chore(license): replace 14 subdir LICENSEs + flip 446 SPDX stamps (Phase 4)#106
Merged
Merged
Conversation
… LICENSE+SPDX combined; rescript-vite excluded) See PR description for full subdir list + verification. rescript-vite excluded pending fork-vs-local classification. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later OR PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 OR PMPL-1.0-or-later | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later OR PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 OR PMPL-1.0-or-later | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later OR PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 OR PMPL-1.0-or-later | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: PMPL-1.0-or-later OR PMPL-1.0-or-later | |||
| // SPDX-License-Identifier: MPL-2.0 OR PMPL-1.0-or-later | |||
🔍 Hypatia Security ScanFindings: 810 issues detected
View findings[
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "missing_timeout_minutes",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
🔍 Hypatia Security ScanFindings: 860 issues detected
View findings[
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "missing_timeout_minutes",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
that referenced
this pull request
Jun 2, 2026
Closes the rescript-vite EXCLUDED carve-out from dev-ecosystem Phase 4 (#106). ## Classification Verified **owner-authored, NOT a fork**: - package.json author = Jonathan D.A. Jewell - README SPDX-FileCopyrightText = hyperpolymath - Description references owner-internal projects (BoJ, ssg-mcp cartridge) - Upstream zth/rescript-vite returns 404 (does not exist at that path) - No hyperpolymath/rescript-vite standalone either (this is the only copy) So rescript-vite is a dev-ecosystem-local sub-project, treated same as Phase 4 (own LICENSE + SPDX flipped together to MPL-2.0). ## Scope (~97 files) - 1 LICENSE file replaced (PMPL-1.0-or-later → MPL-2.0 canonical text from dev-ecosystem root) - 96 source SPDX flips (PMPL-1.0-or-later → MPL-2.0) After this PR: only rescript-tea (likely upstream fork) + affinescript-vite (deferred) + idaptik-rescript13-staging (AGPL-inherit) + submodules + check-in copies remain excluded. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/standards
that referenced
this pull request
Jun 2, 2026
…-or-later (Phase 2) (#345) ## Summary Phase 2 of the standards PMPL→AGPL-3.0-or-later sweep. Companion to #344 (Phase 1). This PR covers the **7 standards-local sub-projects** that have their own PMPL-1.0-or-later LICENSE files. LICENSE+SPDX flipped together to align with standards parent's AGPL-3.0-or-later (per [[standards_agpl_intentional]] memory; standards is category 3, son-shared). ## Why standards-local (not standalones) Verified via `gh api repos/hyperpolymath/<name>` that none of these 7 sub-projects exist as standalone GitHub repos — they're standards-local sub-specifications. ## Scope (2,724 files) **7 subdir LICENSE files replaced** (PMPL-1.0-or-later → AGPL-3.0-or-later canonical text from standards root): - `a2ml/` — 1,171 source SPDX - `k9-svc/` — 1,160 source SPDX - `rhodium-standard-repositories/` — 122 - `0-ai-gatekeeper-protocol/` — 107 - `lol/` — 105 - `axel-protocol/` — 49 - `outreach/` — 10 **2,717 source files** flipped `PMPL-1.0-or-later` → `AGPL-3.0-or-later`. ## Explicitly EXCLUDED (still) - **`avow-protocol/`** (90) — check-in copy of `hyperpolymath/avow-protocol` standalone - **`consent-aware-http/`** (39) — special hybrid licensing per owner directive 2026-06-02 (MPL-2.0 source + CC-BY-4.0 spec + PMPL-2.0-or-later reference). Phase 3. ## Pattern this PR follows - `hyperpolymath/developer-ecosystem#106` (Phase 4 LICENSE+SPDX shape) - **First time** the destination is AGPL not MPL ## Verification ```sh for d in a2ml k9-svc rhodium-standard-repositories 0-ai-gatekeeper-protocol lol axel-protocol outreach; do head -1 "$d/LICENSE"; done # all return: SPDX-License-Identifier: AGPL-3.0-or-later grep -rl 'SPDX-License-Identifier: PMPL-1.0-or-later' a2ml k9-svc rhodium-standard-repositories 0-ai-gatekeeper-protocol lol axel-protocol outreach # returns: 0 files ``` ## Why draft LICENSE replacements + first-of-kind AGPL destination; owner sight before merge. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 4 of the developer-ecosystem PMPL→MPL-2.0 sweep. Companion to #103/#104/#105.
This PR covers the 14 dev-ecosystem sub-projects that have their own PMPL-1.0-or-later LICENSE files (a more invasive change than the SPDX-only flips in earlier phases — LICENSE file content is also replaced).
Why these sub-projects, not standalone repos
Verified via
gh api repos/hyperpolymath/<name>that none of these 14 sub-projects have standalone GitHub repos — they're dev-ecosystem-local (unlike the iser-tools/* or *iser standalones). So fixing them in dev-ecosystem is the right place — no risk of divergence from a parallel standalone.Scope
14 subdir LICENSE files replaced (PMPL-1.0-or-later → MPL-2.0 canonical text, sourced from the dev-ecosystem root
LICENSE):devkit-risc-v/,synapse/,bridge-nginx-zig/,techstack-enforcer/,riscv-guix-buildsys/,idris2-ecosystem/,packages/,opm-canonicalizer/,czech-file-knife/,dnfinition/,well-known-ecosystem/,aggregate-library/,deno-ecosystem/,rescript-ecosystem/rescript-dom-mounter/Source SPDX flips (count below — see verification).
Explicitly EXCLUDED from this PR
rescript-ecosystem/rescript-vite/— EXCLUDED as potential upstream ReScript-Vite fork (same precautionary stance asrescript-tea/andaffinescript-vite/). Owner-flagged 2026-06-02. Will be revisited separately after fork-vs-local classification.Verification
Why draft
LICENSE file replacements are more invasive than SPDX flips. Owner sight before merge.
Pattern this PR follows
neurophone#102for the SPDX-flip mechanicsiser-tools/(chore(license): flip 5039 PMPL→MPL-2.0 stamps in iser-tools/ (Phase 2) #104), but with the additional LICENSE-file steprescript-vite/deliberately deferred for fork-vs-local classification🤖 Generated with Claude Code