chore: repo-hardening — gauntlet Windows fix, gitattributes, templates, Makefile, security/contributing#8
Merged
Merged
Conversation
The sdk/python/tilion_fortress.egg-info/ directory is regenerated by the Python build and should never be in version control. Remove it from the index and ignore it going forward.
git apply on patches/*.patch is whitespace-sensitive; a CRLF checkout on Windows silently breaks it. Force LF for patches, scripts, and source, keep CRLF for .cmd/.ps1, and mark binary assets so they are never normalized.
gauntlet.py hardcoded a POSIX /tmp user-data-dir and HOME and the bare 'tilion' launcher, so it could not run on Windows (launcher is tilion.cmd, and /tmp does not exist). Use tempfile.mkdtemp() for the profile/home, pick the .cmd launcher via cmd /c on Windows, and clean up the temp dirs on exit.
make lint/test/check/gauntlet/apply/bundle over the scripts already in the repo, plus a self-documenting help target. No Chromium build involved.
Mirrors the CI gates before each commit: whitespace/EOF/YAML/JSON hooks plus tools/check_patches.py, with patches/ excluded from the whitespace fixers.
A 'Detection vector' form (the most valuable report), a bug form that steers security issues to SECURITY.md, a config linking Security advisories and Discussions, and a PR checklist enforcing the single-surface/uxr-only rules.
Separates detection vectors (public issues) from binary vulnerabilities (private advisory), documents private reporting and the supported-version policy.
How to report a detection, how the patch series works (series-sync, single-surface, the uxr- prefix rule), and the local checks (make check / pre-commit) that mirror CI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Repo-hardening pass: standard project infrastructure and a real cross-platform bug fix. No README changes.
tools/gauntlet.pyhardcoded a POSIX/tmpprofile/HOME and the baretilionlauncher, so it could not run on Windows. Now usestempfile.mkdtemp()andcmd /c tilion.cmd, and cleans up on exit.sdk/python/tilion_fortress.egg-info/build artifact; broaden.gitignore..gitattributespinning LF (sogit applyonpatches/can't be corrupted by a CRLF checkout); aMakefile(lint/test/gauntlet/apply/bundle)..pre-commit-config.yamlrunning the patch linter locally; issue templates (Detection vector / Bug) + PR checklist.SECURITY.mdandCONTRIBUTING.md(no README touched).Verified locally:
python tools/check_patches.pygreen, 21 SDK tests pass,gauntlet.pycompiles.