fix(launcher-standard): replace hard-coded /var/mnt/eclipse/... with a search-ladder#171
Open
hyperpolymath wants to merge 1 commit into
Open
fix(launcher-standard): replace hard-coded /var/mnt/eclipse/... with a search-ladder#171hyperpolymath wants to merge 1 commit into
hyperpolymath wants to merge 1 commit into
Conversation
…a search-ladder The launcher standard previously hard-coded `/var/mnt/eclipse/repos/...` as the sole literal-fallback path for both `launch-scaffolder` finding `launcher-standard.a2ml` and `.desktop` files finding `keepopen.sh` / `verify-desktop-integrity.sh`. On any host that does not happen to use the eclipse-mount layout (e.g. `$HOME/developer/repos`, `$HOME/dev/repos`), the documented default fallback simply pointed at a non-existent path. This blocked anyone outside that one layout from using the standard's defaults — they had to set `--standard <path>` / `$LAUNCH_SCAFFOLDER_STANDARD` on every invocation, and could not rely on the documented `.desktop` templates at all. Changes: - Add `[resolution]` table to `launcher-standard.a2ml` with two search ladders: `desktop-tools-search` (finds `.desktop-tools/`) and `standard-search` (finds `launcher-standard.a2ml`). Each ladder is ordered: explicit env-var override → estate-root → XDG default → three known absolute layouts (eclipse, `$HOME/developer/repos`, `$HOME/dev/repos`). First existing match wins. - Add `launcher/resolve-desktop-tools.sh`: bash reference implementation exposing `hp_resolve_desktop_tools` and `hp_resolve_standard` as sourceable functions, plus CLI behaviour (`--list`, `--standard`, `<tool-name>`). Downstream launchers SHOULD use this rather than re-implement the ladder. - Mark the existing `deployed-symlink` and `fallback-paths` literals DEPRECATED but keep them in place: pre-resolution consumers (`launch-scaffolder` until it's rebuilt against this spec) still read those keys, so removing them would break them. New code MUST use `[resolution]`. - Update `docs/UX-standards/launcher-standard.adoc` §Canonical location to describe the ladder and reference `resolve-desktop-tools.sh`. Also update the `.desktop` Exec= example with an explicit comment that the path is resolved at install time (because the freedesktop spec does not expand env vars in Exec=). - Update `launcher/README.adoc` consumer-resolution-order section to describe the ladder instead of the obsolete single literal. Spec `[spec].version` intentionally NOT bumped here — PR #170 also bumps it (to 0.3.0) and the two PRs are independent off main; whichever merges second will need a trivial conflict-resolve to land both bumps. Verified on this host: $ launcher/resolve-desktop-tools.sh --standard /home/hyperpolymath/developer/repos/standards/launcher/launcher-standard.a2ml (previously: nothing — the only candidate path was the eclipse one) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 192 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "deno-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "Agda postulate assumes without proof -- potential soundness hole (4 occurrences, CWE-704)",
"type": "agda_postulate",
"file": "/home/runner/work/standards/standards/lol/proofs/theories/information_theory.agda",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
"type": "js_wildcard_cors",
"file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This was referenced May 26, 2026
hyperpolymath
added a commit
that referenced
this pull request
May 26, 2026
…ifest Filed alongside the 8 launcher-standard PRs (#170, #171, #172, #173, #175, #176, #177, #179) so reviewers landing on any individual PR can find the full picture in one place. Two files following the existing `docs/audits/` convention: - launcher-standard-review-2026-05-26.adoc — prose narrative for humans. Headline findings table (class × finding × addressed-in PR), PR map (number, branch, files, class), what-this-campaign-produces summary, deferred follow-ups, method notes including the parallel-session amend incident and how recovery worked. - launcher-standard-review-2026-05-26.a2ml — machine-readable manifest for tooling (PR-batching bots, change-impact analyzers, launch-scaffolder regenerators). Same PR set as parseable A2ML: per-PR file lists, addressed-issues, new-files lists, new-a2ml-keys lists, plus coordination notes (spec-version conflict resolution, lock-step gate trigger map) and deferred-followups with gating conditions. Includes a session-lessons-captured block pointing at the two memory entries written during this campaign. Pattern matches existing gap-matrix-2026-04-17.a2ml (A2ML extension syntax including @abstract: block). Pure tomllib does NOT parse A2ML; the repo's A2ML tooling does. Signing-key fingerprint deliberately NOT recorded inline — gitleaks's generic-api-key rule misclassifies 40-char PGP fingerprints as secrets. The all-prs-gpg-signed flag is the load-bearing assertion; the fingerprint is recoverable from `git log --show-signature` if anyone needs to verify against a specific key. Independent of all 8 review PRs — touches only docs/audits/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The launcher standard previously hard-coded
/var/mnt/eclipse/repos/...as the sole literal-fallback path for:
launch-scaffolderfindinglauncher-standard.a2ml.desktopfiles findingkeepopen.sh--integfindingverify-desktop-integrity.shOn any host that doesn't use the eclipse-mount layout (e.g. this one —
/home/hyperpolymath/developer/repos/), the documented default fallbackpointed at a non-existent path. The standard's defaults did not work.
