fix: repair dangling AI-manifest parent pointers (Phase-2 WP-1)#43
Merged
Conversation
… pointer Five nested AI-manifests had parent pointers that did not resolve (caught by the PR #42 tidy's manifest-integrity audit, but pre-existing and out of that PR's scope): examples/0.1-AI-MANIFEST.a2ml one-line stub -> add META + AI_MANIFEST .github/0.1-AI-MANIFEST.a2ml one-line stub -> add META + AI_MANIFEST verification/tests/0.2-AI-MANIFEST.a2ml one-line stub -> add META (level 2) container/0.1-AI-MANIFEST.a2ml full body, no level/parent -> add them docs/governance/0.1-AI-MANIFEST.a2ml parent pointed at non-existent ../0-AI-MANIFEST.a2ml -> repoint to the docs pillar ../0.1-AI-MANIFEST.a2ml Every manifest parent pointer in the repo now resolves. NOTE (flagged, not fixed here): the docs/governance/ subtree uses an off-by-one numbering — it calls itself a top-level "governance-pillar" (level 1) while sitting under docs/, and its children are numbered relative to it. Normalizing that subtree (or promoting governance to a repo-root pillar) is a separate structural decision; this commit only makes the dangling pointer resolve. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 52 issues detected
View findings[
{
"reason": "Action actions/checkout@v4 needs attention",
"type": "unpinned_action",
"file": "rust-guest-verify.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in rust-guest-verify.yml",
"type": "missing_timeout_minutes",
"file": "rust-guest-verify.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "scorecard_publish_with_run_step",
"file": "scorecard-enforcer.yml",
"action": "split_scorecard_publish_job",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in scorecard.yml",
"type": "scorecard_wrapper_missing_job_permissions",
"file": "scorecard.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in codeql.yml",
"type": "codeql_missing_actions_language",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/snifs/snifs/benches/assert_safer.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/snifs/snifs/verification/tools/abi_conformance.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "unsafe block -- requires SAFETY comment (4 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/snifs/snifs/rust/crates/snif-abi/src/lib.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (1 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/snifs/snifs/rust/crates/demo-guest/src/lib.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
that referenced
this pull request
Jun 16, 2026
**Phase-2 WP-2** — repository-identity reconciliation (`snif`-singular / `rsr-template-repo` → `snifs`). Cut from fresh `origin/main`; disjoint from #42, #43. 20 files: `.github/settings.yml` (name/homepage — the probot/settings sync source), the 6 `.github/ISSUE_TEMPLATE/*` + `SUPPORT`, `.well-known/security.txt`, `container/manifest.toml` + `Containerfile`, `STATE.a2ml`/`META.a2ml`/`groove.a2ml`/`compliance/reuse/dep5`, `TEST-NEEDS.md` + `llm-warmup-{dev,user}.md` titles, a filled `docs/attribution/CITATIONS.adoc` (from `CITATION.cff`), and filled copyright placeholders in `copilot-instructions.md`. **Preserved deliberately:** the `snif-` crate prefix and `snif.pdf` filename, the methodology-guard reject-patterns, and `dogfood-gate.yml`'s legitimate pointers to the real `rsr-template-repo`. **Deferred / flagged (not here):** - `docs/whitepapers/academic/snif.tex` — two `\url{}` point at `hyperpolymath/snif`; it's the published, DOI'd paper, so the URL fix + PDF rebuild + re-deposit is a deliberate owner action. - Other `{{PLACEHOLDER}}` tokens in the `container/` / `security.txt` / `dep5` templates (`SERVICE_NAME`, `PORT`, `SECURITY_EMAIL`, …) — a separate fill task, not identity. - D-a-gated bootstrap tooling (`scripts/validate-template.sh`, `setup.sh`, the self-validating `k9` examples) — awaits the keep-or-remove decision. - `llm-warmup-*.md` are thin boilerplate (reference the phantom `just setup`) — name fixed; content refresh is separate. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase-2 WP-1 — the zero-risk, decision-free piece of the snifs Phase-2 de-template plan (drafted in
dev-notes). Independent of #42 (disjoint files).Five nested AI-manifests had parent pointers that didn't resolve — pre-existing drift surfaced by #42's manifest-integrity audit but outside that PR's scope:
examples/0.1-AI-MANIFEST.a2ml.github/0.1-AI-MANIFEST.a2mlverification/tests/0.2-AI-MANIFEST.a2mlcontainer/0.1-AI-MANIFEST.a2mllevel/parent→ addeddocs/governance/0.1-AI-MANIFEST.a2ml../0-AI-MANIFEST.a2ml→ repoint to docs pillar../0.1-AI-MANIFEST.a2mlEvery manifest parent pointer in the repo now resolves (verified by re-running the audit).
Flagged, not fixed here: the
docs/governance/subtree uses an off-by-one numbering (calls itself a top-levelgovernance-pillaratlevel 1while living underdocs/). Normalizing that subtree — or promoting governance to a repo-root pillar — is a separate structural decision; this PR only makes the dangling pointer resolve.🤖 Generated with Claude Code