Skip to content

chore(license): flip 700 PMPL→AGPL-3.0-or-later SPDX stamps (Phase 1)#344

Merged
hyperpolymath merged 3 commits into
mainfrom
chore/license-phase-1-spdx-agpl-3-0-or-later
Jun 2, 2026
Merged

chore(license): flip 700 PMPL→AGPL-3.0-or-later SPDX stamps (Phase 1)#344
hyperpolymath merged 3 commits into
mainfrom
chore/license-phase-1-spdx-agpl-3-0-or-later

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented Jun 2, 2026

Summary

First in a per-subdir series for standards PMPL→AGPL-3.0-or-later source-SPDX alignment.

Note the direction: standards is category 3 (son-shared per [[standards-agpl-intentional]]), so source SPDX flips to AGPL-3.0-or-later, not MPL-2.0 (which is the sole-owner default for repos like dev-ecosystem and neurophone).

Repo state confirmed

  • Root LICENSE: AGPL-3.0-or-later ✓
  • Source SPDX: 3,553 files carry PMPL-1.0-or-later from legacy carve-out era
  • consent-aware-http subdir has its own special hybrid (MPL-2.0 source + CC-BY-4.0 spec + PMPL-2.0-or-later reference) — EXCLUDED from this PR

Phase 1 scope (this PR)

700 files flipped PMPL-1.0-or-laterAGPL-3.0-or-later:

Area Files
Repo root 28
docs/ 319
.machine_readable/ 57
~30 small subdirs with no own LICENSE (meta-a2ml, session-management-standards, agentic-a2ml, anchor-a2ml, k9-coordination-protocol, standards-update, scripts, state-a2ml, ecosystem-a2ml, playbook-a2ml, neurosym-a2ml, toolchain-readiness-grades, overlay-protocol, a2ml-templates, .verisimdb, inline-annotations, hooks, launcher, contractiles, adoption-readiness-grades, panll-panels, hypatia-rules, foundations-readiness-grades, component-readiness-grades, publication-pre-flight, ensaid-config, ai-instruction, tasks, standards, release-pre-flight, tools, testing-and-benchmarking, .meta, immaculate-guide, .github, accessibility) ~296

Explicitly EXCLUDED

Path Reason Files
a2ml/ Own PMPL LICENSE — Phase 2 (LICENSE+SPDX to AGPL combined) 1,171
k9-svc/ Own PMPL LICENSE — Phase 2 1,160
rhodium-standard-repositories/ Own PMPL LICENSE — Phase 2 122
0-ai-gatekeeper-protocol/ Own PMPL LICENSE — Phase 2 107
lol/ Own PMPL LICENSE — Phase 2 105
avow-protocol/ Own PMPL LICENSE + check-in copy of standalone hyperpolymath/avow-protocol — skip (fix in standalone) 90
axel-protocol/ Own PMPL LICENSE — Phase 2 49
consent-aware-http/ Special hybrid licensing (MPL-2.0 src + CC-BY-4.0 spec + PMPL-2.0-or-later ref) per owner directive 2026-06-02 39
outreach/ Own LICENSE — Phase 2 review 10

Pattern this PR follows

  • hyperpolymath/neurophone#102 for SPDX-flip mechanics
  • hyperpolymath/developer-ecosystem#103/#105 for per-subdir scoping
  • First time the destination is AGPL not MPL — be aware

Verification

grep -rl 'SPDX-License-Identifier: PMPL-1.0-or-later' <phase-1-paths>
# returns: 0 files

Why draft

License sweep + first-of-kind AGPL destination; owner sight before merge.

🤖 Generated with Claude Code

@hyperpolymath @claude
chore(license): flip 700 PMPL→AGPL-3.0-or-later SPDX stamps (Phase 1 …
5d0906b 
…— son-shared standards)

See PR description for scope + exclusions + AGPL rationale.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 2, 2026
View reviewed changes
Comment thread overlay-protocol/ffi/zig/src/main.zig
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
Comment thread scripts/check-ts-allowlist.ts
@@ -1,4 +1,4 @@
// SPDX-License-Identifier: PMPL-1.0-or-later
// SPDX-License-Identifier: AGPL-3.0-or-later
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 201 issues detected

Severity Count
🔴 Critical 64
🟠 High 43
🟡 Medium 94

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in changelog-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "changelog-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in deno-ci-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "deno-ci-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath mentioned this pull request Jun 2, 2026
Merged
@hyperpolymath hyperpolymath marked this pull request as ready for review June 2, 2026 18:15
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 201 issues detected

Severity Count
🔴 Critical 64
🟠 High 43
🟡 Medium 94

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in changelog-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "changelog-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in deno-ci-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "deno-ci-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath mentioned this pull request Jun 2, 2026
Open
hyperpolymath added a commit that referenced this pull request Jun 2, 2026
@hyperpolymath @claude
chore(license): replace 7 subdir LICENSEs + flip 2717 SPDX → AGPL-3.0…
ac6b325 
…-or-later (Phase 2) (#345)

## Summary

Phase 2 of the standards PMPL→AGPL-3.0-or-later sweep. Companion to #344
(Phase 1).

This PR covers the **7 standards-local sub-projects** that have their
own PMPL-1.0-or-later LICENSE files. LICENSE+SPDX flipped together to
align with standards parent's AGPL-3.0-or-later (per
[[standards_agpl_intentional]] memory; standards is category 3,
son-shared).

## Why standards-local (not standalones)

Verified via `gh api repos/hyperpolymath/<name>` that none of these 7
sub-projects exist as standalone GitHub repos — they're standards-local
sub-specifications.

## Scope (2,724 files)

**7 subdir LICENSE files replaced** (PMPL-1.0-or-later →
AGPL-3.0-or-later canonical text from standards root):
- `a2ml/` — 1,171 source SPDX
- `k9-svc/` — 1,160 source SPDX
- `rhodium-standard-repositories/` — 122
- `0-ai-gatekeeper-protocol/` — 107
- `lol/` — 105
- `axel-protocol/` — 49
- `outreach/` — 10

**2,717 source files** flipped `PMPL-1.0-or-later` →
`AGPL-3.0-or-later`.

## Explicitly EXCLUDED (still)

- **`avow-protocol/`** (90) — check-in copy of
`hyperpolymath/avow-protocol` standalone
- **`consent-aware-http/`** (39) — special hybrid licensing per owner
directive 2026-06-02 (MPL-2.0 source + CC-BY-4.0 spec +
PMPL-2.0-or-later reference). Phase 3.

## Pattern this PR follows

- `hyperpolymath/developer-ecosystem#106` (Phase 4 LICENSE+SPDX shape)
- **First time** the destination is AGPL not MPL

## Verification

```sh
for d in a2ml k9-svc rhodium-standard-repositories 0-ai-gatekeeper-protocol lol axel-protocol outreach; do head -1 "$d/LICENSE"; done
# all return: SPDX-License-Identifier: AGPL-3.0-or-later

grep -rl 'SPDX-License-Identifier: PMPL-1.0-or-later' a2ml k9-svc rhodium-standard-repositories 0-ai-gatekeeper-protocol lol axel-protocol outreach
# returns: 0 files
```

## Why draft

LICENSE replacements + first-of-kind AGPL destination; owner sight
before merge.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath merged commit 9bdaff9 into main Jun 2, 2026
10 of 19 checks passed
@hyperpolymath hyperpolymath deleted the chore/license-phase-1-spdx-agpl-3-0-or-later branch June 2, 2026 19:16
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 201 issues detected

Severity Count
🔴 Critical 64
🟠 High 43
🟡 Medium 94

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action for the check script)\n        uses: actions/checkout@de0f needs attention",
    "type": "unpinned_action",
    "file": "governance-reusable.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-verify.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-verify.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in changelog-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "changelog-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in deno-ci-reusable.yml",
    "type": "missing_timeout_minutes",
    "file": "deno-ci-reusable.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath mentioned this pull request Jun 3, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @github-advanced-security