This blocked anyone outside that one layout from using the documented
templates: they had to set
--standard <path>/\$LAUNCH_SCAFFOLDER_STANDARDon every invocation, and could not rely on the documented
.desktoptemplates at all.
What changed
[resolution]table added tolauncher-standard.a2mlwith twosearch ladders —
desktop-tools-search(finds.desktop-tools/)and
standard-search(finds the spec itself). Each ladder is ordered:explicit env-var override → estate-root → XDG default → three known
absolute layouts (eclipse,
\$HOME/developer/repos,\$HOME/dev/repos).First existing match wins.
launcher/resolve-desktop-tools.shadded — bash referenceimplementation of both ladders, exposing
hp_resolve_desktop_toolsand
hp_resolve_standardas sourceable functions, plus a small CLI(
--list,--standard,<tool-name>). Downstream launchers SHOULDuse this rather than re-implementing the ladder.
deployed-symlinkandfallback-pathsliterals kept butmarked DEPRECATED. Removing them would break
launch-scaffolderuntil it's rebuilt against the new spec; the deprecation marker is
the migration signal.
launcher-standard.adoc§Canonical locationdescribes the ladder + references
resolve-desktop-tools.sh; the.desktopExec=example carries a comment that the path isresolved at install time (because the freedesktop spec does NOT
expand env vars in
Exec=lines).launcher/README.adocconsumer-resolution-order section updatedto describe the ladder instead of the obsolete single literal.
Verified on this host
```
$ launcher/resolve-desktop-tools.sh --standard
/home/hyperpolymath/developer/repos/standards/launcher/launcher-standard.a2ml
```
(previously: nothing — the only candidate path was the eclipse one)
a2ml parses clean (verified with python tomllib): 13 top-level tables,
resolution.desktop-tools-searchhas 6 entries,resolution.standard-searchhas 5.Coordination
[spec].version. I deliberately did NOT bump version here; whichever PR merges second needs a trivial conflict-resolve to land both bumps (suggested: fix(launcher-standard): resolve 3 cross-doc contradictions #170 → 0.3.0, this → 0.4.0).launch-scaffolder(separate repo): replace the single hard-coded fallback in its Rust loader with the[resolution].standard-searchladder. Until that lands, this PR is documentation-and-helper only for that consumer — but it already unblocks any new launcher that sourcesresolve-desktop-tools.sh.Out of scope (still deferred from the original review)
open, WSLwslview,\$BROWSER.wait_for_serverignores thewait-for-url-timeout-secondsconstant./tmp/names (XDG hygiene).keepopen.shdoesn't honourNO_COLOR.--versionmode missing from required-modes.[soft-attach]/gui-dialog-chainlack reference impls.Test plan
resolve-desktop-tools.sh --standardfinds the spec on this hostresolve-desktop-tools.sh --listshows the full ladderresolve-desktop-tools.sh keepopen.shcorrectly returns exit 1 when no.desktop-tools/is deployed (expected — that's a separate integration step)launch-scaffolderrebuild picks up the new ladder (separate repo)🤖 Generated with Claude Code