boj-server.net website: install configurator + cartridge catalogue#233
Merged
Conversation
Static, no-build Cloudflare Pages bundle in site/ serving as the project's permanent presence and access point: - Hub page (site/index.html) with a live install configurator (base boj-server + NeSy / Agentic / Coordination bundles, per-client commands) and a browsable catalogue of all 139 cartridges generated from the canonical registry. - Vanilla CSS/JS, zero dependencies; strict first-party CSP in site/_headers. - catalog.json snapshot + tools/site-catalog/build-catalog.sh regenerator. - Estate-standard deploy config: wrangler.toml (output dir site/), cloudflare-dns-zone.txt reference, scripts/cloudflare/*.affine (avow parity). - docs/website/CLOUDFLARE-SETUP.adoc runbook (dashboard Git-connect go-live, API-token scopes for agent-driven DNS/Pages). Licensing: establish the two-licence scheme — LICENSES/ now holds MPL-2.0 + CC-BY-SA-4.0 with a README; new code is MPL-2.0, new docs CC-BY-SA-4.0. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01XrPAh7eBSUcVKauTVdXH9Y
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
🔍 Hypatia Security ScanFindings: 217 issues detected
View findings[
{
"reason": "Stale AI session file -- delete",
"type": "stale",
"file": "GEMINI.md",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "missing_timeout_minutes",
"file": "scorecard-enforcer.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "scorecard_publish_with_run_step",
"file": "scorecard-enforcer.yml",
"action": "split_scorecard_publish_job",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in codeql.yml",
"type": "codeql_missing_actions_language",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/academic-workflow-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/ephapax-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/bofig-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/fireflag-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/sanctify-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
- js_innerhtml (CWE-79): replace `list.innerHTML = ""` with `list.replaceChildren()` (the list was only being cleared; no markup was ever assigned). - js_deno_all_perms (CWE-250): the displayed Deno install command now uses the bridge's declared least-privilege flags (`--allow-net --allow-env --allow-read`, per mcp-bridge/main.js + mcp-bridge/deno.json) instead of `-A`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01XrPAh7eBSUcVKauTVdXH9Y
🔍 Hypatia Security ScanFindings: 215 issues detected
View findings[
{
"reason": "Stale AI session file -- delete",
"type": "stale",
"file": "GEMINI.md",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "missing_timeout_minutes",
"file": "scorecard-enforcer.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "scorecard_publish_with_run_step",
"file": "scorecard-enforcer.yml",
"action": "split_scorecard_publish_job",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in codeql.yml",
"type": "codeql_missing_actions_language",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/academic-workflow-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/ephapax-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/bofig-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/fireflag-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/sanctify-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this is
A permanent presence + access point for boj-server.net — a no-build static Cloudflare Pages bundle in
site/. It's not a placeholder: it's an interactive hub.The hub (
site/index.html)boj-server+ toggleable NeSy / Agentic / Coordination bundles, with the correct install command per client (Claude Code, Claude Desktop, Deno, Gemini, Cursor). Output is honest about the runtime model: one base install, cartridges fetched on demand from the registry.site/_headers), accessible (skip link, landmarks, keyboard-operable,prefers-reduced-motion).Supporting files
site/catalog.json— committed snapshot (139);tools/site-catalog/build-catalog.shregenerates it (verified to reproduce the snapshot).wrangler.toml(pages_build_output_dir = "site"),cloudflare-dns-zone.txt(reference),scripts/cloudflare/*.affine(parity withstandards/avow-protocol).docs/website/CLOUDFLARE-SETUP.adoc— go-live runbook.Go-live (one manual step — chosen: Dashboard Git-connect)
Connect
hyperpolymath/boj-serverin Workers & Pages → Pages → Connect to Git, branchmain, no build command, output dirsite, then attach the custom domainboj-server.net(the zone is already on Cloudflare, so DNS auto-creates). Full steps in the runbook.Answers to the open questions
Pages:Edit,Zone:DNS:Editon boj-server.net,Zone:Read) + account/zone IDs as env vars; I'd use the REST API / wrangler (the.affinescripts' path). Documented in the runbook §"agent access".Licensing (your directive: MPL-2.0 code, CC-BY-SA-4.0 docs, no other reference)
Done here: root
LICENSEis already MPL-2.0;LICENSES/now holds MPL-2.0 + CC-BY-SA-4.0 (byte-exact from SPDX) with a rewritten README; new code = MPL-2.0, new docs = CC-BY-SA-4.0.Flagged for your explicit go-ahead (not swept — per the estate's manual-only licensing guardrail):
LICENSES/PMPL-1.0-or-later.txt+ 2 exhibits,NOTICE(a deliberate "voluntarily adopts PMPL" statement),docs/index.html(the only PMPL SPDX header),coord-tui/LICENSE-PMPL-1.0-or-later.txt. Removing the PMPL text while PMPL-headed files remain would break REUSE, so this should be done as one owner-directed step.cartridges/pmpl-mcp/is a product about the licence — out of scope.Tell me to proceed on (1) and/or (2) and I'll do it surgically.
🤖 Generated with Claude Code
Generated by Claude Code