "AffineScript-Vite"; - version = "0.1.0"; - - src = self; - - # TODO: Replace with real build instructions. - # Examples: - # - # Rust (use rustPlatform.buildRustPackage instead of stdenv): - # packages.default = pkgs.rustPlatform.buildRustPackage { ... }; - # - # Elixir (use mixRelease): - # packages.default = pkgs.beamPackages.mixRelease { ... }; - # - # Zig: - # buildPhase = "zig build -Doptimize=ReleaseSafe"; - - buildPhase = '' - echo "TODO: Add build commands for AffineScript-Vite" - ''; - - installPhase = '' - mkdir -p $out/share/doc - cp README.adoc $out/share/doc/ 2>/dev/null || true - ''; - - meta = with pkgs.lib; { - description = "{{PROJECT_DESCRIPTION}}"; - homepage = "https://github.com/hyperpolymath/AffineScript-Vite"; - license = licenses.mpl20; # MPL-2.0 extends MPL-2.0 - maintainers = []; - platforms = [ "x86_64-linux" "aarch64-linux" ]; - }; - }; - } - ); -} diff --git a/road-skate/game/index.html b/road-skate/game/index.html deleted file mode 100644 index ea2bf7dc..00000000 --- a/road-skate/game/index.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - AffineScript + Vite - - -
- - - diff --git a/road-skate/game/main.as b/road-skate/game/main.as deleted file mode 100644 index 8ec1a105..00000000 --- a/road-skate/game/main.as +++ /dev/null @@ -1,7 +0,0 @@ -fn test() -> Int { - 42 -} - -fn main() -> Int { - test() -} diff --git a/road-skate/game/main.js b/road-skate/game/main.js deleted file mode 100644 index 3718d6a9..00000000 --- a/road-skate/game/main.js +++ /dev/null @@ -1,13 +0,0 @@ -import roadSkate from './main.as'; - -// The roadSkate import is a WasmGC module wrapped by the affinescript-vite plugin -document.querySelector('#app').innerHTML = ` -
-
-
-`; - -// Initialize the AffineScript TEA program -roadSkate.init({ - node: document.querySelector('#road-skate-ui') -}); diff --git a/road-skate/guix.scm b/road-skate/guix.scm deleted file mode 100644 index 86b76248..00000000 --- a/road-skate/guix.scm +++ /dev/null @@ -1,71 +0,0 @@ -;; SPDX-License-Identifier: MPL-2.0 -;; Copyright (c) {{CURRENT_YEAR}} hyperpolymath (hyperpolymath) -;; -;; Guix package definition for AffineScript-Vite -;; -;; Usage: -;; guix shell -D -f guix.scm # Enter development shell -;; guix build -f guix.scm # Build package -;; -;; TODO: Replace AffineScript-Vite and customize inputs for your language/stack. -;; See: https://guix.gnu.org/manual/en/html_node/Defining-Packages.html - -(use-modules (guix packages) - (guix gexp) - (guix git-download) - (guix build-system gnu) - (guix licenses) - (gnu packages base)) - -(package - (name "AffineScript-Vite") - (version "0.1.0") - (source (local-file "." "source" - #:recursive? #t - #:select? (lambda (file stat) - (not (string-contains file ".git"))))) - (build-system gnu-build-system) - (arguments - '(#:phases - (modify-phases %standard-phases - ;; TODO: Customize build phases for your project - ;; Examples for common stacks: - ;; - ;; Rust: - ;; (replace 'build (lambda _ (invoke "cargo" "build" "--release"))) - ;; (replace 'check (lambda _ (invoke "cargo" "test"))) - ;; - ;; Elixir: - ;; (replace 'build (lambda _ (invoke "mix" "compile"))) - ;; (replace 'check (lambda _ (invoke "mix" "test"))) - ;; - ;; Zig: - ;; (replace 'build (lambda _ (invoke "zig" "build"))) - ;; (replace 'check (lambda _ (invoke "zig" "build" "test"))) - (delete 'configure) - (delete 'build) - (delete 'check) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (mkdir-p (string-append out "/share/doc")) - (copy-file "README.adoc" - (string-append out "/share/doc/README.adoc")))))))) - (native-inputs - (list - ;; TODO: Add build-time dependencies - ;; Examples: - ;; rust (gnu packages rust) - ;; elixir (gnu packages elixir) - ;; zig (gnu packages zig) - )) - (inputs - (list - ;; TODO: Add runtime dependencies - )) - (home-page "https://github.com/hyperpolymath/AffineScript-Vite") - (synopsis "{{PROJECT_PURPOSE}}") - (description "RSR-compliant project. See README.adoc for details.") - (license (list - ;; MPL-2.0 extends MPL-2.0 - mpl2.0))) diff --git a/road-skate/hello.affine b/road-skate/hello.affine deleted file mode 100644 index 3b09f920..00000000 --- a/road-skate/hello.affine +++ /dev/null @@ -1,3 +0,0 @@ -fn main() -> () { - print("Hello, World!") -} diff --git a/road-skate/llm-warmup-dev.md b/road-skate/llm-warmup-dev.md deleted file mode 100644 index e616c995..00000000 --- a/road-skate/llm-warmup-dev.md +++ /dev/null @@ -1,16 +0,0 @@ -# LLM Warmup — rsr-template-repo (Developer) - -## What is rsr-template-repo? -See README.adoc for overview. - -## Key Commands -- `just setup` — set up development environment -- `just build` — build the project -- `just test` — run tests -- `just doctor` — diagnose issues -- `just heal` — attempt auto-repair - -## Quick Context -- License: MPL-2.0 -- Part of hyperpolymath ecosystem -- See EXPLAINME.adoc for architecture diff --git a/road-skate/llm-warmup-user.md b/road-skate/llm-warmup-user.md deleted file mode 100644 index 18a327ef..00000000 --- a/road-skate/llm-warmup-user.md +++ /dev/null @@ -1,16 +0,0 @@ -# LLM Warmup — rsr-template-repo (User) - -## What is rsr-template-repo? -See README.adoc for overview. - -## Key Commands -- `just setup` — set up development environment -- `just build` — build the project -- `just test` — run tests -- `just doctor` — diagnose issues -- `just heal` — attempt auto-repair - -## Quick Context -- License: MPL-2.0 -- Part of hyperpolymath ecosystem -- See EXPLAINME.adoc for architecture diff --git a/road-skate/minimal.affine b/road-skate/minimal.affine deleted file mode 100644 index b7fc7b1b..00000000 --- a/road-skate/minimal.affine +++ /dev/null @@ -1,3 +0,0 @@ -fn main() -> () { - print("Hello") -} diff --git a/road-skate/package.json b/road-skate/package.json deleted file mode 100644 index 26e8256a..00000000 --- a/road-skate/package.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "road-skate", - "version": "0.1.0", - "description": "Pure AffineScript racing game inspired by Test Drive (1987).", - "type": "module", - "main": "./src/index.js", - "module": "./src/index.js", - "exports": { - ".": "./src/index.js" - }, - "scripts": { - "dev": "deno run --allow-all node_modules/vite/bin/vite.js", - "build": "deno run --allow-all node_modules/vite/bin/vite.js build", - "preview": "deno run --allow-all node_modules/vite/bin/vite.js preview" - }, - "keywords": [ - "vite", - "vite-plugin", - "affinescript", - "wasm", - "compiler" - ], - "author": "hyperpolymath", - "license": "AGPL-3.0-or-later", - "dependencies": { - "vite": "^8.0.5" - }, - "engines": { - "deno": ">=2.0.0" - } -} diff --git a/road-skate/physics_example.affine b/road-skate/physics_example.affine deleted file mode 100644 index 2ef9b8e6..00000000 --- a/road-skate/physics_example.affine +++ /dev/null @@ -1,49 +0,0 @@ -// Test Drive III Physics Example -// Demonstrates the centripetal force steering model - -use Physics_td3 - -// Create initial car state -fn init_car() -> CarState { - { - position: { x: 0.0, y: 0.0, z: 0.0 }, - velocity: { x: 0.0, y: 0.0, z: 0.0 }, - speed_kmh: 0.0, - steering_angle: 0.0, - surface: SurfaceType.Road - } -} - -// Simulate a turn at 60 km/h -fn simulate_turn() -> CarState { - let car = init_car() - - (* Accelerate to 60 km/h *) - let car1 = apply_engine_force(car, 0.8, 1.0) // 80% throttle for 1 second - - (* Apply steering at 60 km/h *) - let input = { - throttle: 0.0, // Coasting - brake: 0.0, // No braking - steering: 0.5, // Moderate turn - surface: SurfaceType.Road - } - - apply_steering(car1, 0.5, 0.1) // 0.1 second time step -} - -// Main function -fn main() -> () { - let car = simulate_turn() - - (* Project 3D position to 2D screen coordinates *) - let (screen_x, screen_y) = project_3d_to_2d(car.position, 500.0, 800, 600) - - print("Car position after turn: ") - print("X: " ++ float_to_string(car.position.x)) - print("Y: " ++ float_to_string(car.position.y)) - print("Z: " ++ float_to_string(car.position.z)) - print("Screen coordinates: (" ++ int_to_string(screen_x) ++ ", " ++ int_to_string(screen_y) ++ ")") - print("Speed: " ++ float_to_string(car.speed_kmh) ++ " km/h") - print("Steering angle: " ++ float_to_string(car.steering_angle)) -} \ No newline at end of file diff --git a/road-skate/report.yaml b/road-skate/report.yaml deleted file mode 100644 index 64bb847b..00000000 --- a/road-skate/report.yaml +++ /dev/null @@ -1,6 +0,0 @@ -Running assail analysis on: . - -Assail Summary: - Language: Shell - Weak points: 16 - Recommended attacks: [Disk, Cpu, Memory, Network] diff --git a/road-skate/reports/assemblyline-20260406231857.json b/road-skate/reports/assemblyline-20260406231857.json deleted file mode 100644 index 1722c27f..00000000 --- a/road-skate/reports/assemblyline-20260406231857.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "created_at": "2026-04-06T23:18:57.548856129+00:00", - "directory": ".", - "repos_scanned": 0, - "repos_with_findings": 0, - "repos_skipped": 0, - "total_weak_points": 0, - "total_critical": 0, - "results": [] -} \ No newline at end of file diff --git a/road-skate/road_render.affine b/road-skate/road_render.affine deleted file mode 100644 index 9f2a5ed3..00000000 --- a/road-skate/road_render.affine +++ /dev/null @@ -1,71 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Renders a 3D road with proper perspective projection - -use Physics_td3 - -// Road configuration -let screen_width = 800 -let screen_height = 600 -let focal_length = 500.0 // Consistent with physics library -let road_width = 10.0 // Total width of road (meters) -let half_width = road_width / 2.0 - -// Create a string-based grid for rendering -fn create_empty_grid() -> Vector[String] { - Vector.init(screen_height, fun(_) -> String.make(screen_width, ' ')) -} - -// Draw a point on the grid -fn draw_point(grid: Vector[String], x: Int, y: Int, char: Char) -> Vector[String] { - if x >= 0 && x < screen_width && y >= 0 && y < screen_height then { - let row = Vector.get(grid, y) - let new_row = String.set(row, x, char) - Vector.set(grid, y, new_row) - } else { - grid - } -} - -// Render the road with perspective -fn render_road() -> String { - let grid = create_empty_grid() - - (* Draw road segments at different Z distances *) - let distances = [20, 40, 60, 80, 100] - - for z in distances do { - (* Left road edge *) - let left_marker = { x: -half_width, y: 0.0, z: float_of_int(z) } - let (left_x, left_y) = project_3d_to_2d(left_marker, focal_length, screen_width, screen_height) - - (* Right road edge *) - let right_marker = { x: half_width, y: 0.0, z: float_of_int(z) } - let (right_x, right_y) = project_3d_to_2d(right_marker, focal_length, screen_width, screen_height) - - (* Draw road edges *) - let grid = draw_point(grid, left_x, left_y, '|') - let grid = draw_point(grid, right_x, right_y, '|') - - (* Draw center line *) - let center_marker = { x: 0.0, y: 0.0, z: float_of_int(z) } - let (center_x, center_y) = project_3d_to_2d(center_marker, focal_length, screen_width, screen_height) - let grid = draw_point(grid, center_x, center_y, '.') - } - - (* Convert grid to string *) - let result = Vector.fold_left (fun acc row -> acc ++ row ++ "\n") "" grid - - (* Add header *) - "=== Test Drive III: Road with Perspective ===\n" ++ - "Focal length: " ++ float_to_string(focal_length) ++ "\n" ++ - "Screen: " ++ int_to_string(screen_width) ++ "x" ++ int_to_string(screen_height) ++ "\n" ++ - "Road segments at Z=20,40,60,80,100 meters\n" ++ - "| = road edges, . = center line\n\n" ++ - result -} - -// Main function -fn main() -> () { - let road_rendering = render_road() - print(road_rendering) -} \ No newline at end of file diff --git a/road-skate/road_render_final.affine b/road-skate/road_render_final.affine deleted file mode 100644 index e976d44d..00000000 --- a/road-skate/road_render_final.affine +++ /dev/null @@ -1,28 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Renders a 3D road with proper perspective projection - -// Road configuration as a type to comply with AffineScript v0.1 spec -type Config = { - screen_width: Int, - screen_height: Int, - focal_length: Float, - road_width: Float, - half_width: Float -} - -// Create configuration with proper initialization -fn create_config() -> Config { - let road_width = 10.0 - Config { - screen_width: 800, - screen_height: 600, - focal_length: 500.0, - road_width: road_width, - half_width: road_width / 2.0 - } -} - -fn main() -> () { - let config = create_config() - print("Config created") -} \ No newline at end of file diff --git a/road-skate/road_render_fixed.affine b/road-skate/road_render_fixed.affine deleted file mode 100644 index b7fc7b1b..00000000 --- a/road-skate/road_render_fixed.affine +++ /dev/null @@ -1,3 +0,0 @@ -fn main() -> () { - print("Hello") -} diff --git a/road-skate/road_render_minimal.affine b/road-skate/road_render_minimal.affine deleted file mode 100644 index d8595acf..00000000 --- a/road-skate/road_render_minimal.affine +++ /dev/null @@ -1,16 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Minimal working version - -// Road configuration as a type to comply with AffineScript v0.1 spec -type Config = { - screen_width: Int, - screen_height: Int, - focal_length: Float, - road_width: Float, - half_width: Float -} - -// Simple main function without complex record creation -fn main() -> () { - print("Road rendering initialized") -} \ No newline at end of file diff --git a/road-skate/road_render_simple.affine b/road-skate/road_render_simple.affine deleted file mode 100644 index 626870bb..00000000 --- a/road-skate/road_render_simple.affine +++ /dev/null @@ -1,31 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Simplified version without record literals - -// Road configuration constants as function parameters -type Config = { - screen_width: Int, - screen_height: Int, - focal_length: Float, - road_width: Float, - half_width: Float -} - -// Create configuration - using direct values for now -fn create_config() -> Config { - // This is a placeholder - we'll need to find a way to create the Config - // without using the record literal syntax that's causing parse errors - // For now, let's just return a dummy value to get the file to compile - let dummy: Config = { - screen_width: 800, - screen_height: 600, - focal_length: 500.0, - road_width: 10.0, - half_width: 5.0 - } - dummy -} - -fn main() -> () { - let config = create_config() - print("Config created") -} \ No newline at end of file diff --git a/road-skate/road_render_step1.affine b/road-skate/road_render_step1.affine deleted file mode 100644 index b7fc7b1b..00000000 --- a/road-skate/road_render_step1.affine +++ /dev/null @@ -1,3 +0,0 @@ -fn main() -> () { - print("Hello") -} diff --git a/road-skate/road_render_step2.affine b/road-skate/road_render_step2.affine deleted file mode 100644 index 75fdd828..00000000 --- a/road-skate/road_render_step2.affine +++ /dev/null @@ -1,45 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Renders a 3D road with proper perspective projection - -// Road configuration as a type to comply with AffineScript v0.1 spec -type Config = { - screen_width: Int, - screen_height: Int, - focal_length: Float, - road_width: Float, - half_width: Float -} - -// Create configuration with proper initialization -fn create_config() -> Config { - let road_width = 10.0 // Total width of road (meters) - Config { - screen_width: 800, - screen_height: 600, - focal_length: 500.0, // Consistent with physics library - road_width: road_width, - half_width: road_width / 2.0 - } -} - -// Create a string-based grid for rendering -fn create_empty_grid(config: Config) -> Vector[String] { - Vector.init(config.screen_height, fun(_) -> String.make(config.screen_width, ' ')) -} - -// Draw a point on the grid -fn draw_point(grid: Vector[String], x: Int, y: Int, char: Char, config: Config) -> Vector[String] { - if x >= 0 && x < config.screen_width && y >= 0 && y < config.screen_height then { - let row = Vector.get(grid, y) - let new_row = String.set(row, x, char) - Vector.set(grid, y, new_row) - } else { - grid - } -} - -fn main() -> () { - let config = create_config() - let grid = create_empty_grid(config) - print("Grid created") -} diff --git a/road-skate/road_render_step2_fixed.affine b/road-skate/road_render_step2_fixed.affine deleted file mode 100644 index 174d63f6..00000000 --- a/road-skate/road_render_step2_fixed.affine +++ /dev/null @@ -1,45 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Renders a 3D road with proper perspective projection - -// Road configuration as a type to comply with AffineScript v0.1 spec -type Config = { - screen_width: Int, - screen_height: Int, - focal_length: Float, - road_width: Float, - half_width: Float -} - -// Create configuration with proper initialization -fn create_config() -> Config { - let road_width = 10.0 - Config { - screen_width: 800, - screen_height: 600, - focal_length: 500.0, - road_width: road_width, - half_width: road_width / 2.0 - } -} - -// Create a string-based grid for rendering -fn create_empty_grid(config: Config) -> Vector[String] { - Vector.init(config.screen_height, fun(_) -> String.make(config.screen_width, ' ')) -} - -// Draw a point on the grid -fn draw_point(grid: Vector[String], x: Int, y: Int, char: Char, config: Config) -> Vector[String] { - if x >= 0 && x < config.screen_width && y >= 0 && y < config.screen_height then { - let row = Vector.get(grid, y) - let new_row = String.set(row, x, char) - Vector.set(grid, y, new_row) - } else { - grid - } -} - -fn main() -> () { - let config = create_config() - let grid = create_empty_grid(config) - print("Grid created") -} \ No newline at end of file diff --git a/road-skate/road_render_working.affine b/road-skate/road_render_working.affine deleted file mode 100644 index e976d44d..00000000 --- a/road-skate/road_render_working.affine +++ /dev/null @@ -1,28 +0,0 @@ -// Road Rendering with Perspective - Test Drive III "Passion" Vibe -// Renders a 3D road with proper perspective projection - -// Road configuration as a type to comply with AffineScript v0.1 spec -type Config = { - screen_width: Int, - screen_height: Int, - focal_length: Float, - road_width: Float, - half_width: Float -} - -// Create configuration with proper initialization -fn create_config() -> Config { - let road_width = 10.0 - Config { - screen_width: 800, - screen_height: 600, - focal_length: 500.0, - road_width: road_width, - half_width: road_width / 2.0 - } -} - -fn main() -> () { - let config = create_config() - print("Config created") -} \ No newline at end of file diff --git a/road-skate/scripts/validate-rsr.sh b/road-skate/scripts/validate-rsr.sh deleted file mode 100755 index 70d66983..00000000 --- a/road-skate/scripts/validate-rsr.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -set -euo pipefail -REPO_ROOT="${1:-.}" -ERRORS=0 -log_error() { echo "ERROR: $1"; ERRORS=$((ERRORS + 1)); } -log_pass() { echo "PASS: $1"; } -check_file() { if [ -f "$REPO_ROOT/$1" ]; then log_pass "$1"; else log_error "$1 missing"; fi; } -check_dir() { if [ -d "$REPO_ROOT/$1" ]; then log_pass "$1"; else log_error "$1 missing"; fi; } -echo "--- Phase 1: Structure ---" -for f in .machine_readable .github src/interface/abi src/interface/ffi docs; do check_dir "$f"; done -for f in Justfile README.adoc LICENSE 0-AI-MANIFEST.a2ml; do check_file "$f"; done -echo "--- Phase 2: Metadata ---" -for f in STATE.a2ml META.a2ml ECOSYSTEM.a2ml anchors/ANCHOR.a2ml policies/MAINTENANCE-AXES.a2ml; do check_file ".machine_readable/$f"; done -echo "--- Phase 3: Workflows ---" -COUNT=$(find "$REPO_ROOT/.github/workflows" -name "*.yml" | wc -l) -if [ "$COUNT" -ge 15 ]; then log_pass "Workflows: $COUNT"; else log_error "Workflows: $COUNT < 15"; fi -echo "--- Results ---" -echo "Errors: $ERRORS" -exit "$ERRORS" diff --git a/road-skate/setup.sh b/road-skate/setup.sh deleted file mode 100755 index af55cedf..00000000 --- a/road-skate/setup.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -eu -ok() { echo " [OK] $1"; } -fail() { echo " [FAIL] $1"; exit 1; } -info() { echo " [INFO] $1"; } -install_just() { - if command -v just >/dev/null 2>&1; then ok "just installed"; return 0; fi - info "Installing just..." - curl -fsSL https://just.systems/install.sh | bash -s -- --to /usr/local/bin || fail "just install failed" -} -main() { - echo "=== affinescript-vite Setup ===" - install_just - if [ ! -f "Justfile" ]; then fail "No Justfile"; fi - if just --list | grep -q "^setup "; then just setup; else just doctor; fi - echo "=== Setup Complete ===" -} -main diff --git a/road-skate/simple_test.affine b/road-skate/simple_test.affine deleted file mode 100644 index 342417c6..00000000 --- a/road-skate/simple_test.affine +++ /dev/null @@ -1,17 +0,0 @@ -// Simple test -type Config = { - width: Int, - height: Int -} - -fn create_config() -> Config { - Config { - width: 800, - height: 600 - } -} - -fn main() -> () { - let config = create_config() - print("Config created") -} \ No newline at end of file diff --git a/road-skate/src/0.1-AI-MANIFEST.a2ml b/road-skate/src/0.1-AI-MANIFEST.a2ml deleted file mode 100644 index c92e124d..00000000 --- a/road-skate/src/0.1-AI-MANIFEST.a2ml +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-pillar" -level: 1 -parent: "../0-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Primary source code directory. Organized by role and architectural - aspect. - -canonical_locations: - core: "core/" - interface: "interface/" - bridges: "bridges/" - contracts: "contracts/" - errors: "errors/" - definitions: "definitions/" - aspects: "aspects/" - -invariants: - - "Core logic MUST reside in core/" - - "Verified seams MUST reside in interface/" - - "Safety constraints MUST reside in contracts/" - - "Failure dictionaries MUST reside in errors/" diff --git a/road-skate/src/README.adoc b/road-skate/src/README.adoc deleted file mode 100644 index 5529f66f..00000000 --- a/road-skate/src/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= src Pillar diff --git a/road-skate/src/affine-plugin-improved.js b/road-skate/src/affine-plugin-improved.js deleted file mode 100644 index 03b0b335..00000000 --- a/road-skate/src/affine-plugin-improved.js +++ /dev/null @@ -1,154 +0,0 @@ -/** - * AffineScript Vite Plugin - Improved Version - * (c) 2026 hyperpolymath - * SPDX-License-Identifier: AGPL-3.0-or-later - */ - -import { exec } from 'child_process'; -import { promisify } from 'util'; -import path from 'path'; -import fs from 'fs'; - -const execAsync = promisify(exec); - -async function compileAffineScript(filePath, outputDir, options) { - const { compilerPath, wasmOptLevel, debug } = options; - - const outputFile = path.join(outputDir, path.basename(filePath, path.extname(filePath)) + '.wasm'); - const debugFlag = debug ? '--debug' : ''; - - const command = `${compilerPath} --compile ${filePath} -o ${outputFile} --opt-level ${wasmOptLevel} ${debugFlag}`; - - try { - console.log(`[affine-script] Executing: ${command}`); - const { stdout, stderr } = await execAsync(command); - - if (stderr && !stderr.includes('warning')) { - console.error(`[affine-script] Compiler stderr: ${stderr}`); - } - - if (!fs.existsSync(outputFile)) { - throw new Error(`Compilation failed: output file ${outputFile} not created`); - } - - return { success: true, stdout, wasmPath: outputFile }; - } catch (error) { - console.error(`[affine-script] Compilation failed: ${error.message}`); - throw error; - } -} - -export default function affinePlugin(options = {}) { - const { - compilerPath = 'affinescript', - wasmOptLevel = 3, - debug = false, - sourceMaps = true, - watch = true - } = options; - - return { - name: 'affine-script', - version: '1.0.0', - - config() { - return { - optimizeDeps: { - include: ['affinescript-runtime'], - }, - esbuild: { - supported: { - 'affine-import': true, - }, - }, - }; - }, - - async transform(code, id) { - if (id.endsWith('.as') || id.endsWith('.affine')) { - console.log(`[affine-script] Compiling ${id}...`); - - const outputDir = path.dirname(id); - const result = await compileAffineScript(id, outputDir, { compilerPath, wasmOptLevel, debug }); - - const moduleName = path.basename(id, path.extname(id)).replace(/[^a-zA-Z0-9]/g, '_'); - - // Generate JavaScript wrapper for WASM module - const jsWrapper = ` -import init, * as affineExports from '${result.wasmPath}'; - -await init(); - -export const ${moduleName} = affineExports; -export default ${moduleName}; -`; - - return { - code: jsWrapper, - map: sourceMaps ? generateSourceMap(code, jsWrapper) : null - }; - } - }, - - handleHotUpdate({ file, server, modules }) { - if (file.endsWith('.as') || file.endsWith('.affine')) { - console.log(`[affine-script] HMR: ${file} changed.