chore(brand): em-dash sweep + scorecard publish_results fix

.github/workflows/scorecard.yml

@@ -5,7 +5,7 @@ on:
   schedule:
     - cron: '30 1 * * 1'  # Every Monday at 01:30 UTC
   push:
-    branches: [main]
+    branches: [main, develop]
   workflow_dispatch:
 
 permissions: read-all
@@ -29,8 +29,8 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-          # Only publish to scorecard.dev from main — the action enforces this
-          publish_results: ${{ github.ref == 'refs/heads/main' }}
+          # Publish to scorecard.dev only from the default branch.
+          publish_results: ${{ github.ref_name == github.event.repository.default_branch }}
 
       - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
@@ -39,7 +39,7 @@ jobs:
           retention-days: 5
 
       - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4
-        if: github.ref == 'refs/heads/main'
+        if: github.ref_name == github.event.repository.default_branch
         continue-on-error: true
         with:
           sarif_file: results.sarif

CHANGELOG.md

@@ -22,12 +22,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [1.0.0] - 2026-03-29
 
 ### Added
-- Bootstrap script (`setup.sh`) — zero-to-productive on a fresh Mac in one command
+- Bootstrap script (`setup.sh`). Zero-to-productive on a fresh Mac in one command
 - Homebrew tap with `dev-tools` formula (`Formula/dev-tools.rb`)
-- `Brewfile` — full package list: CLI tools, languages, cloud/devops, GUI casks
-- `Brewfile.ci` — CLI-only subset for fast CI runs
+- `Brewfile`. Full package list: CLI tools, languages, cloud/devops, GUI casks
+- `Brewfile.ci`. CLI-only subset for fast CI runs
 - Dotfiles: `zshrc`, `vimrc` (vim-plug + ALE + vim-go + gruvbox), `secrets.template`
 - Scripts: `install-dotfiles.sh`, `setup-credentials.sh`, `setup-mcps.sh`, `upgrade.sh`
-- `CLAUDE.md` — Claude Code preferences and learned preferences system
+- `CLAUDE.md`. Claude Code preferences and learned preferences system
 - CI/CD: lint (`shellcheck`), formula audit (`brew audit --strict`), integration test (macOS runner)
 - Release pipeline with validation gate on `v*.*.*` tags

CLAUDE.md

@@ -1,4 +1,4 @@
-# CLAUDE.md — mac-dev-setup
+# CLAUDE.md. Mac-dev-setup
 
 This file is read by Claude Code at the start of every session in this repo.
 It captures developer preferences, project conventions, and accumulated knowledge.
@@ -8,16 +8,16 @@ It captures developer preferences, project conventions, and accumulated knowledg
 ## About This Repo
 
 This is a personal macOS developer environment managed as a Homebrew tap.
-The goal is a single command that gets a machine from zero to fully productive —
-tools, dotfiles, credentials, MCPs, and Claude Code configuration all included.
+The goal is a single command that gets a machine from zero to fully productive,
+with tools, dotfiles, credentials, MCPs, and Claude Code configuration all included.
 
 **Key files:**
-- `setup.sh` — bootstrap entry point (run on a fresh machine)
-- `Brewfile` — full package list including GUI casks
-- `Brewfile.ci` — CLI-only subset used in CI (no heavy casks)
-- `Formula/dev-tools.rb` — Homebrew formula for the tap
-- `dotfiles/` — zshrc, vimrc, secrets.template (symlinked into $HOME)
-- `scripts/` — install-dotfiles, setup-credentials, setup-mcps, upgrade
+- `setup.sh`. Bootstrap entry point (run on a fresh machine)
+- `Brewfile`. Full package list including GUI casks
+- `Brewfile.ci`. CLI-only subset used in CI (no heavy casks)
+- `Formula/dev-tools.rb`. Homebrew formula for the tap
+- `dotfiles/`. Zshrc, vimrc, secrets.template (symlinked into $HOME)
+- `scripts/`. Install-dotfiles, setup-credentials, setup-mcps, upgrade
 
 ---
 
@@ -30,17 +30,17 @@ tools, dotfiles, credentials, MCPs, and Claude Code configuration all included.
 
 ### Shell
 - Shell: **zsh**
-- Prompt is minimal (`%n:%1~ $ `) — no heavy frameworks like oh-my-zsh
+- Prompt is minimal (`%n:%1~ $ `). No heavy frameworks like oh-my-zsh
 - Aliases and functions live in `dotfiles/zshrc`, not scattered elsewhere
 
 ### Languages
-- **Go** — preferred for backend services and CLI tools
-- **Python** — scripting, data work, AI integrations
-- **Java** — enterprise/existing projects (Maven)
-- **Node/TypeScript** — frontend and MCP server work
+- **Go**. Preferred for backend services and CLI tools
+- **Python**. Scripting, data work, AI integrations
+- **Java**. Enterprise/existing projects (Maven)
+- **Node/TypeScript**. Frontend and MCP server work
 
 ### Cloud & Infrastructure
-- **OCI (Oracle Cloud)** and **DigitalOcean** — both actively used
+- **OCI (Oracle Cloud)** and **DigitalOcean**. Both actively used
 - **Kubernetes** locally via `kind`, remotely via OCI/DO clusters
 - **ArgoCD** for GitOps deployments
 - **Terraform** for infrastructure as code
@@ -49,14 +49,14 @@ tools, dotfiles, credentials, MCPs, and Claude Code configuration all included.
 - **Branch model:** `main` = latest release (always stable). `develop` = integration branch.
 - Always branch from `develop`, never commit directly to `main` or `develop`
 - PRs always target `develop`
-- `main` is only updated via CLI merge (`git merge --no-ff origin/develop`) by `/publish-release` — **never via a GitHub PR**. GitHub's merge button squash-merges by default, dropping ancestry and causing conflicts on the next release.
+- `main` is only updated via CLI merge (`git merge --no-ff origin/develop`) by `/publish-release`. **never via a GitHub PR**. GitHub's merge button squash-merges by default, dropping ancestry and causing conflicts on the next release.
 - Always open a PR for review before merging
-- Commit messages should be descriptive — explain *why*, not just *what*
+- Commit messages should be descriptive. Explain *why*, not just *what*
 - Conventional commits style: `feat:`, `fix:`, `docs:`, `chore:`
 
 ### Scripting Standards
 - All shell scripts must pass `shellcheck` with no warnings
-- Scripts should be idempotent — safe to run multiple times
+- Scripts should be idempotent. Safe to run multiple times
 - Always use `set -euo pipefail` at the top of bash scripts
 - Prefer explicit error messages over silent failures
 
@@ -67,7 +67,7 @@ tools, dotfiles, credentials, MCPs, and Claude Code configuration all included.
   act pull_request -j lint           # lint job only
   act pull_request -j formula-audit  # formula audit only
   ```
-- `Brewfile.ci` exists for fast CI runs — add new CLI tools there too
+- `Brewfile.ci` exists for fast CI runs. Add new CLI tools there too
 - See `TESTING.md` for full acceptance testing options
 
 ### Secrets & Credentials
@@ -118,11 +118,11 @@ See `VERSIONING.md` for the full versioning scheme.
 
 > **How this section works:** As Claude works with you across sessions and notices
 > a consistent pattern or preference, it should suggest adding it here as a one-liner.
-> You review, refine, and commit it. This keeps durable knowledge in the repo —
+> You review, refine, and commit it. This keeps durable knowledge in the repo:
 > not session-specific questions, but things that should be true on a clean install.
 
 <!-- Preferences are added here over time as they are discovered -->
 - Prefer interactive scripts with clear progress output (use `▶` prefix for steps, `✓` for success)
 - Prefer ASCII art / box-drawing separators (`━━━`) over plain `---` in terminal output
-- Keep CI fast — integration test should complete under 5 minutes
+- Keep CI fast. Integration test should complete under 5 minutes
 - GUI cask installs are always deferred to manual or `setup.sh`, never required in CI

CONTRIBUTING.md

@@ -13,11 +13,11 @@ It is published openly so others can learn from it, fork it, and adapt it for th
 - **PRs are welcome** for genuine bugs, broken tooling, or improvements that are broadly useful
   and not preference-specific.
 - **Preference PRs will generally be declined.** If you prefer a different shell, editor, color
-  scheme, or aliasing style — fork it. This repo is not a general-purpose tool; it is a specific
+  scheme, or aliasing style. Fork it. This repo is not a general-purpose tool; it is a specific
   person's environment.
 - **Alan has final say** on what goes into this repo. A PR may be well-written, well-tested, and
   genuinely useful, and still be declined because it doesn't fit how Alan works. That is not a
-  reflection of your contribution quality — it just isn't the right repo for it.
+  reflection of your contribution quality. It just isn't the right repo for it.
 
 If you are building your own environment, fork this repo and make it yours.
 If you've found something that is broken or outdated in a way that affects everyone, open a PR.
@@ -27,9 +27,9 @@ If you've found something that is broken or outdated in a way that affects every
 ## Getting Started (for contributors)
 
 **Prerequisites:**
-- [`shellcheck`](https://github.com/koalaman/shellcheck) — `brew install shellcheck`
-- [`act`](https://github.com/nektos/act) — `brew install act` — local GitHub Actions runner
-- [`tart`](https://github.com/cirruslabs/tart) — `brew install cirruslabs/cli/tart` — VM acceptance tests
+- [`shellcheck`](https://github.com/koalaman/shellcheck). `brew install shellcheck`
+- [`act`](https://github.com/nektos/act). `brew install act`. Local GitHub Actions runner
+- [`tart`](https://github.com/cirruslabs/tart). `brew install cirruslabs/cli/tart`. VM acceptance tests
 
 Fork and clone to the standard path:
 ```bash
@@ -70,10 +70,10 @@ that is not a GUI cask must also appear in `Brewfile.ci`.
 
 ## Adding a Tool
 
-1. **Brewfile** — add the formula. If it is a CLI tool, add it to `Brewfile.ci` as well.
-2. **Dotfiles** — add relevant aliases or configuration to `dotfiles/zshrc`.
-3. **Validate smoke test** — add `command -v <tool>` to the smoke-test step in `.github/workflows/validate.yml`.
-4. **README table** — add a row to the appropriate table in `README.md`.
+1. **Brewfile**. Add the formula. If it is a CLI tool, add it to `Brewfile.ci` as well.
+2. **Dotfiles**. Add relevant aliases or configuration to `dotfiles/zshrc`.
+3. **Validate smoke test**. Add `command -v <tool>` to the smoke-test step in `.github/workflows/validate.yml`.
+4. **README table**. Add a row to the appropriate table in `README.md`.
 
 ---