From 83400086cf5f6b80e9fea756d95b2e333ca82ef9 Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 29 May 2026 16:05:13 -0700 Subject: [PATCH] chore: harden public repo hygiene --- .github/dependabot.yml | 7 ++++ .github/workflows/agent-law-provisioner.yml | 8 +++-- .github/workflows/agent-law.yml | 6 +++- .gitignore | 13 +++++++ tests/test_public_defaults.py | 39 +++++++++++++++++++++ 5 files changed, 70 insertions(+), 3 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .gitignore create mode 100644 tests/test_public_defaults.py diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c73a811 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + diff --git a/.github/workflows/agent-law-provisioner.yml b/.github/workflows/agent-law-provisioner.yml index 5d25bb4..19a9d46 100644 --- a/.github/workflows/agent-law-provisioner.yml +++ b/.github/workflows/agent-law-provisioner.yml @@ -31,7 +31,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout hub - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - name: Run public-defaults tests + shell: bash + run: python3 -m unittest discover -s tests -p "test_*.py" - name: Provision Agent Law env: @@ -73,7 +77,7 @@ jobs: - name: Upload provisioner report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: agent-law-provisioner-results path: agent-law-provisioner-results.json diff --git a/.github/workflows/agent-law.yml b/.github/workflows/agent-law.yml index 07cbd0a..017d19f 100644 --- a/.github/workflows/agent-law.yml +++ b/.github/workflows/agent-law.yml @@ -14,7 +14,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - name: Run public-defaults tests + shell: bash + run: python3 -m unittest discover -s tests -p "test_*.py" - name: Verify Empower Orchestrator law shell: bash diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fe3eb3f --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +# Local environment and secret material +.env +.env.* +*.pem +*.key + +# OS noise +.DS_Store +Thumbs.db + +# Python local cache +__pycache__/ +*.py[cod] diff --git a/tests/test_public_defaults.py b/tests/test_public_defaults.py new file mode 100644 index 0000000..f6efd73 --- /dev/null +++ b/tests/test_public_defaults.py @@ -0,0 +1,39 @@ +from __future__ import annotations + +import py_compile +import unittest +from pathlib import Path + + +ROOT = Path(__file__).resolve().parents[1] + + +class PublicDefaultsTests(unittest.TestCase): + def test_required_public_docs_exist(self) -> None: + required = [ + "README.md", + "CONTRIBUTING.md", + "LICENSE", + "AGENTS.md", + "CLAUDE.md", + "docs/agent-law/empower-orchestrator.md", + "profile/README.md", + ] + for path in required: + with self.subTest(path=path): + self.assertTrue((ROOT / path).is_file(), path) + + def test_agent_law_markers_are_present(self) -> None: + for path in ["AGENTS.md", "CLAUDE.md", ".github/pull_request_template.md"]: + with self.subTest(path=path): + text = (ROOT / path).read_text(encoding="utf-8") + self.assertIn("EMPOWER_ORCHESTRATOR:START", text) + self.assertIn("EMPOWER_ORCHESTRATOR:END", text) + + def test_provisioner_script_compiles(self) -> None: + py_compile.compile(str(ROOT / "scripts/provision-agent-law.py"), doraise=True) + + +if __name__ == "__main__": + unittest.main() +