refactor(governance): subsume language-policy.yml + add deno-ci-reusable (semantics-level fix for estate-template drift)#168
Merged
hyperpolymath merged 1 commit intoMay 26, 2026
Conversation
Foundational fix for the estate-template propagation bug class. Previously two parallel mechanisms enforced the language policy: * governance-reusable.yml's language-policy job (baseline-aware, modern) * language-policy.yml's check-banned-languages job (naive find-based) The second silently bypassed .hypatia-baseline.json, causing PR #167 to self-fail on a Python file already documented in the baseline. Per-repo copies of the same legacy workflow exhibited the same bug across the estate (absolute-zero, maa-framework, ...). This commit: * Moves the missing checks (Makefile / Java / Kotlin / Swift / Dart / pubspec / V-lang / ATS2) from language-policy.yml into the governance-reusable language-policy job so they all go through the same enforce() / is_exempt() helpers and honour .hypatia-baseline.json, .hypatia-ignore, and inline pragmas. * Adds the package.json-with-runtime-dependencies check (also from the legacy workflow) to the existing npm/bun step. * Deletes language-policy.yml. governance.yml (the thin wrapper) already invokes governance-reusable.yml @ workflow_call, so estate coverage is unchanged but the bug class becomes structurally impossible. * Adds deno-ci-reusable.yml, a new workflow_call reusable that replaces the broken per-repo rescript-deno-ci.yml template. The new reusable: - early-exits when no Deno targets / tests / config exist (was the `No test modules found` / `No target files found` failure mode); - declares top-level `permissions:` (was tripping workflow security linter); - drops the banned `npx rescript` step (ReScript was banned in new code 2026-04-30); - drops the vestigial security job that grep-audited permissions without doing anything with the result. Downstream rollout (separate PRs): each repo carrying rescript-deno-ci.yml or its own language-policy.yml replaces it with a thin wrapper: jobs: deno-ci: uses: hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main
🔍 Hypatia Security ScanFindings: 205 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "deno-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "Agda postulate assumes without proof -- potential soundness hole (4 occurrences, CWE-704)",
"type": "agda_postulate",
"file": "/home/runner/work/standards/standards/lol/proofs/theories/information_theory.agda",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
"type": "js_wildcard_cors",
"file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
deleted the
refactor/subsume-language-policy-into-governance-reusable
branch
hyperpolymath
added a commit
to hyperpolymath/absolute-zero
that referenced
this pull request
May 26, 2026
The estate-wide Deno CI logic now lives in hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml (filed 2026-05-26 as standards#168). The reusable fixes three bugs that bit this repo in CI: * deno test ran unconditionally and failed 'No test modules found' * deno lint / deno fmt ran unconditionally and failed 'No target files' * no top-level permissions: tripping the workflow security linter Drops the legacy 'npx rescript' step (banned in new code 2026-04-30). Pinned to the #168 head SHA. After #168 merges to main, the pin can be flipped to @main as part of estate cleanup (governance.yml already follows this pattern). Refs hyperpolymath/standards#168.
hyperpolymath
added a commit
to hyperpolymath/tma-mark2
that referenced
this pull request
May 26, 2026
The estate-wide Deno CI logic now lives in hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml (filed 2026-05-26 as standards#168). The reusable fixes three bugs that bit this repo in CI: * deno test ran unconditionally and failed 'No test modules found' * deno lint / deno fmt ran unconditionally and failed 'No target files' * no top-level permissions: tripping the workflow security linter Drops the legacy 'npx rescript' step (banned in new code 2026-04-30). Pinned to the #168 head SHA. After #168 merges to main, the pin can be flipped to @main as part of estate cleanup (governance.yml already follows this pattern). Refs hyperpolymath/standards#168.
This was referenced May 26, 2026
Open
Merged
Open
Open
Merged
Merged
This was referenced May 26, 2026
Open
Merged
hyperpolymath
added a commit
to hyperpolymath/bqniser
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/hesiod-dns-map
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/natsci-studio
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/panic-attack
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/phronesiser
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/proof-of-work
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **audit-cov** ("opts into cargo-audit + coverage") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/rpa-elysium
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/ephapax
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/januskey
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/heterogenous-mobile-computing
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **audit-cov** ("opts into cargo-audit + coverage") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/snifs
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/conative-gating
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **audit-cov** ("opts into cargo-audit + coverage") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/dafniser
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/oblibeniser
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/affinescriptiser
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 26, 2026
hyperpolymath
added a commit
to hyperpolymath/eclexiaiser
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/reposystem
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/wokelang
that referenced
this pull request
May 26, 2026
## Summary Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow filed in [standards#174](hyperpolymath/standards#174). Pinned to that PR's HEAD SHA (`4fdf4314b4ab54269adbaff10e30e483b5e86845`); will resolve to standards/main once #174 merges. ## Why Estate audit found ~87 `rust-ci.yml` copies across the estate with significant drift. Converting each to a 5-line wrapper means future Rust CI changes propagate in one place. This PR is part of the foundational sweep following the established [standards#168](hyperpolymath/standards#168) precedent (governance-reusable + absolute-zero#41 + tma-mark2#41 wrappers). Variant: **trivial** ("baseline check + clippy + fmt + test") ## Test plan - [ ] CI: `rust-ci` job invokes the reusable and reports the same checks - [ ] Awaiting standards#174 merge before this becomes useful long-term (still works today via SHA pin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Multiple PRs in the estate inbox are failing on a single bug class:
per-repo workflow templates copy-drift away from the canonical estate
policy. The repro that surfaced it was self-inflicted: PR #167 to this
repo failed its own `Check for Banned Languages` step because
`language-policy.yml` does a naive `find -name "*.py"` that bypasses
`.hypatia-baseline.json` — even though the file in question is already
acknowledged there.
The same gap appears in absolute-zero, maa-framework, and any other repo
that still ships a local copy of either workflow. Patching each copy
individually treats the symptom; the foundational fix is to delete the
copies and consume a single reusable workflow.
What changes
What was broken in the old `rescript-deno-ci.yml`
Observed across absolute-zero #41 and tma-mark2 #41:
Downstream rollout
Each repo carrying `rescript-deno-ci.yml` or its own `language-policy.yml` is now eligible to delete its copy and consume the reusable:
```yaml
jobs:
deno-ci:
uses: hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main
```
Follow-up PRs will land per-repo against absolute-zero, tma-mark2, etc.
Relationship to PR #167
#167 patches the tsconfig/rescript-config check in this same file to honour `.hypatia-baseline.json`. This PR is orthogonal: #167 fixes a single step's exemption logic; this PR consolidates two workflows so the duplication itself goes away. Either can land first; rebase is trivial.
Test plan