policy: Tooling Version Integrity — institutionalise the burble#39 lesson#94
Merged
Merged
Conversation
Codifies the burble#39 lesson estate-wide so a runner-layer version skew can never again masquerade for months as an inner-layer failure. - TOOLING-VERSION-INTEGRITY-POLICY.adoc: 5 rules + post-mortem. Pin family tools; declare the min-version floor; gates prove execution not exit-0; every soft-gate explained (dated suppression OR by-design); resolve at source. - tasks/tooling-integrity-lint.sh: R0 just>=1.19.0 floor (blocking when just present — the execution-proof check an in-file guard cannot do), R1 unversioned family-tool install (blocking), R4 unexplained continue-on-error (advisory-first per the estate gating doctrine; --strict to enforce). Self-tested vs standards/burble/hypatia. - contractiles/must/Mustfile: canonical 'tooling-version-integrity' check (dependency-free inline floor assertion) — propagates to every repo adopting the canonical must contract on contractile regen. - Mustfile: live repo dogfoods the full lint. - Justfile: Rule-2 'requires: just >= 1.19.0' annotation. NOTE: the contractile generator repo is out-of-band; contractiles/ source is edited here, regen + propagation tracked in the estate sweep issue. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…tate trufflehog soft-gate P3 propagation: the estate-wide workflow_call reusable now enforces R0 (just>=1.19.0 floor, blocking when just present) and R1 (unversioned family-tool install, blocking) inline and dependency-free, so every repo invoking governance-reusable inherits the burble#39 guard with one existing `uses:` line — no per-repo PR, no script vendoring. R4 stays advisory via the standards lint. Also dogfoods Rule 4: the pre-existing bare continue-on-error on the trufflehog step now carries a by-design rationale, so the canonical template is itself policy-clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
For months a burble Elixir test gate was bolted open on the belief the suite was failing. It never ran: CI installed an unpinned
just(1.14.0), the Justfile usedimport?(needs ≥1.19.0), sojustdied at parse time. A runner-layer crash misdiagnosed as inner-layer test failure, frozen by acontinue-on-erroron a wrong root cause. This PR makes that class of failure structurally impossible estate-wide.What
TOOLING-VERSION-INTEGRITY-POLICY.adoc— 5 rules + post-mortem: pin family tools; declare the min-version floor in-file; gates prove execution not exit-0; every soft-gate explained (dated suppression orby-design:); resolve at source.tasks/tooling-integrity-lint.sh— R0just ≥ 1.19.0floor (blocking whenjustpresent — the execution-proof check an in-file guard structurally cannot do, sinceimport?fails at parse time), R1 unversioned family-tool install (blocking), R4 unexplainedcontinue-on-error(advisory-first per the estate's own gating doctrine,--strictto enforce). Self-tested against standards/burble/hypatia.contractiles/must/Mustfile— canonical dependency-freetooling-version-integritycheck; propagates to every repo adopting the canonicalmustcontract.Mustfile— this repo dogfoods the full lint.Justfile— Rule-2 floor annotation.Rollout context
P1+P2 of a full rollout. P0 (live armed instance) shipped: hyperpolymath/hypatia#270. Remaining: propagate the pinned-install snippet through canonical CI templates + estate re-adoption sweep (tracked separately). The
contractilegenerator repo is out-of-band —contractiles/source edited here; regen/propagation tracked in the sweep issue.🤖 Generated with Claude Code