Summary
rhodium-standard-repositories/rsr-audit.sh (RSR v1.0.0, frozen 2025-12-27) reports false-negative compliance scores against repos that correctly follow the current estate convention, and has a CLI bug that silently hides the per-check breakdown. Observed live auditing the typing sub-estate: e.g. echo-types scores 43.94% while carrying 137/137 SPDX-headed docs, a complete .machine_readable/6a2/ tree, MPL-2.0 LICENSE, and full governance docs. The number is a tooling artifact, not a substance defect.
Bug 1 — positional-arg / --format handling
rsr-audit.sh <repo> --format text
sets OUTPUT_FORMAT="--format" (the script reads format as the 2nd positional arg, ${2}, not as a --format flag), which silently suppresses every per-check ✅/❌ line — you get only a bare score with no breakdown. The working invocation is:
Either accept --format <fmt> as documented in the usage header, or fix the usage header to show the positional form. (There is also a benign arithmetic glitch around line 588 — [[: 0\n0: syntax error — that prints but does not abort.)
Bug 2 — checks encode the old convention, not current canon
The frozen checks contradict the current estate canon (docs/README-EXPLAINME-STANDARD.adoc, .github/workflows/doc-format.yml, the MPL-2.0 + Guix + .adoc conventions):
| Script greps for |
Current estate canon |
lowercase justfile |
capital Justfile |
README.md, LICENSE.txt, MAINTAINERS.md |
README.adoc/.md, bare LICENSE, MAINTAINERS.adoc |
MIT AND Palimpsest license |
MPL-2.0 (sole-owner repos) |
flake.nix / flake.lock |
Guix (manifest.scm, guix.scm) |
.well-known/ (security.txt/ai.txt/humans.txt), TPCF framework |
dropped from the estate convention |
literal 24 hours in SECURITY.md, validate recipe name |
varies (verify etc.) |
Each mismatch is a false-negative. Net effect across the 12 scored typing repos: real scores are materially higher than reported (typell "72.37%", kategoria "62.86%", etc. are all understated).
Why this matters
It makes RSR scoring untrustworthy and creates pressure to "fix" repos by reverting them to the stale convention (rename Justfile→justfile, LICENSE→LICENSE.txt, relicense to MIT) — the opposite of correct. No repo should be changed to satisfy these checks; the fix belongs here in the script.
Suggested fix
Update rsr-audit.sh (and the machine-readable spec.scm/ / rsr-compliance-checklist.k9.ncl if they encode the same assumptions) to the current canon: capital Justfile, .adoc canon files, bare LICENSE + MPL-2.0, Guix, drop .well-known/TPCF requirements (or make them optional/weighted), and accept --format <fmt>. Bump the spec version accordingly.
Filed from the 2026-06-16 typing sub-estate tidy-up audit. Read-only finding; no repo modified.
Summary
rhodium-standard-repositories/rsr-audit.sh(RSR v1.0.0, frozen 2025-12-27) reports false-negative compliance scores against repos that correctly follow the current estate convention, and has a CLI bug that silently hides the per-check breakdown. Observed live auditing the typing sub-estate: e.g.echo-typesscores 43.94% while carrying 137/137 SPDX-headed docs, a complete.machine_readable/6a2/tree, MPL-2.0LICENSE, and full governance docs. The number is a tooling artifact, not a substance defect.Bug 1 — positional-arg /
--formathandlingsets
OUTPUT_FORMAT="--format"(the script reads format as the 2nd positional arg,${2}, not as a--formatflag), which silently suppresses every per-check ✅/❌ line — you get only a bare score with no breakdown. The working invocation is:Either accept
--format <fmt>as documented in the usage header, or fix the usage header to show the positional form. (There is also a benign arithmetic glitch around line 588 —[[: 0\n0: syntax error— that prints but does not abort.)Bug 2 — checks encode the old convention, not current canon
The frozen checks contradict the current estate canon (
docs/README-EXPLAINME-STANDARD.adoc,.github/workflows/doc-format.yml, the MPL-2.0 + Guix +.adocconventions):justfileJustfileREADME.md,LICENSE.txt,MAINTAINERS.mdREADME.adoc/.md, bareLICENSE,MAINTAINERS.adocMIT AND Palimpsestlicenseflake.nix/flake.lockmanifest.scm,guix.scm).well-known/(security.txt/ai.txt/humans.txt), TPCF framework24 hoursin SECURITY.md,validaterecipe nameverifyetc.)Each mismatch is a false-negative. Net effect across the 12 scored typing repos: real scores are materially higher than reported (typell "72.37%", kategoria "62.86%", etc. are all understated).
Why this matters
It makes RSR scoring untrustworthy and creates pressure to "fix" repos by reverting them to the stale convention (rename
Justfile→justfile,LICENSE→LICENSE.txt, relicense to MIT) — the opposite of correct. No repo should be changed to satisfy these checks; the fix belongs here in the script.Suggested fix
Update
rsr-audit.sh(and the machine-readablespec.scm//rsr-compliance-checklist.k9.nclif they encode the same assumptions) to the current canon: capitalJustfile,.adoccanon files, bareLICENSE+ MPL-2.0, Guix, drop.well-known/TPCF requirements (or make them optional/weighted), and accept--format <fmt>. Bump the spec version accordingly.Filed from the 2026-06-16 typing sub-estate tidy-up audit. Read-only finding; no repo modified.