License follow-up: agent-meta → MPL-2.0; scrub PMPL philosophy#235
Merged
Conversation
…y (owner follow-up)
Follow-up to the licence normalisation, per the owner's refined scope.
- Revert agent-instruction files to MPL-2.0 (exclude them from the docs ->
CC-BY-SA relicense): .claude/CLAUDE.md, .claude/PROJECT.md,
.github/copilot-instructions.md.
- Scrub residual PMPL-as-licence-philosophy from prose:
- docs/FEDERATION.adoc: drop the "the PMPL license encodes this principle
legally" sentence; reword provenance bullet (PMPL label removed).
- docs/architecture/README.adoc: reword provenance bullet to drop the
"license's requirements ARE the attestation" framing.
- docs/status/ROADMAP.adoc + docs/outreach/show-hn-draft.md: clarify these
reference the pmpl-mcp *cartridge* (a product), not boj-server adopting PMPL.
Kept (legitimate): the consent-aware-http prospective-PMPL note (correct estate
policy), the pmpl-mcp cartridge + catalogue, and a conceptual PMPL comment in
src/abi/Boj/Federation.idr (code — out of scope for this docs pass).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01XrPAh7eBSUcVKauTVdXH9Y
🔍 Hypatia Security ScanFindings: 214 issues detected
View findings[
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "missing_timeout_minutes",
"file": "scorecard-enforcer.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "scorecard_publish_with_run_step",
"file": "scorecard-enforcer.yml",
"action": "split_scorecard_publish_job",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in codeql.yml",
"type": "codeql_missing_actions_language",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/academic-workflow-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/ephapax-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/bofig-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/fireflag-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/sanctify-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/boj-server/boj-server/cartridges/hesiod-mcp/adapter/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #234, per your refined scope ("revert agent-meta + scrub philosophical mentions"). Docs-only, surgical. Draft for review.
1. Agent-instruction files back to MPL-2.0
#234 relicensed these to CC-BY-SA-4.0; you've since decided agent-instruction files should not count as relicensable docs. Reverted (SPDX header only):
.claude/CLAUDE.md,.claude/PROJECT.md,.github/copilot-instructions.md2. Scrub residual PMPL-as-licence-philosophy
docs/FEDERATION.adoc— removed the sentence "The PMPL license encodes this same principle legally…"; reworded the provenance bullet (PMPL provenance→Cryptographic provenance).docs/architecture/README.adoc— reworded the provenance bullet to drop the "the license's … requirements ARE the attestation" framing.docs/status/ROADMAP.adoc&docs/outreach/show-hn-draft.md— clarified these reference thepmpl-mcpcartridge (a real product feature), not boj-server adopting PMPL.Kept on purpose (not residue)
consent-aware-http"PMPL applies prospectively" note indocs/planning/…— correct estate policy (it's one of the three genuine PMPL repos).pmpl-mcpcartridge,catalog.json, README catalogue entry, and machine-readable provenance format/protocol fields (subject matter about the product).Left untouched (flagging for your call)
src/abi/Boj/Federation.idr— that's code, out of scope for this docs pass. Say the word for a separate code-comment sweep.setup-repo.k9.ncl("Add PMPL-1.0 license" sample step) — a framework example, not a boj-server declaration.No code files and no
flake.locktouched (verified); 7 doc/meta files changed.🤖 Generated with Claude Code
Generated by Claude Code