Summary
The governance / Check Workflow Staleness job fails on verisimiser (seen on PR #167, run 28286708330). This is pre-existing repo/CI hygiene — unrelated to the provable.yml slice — surfaced here for triage on the master scheduler. It is very likely estate-wide (every -iser repo inherits the same standards-governance workflows).
What the check reports (verbatim)
ERROR: scorecard-enforcer.yml is retired. Use scorecard.yml -> standards scorecard-reusable.yml instead.
ERROR: OSSF Scorecard must not upload SARIF to GitHub Code Scanning unless it runs for every PR head commit.
ERROR: Remove legacy scorecard-enforcer.yml, refresh out-of-window standards reusable pins toward a recent commit, and keep Scorecard out of GitHub Code Scanning unless it runs for every PR head commit.
NOTICE: hypatia-scan-reusable.yml pin d135b05bfc64 is 17 commit(s) / 2d behind standards HEAD — within window (<=50 commits or <=14d). Bump deliberately with scripts/propagate-workflow-pins.sh when convenient.
NOTICE: scorecard-reusable.yml pin d135b05bfc64 is 17 commit(s) / 2d behind standards HEAD — within window.
Staleness check ran against standards SHA 583a9346ebf28e0fd8114f22aef140eaa1be4ac0.
Proposed actions
Scope note
Per the estate license/governance policy this is FLAG-and-triage, not an automated sweep. If the same scorecard-enforcer.yml/pins pattern recurs across the -iser family, consider an umbrella tracking issue in hyperpolymath/standards rather than per-repo fixes.
Filed from a Claude Code cloud session as a follow-up to PR #167 (merged). Surfaced for the master scheduler.
Summary
The
governance / Check Workflow Stalenessjob fails onverisimiser(seen on PR #167, run 28286708330). This is pre-existing repo/CI hygiene — unrelated to the provable.yml slice — surfaced here for triage on the master scheduler. It is very likely estate-wide (every-iserrepo inherits the same standards-governance workflows).What the check reports (verbatim)
Staleness check ran against standards SHA
583a9346ebf28e0fd8114f22aef140eaa1be4ac0.Proposed actions
.github/workflows/scorecard-enforcer.yml..github/workflows/scorecard.ymldelegates to the standardsscorecard-reusable.ymland does not upload SARIF to GitHub Code Scanning unless it runs for every PR head commit.scripts/propagate-workflow-pins.sh.Scope note
Per the estate license/governance policy this is FLAG-and-triage, not an automated sweep. If the same
scorecard-enforcer.yml/pins pattern recurs across the-iserfamily, consider an umbrella tracking issue inhyperpolymath/standardsrather than per-repo fixes.Filed from a Claude Code cloud session as a follow-up to PR #167 (merged). Surfaced for the master scheduler.