chore: reconcile repository identity to snifs (Phase-2 WP-2) by hyperpolymath · Pull Request #44 · hyperpolymath/snifs

hyperpolymath · 2026-06-16T19:28:55Z

Phase-2 WP-2 — repository-identity reconciliation (snif-singular / rsr-template-repo → snifs). Cut from fresh origin/main; disjoint from #42, #43.

20 files: .github/settings.yml (name/homepage — the probot/settings sync source), the 6 .github/ISSUE_TEMPLATE/* + SUPPORT, .well-known/security.txt, container/manifest.toml + Containerfile, STATE.a2ml/META.a2ml/groove.a2ml/compliance/reuse/dep5, TEST-NEEDS.md + llm-warmup-{dev,user}.md titles, a filled docs/attribution/CITATIONS.adoc (from CITATION.cff), and filled copyright placeholders in copilot-instructions.md.

Preserved deliberately: the snif- crate prefix and snif.pdf filename, the methodology-guard reject-patterns, and dogfood-gate.yml's legitimate pointers to the real rsr-template-repo.

Deferred / flagged (not here):

docs/whitepapers/academic/snif.tex — two \url{} point at hyperpolymath/snif; it's the published, DOI'd paper, so the URL fix + PDF rebuild + re-deposit is a deliberate owner action.
Other {{PLACEHOLDER}} tokens in the container/ / security.txt / dep5 templates (SERVICE_NAME, PORT, SECURITY_EMAIL, …) — a separate fill task, not identity.
D-a-gated bootstrap tooling (scripts/validate-template.sh, setup.sh, the self-validating k9 examples) — awaits the keep-or-remove decision.
llm-warmup-*.md are thin boilerplate (reference the phantom just setup) — name fixed; content refresh is separate.

🤖 Generated with Claude Code

… -> snifs (WP-2) Phase-2 WP-2. The repo's GitHub URLs, settings, issue templates, machine-readable state, and citation guide variously declared the project as "snif" (singular) or "rsr-template-repo". Reconcile to the real name "snifs": .github/settings.yml name + homepage (probot/settings sync source — a wrong name could rename the repo) .github/ISSUE_TEMPLATE/* 6 templates: chooser + URLs .github/SUPPORT discussion / issue URLs .well-known/security.txt canonical + policy URLs container/manifest.toml, homepage / upstream / image url+source container/Containerfile .machine_readable/STATE.a2ml project + gh-repo-create URL .machine_readable/META.a2ml project .machine_readable/integrations/groove.a2ml service .machine_readable/compliance/reuse/dep5 Source URL TEST-NEEDS.md, llm-warmup-{dev,user}.md titles docs/attribution/CITATIONS.adoc filled from CITATION.cff (was all {{PLACEHOLDER}}) .github/copilot-instructions.md filled copyright placeholders Preserved deliberately: the `snif-` crate prefix and `snif.pdf` filename (intentional), the methodology-guard reject-patterns (must name the forbidden strings), and dogfood-gate.yml's pointers to the real rsr-template-repo. Deferred / flagged (NOT here): docs/whitepapers/academic/snif.tex (two \url{} -> snif; it is the published, DOI'd paper, so URL fix + PDF rebuild + re-deposit is a deliberate owner action); the other {{PLACEHOLDER}} tokens in container/, security.txt and dep5 (SERVICE_NAME, PORT, SECURITY_EMAIL …) are a separate fill task, not identity; and the D-a-gated bootstrap tooling. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

github-actions · 2026-06-16T19:29:50Z

🔍 Hypatia Security Scan

Findings: 52 issues detected

Severity	Count
🔴 Critical	5
🟠 High	23
🟡 Medium	24

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Action actions/checkout@v4 needs attention",
    "type": "unpinned_action",
    "file": "rust-guest-verify.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in rust-guest-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "rust-guest-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in scorecard.yml",
    "type": "scorecard_wrapper_missing_job_permissions",
    "file": "scorecard.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "codeql_missing_actions_language",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Python file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/snifs/snifs/benches/assert_safer.py",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "Python file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/snifs/snifs/verification/tools/abi_conformance.py",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "unsafe block -- requires SAFETY comment (4 occurrences, CWE-676)",
    "type": "unsafe_block",
    "file": "/home/runner/work/snifs/snifs/rust/crates/snif-abi/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "unsafe block -- requires SAFETY comment (1 occurrences, CWE-676)",
    "type": "unsafe_block",
    "file": "/home/runner/work/snifs/snifs/rust/crates/demo-guest/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

github-actions · 2026-06-16T19:41:05Z

🔍 Hypatia Security Scan

Findings: 52 issues detected

Severity	Count
🔴 Critical	5
🟠 High	23
🟡 Medium	24

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Action actions/checkout@v4 needs attention",
    "type": "unpinned_action",
    "file": "rust-guest-verify.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in rust-guest-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "rust-guest-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in scorecard.yml",
    "type": "scorecard_wrapper_missing_job_permissions",
    "file": "scorecard.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "codeql_missing_actions_language",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Python file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/snifs/snifs/benches/assert_safer.py",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "Python file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/snifs/snifs/verification/tools/abi_conformance.py",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "unsafe block -- requires SAFETY comment (4 occurrences, CWE-676)",
    "type": "unsafe_block",
    "file": "/home/runner/work/snifs/snifs/rust/crates/snif-abi/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "unsafe block -- requires SAFETY comment (1 occurrences, CWE-676)",
    "type": "unsafe_block",
    "file": "/home/runner/work/snifs/snifs/rust/crates/demo-guest/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Merge branch 'main' into chore/identity-snif-to-snifs

7054efa

hyperpolymath merged commit e9cba18 into main Jun 16, 2026
9 of 10 checks passed

hyperpolymath deleted the chore/identity-snif-to-snifs branch June 16, 2026 19:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: reconcile repository identity to snifs (Phase-2 WP-2)#44

chore: reconcile repository identity to snifs (Phase-2 WP-2)#44
hyperpolymath merged 2 commits into
mainfrom
chore/identity-snif-to-snifs

hyperpolymath commented Jun 16, 2026

Uh oh!

github-actions Bot commented Jun 16, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jun 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

hyperpolymath commented Jun 16, 2026

Uh oh!

github-actions Bot commented Jun 16, 2026

🔍 Hypatia Security Scan

Uh oh!

Uh oh!

github-actions Bot commented Jun 16, 2026

🔍 Hypatia Security Scan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant