You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
standards#223 adds .trusted-base-ignore path-fragment exemption support to check-trusted-base.sh. Once it merges and downstream wrappers pick up a post-#223 SHA of governance-reusable.yml, this repo can simplify its scanner-fixture handling.
Current state (hypatia#352 — MERGEABLE, auto-merge armed)
PR #352 added 5 inline TRUSTED: comments — one above each marker line in:
These are scanner test fixtures — files that exist to be detected by the scanner. The inline-TRUSTED-per-site approach was the only available mechanism before standards#223.
After standards#223 merges
Replace the 5 inline TRUSTED: comments with a single .trusted-base-ignore entry in repo root:
# Scanner test fixtures: exist solely to verify the detector fires.
test/soundness/fixtures/
(plus arguably .claude/worktrees/ for the 10 stale worktree shadows that #343's §(d) refresh enumerated as TBD-DEBT — those would also be cleanly exempted.)
Order of operations
standards#223 merges → reusable file (governance-reusable.yml) starts picking up the new behaviour on standards/main.
Verify bash scripts/check-trusted-base.sh . reports [OK] N marker(s) exempted via .trusted-base-ignore and passes.
Blocked-by
standards#223 (MERGEABLE at filing time, auto-merge SQUASH armed)
Estate parallel
somethings-fishy#27 has the same shape — 2 inline TRUSTED: comments on scanner-detector string literals. Equivalent simplification candidate once standards#223 merges. Track separately or roll into a small estate-wide follow-up sweep.
Background
standards#223 adds
.trusted-base-ignorepath-fragment exemption support tocheck-trusted-base.sh. Once it merges and downstream wrappers pick up a post-#223 SHA ofgovernance-reusable.yml, this repo can simplify its scanner-fixture handling.Current state (hypatia#352 — MERGEABLE, auto-merge armed)
PR #352 added 5 inline
TRUSTED:comments — one above each marker line in:test/soundness/fixtures/code_safety/admitted.vtest/soundness/fixtures/code_safety/sorry.leantest/soundness/fixtures/code_safety/agda_postulate.agdatest/soundness/fixtures/code_safety/believe_me.idrtest/soundness/fixtures/code_safety/unsafe_coerce.hsThese are scanner test fixtures — files that exist to be detected by the scanner. The inline-TRUSTED-per-site approach was the only available mechanism before standards#223.
After standards#223 merges
Replace the 5 inline
TRUSTED:comments with a single.trusted-base-ignoreentry in repo root:(plus arguably
.claude/worktrees/for the 10 stale worktree shadows that #343's §(d) refresh enumerated as TBD-DEBT — those would also be cleanly exempted.)Order of operations
governance-reusable.yml) starts picking up the new behaviour on standards/main.governance.ymlwrapper SHA pin (currently5eb28d7from hypatia#353) is post-chore(deps): bump taiki-e/install-action from 2.77.5 to 2.77.6 #223. If not, bump again..trusted-base-ignorewithtest/soundness/fixtures/and.claude/worktrees/.TRUSTED:lines added by docs(soundness): TRUSTED: annotate 5 code_safety scanner fixtures #352 (the fixture files revert to their pre-docs(soundness): TRUSTED: annotate 5 code_safety scanner fixtures #352 form).docs/proof-debt.md§(d) (added by docs: seed docs/proof-debt.md per trusted-base policy #343's refresh).bash scripts/check-trusted-base.sh .reports[OK] N marker(s) exempted via .trusted-base-ignoreand passes.Blocked-by
Estate parallel
somethings-fishy#27 has the same shape — 2 inline
TRUSTED:comments on scanner-detector string literals. Equivalent simplification candidate once standards#223 merges. Track separately or roll into a small estate-wide follow-up sweep.🤖 Filed by Claude Code