docs: cartridge scaffolder + Phase 2b session (humans + machines)#26
Merged
Merged
Conversation
For humans: - README.adoc: document the new `cartridge` subcommand under "Iseriser CLI subcommands" and add a paragraph cross-referencing standards#89 (Phase 2b) and standards#91 (the gating dependency for estate-wide fan-out). - CHANGELOG.adoc and CHANGELOG.md: 2026-05-20 entries covering PRs #23 (revert wrong-place adapter), #24 (cartridge scaffolder), and #25 (`depends = base, contrib` correction). Each entry names what shipped, why, and the PR that landed it. For machines: - .machine_readable/6a2/STATE.a2ml: bump last-updated to 2026-05-20, phase to phase-2b-complete, maturity to alpha, completion to 62. Add a new [capabilities] block enumerating the shipped subcommands (init / validate / generate / cartridge / info / scan / abi-verify / abi-emit-manifest) and a [recent-prs] block listing the session's three PRs by number. Refresh milestones, blockers, and next-actions to reflect that Phase 1, standards#92 Phase 1+1b, and standards#89 Phase 2b are all complete; remaining open items (standards#90 fan-out, #91 gateway, #92 drift sweep) are correctly parked. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 20 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/upload-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/download-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "codeql.yml lists `language: javascript-typescript` but the repo has no source files in any CodeQL-scannable language. The analyze job will exit 'no source files' on every run. Switch the matrix to `actions` (which scans workflow files — every repo has those).",
"type": "codeql_language_matrix_mismatch",
"file": "codeql.yml",
"action": "switch_codeql_matrix_to_actions",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "unwrap_or(0) with dangerous default (1 occurrences, CWE-754)",
"type": "unwrap_dangerous_default",
"file": "/home/runner/work/iseriser/iseriser/src/abi/zig_ffi_parser.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "unwrap() without prior check -- DoS via panic (1 occurrences, CWE-754)",
"type": "unwrap_without_check",
"file": "/home/runner/work/iseriser/iseriser/src/abi/idris_emitter.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "expect() in hot path (13 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/iseriser/iseriser/src/codegen/cartridge.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "expect() in hot path (3 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/iseriser/iseriser/src/codegen/scaffold.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
2 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
PR #26 cross-referenced `examples/cartridge-skeleton/README.adoc` from `README.adoc` but never created it. ROADMAP.adoc still ended at Phase 0 even though Phase 2b (standards#89) and standards#92 Phase 1+1b both landed today. Cleaning both up. - `examples/cartridge-skeleton/README.adoc`: a full worked example — manifest, CLI invocation, expected output, the three end-to-end verification commands (`idris2 --build`, `zig build test` on `ffi/` and `adapter/`), a customising-the-cartridge guide for adding tools, and the cross-references (standards#89/#90/#91, ADR-0004, ADR-0006, k9iser-mcp pilot). Mirrors the style of the existing `examples/abi-manifests/README.adoc`. - `ROADMAP.adoc`: new "Phase 2b: BoJ-server cartridge skeleton" section marking the cartridge scaffolder COMPLETE with checked boxes for each piece (13-file emit, Idris2 ABI, ADR-0006 5-symbol C ABI, unified gated adapter, end-to-end build verification, docs). Also a new "ABI verification harness" section marking standards#92 Phase 1 + 1b COMPLETE (`abi-verify` + `abi-emit-manifest` + four emitter/verifier fixes from iseriser #15/#20/#21/#22 + the `abi-manifests` docs). Notes that the standards#90 fan-out across the 28 -isers stays correctly gated on standards#91. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documents the 2026-05-20 session that shipped the cartridge scaffolder (standards#89 Phase 2b). Two parallel surfaces — humans and machines — so both onboarding readers and automation tooling stay current.
Humans
README.adoc— newcartridgerow in the Iseriser CLI subcommands table (next togenerate/abi-verify/abi-emit-manifest), plus a paragraph cross-referencing standards#89 (Phase 2b) and standards#91 (the gating dependency for estate-wide fan-out).CHANGELOG.adocandCHANGELOG.md— 2026-05-20 entries under[Unreleased]covering this session's PRs:Added: PR feat(cartridge): scaffolder for boj-server cartridge skeletons (standards#89 Phase 2b) #24 (cartridge scaffolder, 13 files, ADR-0006 + transaction gate + 4-protocol adapter, end-to-end verified).Changed: PR revert(scaffold): drop wrong-place adapter emission (standards#90) #23 (revert wrong-place adapter emission added in feat(scaffold): add unified-gated-adapter + SSE + *-regen.yml (standards#89 sub-issue 1) #12) + PR fix(cartridge): emitdepends = base, contribto match pilot convention #25 (depends = base, contribcorrection).Machines
.machine_readable/6a2/STATE.a2ml:last-updated: 2026-04-04 → 2026-05-20phase: phase-1-complete → phase-2b-completematurity: experimental → alphacompletion-percentage: 48 → 62[capabilities]block enumerating the 8 shipped CLI subcommands[recent-prs]block listing this session's three PRs[route-to-mvp],[blockers-and-issues],[critical-next-actions]refreshed to current truthNet diff
Verification
cargo buildclean (docs-only change but checked)cargo test: 57 unit + 9 integration greenRefs hyperpolymath/standards#89, #90
🤖 Generated with Claude Code