chore(rsr): replace 16 stale vendored .claude/CLAUDE.md duplicates with pointer to canonical

[hyperpolymath]

Why

The RSR satellites carry 16 `.claude/CLAUDE.md` files snapshotted at 2025-11-22 — a copy of the canonical `.claude/CLAUDE.md` from a date when the policy was different. They still list:

• ReScript as the primary language (banned in new code 2026-04-30)
• GitLab as the source-of-truth host (estate is on GitHub)
• Python-only-for-SaltStack (Python is fully banned since 2026-01-03)
• RVC (Robot Vacuum Cleaner) Python automation as approved tooling

Anyone reading these duplicates gets contradictory guidance vs the canonical `.claude/CLAUDE.md` in the standards-repo root.

What changes

Each of the 16 duplicate `.claude/CLAUDE.md` files (13 identical sha256, 2 near-duplicate variants, 1 unique-stale at the RSR root) has its body replaced with a thin pointer:

This satellite follows the hyperpolymath estate-wide policy. The authoritative `CLAUDE.md` is at the standards-repo root: https://github.com/hyperpolymath/standards/blob/main/.claude/CLAUDE.md

The previous body of this file was a 2025-11-22 snapshot that listed ReScript as primary (banned in new code as of 2026-04-30), GitLab as the source-of-truth host (estate is on GitHub), and other guidance superseded by the canonical policy. Duplicating policy tables across satellites caused the drift; this pointer replaces the duplicate.

Net diff: 16 files changed, 176 insertions(+), 1097 deletions(-).

What is NOT touched (kept intentionally)

Three top-level `CLAUDE.md` files carry unique repo-specific content beyond the language policy and are LEFT IN PLACE for a separate review:

File	Why kept
`rhodium-standard-repositories/CLAUDE.md`	35KB unique RSR / CCCP architecture doc; has its own stale references (GitLab, ReScript primary) but warrants a dedicated review PR
`satellites/consent-aware-http/CLAUDE.md`	Unique IETF spec / Internet-Draft authoring doc — not just a policy copy
`satellites/palimpsest-license/CLAUDE.md`	Unique Palimpsest license-framework project doc

Related

Same foundational pattern as #168 (subsuming legacy workflow templates into a single source-of-truth reusable workflow). The bug class is the same: vendoring policy content across N locations guarantees drift. The fix is the same: delete the copies, point to one canonical location.

Test plan

• Estate governance checks pass on this PR (the .claude/CLAUDE.md files affected are not load-bearing for any CI step).
• Diff review confirms each replacement preserves no unique repo-specific content (verified via sha256 grouping — 13+2+1 = 16 files, all matched one of three stale-content hashes).

[github-actions]

🔍 Hypatia Security Scan

Findings: 192 issues detected

Severity	Count
🔴 Critical	64
🟠 High	100
🟡 Medium	28

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "deno-ci-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Python file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "Agda postulate assumes without proof -- potential soundness hole (4 occurrences, CWE-704)",
    "type": "agda_postulate",
    "file": "/home/runner/work/standards/standards/lol/proofs/theories/information_theory.agda",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
    "type": "believe_me",
    "file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
    "type": "js_wildcard_cors",
    "file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence