feat(launcher-standard): require --version mode with machine-greppable format#173
Open
hyperpolymath wants to merge 1 commit into
Open
feat(launcher-standard): require --version mode with machine-greppable format#173hyperpolymath wants to merge 1 commit into
hyperpolymath wants to merge 1 commit into
Conversation
…e format
Field bug reports against launchers consistently lack a version string —
"it's broken on my machine" with no way to tell which build, no commit
SHA, no way to bisect. The original launcher-standard required --help
but not --version, so launchers had no obligation to emit one.
This adds --version (also accepts -V) as a required meta-mode. The first
line of output MUST follow a machine-greppable format so bug reports and
log greps can pull the build identity reliably:
{app-name} {version} ({build-sha-short}) [{platform}]
e.g. aerie-launcher 0.4.2 (a1b2c3d) [linux-x86_64]
Additional lines (build date, runtime versions, dep tree summary) MAY
follow. Exit code MUST be 0 on success.
Both the a2ml and the prose adoc are updated in the same commit, per the
launcher/README.adoc §Sync requirement (and the lock-step CI gate
introduced in PR #172).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 118 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "deno-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "Agda postulate assumes without proof -- potential soundness hole (4 occurrences, CWE-704)",
"type": "agda_postulate",
"file": "/home/runner/work/standards/standards/lol/proofs/theories/information_theory.agda",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
"type": "js_wildcard_cors",
"file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This was referenced May 26, 2026
hyperpolymath
added a commit
that referenced
this pull request
May 26, 2026
…ifest Filed alongside the 8 launcher-standard PRs (#170, #171, #172, #173, #175, #176, #177, #179) so reviewers landing on any individual PR can find the full picture in one place. Two files following the existing `docs/audits/` convention: - launcher-standard-review-2026-05-26.adoc — prose narrative for humans. Headline findings table (class × finding × addressed-in PR), PR map (number, branch, files, class), what-this-campaign-produces summary, deferred follow-ups, method notes including the parallel-session amend incident and how recovery worked. - launcher-standard-review-2026-05-26.a2ml — machine-readable manifest for tooling (PR-batching bots, change-impact analyzers, launch-scaffolder regenerators). Same PR set as parseable A2ML: per-PR file lists, addressed-issues, new-files lists, new-a2ml-keys lists, plus coordination notes (spec-version conflict resolution, lock-step gate trigger map) and deferred-followups with gating conditions. Includes a session-lessons-captured block pointing at the two memory entries written during this campaign. Pattern matches existing gap-matrix-2026-04-17.a2ml (A2ML extension syntax including @abstract: block). Pure tomllib does NOT parse A2ML; the repo's A2ML tooling does. Signing-key fingerprint deliberately NOT recorded inline — gitleaks's generic-api-key rule misclassifies 40-char PGP fingerprints as secrets. The all-prs-gpg-signed flag is the load-bearing assertion; the fingerprint is recoverable from `git log --show-signature` if anyone needs to verify against a specific key. Independent of all 8 review PRs — touches only docs/audits/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The launcher-standard requires
--helpbut not--version, so launchershad no obligation to emit a version string. Result: field bug reports
consistently lack a build identity ("it's broken on my machine" with no
SHA, no way to bisect, no way to tell two builds apart).
This adds
--version(and the alias-V) to the required meta-modes.The first line of output MUST follow a machine-greppable format:
```
{app-name} {version} ({build-sha-short}) [{platform}]
```
Example:
aerie-launcher 0.4.2 (a1b2c3d) [linux-x86_64]Additional lines (build date, runtime versions, dep summary) MAY follow.
Exit code MUST be 0 on success.
Changes
launcher/launcher-standard.a2ml: added--versionto[required-modes].meta; added new[version-output]table specifyingthe first-line format, an example, exit code, and machine-greppable
flag.
docs/UX-standards/launcher-standard.adoc: added a row to the§Required Modes table describing
--version/-V, the format, andthe rationale.
Both files updated in the same commit per the §Sync requirement and the
lock-step CI gate (PR #172) — this PR is a good first live test of that
gate.
Test plan
meta = ['--help', '--version'],[version-output]round-trips with all four fields intact.changes).
files in diff).
Coordination
touching either of the two group files, so this PR will be one of
the first live exercises of that gate once ci: add launcher-standard prose↔a2ml lock-step gate #172 lands.
🤖 Generated with Claude Code