`); - - // Find affected modules - const affectedModules = modules.filter(m => - m.id.endsWith('.as') || m.id.endsWith('.affine') || - m.id.includes('affine') - ); - - if (affectedModules.length === 0) { - // Fallback to full reload if no specific modules found - server.ws.send({ - type: 'full-reload', - path: '*' - }); - } else { - // Intelligent HMR updates - return affectedModules.map(module => ({ - type: 'js-update', - path: module.url, - acceptedPath: module.url, - timestamp: Date.now() - })); - } - } - }, - - buildStart() { - console.log('[affine-script] Build started - initializing AffineScript compiler'); - // Could add version checks, compiler initialization, etc. - }, - - buildEnd() { - console.log('[affine-script] Build completed - optimizing WASM modules'); - // Could add WASM optimization, size reporting, etc. - }, - - configureServer(server) { - if (watch) { - // Set up file watching for .as files - server.watcher.on('add', file => { - if (file.endsWith('.as') || file.endsWith('.affine')) { - console.log(`[affine-script] New file detected: ${file}`); - } - }); - } - } - }; -} - -// Simple source map generator (could be enhanced) -function generateSourceMap(originalCode, generatedCode) { - return { - version: 3, - sources: ['original.as'], - names: [], - mappings: 'AAAA', - file: 'compiled.js', - sourcesContent: [originalCode] - }; -} \ No newline at end of file diff --git a/road-skate/src/affine-plugin.js b/road-skate/src/affine-plugin.js deleted file mode 100644 index 417a0bce..00000000 --- a/road-skate/src/affine-plugin.js +++ /dev/null @@ -1,52 +0,0 @@ -/** - * AffineScript Vite Plugin - * (c) 2026 hyperpolymath - * SPDX-License-Identifier: AGPL-3.0-or-later - */ - -export default function affinePlugin(options = {}) { - const { compilerPath = 'affinescript' } = options; - - return { - name: 'affine-script', - version: '0.1.0', - - // Handle .as and .affine files - transform(code, id) { - if (id.endsWith('.as') || id.endsWith('.affine')) { - // Log for transparency - console.log(`[affine-script] Compiling ${id}...`); - - // Placeholder for actual AffineScript -> WASM/JS compilation - // In a real implementation, this would call the compiler via WASM - // or a shell command: `affinescript --compile ${id} -o ${id}.wasm` - - // For now, we wrap the source in a JavaScript comment and export it - // This allows the dev server to at least load the file as a module. - const compiledCode = ` -/** - * Compiled from AffineScript (Source-only scaffold) - * File: ${id} - */ -const source = ${JSON.stringify(code)}; -export default source; -`; - return { - code: compiledCode, - map: null, // TODO: Implement source maps from compiler - }; - } - }, - - // Hot Module Replacement (HMR) handle - handleHotUpdate({ file, server }) { - if (file.endsWith('.as') || file.endsWith('.affine')) { - console.log(`[affine-script] HMR: ${file} changed.`); - server.ws.send({ - type: 'full-reload', - path: '*', - }); - } - }, - }; -} diff --git a/road-skate/src/aspects/0.2-AI-MANIFEST.a2ml b/road-skate/src/aspects/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 3d5b209e..00000000 --- a/road-skate/src/aspects/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-unit-aspects" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Cross-cutting concerns and domain-specific aspects (Security, - Observability, Integrity). - -canonical_locations: - security: "security/" - observability: "observability/" - integrity: "integrity/" diff --git a/road-skate/src/aspects/README.adoc b/road-skate/src/aspects/README.adoc deleted file mode 100644 index 6456f962..00000000 --- a/road-skate/src/aspects/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Aspects Pillar diff --git a/road-skate/src/aspects/integrity/0.3-AI-MANIFEST.a2ml b/road-skate/src/aspects/integrity/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index f114cbd2..00000000 --- a/road-skate/src/aspects/integrity/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "aspect-unit-integrity" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Implementation logic for the integrity aspect. diff --git a/road-skate/src/aspects/integrity/README.adoc b/road-skate/src/aspects/integrity/README.adoc deleted file mode 100644 index f15d829d..00000000 --- a/road-skate/src/aspects/integrity/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Integrity Aspect diff --git a/road-skate/src/aspects/observability/0.3-AI-MANIFEST.a2ml b/road-skate/src/aspects/observability/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index e16cbdf9..00000000 --- a/road-skate/src/aspects/observability/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "aspect-unit-observability" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Implementation logic for the observability aspect. diff --git a/road-skate/src/aspects/observability/README.adoc b/road-skate/src/aspects/observability/README.adoc deleted file mode 100644 index 7852ee64..00000000 --- a/road-skate/src/aspects/observability/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Observability Aspect diff --git a/road-skate/src/aspects/security/0.3-AI-MANIFEST.a2ml b/road-skate/src/aspects/security/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 09965363..00000000 --- a/road-skate/src/aspects/security/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "aspect-unit-security" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Implementation logic for the security aspect. diff --git a/road-skate/src/aspects/security/README.adoc b/road-skate/src/aspects/security/README.adoc deleted file mode 100644 index 3c3536ec..00000000 --- a/road-skate/src/aspects/security/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Security Aspect diff --git a/road-skate/src/bridges/0.2-AI-MANIFEST.a2ml b/road-skate/src/bridges/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 3d3e27a0..00000000 --- a/road-skate/src/bridges/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-unit-bridges" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Integration logic for external systems (API, Database, RPC, etc.). diff --git a/road-skate/src/contracts/0.2-AI-MANIFEST.a2ml b/road-skate/src/contracts/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 0bd9198f..00000000 --- a/road-skate/src/contracts/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-unit-contracts" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Contracts unit for high-rigor source code. diff --git a/road-skate/src/contracts/README.adoc b/road-skate/src/contracts/README.adoc deleted file mode 100644 index 9cfa2098..00000000 --- a/road-skate/src/contracts/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Contracts Unit diff --git a/road-skate/src/core/0.2-AI-MANIFEST.a2ml b/road-skate/src/core/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 22846c78..00000000 --- a/road-skate/src/core/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-unit-core" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Primary application logic and core domain models. diff --git a/road-skate/src/definitions/0.2-AI-MANIFEST.a2ml b/road-skate/src/definitions/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index e54f4dab..00000000 --- a/road-skate/src/definitions/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-unit-definitions" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Definitions unit for high-rigor source code. diff --git a/road-skate/src/definitions/README.adoc b/road-skate/src/definitions/README.adoc deleted file mode 100644 index 95483497..00000000 --- a/road-skate/src/definitions/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Definitions Unit diff --git a/road-skate/src/errors/0.2-AI-MANIFEST.a2ml b/road-skate/src/errors/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index dddcc6c4..00000000 --- a/road-skate/src/errors/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "source-unit-errors" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Errors unit for high-rigor source code. diff --git a/road-skate/src/errors/README.adoc b/road-skate/src/errors/README.adoc deleted file mode 100644 index 460fc1e9..00000000 --- a/road-skate/src/errors/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Errors Unit diff --git a/road-skate/src/index.js b/road-skate/src/index.js deleted file mode 100644 index d87abc74..00000000 --- a/road-skate/src/index.js +++ /dev/null @@ -1,2 +0,0 @@ -import affinePlugin from './affine-plugin.js'; -export default affinePlugin; diff --git a/road-skate/src/interface/0.2-AI-MANIFEST.a2ml b/road-skate/src/interface/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 7f0f471b..00000000 --- a/road-skate/src/interface/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,24 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "interface-seams-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Consolidated "Verified Interface Seams" unit. This directory unifies the - formal specification (ABI), the bridge implementation (FFI), and the - resulting artifacts (Generated). - -canonical_locations: - abi: "abi/" - ffi: "ffi/" - generated: "generated/" - -invariants: - - "ABI MUST be Idris2 (.idr)" - - "FFI MUST be Zig (.zig)" - - "Generated artifacts MUST be C-compatible" - - "The 'Truth' lives in abi/; the 'Implementation' lives in ffi/" diff --git a/road-skate/src/interface/README.adoc b/road-skate/src/interface/README.adoc deleted file mode 100644 index 8faf0aad..00000000 --- a/road-skate/src/interface/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= interface Unit diff --git a/road-skate/src/interface/abi/0.3-AI-MANIFEST.a2ml b/road-skate/src/interface/abi/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 91cafa01..00000000 --- a/road-skate/src/interface/abi/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "abi-logic" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised Level 3 logic for abi. diff --git a/road-skate/src/interface/abi/Foreign.idr b/road-skate/src/interface/abi/Foreign.idr deleted file mode 100644 index 3f16342b..00000000 --- a/road-skate/src/interface/abi/Foreign.idr +++ /dev/null @@ -1,82 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 -||| Foreign Function Interface Bridge -||| -||| This module defines the raw FFI calls and their safe wrappers, -||| implemented in the Zig FFI layer. - -module Abi.Foreign - -import Abi.Types -import Abi.Layout - -%default total - --------------------------------------------------------------------------------- --- Library Lifecycle --------------------------------------------------------------------------------- - -||| Raw FFI call to initialize the library -%foreign "C:rsr_init,librsr" -prim__init : PrimIO Bits64 - -||| Raw FFI call to free library resources -%foreign "C:rsr_free,librsr" -prim__free : Bits64 -> PrimIO () - -||| Safe wrapper for initialization -export -init : IO (Maybe Handle) -init = do - ptr <- primIO prim__init - pure (createHandle ptr) - -||| Safe wrapper for cleanup -export -free : Handle -> IO () -free h = primIO (prim__free h.ptr) - --------------------------------------------------------------------------------- --- Core Operations --------------------------------------------------------------------------------- - -||| Raw FFI call for main processing -%foreign "C:rsr_process,librsr" -prim__process : Bits64 -> Bits32 -> PrimIO Bits32 - -||| Safe wrapper with error handling -export -process : Handle -> Bits32 -> IO (Either Result Bits32) -process h input = do - result <- primIO (prim__process h.ptr input) - if result == 0 - then pure (Left Error) - else pure (Right result) - --------------------------------------------------------------------------------- --- Status and Metrics --------------------------------------------------------------------------------- - -||| Get the current error description from the library -%foreign "C:rsr_get_error,librsr" -prim__getError : Bits64 -> PrimIO (Ptr String) - -||| Detailed error string helper -export -errorDescription : Result -> String -errorDescription Ok = "Success" -errorDescription Error = "Generic error" -errorDescription InvalidParam = "Invalid parameter" -errorDescription Busy = "Library is busy" - --------------------------------------------------------------------------------- --- Documentation --------------------------------------------------------------------------------- - -||| Summary of ABI safety properties: -||| 1. All functions are total (total keyword enforced). -||| 2. Pointers are verified non-null before being wrapped in Handle. -||| 3. Memory layouts are proven C-ABI compliant in Abi.Layout. -||| 4. FFI boundary uses explicitly tagged types from Abi.Types. -public export -abiSafetyGuarantees : String -abiSafetyGuarantees = "RSR-Template ABI: 4 proven safety properties for FFI integration" diff --git a/road-skate/src/interface/abi/Layout.idr b/road-skate/src/interface/abi/Layout.idr deleted file mode 100644 index fec979dc..00000000 --- a/road-skate/src/interface/abi/Layout.idr +++ /dev/null @@ -1,127 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 -||| ABI Layout Verification -||| -||| This module provides formal proofs about memory layout, alignment, -||| and padding for C-compatible structs. - -module Abi.Layout - -import Abi.Types -import Data.Vect -import Data.So - -%default total - --------------------------------------------------------------------------------- --- Alignment Invariants --------------------------------------------------------------------------------- - -||| Predicate: n divides m -public export -data Divides : (n, m : Nat) -> Type where - MkDivides : (k : Nat) -> (0 prf : m = k * n) -> Divides n m - -||| Implementation of divides for common sizes -public export -div8_24 : Divides 8 24 -div8_24 = MkDivides 3 Refl - -public export -div4_0 : Divides 4 0 -div4_0 = MkDivides 0 Refl - -public export -div8_8 : Divides 8 8 -div8_8 = MkDivides 1 Refl - -public export -div8_16 : Divides 8 16 -div8_16 = MkDivides 2 Refl - -||| Calculate padding required for an offset to meet alignment -public export -paddingFor : (offset : Nat) -> (alignment : Nat) -> Nat -paddingFor offset 0 = 0 -paddingFor offset alignment = - let m = offset `mod` alignment in - if m == 0 - then 0 - else alignment `minus` m - -||| Align a size up to the next multiple of alignment -public export -alignUp : (size : Nat) -> (alignment : Nat) -> Nat -alignUp size alignment = - size + paddingFor size alignment - --------------------------------------------------------------------------------- --- Struct Model --------------------------------------------------------------------------------- - -||| Representation of a single field in a struct -public export -record Field where - constructor MkField - name : String - offset : Nat - size : Nat - alignment : Nat - -||| Valid memory layout for a C struct -public export -record StructLayout where - constructor MkStructLayout - {n : Nat} - fields : Vect n Field - totalSize : Nat - alignment : Nat - {auto 0 aligned : Divides alignment totalSize} - --------------------------------------------------------------------------------- --- Compliance Predicates --------------------------------------------------------------------------------- - -||| Proof that all fields in a struct are correctly aligned -public export -data FieldsAligned : Vect n Field -> Type where - NoFields : FieldsAligned [] - ConsField : - (f : Field) -> - (rest : Vect n Field) -> - (0 prf : Divides f.alignment f.offset) -> - FieldsAligned rest -> - FieldsAligned (f :: rest) - -||| Predicate: Struct is C-ABI compliant -public export -data CABICompliant : StructLayout -> Type where - CABIOk : (l : StructLayout) -> - (0 prf : FieldsAligned l.fields) -> - CABICompliant l - --------------------------------------------------------------------------------- --- Example and Proofs --------------------------------------------------------------------------------- - -||| Example: struct { int32_t x; int64_t y; double z; } -||| On 64-bit Linux, this should have size 24, alignment 8. -public export -exampleLayout : StructLayout -exampleLayout = - MkStructLayout - [ MkField "x" 0 4 4 -- Bits32 at offset 0 - , MkField "y" 8 8 8 -- Bits64 at offset 8 (4 bytes padding) - , MkField "z" 16 8 8 -- Double at offset 16 - ] - 24 -- Total size: 24 bytes - 8 -- Alignment: 8 bytes - {aligned = div8_24} - -||| Proof that example layout is valid -public export -exampleLayoutValid : CABICompliant Abi.Layout.exampleLayout -exampleLayoutValid = CABIOk Abi.Layout.exampleLayout ( - ConsField (MkField "x" 0 4 4) _ div4_0 ( - ConsField (MkField "y" 8 8 8) _ div8_8 ( - ConsField (MkField "z" 16 8 8) _ div8_16 ( - NoFields)))) diff --git a/road-skate/src/interface/abi/README.adoc b/road-skate/src/interface/abi/README.adoc deleted file mode 100644 index 2330304d..00000000 --- a/road-skate/src/interface/abi/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= abi Logic diff --git a/road-skate/src/interface/abi/Types.idr b/road-skate/src/interface/abi/Types.idr deleted file mode 100644 index 6fc4d041..00000000 --- a/road-skate/src/interface/abi/Types.idr +++ /dev/null @@ -1,111 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 -||| ABI Type Definitions Template -||| -||| This module defines the Application Binary Interface (ABI) for this library. -||| All type definitions include formal proofs of correctness. - -module Abi.Types - -import Data.Bits -import Data.So -import Data.Vect -import Decidable.Equality - -%default total - --------------------------------------------------------------------------------- --- Platform Model --------------------------------------------------------------------------------- - -||| Target platforms for the FFI bridge -public export -data Platform = Linux | MacOS | Windows | WASM | RISCV - -||| Pointer size in bits per platform -public export -ptrSize : Platform -> Nat -ptrSize Linux = 64 -ptrSize MacOS = 64 -ptrSize Windows = 64 -ptrSize WASM = 32 -ptrSize RISCV = 64 - -||| Current target platform (detected at compile-time) -public export -thisPlatform : Platform -thisPlatform = Linux -- Simplified for template - --------------------------------------------------------------------------------- --- Core Types --------------------------------------------------------------------------------- - -||| Return codes for FFI calls -public export -data Result = Ok | Error | InvalidParam | Busy - -||| Results are decidably equal -public export -implementation DecEq Result where - decEq Ok Ok = Yes Refl - decEq Error Error = Yes Refl - decEq InvalidParam InvalidParam = Yes Refl - decEq Busy Busy = Yes Refl - decEq Ok Error = No (\case Refl impossible) - decEq Ok InvalidParam = No (\case Refl impossible) - decEq Ok Busy = No (\case Refl impossible) - decEq Error Ok = No (\case Refl impossible) - decEq Error InvalidParam = No (\case Refl impossible) - decEq Error Busy = No (\case Refl impossible) - decEq InvalidParam Ok = No (\case Refl impossible) - decEq InvalidParam Error = No (\case Refl impossible) - decEq InvalidParam Busy = No (\case Refl impossible) - decEq Busy Ok = No (\case Refl impossible) - decEq Busy Error = No (\case Refl impossible) - decEq Busy InvalidParam = No (\case Refl impossible) - -||| Opaque handle for library resources -||| Invariant: Handle pointer must be non-null -public export -record Handle where - constructor MkHandle - ptr : Bits64 - 0 prf : So (ptr /= 0) - -||| Returns Nothing if pointer is null -public export -createHandle : Bits64 -> Maybe Handle -createHandle 0 = Nothing -createHandle ptr = case decSo (ptr /= 0) of - Yes p => Just (MkHandle ptr p) - No _ => Nothing - --------------------------------------------------------------------------------- --- C-Types Mapping --------------------------------------------------------------------------------- - -||| Tagged types for C-FFI boundary -public export -data CType = CInt | CUInt | CLong | CULong | CPtrType - -||| Pointer type for platform -public export -CPtr : Platform -> CType -> Type -CPtr p _ = Bits64 -- Simplified for 64-bit template - -||| Size of C types (platform-specific) -public export -cSizeOf : (p : Platform) -> (t : CType) -> Nat -cSizeOf p CInt = 4 -cSizeOf p CUInt = 4 -cSizeOf p CLong = 8 -cSizeOf p CULong = 8 -cSizeOf p CPtrType = 8 - -||| Alignment of C types (platform-specific) -public export -cAlignOf : (p : Platform) -> (t : CType) -> Nat -cAlignOf p CInt = 4 -cAlignOf p CUInt = 4 -cAlignOf p CLong = 8 -cAlignOf p CULong = 8 -cAlignOf p CPtrType = 8 diff --git a/road-skate/src/interface/ffi/0.3-AI-MANIFEST.a2ml b/road-skate/src/interface/ffi/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index bf456ae2..00000000 --- a/road-skate/src/interface/ffi/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "ffi-logic" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised Level 3 logic for ffi. diff --git a/road-skate/src/interface/ffi/README.adoc b/road-skate/src/interface/ffi/README.adoc deleted file mode 100644 index 8fe57d34..00000000 --- a/road-skate/src/interface/ffi/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= ffi Logic diff --git a/road-skate/src/interface/ffi/build.zig b/road-skate/src/interface/ffi/build.zig deleted file mode 100644 index 69a63773..00000000 --- a/road-skate/src/interface/ffi/build.zig +++ /dev/null @@ -1,19 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -// -// Template FFI Build Configuration (Zig 0.15.2+) -// Note: This is a minimal build file that demonstrates Zig integration - -const std = @import("std"); - -pub fn build(b: *std.Build) void { - _ = b.standardTargetOptions(.{}); - _ = b.standardOptimizeOption(.{}); - - // In Zig 0.15+, tests are run directly with: - // zig build-exe -ftest-runner src/main.zig - // zig build-exe -ftest-runner test/integration_test.zig - // - // This minimal build file provides scaffolding for future expansion. - // Tests can be invoked via command line without explicit build.zig configuration. -} diff --git a/road-skate/src/interface/ffi/src/0.4-AI-MANIFEST.a2ml b/road-skate/src/interface/ffi/src/0.4-AI-MANIFEST.a2ml deleted file mode 100644 index 5b5f1b1e..00000000 --- a/road-skate/src/interface/ffi/src/0.4-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "src-unit" -level: 4 -parent: "../0.3-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Src logic at level 4. diff --git a/road-skate/src/interface/ffi/src/README.adoc b/road-skate/src/interface/ffi/src/README.adoc deleted file mode 100644 index a5c0c6d5..00000000 --- a/road-skate/src/interface/ffi/src/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Src Logic diff --git a/road-skate/src/interface/ffi/src/main.zig b/road-skate/src/interface/ffi/src/main.zig deleted file mode 100644 index 42147268..00000000 --- a/road-skate/src/interface/ffi/src/main.zig +++ /dev/null @@ -1,274 +0,0 @@ -// {{PROJECT}} FFI Implementation -// -// This module implements the C-compatible FFI declared in src/abi/Foreign.idr -// All types and layouts must match the Idris2 ABI definitions. -// -// SPDX-License-Identifier: MPL-2.0 - -const std = @import("std"); - -// Version information (keep in sync with project) -const VERSION = "0.1.0"; -const BUILD_INFO = "{{PROJECT}} built with Zig " ++ @import("builtin").zig_version_string; - -/// Thread-local error storage -threadlocal var last_error: ?[]const u8 = null; - -/// Set the last error message -fn setError(msg: []const u8) void { - last_error = msg; -} - -/// Clear the last error -fn clearError() void { - last_error = null; -} - -//============================================================================== -// Core Types (must match src/abi/Types.idr) -//============================================================================== - -/// Result codes (must match Idris2 Result type) -pub const Result = enum(c_int) { - ok = 0, - @"error" = 1, - invalid_param = 2, - out_of_memory = 3, - null_pointer = 4, -}; - -/// Library handle (opaque to prevent direct access) -pub const Handle = opaque { - // Internal state hidden from C - allocator: std.mem.Allocator, - initialized: bool, - // Add your fields here -}; - -//============================================================================== -// Library Lifecycle -//============================================================================== - -/// Initialize the library -/// Returns a handle, or null on failure -export fn affinescript-vite_init() ?*Handle { - const allocator = std.heap.c_allocator; - - const handle = allocator.create(Handle) catch { - setError("Failed to allocate handle"); - return null; - }; - - // Initialize handle - handle.* = .{ - .allocator = allocator, - .initialized = true, - }; - - clearError(); - return handle; -} - -/// Free the library handle -export fn affinescript-vite_free(handle: ?*Handle) void { - const h = handle orelse return; - const allocator = h.allocator; - - // Clean up resources - h.initialized = false; - - allocator.destroy(h); - clearError(); -} - -//============================================================================== -// Core Operations -//============================================================================== - -/// Process data (example operation) -export fn affinescript-vite_process(handle: ?*Handle, input: u32) Result { - const h = handle orelse { - setError("Null handle"); - return .null_pointer; - }; - - if (!h.initialized) { - setError("Handle not initialized"); - return .@"error"; - } - - // Example processing logic - _ = input; - - clearError(); - return .ok; -} - -//============================================================================== -// String Operations -//============================================================================== - -/// Get a string result (example) -/// Caller must free the returned string -export fn affinescript-vite_get_string(handle: ?*Handle) ?[*:0]const u8 { - const h = handle orelse { - setError("Null handle"); - return null; - }; - - if (!h.initialized) { - setError("Handle not initialized"); - return null; - } - - // Example: allocate and return a string - const result = h.allocator.dupeZ(u8, "Example result") catch { - setError("Failed to allocate string"); - return null; - }; - - clearError(); - return result.ptr; -} - -/// Free a string allocated by the library -export fn affinescript-vite_free_string(str: ?