Skip to content

chore(license): replace 7 subdir LICENSEs + flip 2717 SPDX → AGPL-3.0-or-later (Phase 2)#345

Merged
hyperpolymath merged 3 commits into
mainfrom
chore/license-phase-2-subdir-license-agpl
Jun 2, 2026
Merged

chore(license): replace 7 subdir LICENSEs + flip 2717 SPDX → AGPL-3.0-or-later (Phase 2)#345
hyperpolymath merged 3 commits into
mainfrom
chore/license-phase-2-subdir-license-agpl

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented Jun 2, 2026

Summary

Phase 2 of the standards PMPL→AGPL-3.0-or-later sweep. Companion to #344 (Phase 1).

This PR covers the 7 standards-local sub-projects that have their own PMPL-1.0-or-later LICENSE files. LICENSE+SPDX flipped together to align with standards parent's AGPL-3.0-or-later (per [[standards_agpl_intentional]] memory; standards is category 3, son-shared).

Why standards-local (not standalones)

Verified via gh api repos/hyperpolymath/<name> that none of these 7 sub-projects exist as standalone GitHub repos — they're standards-local sub-specifications.

Scope (2,724 files)

7 subdir LICENSE files replaced (PMPL-1.0-or-later → AGPL-3.0-or-later canonical text from standards root):

  • a2ml/ — 1,171 source SPDX
  • k9-svc/ — 1,160 source SPDX
  • rhodium-standard-repositories/ — 122
  • 0-ai-gatekeeper-protocol/ — 107
  • lol/ — 105
  • axel-protocol/ — 49
  • outreach/ — 10

2,717 source files flipped PMPL-1.0-or-laterAGPL-3.0-or-later.

Explicitly EXCLUDED (still)

  • avow-protocol/ (90) — check-in copy of hyperpolymath/avow-protocol standalone
  • consent-aware-http/ (39) — special hybrid licensing per owner directive 2026-06-02 (MPL-2.0 source + CC-BY-4.0 spec + PMPL-2.0-or-later reference). Phase 3.

Pattern this PR follows

  • hyperpolymath/developer-ecosystem#106 (Phase 4 LICENSE+SPDX shape)
  • First time the destination is AGPL not MPL

Verification

for d in a2ml k9-svc rhodium-standard-repositories 0-ai-gatekeeper-protocol lol axel-protocol outreach; do head -1 "$d/LICENSE"; done
# all return: SPDX-License-Identifier: AGPL-3.0-or-later

grep -rl 'SPDX-License-Identifier: PMPL-1.0-or-later' a2ml k9-svc rhodium-standard-repositories 0-ai-gatekeeper-protocol lol axel-protocol outreach
# returns: 0 files

Why draft

LICENSE replacements + first-of-kind AGPL destination; owner sight before merge.

🤖 Generated with Claude Code

@hyperpolymath @claude
chore(license): replace 7 subdir LICENSEs + flip 2717 SPDX (Phase 2 —…
ff58913 
… son-shared standards-local sub-specs to AGPL)

See PR description for full list + verification + carve-outs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 2, 2026
View reviewed changes
Comment thread 0-ai-gatekeeper-protocol/repo-guardian-fs/src/session_manager.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread 0-ai-gatekeeper-protocol/repo-guardian-fs/src/session_manager.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread 0-ai-gatekeeper-protocol/repo-guardian-fs/tests-offline/src/lib.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread 0-ai-gatekeeper-protocol/repo-guardian-fs/tests-offline/src/lib.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread a2ml/bindings/deno/mod.ts
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread k9-svc/lsp/src/diagnostics.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread k9-svc/lsp/src/diagnostics.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread k9-svc/lsp/src/main.rs
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread k9-svc/register.ncl
@@ -1,4 +1,4 @@
# SPDX-License-Identifier: PMPL-1.0-or-later
# SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread lol/api/zig-gateway/src/lol_ffi.zig
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 201 issues detected

Severity Count
🔴 Critical 64
🟠 High 43
🟡 Medium 94

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in changelog-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "changelog-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in deno-ci-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "deno-ci-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath mentioned this pull request Jun 2, 2026
Merged
5 tasks
@hyperpolymath hyperpolymath marked this pull request as ready for review June 2, 2026 18:16
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 201 issues detected

