chore(repo): add public metadata and CI#2
Conversation
Why: - The repo audit identified missing public license, security, and CI metadata. - Align the project with the nearby Signum public metadata shape while keeping this slice Rust-specific and minimal. - GitHub's hosted runner uses a newer Clippy than the local toolchain, so CI also needs the existing LSP reader loop to satisfy current lint rules. What changed: - Added MIT license metadata and root LICENSE. - Added public and internal security docs for reporting, trust boundaries, and sensitive surfaces. - Added a pinned GitHub Actions CI workflow and shared deterministic test script. - Linked the security/license files and CI script from README. - Rewrote the LSP message reader loop as while-let to satisfy current Clippy without changing behavior. Testing: - bash scripts/run-deterministic-tests.sh - bash -n scripts/run-deterministic-tests.sh - GitHub Actions initial run observed; it failed before the Clippy compatibility fix. Not tested: - GitHub Actions hosted-runner execution after the amended fix is not observed yet. - actionlint was not run because it is not installed locally. Risk: - narrow - CI may need further runner-specific adjustment after the next GitHub execution.
t3chn
force-pushed
the
codex/public-metadata-ci
branch
from
29aaee5 to
298876b
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 298876b6d2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| cargo clippy -- -D warnings | ||
| cargo run --quiet -- eval-fixtures --json | ||
| python3 research-radar/bin/validate_reports.py | ||
| git diff --check |
There was a problem hiding this comment.
In the workflow this script runs from a clean checkout, but git diff --check only fails on whitespace/conflict-marker problems and exits 0 for ordinary content changes. If a Cargo command rewrites Cargo.lock in CI, such as when a PR changes Cargo.toml without committing the lockfile because these commands do not use --locked (cargo test --help documents --locked as asserting Cargo.lock remains unchanged), the job can still pass with a dirty lockfile; use locked Cargo invocations and/or a final dirty-worktree check such as git diff --exit-code.
Useful? React with 👍 / 👎.
1 participant
Summary
LICENSE.README.md.Issue
Test plan
bash scripts/run-deterministic-tests.shbash -n scripts/run-deterministic-tests.shNot tested
actionlintwas not run because it is not installed locally.