[*:0]const u8) void { - const s = str orelse return; - const allocator = std.heap.c_allocator; - - const slice = std.mem.span(s); - allocator.free(slice); -} - -//============================================================================== -// Array/Buffer Operations -//============================================================================== - -/// Process an array of data -export fn affinescript-vite_process_array( - handle: ?*Handle, - buffer: ?[*]const u8, - len: u32, -) Result { - const h = handle orelse { - setError("Null handle"); - return .null_pointer; - }; - - const buf = buffer orelse { - setError("Null buffer"); - return .null_pointer; - }; - - if (!h.initialized) { - setError("Handle not initialized"); - return .@"error"; - } - - // Access the buffer - const data = buf[0..len]; - _ = data; - - // Process data here - - clearError(); - return .ok; -} - -//============================================================================== -// Error Handling -//============================================================================== - -/// Get the last error message -/// Returns null if no error -export fn affinescript-vite_last_error() ?[*:0]const u8 { - const err = last_error orelse return null; - - // Return C string (static storage, no need to free) - const allocator = std.heap.c_allocator; - const c_str = allocator.dupeZ(u8, err) catch return null; - return c_str.ptr; -} - -//============================================================================== -// Version Information -//============================================================================== - -/// Get the library version -export fn affinescript-vite_version() [*:0]const u8 { - return VERSION.ptr; -} - -/// Get build information -export fn affinescript-vite_build_info() [*:0]const u8 { - return BUILD_INFO.ptr; -} - -//============================================================================== -// Callback Support -//============================================================================== - -/// Callback function type (C ABI) -pub const Callback = *const fn (u64, u32) callconv(.C) u32; - -/// Register a callback -export fn affinescript-vite_register_callback( - handle: ?*Handle, - callback: ?Callback, -) Result { - const h = handle orelse { - setError("Null handle"); - return .null_pointer; - }; - - const cb = callback orelse { - setError("Null callback"); - return .null_pointer; - }; - - if (!h.initialized) { - setError("Handle not initialized"); - return .@"error"; - } - - // Store callback for later use - _ = cb; - - clearError(); - return .ok; -} - -//============================================================================== -// Utility Functions -//============================================================================== - -/// Check if handle is initialized -export fn affinescript-vite_is_initialized(handle: ?*Handle) u32 { - const h = handle orelse return 0; - return if (h.initialized) 1 else 0; -} - -//============================================================================== -// Tests -//============================================================================== - -test "lifecycle" { - const handle = affinescript-vite_init() orelse return error.InitFailed; - defer affinescript-vite_free(handle); - - try std.testing.expect(affinescript-vite_is_initialized(handle) == 1); -} - -test "error handling" { - const result = affinescript-vite_process(null, 0); - try std.testing.expectEqual(Result.null_pointer, result); - - const err = affinescript-vite_last_error(); - try std.testing.expect(err != null); -} - -test "version" { - const ver = affinescript-vite_version(); - const ver_str = std.mem.span(ver); - try std.testing.expectEqualStrings(VERSION, ver_str); -} diff --git a/road-skate/src/interface/ffi/test/0.4-AI-MANIFEST.a2ml b/road-skate/src/interface/ffi/test/0.4-AI-MANIFEST.a2ml deleted file mode 100644 index e02427f8..00000000 --- a/road-skate/src/interface/ffi/test/0.4-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "test-unit" -level: 4 -parent: "../0.3-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Test logic at level 4. diff --git a/road-skate/src/interface/ffi/test/README.adoc b/road-skate/src/interface/ffi/test/README.adoc deleted file mode 100644 index f6f38bf6..00000000 --- a/road-skate/src/interface/ffi/test/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Test Logic diff --git a/road-skate/src/interface/ffi/test/integration_test.zig b/road-skate/src/interface/ffi/test/integration_test.zig deleted file mode 100644 index 361bd05f..00000000 --- a/road-skate/src/interface/ffi/test/integration_test.zig +++ /dev/null @@ -1,66 +0,0 @@ -// RSR Template FFI Integration Tests -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -// -// These tests verify that the Zig FFI correctly implements the Idris2 ABI. -// This is a TEMPLATE FILE — when instantiating a new project: -// 1. Replace "template" with your project name in lowercase -// 2. Link against your actual FFI implementation library -// 3. Uncomment the test functions below -// -// For now, this file contains documentation of what tests should exist. - -const std = @import("std"); - -// NOTE: When instantiated, declare the actual FFI functions here: -// extern fn mylib_init() ?*Handle; -// extern fn mylib_free(?*Handle) void; -// ... etc - -// And define Handle appropriately: -// const Handle = opaque {}; - -test "placeholder test - implementation required" { - // This test ensures the file compiles - // Actual tests depend on FFI implementation - try std.testing.expect(true); -} - -// ============================================================================== -// Example tests (uncomment when instantiated with real FFI): -// ============================================================================== -// -// test "lifecycle: create and destroy handle" { -// const handle = mylib_init() orelse return error.InitFailed; -// defer mylib_free(handle); -// } -// -// test "operations: process with valid handle" { -// const handle = mylib_init() orelse return error.InitFailed; -// defer mylib_free(handle); -// -// const result = mylib_process(handle, 42); -// try std.testing.expectEqual(@as(c_int, 0), result); -// } -// -// test "memory safety: double free is safe" { -// const handle = mylib_init() orelse return error.InitFailed; -// mylib_free(handle); -// mylib_free(handle); // Should not crash -// } -// -// test "strings: get string result from handle" { -// const handle = mylib_init() orelse return error.InitFailed; -// defer mylib_free(handle); -// -// const str = mylib_get_string(handle); -// defer if (str) |s| mylib_free_string(s); -// -// try std.testing.expect(str != null); -// } -// -// test "version: returns non-empty version string" { -// const ver = mylib_version(); -// const ver_str = std.mem.span(ver); -// try std.testing.expect(ver_str.len > 0); -// } diff --git a/road-skate/src/interface/generated/0.3-AI-MANIFEST.a2ml b/road-skate/src/interface/generated/0.3-AI-MANIFEST.a2ml deleted file mode 100644 index 0088b80c..00000000 --- a/road-skate/src/interface/generated/0.3-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "generated-logic" -level: 3 -parent: "../0.2-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Specialised Level 3 logic for generated. diff --git a/road-skate/src/interface/generated/README.adoc b/road-skate/src/interface/generated/README.adoc deleted file mode 100644 index 3691b062..00000000 --- a/road-skate/src/interface/generated/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= generated Logic diff --git a/road-skate/src/interface/generated/abi/.gitkeep b/road-skate/src/interface/generated/abi/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/road-skate/src/interface/generated/abi/0.4-AI-MANIFEST.a2ml b/road-skate/src/interface/generated/abi/0.4-AI-MANIFEST.a2ml deleted file mode 100644 index 4eeb5808..00000000 --- a/road-skate/src/interface/generated/abi/0.4-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "abi-unit" -level: 4 -parent: "../0.3-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Abi logic at level 4. diff --git a/road-skate/src/interface/generated/abi/README.adoc b/road-skate/src/interface/generated/abi/README.adoc deleted file mode 100644 index aff61a99..00000000 --- a/road-skate/src/interface/generated/abi/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Abi Logic diff --git a/road-skate/test_config.affine b/road-skate/test_config.affine deleted file mode 100644 index 8b0170c3..00000000 --- a/road-skate/test_config.affine +++ /dev/null @@ -1,9 +0,0 @@ -// Test config type -type Config = { - screen_width: Int, - screen_height: Int -} - -fn test() -> () { - let config = Config { screen_width: 800, screen_height: 600 } -} \ No newline at end of file diff --git a/road-skate/test_exact.affine b/road-skate/test_exact.affine deleted file mode 100644 index 870e21b9..00000000 --- a/road-skate/test_exact.affine +++ /dev/null @@ -1,14 +0,0 @@ -// Test exact syntax from conformance -type Point = { - x: Int, - y: Int -} - -fn make_point(x: Int, y: Int) -> Point { - Point { x: x, y: y } -} - -fn main() -> () { - let p = make_point(10, 20) - print("Point created") -} \ No newline at end of file diff --git a/road-skate/test_minimal.affine b/road-skate/test_minimal.affine deleted file mode 100644 index b7fc7b1b..00000000 --- a/road-skate/test_minimal.affine +++ /dev/null @@ -1,3 +0,0 @@ -fn main() -> () { - print("Hello") -} diff --git a/road-skate/test_projection.affine b/road-skate/test_projection.affine deleted file mode 100644 index 9989a950..00000000 --- a/road-skate/test_projection.affine +++ /dev/null @@ -1,65 +0,0 @@ -// Test 3D Projection for Road Markers -// Verifies that markers appear centered on horizon - -use Physics_td3 - -fn main() -> () { - (* Screen setup *) - let screen_width = 800 - let screen_height = 600 - let focal_length = 500.0 - - (* Car at origin *) - let car_position = { x: 0.0, y: 0.0, z: 0.0 } - - (* Road markers at z=50 (50 meters ahead) *) - let left_marker = { x: -5.0, y: 0.0, z: 50.0 } - let right_marker = { x: 5.0, y: 0.0, z: 50.0 } - - (* Project to screen coordinates *) - let (left_x, left_y) = project_3d_to_2d(left_marker, focal_length, screen_width, screen_height) - let (right_x, right_y) = project_3d_to_2d(right_marker, focal_length, screen_width, screen_height) - - (* Verify results *) - print("=== 3D Projection Test ===") - print("Screen dimensions: " ++ int_to_string(screen_width) ++ "x" ++ int_to_string(screen_height)) - print("Focal length: " ++ float_to_string(focal_length)) - print("") - print("Car position: (" ++ float_to_string(car_position.x) ++ ", " ++ - float_to_string(car_position.y) ++ ", " ++ float_to_string(car_position.z) ++ ")") - print("") - print("Left marker (-5, 0, 50): (" ++ int_to_string(left_x) ++ ", " ++ int_to_string(left_y) ++ ")") - print("Right marker (5, 0, 50): (" ++ int_to_string(right_x) ++ ", " ++ int_to_string(right_y) ++ ")") - print("") - - (* Check if markers are centered on horizon *) - let horizon_y = screen_height / 2 - let screen_center_x = screen_width / 2 - - if left_y == horizon_y && right_y == horizon_y then { - print("✓ Both markers are on the horizon (Y=" ++ int_to_string(horizon_y) ++ ")") - } else { - print("✗ Markers are NOT on the horizon!") - } - - (* Check symmetry *) - let distance_from_center = abs(left_x - screen_center_x) - if distance_from_center == abs(right_x - screen_center_x) then { - print("✓ Markers are symmetric around screen center") - print(" Distance from center: " ++ int_to_string(distance_from_center) ++ " pixels") - } else { - print("✗ Markers are NOT symmetric!") - } - - (* Calculate separation *) - let separation = abs(right_x - left_x) - print("Marker separation: " ++ int_to_string(separation) ++ " pixels") - - (* Expected values *) - print("") - print("Expected results:") - print(" Both markers at Y=300 (horizon)") - print(" Left at X=350, Right at X=450") - print(" Separation: 100 pixels") - print(" Centered around X=400") -} \ No newline at end of file diff --git a/road-skate/tests/aspect_tests.sh b/road-skate/tests/aspect_tests.sh deleted file mode 100755 index 551d8b1d..00000000 --- a/road-skate/tests/aspect_tests.