Severity Count
🔴 Critical 64
🟠 High 43
🟡 Medium 94

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in changelog-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "changelog-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in deno-ci-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "deno-ci-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath mentioned this pull request Jun 2, 2026
Open
hyperpolymath added a commit that referenced this pull request Jun 2, 2026
@hyperpolymath @claude
chore(license): consent-aware-http hybrid (MPL-2.0 source + CC-BY-4.0…
f2b9d5e 
… prose) (#350)

## Summary

Implements the hybrid licensing for `consent-aware-http` per the
2026-06-02 owner directive (memory:
`feedback_consent_aware_http_hybrid_licensing.md`).

This is a follow-on to standards#344/#345 which left
`consent-aware-http/` excluded pending design.

## Hybrid licensing model

| Aspect | License | Rationale |
|---|---|---|
| **Source files** (`.zig`, `.yml`, `.a2ml`, Mustfile, etc.) | `MPL-2.0`
| Estate sole-owner default; standards parent's AGPL does NOT inherit
here |
| **Prose / spec / docs** (`.adoc`, `.md`) | `CC-BY-4.0` |
IETF-compatible; aligns with how standards bodies license specs |
| **In-text reference** | `PMPL-2.0-or-later` | Spec text REFERENCES
PMPL-2.0-or-later for cultural/ethical/post-quantum framing. NOT applied
as SPDX. |
| **LICENSE file** | `MPL-2.0` (canonical) | Code is the operative
source-level license; CC-BY-4.0 docs are handled via per-file SPDX |

## Scope (39 files + LICENSE)

**10 prose files** flipped `PMPL-1.0-or-later` → `CC-BY-4.0`:
- `consent-aware-http/SECURITY.md`
- `consent-aware-http/GOVERNANCE.adoc`
- `consent-aware-http/ROADMAP.adoc`
- `consent-aware-http/MAINTAINERS.adoc`
- `consent-aware-http/RSR_OUTLINE.adoc`
- `consent-aware-http/.migration/PYTHON_TO_RUST_AFFINESCRIPT.adoc`
- `consent-aware-http/PALIMPSEST.adoc`
- `consent-aware-http/CONTRIBUTING.adoc`
- `consent-aware-http/SCOPE.adoc`
- `consent-aware-http/CHANGELOG.adoc`

**29 source/infra files** flipped `PMPL-1.0-or-later` → `MPL-2.0`:
- 3 `.zig` source files (ffi/zig/)
- 14 `.yml` workflows (.github/workflows/)
- 6 `.a2ml` manifests (.machine_readable/6a2/)
- 2 Mustfile + 1 Dustfile + 2 .gitattributes/.gitignore + 1
.github/FUNDING.yml

**1 LICENSE replacement**: `consent-aware-http/LICENSE` → canonical
MPL-2.0 text (was PMPL-1.0-or-later).

## Why draft

Hybrid model is a first-of-kind shape; owner sight before merge. Test
plan below.

## Test plan

- [ ] CI green (no new SPDX violations)
- [ ] CC-BY-4.0 on prose verifiable: `grep -rl 'SPDX-License-Identifier:
CC-BY-4.0' consent-aware-http/` returns 10 files
- [ ] MPL-2.0 on source/infra verifiable: `grep -rl
'SPDX-License-Identifier: MPL-2.0$' consent-aware-http/` returns 28+
files
- [ ] LICENSE file is canonical MPL-2.0
- [ ] Confirm spec text body in `drafts/*.xml` references
PMPL-2.0-or-later (no SPDX applied — that's intentional)

## Related

- standards#344/#345 — left consent-aware-http excluded pending this
design
- docs/LICENSE-POLICY.md (standards#349) — captures the hybrid model in
the canonical estate policy doc
- Memory: `feedback_consent_aware_http_hybrid_licensing.md`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath merged commit ac6b325 into main Jun 2, 2026
9 of 18 checks passed
@hyperpolymath hyperpolymath deleted the chore/license-phase-2-subdir-license-agpl branch June 2, 2026 19:10
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 201 issues detected

Severity Count
🔴 Critical 64
🟠 High 43
🟡 Medium 94

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in changelog-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "changelog-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in deno-ci-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "deno-ci-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath mentioned this pull request Jun 3, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @github-advanced-security