chore(license): flip 1465 PMPL→MPL-2.0 stamps (Phase 3 — SPDX-only safe subdirs)#105
Merged
Merged
Conversation
…ly safe subdirs) See PR description for full scope + exclusions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hypatia found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
🔍 Hypatia Security ScanFindings: 810 issues detected
View findings[
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "missing_timeout_minutes",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
that referenced
this pull request
Jun 2, 2026
…ase 4) (#106) ## Summary Phase 4 of the developer-ecosystem PMPL→MPL-2.0 sweep. Companion to #103/#104/#105. This PR covers the **14 dev-ecosystem sub-projects that have their own PMPL-1.0-or-later LICENSE files** (a more invasive change than the SPDX-only flips in earlier phases — LICENSE file content is also replaced). ## Why these sub-projects, not standalone repos Verified via `gh api repos/hyperpolymath/<name>` that **none of these 14 sub-projects have standalone GitHub repos** — they're dev-ecosystem-local (unlike the iser-tools/* or *iser standalones). So fixing them in dev-ecosystem is the right place — no risk of divergence from a parallel standalone. ## Scope **14 subdir LICENSE files replaced** (PMPL-1.0-or-later → MPL-2.0 canonical text, sourced from the dev-ecosystem root `LICENSE`): - `devkit-risc-v/`, `synapse/`, `bridge-nginx-zig/`, `techstack-enforcer/`, `riscv-guix-buildsys/`, `idris2-ecosystem/`, `packages/`, `opm-canonicalizer/`, `czech-file-knife/`, `dnfinition/`, `well-known-ecosystem/`, `aggregate-library/`, `deno-ecosystem/`, `rescript-ecosystem/rescript-dom-mounter/` **Source SPDX flips** (count below — see verification). ## Explicitly EXCLUDED from this PR - `rescript-ecosystem/rescript-vite/` — **EXCLUDED** as potential upstream ReScript-Vite fork (same precautionary stance as `rescript-tea/` and `affinescript-vite/`). Owner-flagged 2026-06-02. Will be revisited separately after fork-vs-local classification. ## Verification ```sh # All 14 Phase 4 subdir LICENSEs now MPL-2.0: for d in <14 phase-4 subdirs>; do head -1 "$d/LICENSE"; done # all return: SPDX-License-Identifier: MPL-2.0 # Source SPDX in Phase 4 scope: grep -rl 'SPDX-License-Identifier: PMPL-1.0-or-later' <14 phase-4 subdirs> # returns: 0 files ``` ## Why draft LICENSE file replacements are more invasive than SPDX flips. Owner sight before merge. ## Pattern this PR follows - `neurophone#102` for the SPDX-flip mechanics - Same care-bracketing as `iser-tools/` (#104), but with the additional LICENSE-file step - `rescript-vite/` deliberately deferred for fork-vs-local classification 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 3 of the developer-ecosystem PMPL→MPL-2.0 sweep. Companion to #103 (Phase 1) and #104 (Phase 2 iser-tools).
This PR covers all dev-ecosystem subdirs where only the source SPDX needs flipping — i.e., subdirs that either have no own LICENSE or already have an MPL-2.0 LICENSE.
Scope (1,465 files)
No own LICENSE (treated as dev-ecosystem topical content):
affinescript-ecosystem/affinescript/— 1 fileaffinescript-ecosystem/affinescript-deno-test/— 11rescript-ecosystem/connectors/— 1rescript-ecosystem/.machine_readable/— 6rescript-ecosystem/ppx-proven-record/— 2rescript-ecosystem/rescript-deno-starter/— 1rescript-ecosystem/rescript-vite-config/— 1rescript-ecosystem/packages/— ~1,062coq-ecosystem/,zig-ecosystem/,ada-ecosystem/,zig-api/— combined ~141Own LICENSE already MPL-2.0 (only SPDX needs alignment):
affinescript-ecosystem/affinescriptiser/— 216rescript-ecosystem/rescript-string-power/— 23Explicitly EXCLUDED from this PR
asdf-augmenters/*hyperpolymath/odds-and-sods-package-manager(opsm); skip per owner direction. opsm is already clean (0 PMPL).affinescript-ecosystem/affinescript-vite/affinescript-ecosystem/rattlescript/hyperpolymath/rattlescriptstandalonerescript-ecosystem/rescript-tea/rescript-ecosystem/idaptik-rescript13-staging/rescript-ecosystem/cadre-router/,cadre-tea-router/hyperpolymath/*standalonesrescript-ecosystem/rescript-evangeliser/satellites/developer-ux/rescript-evangeliser)rescript-ecosystem/rescript/rescript-ecosystem/rescript-dom-mounter/,rescript-vite/v-ecosystem/v-*,satellites/*,julia-ecosystem/,scaffoldia/Why draft
Per-subdir scoping; owner sight on coverage decisions before merge.
Verification
🤖 Generated with Claude Code