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" -cd "$PROJECT_DIR" -PASS=0 -FAIL=0 -WARN=0 -green() { printf '\033[32m%s\033[0m\n' "$*"; } -red() { printf '\033[31m%s\033[0m\n' "$*"; } -yellow(){ printf '\033[33m%s\033[0m\n' "$*"; } -bold() { printf '\033[1m%s\033[0m\n' "$*"; } -pass() { green " PASS: "$1"$*"; PASS=$((PASS + 1)); } -fail() { red " FAIL: "$1"$*"; FAIL=$((FAIL + 1)); } -warn() { yellow " WARN: "$1"$*"; WARN=$((WARN + 1)); } -echo "═══════════════════════════════════════════════════════════════" -echo " affinescript-vite — Aspect Tests (Cross-Cutting Concerns)" -echo "═══════════════════════════════════════════════════════════════" -echo "$*" -bold "Aspect 1: SPDX license headers" -MISSING_SPDX=0 -while IFS= read -r -d '' f; do - if ! head -5 "$f" | grep -q "SPDX-License-Identifier"; then - warn "Missing SPDX header: "$f"$*" - MISSING_SPDX=$((MISSING_SPDX + 1)) - fi -done < <(find "src/" -type f \( -name "*.rs" -o -name "*.zig" -o -name "*.res" -o -name "*.ex" -o -name "*.exs" -o -name "*.gleam" -o -name "*.idr" -o -name "*.sh" \) -print0 2>/dev/null) -if [ "$MISSING_SPDX" -eq 0 ]; then - pass "All source files have SPDX headers" -else - fail "$MISSING_SPDX files missing SPDX headers" -fi -bold "Aspect 2: Dangerous patterns" -DANGEROUS_IDRIS=$(grep -rn 'believe_me\|assert_total\|really_believe_me' src/abi/ 2>/dev/null | grep -v "^Binary" | grep -v "test" || true) -if [ -n "$DANGEROUS_IDRIS" ]; then - fail "Dangerous Idris2 patterns found:" - echo "$DANGEROUS_IDRIS" | head -5 -else - pass "No dangerous Idris2 patterns (believe_me, assert_total)" -fi -DANGEROUS_PROOF=$(grep -rn '\bAdmitted\b\|\bsorry\b\|\bunsafeCoerce\b\|\bObj\.magic\b' src/ verification/ 2>/dev/null | grep -v "test" | grep -v "comment" || true) -if [ -n "$DANGEROUS_PROOF" ]; then - fail "Dangerous proof patterns found:" - echo "$DANGEROUS_PROOF" | head -5 -else - pass "No dangerous proof patterns (Admitted, sorry, unsafeCoerce)" -fi -echo "$*" -echo "═══════════════════════════════════════════════════════════════" -printf " Results: " -green "PASS="$PASS"$*" | tr -d '\n' -printf " " -if [ "$FAIL" -gt 0 ]; then red "FAIL="$FAIL"$*" | tr -d '\n'; else printf "FAIL=0"; fi -printf " " -if [ "$WARN" -gt 0 ]; then yellow "WARN="$WARN"$*"; else echo "WARN=0"; fi -echo "$*" -echo "═══════════════════════════════════════════════════════════════" -exit "$FAIL" diff --git a/road-skate/tests/e2e.sh b/road-skate/tests/e2e.sh deleted file mode 100755 index fd7f3dba..00000000 --- a/road-skate/tests/e2e.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" -PASS=0 -FAIL=0 -SKIP=0 -green() { printf '\033[32m%s\033[0m\n' "$*"; } -red() { printf '\033[31m%s\033[0m\n' "$*"; } -yellow(){ printf '\033[33m%s\033[0m\n' "$*"; } -bold() { printf '\033[1m%s\033[0m\n' "$*"; } -check() { - local name="$1" expected="$2" actual="$3" - if printf "%s" "$actual" | grep -q "$expected"; then - green " PASS: $name" - PASS=$((PASS + 1)) - else - red " FAIL: $name (expected '$expected', got '${actual:0:120}')" - FAIL=$((FAIL + 1)) - fi -} -check_status() { - local name="$1" expected="$2" actual="$3" - if [ "$actual" = "$expected" ]; then - green " PASS: $name (HTTP $actual)" - PASS=$((PASS + 1)) - else - red " FAIL: $name (expected HTTP $expected, got HTTP $actual)" - FAIL=$((FAIL + 1)) - fi -} -skip_test() { - yellow " SKIP: "$1" ($2)" - SKIP=$((SKIP + 1)) -} -echo "═══════════════════════════════════════════════════════════════" -echo " affinescript-vite — End-to-End Tests" -echo "═══════════════════════════════════════════════════════════════" -echo "" -bold "Preflight checks" -echo "" -echo "" -echo "═══════════════════════════════════════════════════════════════" -printf " Results: " -green "PASS="$PASS"" | tr -d '\n' -printf " " -if [ "$FAIL" -gt 0 ]; then red "FAIL="$FAIL"" | tr -d '\n'; else printf "FAIL=0"; fi -printf " " -if [ "$SKIP" -gt 0 ]; then yellow "SKIP="$SKIP""; else echo "SKIP=0"; fi -echo "═══════════════════════════════════════════════════════════════" -exit "$FAIL" diff --git a/road-skate/tests/e2e/template_instantiation_test.sh b/road-skate/tests/e2e/template_instantiation_test.sh deleted file mode 100755 index 5bcfd505..00000000 --- a/road-skate/tests/e2e/template_instantiation_test.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -euo pipefail -TEMPLATE_ROOT="${1:-.}" -TEST_DIR=$(mktemp -d) -# directory already created -trap 'rm -rf "$TEST_DIR"' EXIT -echo "--- Instantiating ---" -cp -r "$TEMPLATE_ROOT" "$TEST_DIR/repo" -cd "$TEST_DIR/repo" -rm -rf .git -echo "--- Replacing ---" -find . -type f -exec sed -i "s/affinescript-vite/test-project/g" {} + -echo "--- Validating ---" -bash scripts/validate-rsr.sh . -echo "--- Done ---" diff --git a/road-skate/tests/fuzz/README.adoc b/road-skate/tests/fuzz/README.adoc deleted file mode 100644 index 55b92f3a..00000000 --- a/road-skate/tests/fuzz/README.adoc +++ /dev/null @@ -1,112 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 -// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) -= Fuzz Testing -:toc: - -== Status - -This directory is a scaffold for fuzz tests. -**No fuzz harness is configured yet.** Add one when your project has parsers, -deserializers, protocol handlers, or other input-processing code worth fuzzing. - -== Adding Fuzz Tests - -Choose the harness that matches your project's primary language: - -=== Rust (cargo-fuzz / libFuzzer) - -[source,bash] ----- -# Install cargo-fuzz (one-time) -cargo install cargo-fuzz - -# Initialise fuzz targets in this repo -cargo fuzz init - -# Create a target -cargo fuzz add my_target - -# Run -cargo fuzz run my_target -- -max_total_time=300 ----- - -The `cargo fuzz init` command creates `fuzz/Cargo.toml` and `fuzz/fuzz_targets/`. -Move or symlink those into `tests/fuzz/` to keep the RSR directory layout. - -=== Zig (built-in fuzzing, Zig 0.14+) - -[source,zig] ----- -// tests/fuzz/fuzz_parser.zig -const std = @import("std"); - -test "fuzz parser" { - // Zig's built-in fuzz testing - const input = std.testing.fuzzInput(.{}); - // Call your parser with arbitrary input - _ = mylib.parse(input) catch {}; -} ----- - -[source,bash] ----- -zig build test --fuzz ----- - -=== Elixir (stream_data property-based testing) - -[source,elixir] ----- -# mix.exs — add {:stream_data, "~> 1.0", only: :test} - -# tests/fuzz/my_property_test.exs -defmodule MyPropertyTest do - use ExUnit.Case - use ExUnitProperties - - property "parser never crashes on arbitrary input" do - check all input <- binary() do - # Should not raise - MyApp.Parser.parse(input) - end - end -end ----- - -=== ReScript / Deno (fast-check) - -[source,javascript] ----- -// tests/fuzz/fuzz_parser.test.mjs -import fc from "npm:fast-check"; -import { parse } from "../../src/parser.mjs"; - -Deno.test("parser handles arbitrary strings", () => { - fc.assert( - fc.property(fc.string(), (input) => { - // Should not throw - try { parse(input); } catch (_) { /* parse errors OK */ } - }), - { numRuns: 10000 } - ); -}); ----- - -== When to Add Fuzzing - -Fuzz testing is most valuable for code that: - -* Parses untrusted input (file formats, network protocols, user data) -* Deserializes structured data (JSON, binary formats, ASN.1) -* Performs complex string/byte manipulation -* Has safety-critical invariants - -If your project is purely a library of pure functions with typed inputs, -property-based testing (see `tests/property/`) may be more appropriate than -byte-level fuzzing. - -== CI Integration - -Once you have a fuzz harness, add a CI job that runs it for a bounded time -(e.g., 5 minutes) on each PR. This catches regressions without blocking merges -for hours. diff --git a/road-skate/tests/workflows/validate_workflows_test.sh b/road-skate/tests/workflows/validate_workflows_test.sh deleted file mode 100755 index ed4e3971..00000000 --- a/road-skate/tests/workflows/validate_workflows_test.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -euo pipefail -WORKFLOWS_DIR="${1:-.github/workflows}" -ERRORS=0 -WARNINGS=0 -log_error() { echo -e "\033[0;31mERROR\033[0m: $1"; ERRORS=$((ERRORS + 1)); } -log_warning() { echo -e "\033[1;33mWARN\033[0m: $1"; WARNINGS=$((WARNINGS + 1)); } -log_pass() { echo -e "\033[0;32mPASS\033[0m: $1"; } -log_info() { echo -e "\033[0;34mINFO\033[0m: $1"; } -if [ ! -d "$WORKFLOWS_DIR" ]; then - log_error "Workflows directory not found: $WORKFLOWS_DIR" - exit 1 -fi -FILES=$(find "$WORKFLOWS_DIR" \( -name "*.yml" -o -name "*.yaml" \) 2>/dev/null | sort) -COUNT=$(echo "$FILES" | grep -c "." || true) -log_info "Found $COUNT workflow file(s)" -while IFS= read -r f; do - if [ -n "$f" ]; then - name=$(basename "$f") - if head -10 "$f" | grep -q "SPDX-License-Identifier"; then log_pass "$name: SPDX ok"; else log_warning "$name: No SPDX"; fi - if grep -q "^name:" "$f"; then log_pass "$name: Name ok"; else log_error "$name: No name"; fi - fi -done <<< "$FILES" -REQUIRED=("hypatia-scan.yml" "codeql.yml" "scorecard.yml" "quality.yml" "mirror.yml" "instant-sync.yml" "guix-nix-policy.yml" "rsr-antipattern.yml" "security-policy.yml" "wellknown-enforcement.yml" "workflow-linter.yml" "npm-bun-blocker.yml" "ts-blocker.yml" "scorecard-enforcer.yml" "secret-scanner.yml") -FOUND=0 -for r in "${REQUIRED[@]}"; do - if [ -f "$WORKFLOWS_DIR/$r" ]; then log_pass "Found: $r"; FOUND=$((FOUND + 1)); else log_warning "Missing: $r"; fi -done -echo "Found $FOUND/${#REQUIRED[@]} required" -exit "$ERRORS" diff --git a/road-skate/verification/0.1-AI-MANIFEST.a2ml b/road-skate/verification/0.1-AI-MANIFEST.a2ml deleted file mode 100644 index 3435bdb4..00000000 --- a/road-skate/verification/0.1-AI-MANIFEST.a2ml +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "verification-pillar" -level: 1 -parent: "../0-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Primary verification pillar. Contains evidence for correctness, - performance, formal proofs, randomized testing, and aerospace-grade - high-assurance metrics (MC/DC coverage, traceability, safety cases). - -canonical_locations: - tests: "tests/" - benchmarks: "benchmarks/" - proofs: "proofs/" - fuzzing: "fuzzing/" - simulations: "simulations/" - coverage: "coverage/" - traceability: "traceability/" - safety_case: "safety_case/" - -invariants: - - "Evidence MUST be reproducible and documented" - - "High-assurance deployments MUST satisfy traceability and safety_case requirements" diff --git a/road-skate/verification/README.adoc b/road-skate/verification/README.adoc deleted file mode 100644 index f07e7f34..00000000 --- a/road-skate/verification/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Verification Pillar diff --git a/road-skate/verification/benchmarks/0.2-AI-MANIFEST.a2ml b/road-skate/verification/benchmarks/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index d922a4c7..00000000 --- a/road-skate/verification/benchmarks/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "benches-pillar" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Benches pillar. diff --git a/road-skate/verification/benchmarks/README.adoc b/road-skate/verification/benchmarks/README.adoc deleted file mode 100644 index 5db76486..00000000 --- a/road-skate/verification/benchmarks/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Benchmarks Unit diff --git a/road-skate/verification/coverage/0.2-AI-MANIFEST.a2ml b/road-skate/verification/coverage/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 32b819e4..00000000 --- a/road-skate/verification/coverage/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "verification-unit-coverage" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - High-assurance verification unit for coverage. - Critical for safety-of-life and aerospace-grade deployment standards. diff --git a/road-skate/verification/coverage/README.adoc b/road-skate/verification/coverage/README.adoc deleted file mode 100644 index 25669569..00000000 --- a/road-skate/verification/coverage/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Coverage Unit diff --git a/road-skate/verification/fuzzing/0.2-AI-MANIFEST.a2ml b/road-skate/verification/fuzzing/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 5178d400..00000000 --- a/road-skate/verification/fuzzing/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "fuzzing-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Fuzzing unit for high-rigor verification. diff --git a/road-skate/verification/fuzzing/README.adoc b/road-skate/verification/fuzzing/README.adoc deleted file mode 100644 index edeb1792..00000000 --- a/road-skate/verification/fuzzing/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Fuzzing Unit diff --git a/road-skate/verification/proofs/0.2-AI-MANIFEST.a2ml b/road-skate/verification/proofs/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 135e181b..00000000 --- a/road-skate/verification/proofs/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "verification-unit-proofs" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Sub-unit focusing on proofs. diff --git a/road-skate/verification/proofs/README.adoc b/road-skate/verification/proofs/README.adoc