You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tracking issue for full rollout + closure of the Tooling Version Integrity initiative. Spawned from the burble#39 post-mortem (unpinned just 1.14.0 vs import? ≥1.19.0 → parse-time crash misdiagnosed for months as failing tests, frozen behind continue-on-error on a wrong root cause).
live Mustfile dogfoods the lint; Justfile carries the Rule-2 floor annotation
governance-reusable.yml inline R0+R1 gate → propagates estate-wide via the existing workflow_call line, no per-repo PR
Remaining / owned handoffs (inherently multi-session or external)
contractile generator regen is out-of-band. The generator repo is not in the working estate. The new canonical contractiles/must/Mustfile check reaches consumers only when someone holding the generator runs contractile gen-just --dir contractiles and repos re-adopt. Until then, governance-reusable.yml is the live propagation path (no regen needed).
R4 advisory → --strict promotion. ~9 advisory continue-on-error findings in standards alone (estate-wide more). Promote per-repo as each soft-gate is explained (dated suppression or by-design:). Do not flip estate-wide at once — that would itself become an ignored gate (the exact anti-pattern).
governance-reusable adoption audit. Confirm every estate repo invokes governance-reusable.yml (6 consumers seen locally; full estate unverified) so the inline R0/R1 gate actually runs everywhere.
burble#35 item 2 (cross-ref burble#39). Final Elixir gate re-arm is blocked on a green/red CI signal — GitHub runners queued ~3h+ (external). burble#39 carries the line-pinned static prediction (RED via Burble.Store/VeriSimDB at app-boot); remediation A (test-env child filtering) is identified but, per the burble#40 "confirm before fixing" discipline, must wait for the real CI log. A watcher is live.
Closure criteria
standards#94 + hypatia#270 merged
contractile regen performed (or a permanent non-regen propagation path ratified)
governance-reusable adoption audited estate-wide
burble#35 closed (item 2 re-armed once CI confirms green, or remediation-A PR landed then re-armed)
R4 promoted to --strict in repos with no unexplained soft-gates
Tracking issue for full rollout + closure of the Tooling Version Integrity initiative. Spawned from the burble#39 post-mortem (unpinned
just1.14.0 vsimport?≥1.19.0 → parse-time crash misdiagnosed for months as failing tests, frozen behindcontinue-on-erroron a wrong root cause).Done
build-gossamer-gui.yml). Estate sweep confirms the bug surface is fully bounded: onlyburble(fixed, burble#40 merged) andhypatia(#270) ever installedjustunversioned. No 50-repo pinning epidemic.TOOLING-VERSION-INTEGRITY-POLICY.adoc(5 rules + post-mortem)tasks/tooling-integrity-lint.sh(R0 just-floor blocking, R1 unversioned-install blocking, R4 unexplained-continue-on-erroradvisory-first; self-tested)contractiles/must/Mustfilecanonical dependency-freetooling-version-integritycheckMustfiledogfoods the lint;Justfilecarries the Rule-2 floor annotationgovernance-reusable.ymlinline R0+R1 gate → propagates estate-wide via the existingworkflow_callline, no per-repo PRRemaining / owned handoffs (inherently multi-session or external)
contractilegenerator regen is out-of-band. The generator repo is not in the working estate. The new canonicalcontractiles/must/Mustfilecheck reaches consumers only when someone holding the generator runscontractile gen-just --dir contractilesand repos re-adopt. Until then,governance-reusable.ymlis the live propagation path (no regen needed).--strictpromotion. ~9 advisorycontinue-on-errorfindings instandardsalone (estate-wide more). Promote per-repo as each soft-gate is explained (dated suppression orby-design:). Do not flip estate-wide at once — that would itself become an ignored gate (the exact anti-pattern).governance-reusable.yml(6 consumers seen locally; full estate unverified) so the inline R0/R1 gate actually runs everywhere.Burble.Store/VeriSimDB at app-boot); remediation A (test-env child filtering) is identified but, per the burble#40 "confirm before fixing" discipline, must wait for the real CI log. A watcher is live.Closure criteria
--strictin repos with no unexplained soft-gatesRefs: burble#35, burble#39, #94, hyperpolymath/hypatia#270