deleted file mode 100644 index 29cf7e8a..00000000 --- a/road-skate/verification/proofs/README.adoc +++ /dev/null @@ -1,59 +0,0 @@ -= Formal Verification Proofs -// SPDX-License-Identifier: MPL-2.0 - -This directory contains formal proofs organised by proof assistant. - -== Directory Structure - -[source] ----- -proofs/ -├── idris2/ # Idris2 proofs (ABI, dependent types) -│ ├── ABI/ # ABI-specific proofs (mandatory) -│ │ ├── Pointers.idr # Non-null pointer safety -│ │ ├── Layout.idr # Memory layout correctness -│ │ ├── Platform.idr # Platform type size proofs -│ │ ├── Foreign.idr # FFI return type proofs -│ │ └── Compliance.idr # C ABI compliance -│ └── Types.idr # Core data type well-formedness -├── lean4/ # Lean4 proofs (algebra, lattices) -│ └── ApiTypes.lean -├── agda/ # Agda proofs (induction, metatheory) -│ └── Properties.agda -├── coq/ # Coq proofs (type systems, compilation) -│ └── TypeSafety.v -└── tlaplus/ # TLA+ specs (distributed protocols) - └── StateMachine.tla ----- - -== Verification Commands - -[source,bash] ----- -just proof-check-all # Run all proof checkers -just proof-check-idris2 # Idris2 only -just proof-check-lean4 # Lean4 only -just proof-check-agda # Agda only -just proof-check-coq # Coq only ----- - -== Banned Patterns - -The following MUST NOT appear in any proof file: - -- `believe_me` (Idris2) -- `assert_total` (Idris2) -- `postulate` (Idris2/Agda) -- `sorry` (Lean4) -- `Admitted` (Coq) -- `unsafeCoerce` (Haskell) - -CI enforces this via `panic-attack assail --proofs-only`. - -== Adding New Proofs - -1. Choose the appropriate prover (see PROOF-NEEDS.md) -2. Create the `.idr`/`.lean`/`.agda`/`.v`/`.tla` file in the right directory -3. Ensure `%default total` (Idris2) or equivalent -4. Run the verification command -5. Update PROOF-STATUS.md diff --git a/road-skate/verification/proofs/agda/Properties.agda b/road-skate/verification/proofs/agda/Properties.agda deleted file mode 100644 index d78d9d0f..00000000 --- a/road-skate/verification/proofs/agda/Properties.agda +++ /dev/null @@ -1,37 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- Agda Proof Template: Inductive and coinductive properties --- Replace with your project's domain-specific proofs. --- All proofs must be total (no postulate, no {-# TERMINATING #-}). - -module Properties where - -open import Data.Nat using (ℕ; zero; suc; _+_; _≤_; z≤n; s≤s; _<_) -open import Data.Nat.Properties using (+-comm; +-assoc; ≤-refl; ≤-trans) -open import Data.List using (List; []; _∷_; length; _++_) -open import Data.List.Properties using (length-++ ) -open import Relation.Binary.PropositionalEquality using (_≡_; refl; cong; sym; trans) - --- Example: Proof that list append preserves total length --- Replace with your project's domain proofs. - -append-length : ∀ {A : Set} (xs ys : List A) → - length (xs ++ ys) ≡ length xs + length ys -append-length xs ys = length-++ xs - --- Example: Monotonicity proof template --- Use for state machines, confidence scores, trust levels -record Monotone {A : Set} (_≤A_ : A → A → Set) (f : A → A) : Set where - field - preserves : ∀ {x y} → x ≤A y → f x ≤A f y - --- Example: Idempotence proof template --- Use for normalisation, deduplication, formatting -record Idempotent {A : Set} (_≡A_ : A → A → Set) (f : A → A) : Set where - field - idem : ∀ (x : A) → f (f x) ≡A f x - --- Example: Natural number successor is monotone -suc-monotone : Monotone _≤_ suc -suc-monotone = record { preserves = s≤s } diff --git a/road-skate/verification/proofs/coq/TypeSafety.v b/road-skate/verification/proofs/coq/TypeSafety.v deleted file mode 100644 index 8f5b4189..00000000 --- a/road-skate/verification/proofs/coq/TypeSafety.v +++ /dev/null @@ -1,73 +0,0 @@ -(* SPDX-License-Identifier: MPL-2.0 *) -(* Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) *) -(* - Coq Proof Template: Type system soundness - Replace with your project's type system proofs. - All proofs must be complete — NO Admitted allowed. -*) - -Require Import Coq.Lists.List. -Require Import Coq.Arith.Arith. -Require Import Coq.Bool.Bool. -Import ListNotations. - -(** * Example: Simple expression language with type safety *) -(** Replace this entire section with your project's type system. *) - -(** Types *) -Inductive ty : Type := - | TyNat : ty - | TyBool : ty. - -(** Expressions *) -Inductive expr : Type := - | EConst : nat -> expr - | ETrue : expr - | EFalse : expr - | EPlus : expr -> expr -> expr - | EEq : expr -> expr -> expr. - -(** Values *) -Inductive value : Type := - | VNat : nat -> value - | VBool : bool -> value. - -(** Typing relation *) -Inductive has_type : expr -> ty -> Prop := - | T_Const : forall n, has_type (EConst n) TyNat - | T_True : has_type ETrue TyBool - | T_False : has_type EFalse TyBool - | T_Plus : forall e1 e2, - has_type e1 TyNat -> has_type e2 TyNat -> - has_type (EPlus e1 e2) TyNat - | T_Eq : forall e1 e2, - has_type e1 TyNat -> has_type e2 TyNat -> - has_type (EEq e1 e2) TyBool. - -(** Evaluation *) -Inductive eval : expr -> value -> Prop := - | E_Const : forall n, eval (EConst n) (VNat n) - | E_True : eval ETrue (VBool true) - | E_False : eval EFalse (VBool false) - | E_Plus : forall e1 e2 n1 n2, - eval e1 (VNat n1) -> eval e2 (VNat n2) -> - eval (EPlus e1 e2) (VNat (n1 + n2)) - | E_Eq : forall e1 e2 n1 n2, - eval e1 (VNat n1) -> eval e2 (VNat n2) -> - eval (EEq e1 e2) (VBool (Nat.eqb n1 n2)). - -(** Value typing *) -Definition value_has_type (v : value) (t : ty) : Prop := - match v, t with - | VNat _, TyNat => True - | VBool _, TyBool => True - | _, _ => False - end. - -(** Type soundness: well-typed expressions evaluate to well-typed values *) -Theorem type_soundness : forall e t v, - has_type e t -> eval e v -> value_has_type v t. -Proof. - intros e t v Htype Heval. - induction Htype; inversion Heval; subst; simpl; auto. -Qed. diff --git a/road-skate/verification/proofs/idris2/ABI/Compliance.idr b/road-skate/verification/proofs/idris2/ABI/Compliance.idr deleted file mode 100644 index 15858d61..00000000 --- a/road-skate/verification/proofs/idris2/ABI/Compliance.idr +++ /dev/null @@ -1,41 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- ABI Proof: C ABI compliance --- Proves that struct layouts are C ABI compliant. --- All proofs MUST be constructive (no b_me, no a_total). - -module ABI.Compliance - -import ABI.Layout -import ABI.Platform - -%default total - -||| Evidence that every field in a layout is correctly aligned. -public export -data AllFieldsAligned : List StructField -> Type where - AFANil : AllFieldsAligned [] - AFACons : FieldAligned f -> AllFieldsAligned fs -> AllFieldsAligned (f :: fs) - -||| Evidence that every field is within the struct bounds. -public export -data AllFieldsInBounds : (size : Nat) -> List StructField -> Type where - AFBNil : AllFieldsInBounds size [] - AFBCons : FieldInBounds size f -> AllFieldsInBounds size fs -> AllFieldsInBounds size (f :: fs) - -||| A struct layout is C ABI compliant when: -||| 1. All fields are aligned to their natural alignment -||| 2. All fields are within bounds of the struct size -||| 3. The struct size is a multiple of the struct alignment -public export -record CABICompliant (layout : StructLayout) where - constructor MkCompliant - fieldsAligned : AllFieldsAligned (layoutFields layout) - fieldsInBounds : AllFieldsInBounds (layoutSize layout) (layoutFields layout) - sizeAligned : modNatNZ (layoutSize layout) (layoutAlignment layout) SIsNonZero = 0 - -||| An empty struct is trivially compliant (size=1, alignment=1). -export -emptyStructCompliant : CABICompliant (MkLayout "empty" [] 1 1) -emptyStructCompliant = MkCompliant AFANil AFBNil Refl diff --git a/road-skate/verification/proofs/idris2/ABI/Foreign.idr b/road-skate/verification/proofs/idris2/ABI/Foreign.idr deleted file mode 100644 index 4d577528..00000000 --- a/road-skate/verification/proofs/idris2/ABI/Foreign.idr +++ /dev/null @@ -1,53 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- ABI Proof: FFI function return type proofs --- Proves that all FFI functions return expected types. --- All proofs MUST be constructive (no b_me, no a_total). - -module ABI.Foreign - -%default total - -||| Result type for FFI operations. -||| All FFI functions must return through this type. -public export -data FFIResult : Type -> Type where - FFISuccess : (value : a) -> FFIResult a - FFIError : (code : Int) -> (msg : String) -> FFIResult a - -||| Proof that FFIResult is a functor (map preserves structure). -export -mapFFIResult : (a -> b) -> FFIResult a -> FFIResult b -mapFFIResult f (FFISuccess value) = FFISuccess (f value) -mapFFIResult f (FFIError code msg) = FFIError code msg - -||| Proof that mapping identity preserves the result. -export -mapIdPreserves : (r : FFIResult a) -> mapFFIResult Prelude.id r = r -mapIdPreserves (FFISuccess value) = Refl -mapIdPreserves (FFIError code msg) = Refl - -||| An FFI function specification: name, argument types, return type. -public export -record FFISpec where - constructor MkFFISpec - ffiName : String - ffiReturnType : Type - -||| Proof that an FFI spec has a specific return type. -||| Use this to verify at compile time that FFI functions return the -||| types we expect across the C ABI boundary. -public export -FFIReturns : FFISpec -> Type -> Type -FFIReturns spec ty = ffiReturnType spec = ty - -||| C calling convention marker. -||| Proofs about calling convention compatibility. -public export -data CallingConv = CDecl | StdCall | FastCall - -||| All hyperpolymath FFI uses CDecl. -public export -defaultCallingConv : CallingConv -defaultCallingConv = CDecl diff --git a/road-skate/verification/proofs/idris2/ABI/Layout.idr b/road-skate/verification/proofs/idris2/ABI/Layout.idr deleted file mode 100644 index 84fd6c06..00000000 --- a/road-skate/verification/proofs/idris2/ABI/Layout.idr +++ /dev/null @@ -1,63 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- ABI Proof: Memory layout correctness --- Proves struct size, alignment, and padding properties. --- All proofs MUST be constructive (no b_me, no a_total). - -module ABI.Layout - -%default total - -||| Witness that a type has a known size in bytes at compile time. -public export -interface HasSize (ty : Type) where - sizeOf : Nat - -||| Witness that a type has a known alignment in bytes. -public export -interface HasAlignment (ty : Type) where - alignOf : Nat - -||| Calculate padding needed to reach the next aligned offset. -||| paddingFor offset alignment = bytes to add so (offset + padding) `mod` alignment == 0 -public export -paddingFor : (offset : Nat) -> (alignment : Nat) -> {auto 0 ok : NonZero alignment} -> Nat -paddingFor offset alignment = let r = modNatNZ offset alignment ok - in case r of - Z => Z - (S _) => minus alignment r - -||| Proof that an offset with zero remainder needs zero padding. -export -alignedNeedsPadding : (n : Nat) -> (a : Nat) -> {auto 0 ok : NonZero a} -> - modNatNZ n a ok = 0 -> paddingFor n a = 0 -alignedNeedsPadding n a prf = rewrite prf in Refl - -||| A field within a struct, carrying its offset and size. -public export -record StructField where - constructor MkField - fieldName : String - fieldOffset : Nat - fieldSize : Nat - fieldAlignment : Nat - -||| Proof that a field is correctly aligned within a struct. -public export -FieldAligned : StructField -> Type -FieldAligned f = modNatNZ (fieldOffset f) (fieldAlignment f) SIsNonZero = 0 - -||| Proof that a field does not overflow past a given struct size. -public export -FieldInBounds : (structSize : Nat) -> StructField -> Type -FieldInBounds sz f = LTE (fieldOffset f + fieldSize f) sz - -||| A struct layout is a list of fields with a total size. -public export -record StructLayout where - constructor MkLayout - layoutName : String - layoutFields : List StructField - layoutSize : Nat - layoutAlignment : Nat diff --git a/road-skate/verification/proofs/idris2/ABI/Platform.idr b/road-skate/verification/proofs/idris2/ABI/Platform.idr deleted file mode 100644 index 6d4ff9fa..00000000 --- a/road-skate/verification/proofs/idris2/ABI/Platform.idr +++ /dev/null @@ -1,63 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- ABI Proof: Platform-specific type size proofs --- Proves that C type sizes are correct per platform. --- All proofs MUST be constructive (no b_me, no a_total). - -module ABI.Platform - -%default total - -||| Supported target platforms for ABI verification. -public export -data Platform = Linux64 | LinuxARM64 | MacOS64 | MacOSARM64 - | Windows64 | FreeBSD64 | WASM32 - -||| Pointer size in bytes for each platform. -public export -ptrSize : Platform -> Nat -ptrSize WASM32 = 4 -ptrSize _ = 8 - -||| C `int` size in bytes. -public export -cIntSize : Platform -> Nat -cIntSize _ = 4 - -||| C `size_t` size in bytes (matches pointer size). -public export -cSizeT : Platform -> Nat -cSizeT = ptrSize - -||| Proof that size_t always equals pointer size on all platforms. -export -sizeTEqPtrSize : (p : Platform) -> cSizeT p = ptrSize p -sizeTEqPtrSize _ = Refl - -||| Proof that pointer size is always 4 or 8 bytes. -export -ptrSizeValid : (p : Platform) -> Either (ptrSize p = 4) (ptrSize p = 8) -ptrSizeValid WASM32 = Left Refl -ptrSizeValid Linux64 = Right Refl -ptrSizeValid LinuxARM64 = Right Refl -ptrSizeValid MacOS64 = Right Refl -ptrSizeValid MacOSARM64 = Right Refl -ptrSizeValid Windows64 = Right Refl -ptrSizeValid FreeBSD64 = Right Refl - -||| Proof that C int is always 4 bytes on all platforms. -export -cIntAlways4 : (p : Platform) -> cIntSize p = 4 -cIntAlways4 _ = Refl - -||| Proof that pointer size is always at least 4 bytes. -export -ptrSizeAtLeast4 : (p : Platform) -> LTE 4 (ptrSize p) -ptrSizeAtLeast4 WASM32 = lteRefl -ptrSizeAtLeast4 Linux64 = lteSuccRight (lteSuccRight (lteSuccRight (lteSuccRight lteRefl))) -ptrSizeAtLeast4 LinuxARM64 = lteSuccRight (lteSuccRight (lteSuccRight (lteSuccRight lteRefl))) -ptrSizeAtLeast4 MacOS64 = lteSuccRight (lteSuccRight (lteSuccRight (lteSuccRight lteRefl))) -ptrSizeAtLeast4 MacOSARM64 = lteSuccRight (lteSuccRight (lteSuccRight (lteSuccRight lteRefl))) -ptrSizeAtLeast4 Windows64 = lteSuccRight (lteSuccRight (lteSuccRight (lteSuccRight lteRefl))) -ptrSizeAtLeast4 FreeBSD64 = lteSuccRight (lteSuccRight (lteSuccRight (lteSuccRight lteRefl))) diff --git a/road-skate/verification/proofs/idris2/ABI/Pointers.idr b/road-skate/verification/proofs/idris2/ABI/Pointers.idr deleted file mode 100644 index 0f695990..00000000 --- a/road-skate/verification/proofs/idris2/ABI/Pointers.idr +++ /dev/null @@ -1,52 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- ABI Proof: Non-null pointer safety --- Template proof — customise for your project's pointer types. --- All proofs MUST be constructive (no b_me, no a_total). - -module ABI.Pointers - -import Data.So - -%default total - -||| A pointer value that has been proven non-null. -||| The `So` constraint carries a compile-time witness that `ptr /= 0`. -public export -record SafePtr where - constructor MkSafePtr - ptr : Bits64 - {auto 0 nonNull : So (ptr /= 0)} - -||| Proof that SafePtr can never hold a null (zero) value. -||| This is enforced by the `So` constraint in the record. -export -safePtrNeverNull : (sp : SafePtr) -> So (sp.ptr /= 0) -safePtrNeverNull sp = sp.nonNull - -||| Wrap a raw pointer with a runtime null check. -||| Returns Nothing if the pointer is null. -export -checkPtr : (raw : Bits64) -> Maybe SafePtr -checkPtr 0 = Nothing -checkPtr raw = case choose (raw /= 0) of - Left prf => Just (MkSafePtr raw) - Right _ => Nothing - -||| Proof that checkPtr 0 always returns Nothing. -export -checkPtrZeroIsNothing : checkPtr 0 = Nothing -checkPtrZeroIsNothing = Refl - -||| An opaque handle backed by a non-null pointer. -||| Use this for FFI resource handles (file descriptors, sockets, etc.). -public export -record Handle (tag : String) where - constructor MkHandle - safePtr : SafePtr - -||| Proof that two handles with equal pointers are equal. -export -handlePtrEq : (h1, h2 : Handle tag) -> h1.safePtr.ptr = h2.safePtr.ptr -> h1 = h2 -handlePtrEq (MkHandle (MkSafePtr p)) (MkHandle (MkSafePtr p)) Refl = Refl diff --git a/road-skate/verification/proofs/idris2/Types.idr b/road-skate/verification/proofs/idris2/Types.idr deleted file mode 100644 index df3497d6..00000000 --- a/road-skate/verification/proofs/idris2/Types.idr +++ /dev/null @@ -1,38 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- Typing Proof: Core data type well-formedness --- Template — replace with your project's core types. --- All proofs MUST be constructive (no b_me, no a_total). - -module Types - -%default total - -||| Example: A bounded natural number (0 to max). -||| Replace with your project's core types. -public export -record Bounded (max : Nat) where - constructor MkBounded - value : Nat - {auto 0 inBounds : LTE value max} - -||| Proof that a Bounded value is always <= max. -export -boundedLeMax : (b : Bounded max) -> LTE b.value max -boundedLeMax b = b.inBounds - -||| Proof that zero is always a valid Bounded value. -export -zeroIsBounded : {max : Nat} -> Bounded (S max) -zeroIsBounded = MkBounded 0 - -||| Example: A non-empty list with a compile-time guarantee. -public export -data NonEmpty : List a -> Type where - IsNonEmpty : NonEmpty (x :: xs) - -||| Proof that cons always produces a non-empty list. -export -consIsNonEmpty : (x : a) -> (xs : List a) -> NonEmpty (x :: xs) -consIsNonEmpty _ _ = IsNonEmpty diff --git a/road-skate/verification/proofs/lean4/ApiTypes.lean b/road-skate/verification/proofs/lean4/ApiTypes.lean deleted file mode 100644 index 9ed78b77..00000000 --- a/road-skate/verification/proofs/lean4/ApiTypes.lean +++ /dev/null @@ -1,44 +0,0 @@ --- SPDX-License-Identifier: MPL-2.0 --- Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) --- --- Typing Proof: Public API type safety --- Template — replace with your project's API types. --- Proves properties about exported function signatures. - --- Example: Result type used across API boundaries -inductive ApiResult (α : Type) where - | ok : α → ApiResult α - | error : Nat → String → ApiResult α - -namespace ApiResult - -- Proof: map preserves structure (functor law: map id = id) - def map (f : α → β) : ApiResult α → ApiResult β - | .ok v => .ok (f v) - | .error c m => .error c m - - theorem map_id : ∀ (r : ApiResult α), map id r = r := by - intro r - cases r with - | ok v => simp [map] - | error c m => simp [map] - - -- Proof: map composition (functor law: map (g ∘ f) = map g ∘ map f) - theorem map_comp (f : α → β) (g : β → γ) : - ∀ (r : ApiResult α), map (g ∘ f) r = map g (map f r) := by - intro r - cases r with - | ok v => simp [map, Function.comp] - | error c m => simp [map] - --- Example: Bounded confidence value (0.0 to 1.0 modelled as Nat/1000) --- Replace with your project's numeric invariants -structure BoundedNat (max : Nat) where - val : Nat - le_max : val ≤ max - -theorem bounded_nat_le (b : BoundedNat max) : b.val ≤ max := - b.le_max - --- Proof: zero is always bounded -def zeroBounded (h : 0 < max) : BoundedNat max := - ⟨0, Nat.zero_le max⟩ diff --git a/road-skate/verification/proofs/tlaplus/StateMachine.tla b/road-skate/verification/proofs/tlaplus/StateMachine.tla deleted file mode 100644 index f3484947..00000000 --- a/road-skate/verification/proofs/tlaplus/StateMachine.tla +++ /dev/null @@ -1,91 +0,0 @@ ---------------------------- MODULE StateMachine ---------------------------- -(* SPDX-License-Identifier: MPL-2.0 *) -(* Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) *) -(* *) -(* TLA+ Specification Template: State Machine *) -(* Replace with your project's distributed protocol or state machine. *) -(* Use TLC model checker to verify properties. *) -(* *) -(* Example: A simple request pipeline with safety properties. *) -(* Replace States, Init, Next with your project's actual states. *) -(***************************************************************************) - -EXTENDS Naturals, Sequences, FiniteSets - -CONSTANTS - MaxRequests \* Upper bound on concurrent requests (for model checking) - -VARIABLES - state, \* Current pipeline state - processed, \* Number of processed requests - queue \* Request queue - -vars == <> - -\* Pipeline states — replace with your project's states -States == {"idle", "scanning", "routing", "dispatching", "done", "failed"} - -\* Valid transitions — replace with your project's transition rules -ValidTransition(from, to) == - \/ from = "idle" /\ to = "scanning" - \/ from = "scanning" /\ to = "routing" - \/ from = "scanning" /\ to = "failed" - \/ from = "routing" /\ to = "dispatching" - \/ from = "routing" /\ to = "failed" - \/ from = "dispatching" /\ to = "done" - \/ from = "dispatching" /\ to = "failed" - \/ from = "done" /\ to = "idle" - \/ from = "failed" /\ to = "idle" - -\* Initial state -Init == - /\ state = "idle" - /\ processed = 0 - /\ queue = <<>> - -\* Transition action -Transition(newState) == - /\ ValidTransition(state, newState) - /\ state' = newState - /\ IF newState = "done" - THEN processed' = processed + 1 - ELSE processed' = processed - /\ UNCHANGED queue - -\* Enqueue a request (only when idle or scanning) -Enqueue == - /\ state \in {"idle", "scanning"} - /\ Len(queue) < MaxRequests - /\ queue' = Append(queue, "request") - /\ UNCHANGED <> - -\* Next-state relation -Next == - \/ \E s \in States : Transition(s) - \/ Enqueue - -\* Fairness: the system must eventually process -Spec == Init /\ [][Next]_vars /\ WF_vars(Next) - -\* ---- SAFETY PROPERTIES ---- - -\* State is always valid -TypeInvariant == state \in States - -\* Processed count never decreases (monotonicity) -ProcessedMonotonic == processed >= 0 - -\* Queue never exceeds max -QueueBounded == Len(queue) <= MaxRequests - -\* No impossible transitions (e.g., idle -> done) -NoSkipStates == - [][state' # state => - ValidTransition(state, state')]_state - -\* ---- LIVENESS PROPERTIES ---- - -\* Every request eventually completes or fails -EventualCompletion == <>(state = "done" \/ state = "failed") - -============================================================================ diff --git a/road-skate/verification/safety_case/0.2-AI-MANIFEST.a2ml b/road-skate/verification/safety_case/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index d461915b..00000000 --- a/road-skate/verification/safety_case/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "verification-unit-safety_case" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - High-assurance verification unit for safety case. - Critical for safety-of-life and aerospace-grade deployment standards. diff --git a/road-skate/verification/safety_case/README.adoc b/road-skate/verification/safety_case/README.adoc deleted file mode 100644 index 47c8e368..00000000 --- a/road-skate/verification/safety_case/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Safety case Unit diff --git a/road-skate/verification/simulations/0.2-AI-MANIFEST.a2ml b/road-skate/verification/simulations/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index f890ecac..00000000 --- a/road-skate/verification/simulations/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "simulations-unit" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - Simulations unit for high-rigor verification. diff --git a/road-skate/verification/simulations/README.adoc b/road-skate/verification/simulations/README.adoc deleted file mode 100644 index 8e1b13aa..00000000 --- a/road-skate/verification/simulations/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Simulations Unit diff --git a/road-skate/verification/tests/0.2-AI-MANIFEST.a2ml b/road-skate/verification/tests/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 0008fcfa..00000000 --- a/road-skate/verification/tests/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1 +0,0 @@ -# AI Manifest - Level 1: tests diff --git a/road-skate/verification/tests/README.adoc b/road-skate/verification/tests/README.adoc deleted file mode 100644 index 344bf862..00000000 --- a/road-skate/verification/tests/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Tests Unit diff --git a/road-skate/verification/traceability/0.2-AI-MANIFEST.a2ml b/road-skate/verification/traceability/0.2-AI-MANIFEST.a2ml deleted file mode 100644 index 96677665..00000000 --- a/road-skate/verification/traceability/0.2-AI-MANIFEST.a2ml +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: MPL-2.0 ---- -### [META] -id: "verification-unit-traceability" -level: 2 -parent: "../0.1-AI-MANIFEST.a2ml" - ---- -### [AI_MANIFEST] -description: | - High-assurance verification unit for traceability. - Critical for safety-of-life and aerospace-grade deployment standards. diff --git a/road-skate/verification/traceability/README.adoc b/road-skate/verification/traceability/README.adoc deleted file mode 100644 index ff23dd75..00000000 --- a/road-skate/verification/traceability/README.adoc +++ /dev/null @@ -1 +0,0 @@ -= Traceability Unit diff --git a/road-skate/vite.config.js b/road-skate/vite.config.js deleted file mode 100644 index a98d85b8..00000000 --- a/road-skate/vite.config.js +++ /dev/null @@ -1,18 +0,0 @@ -import { defineConfig } from 'vite'; -import affinePlugin from './src/index.js'; - -export default defineConfig({ - plugins: [ - affinePlugin() - ], - build: { - lib: { - entry: './src/index.js', - name: 'AffineScriptVite', - fileName: (format) => `affinescript-vite.${format}.js` - }, - rollupOptions: { - external: ['vite'] - } - } -});