Skip to content

chore: repo-hardening — gauntlet Windows fix, gitattributes, templates, Makefile, security/contributing#8

Merged
arham766 merged 10 commits into
mainfrom
chore/repo-hardening
Jul 3, 2026
Merged

chore: repo-hardening — gauntlet Windows fix, gitattributes, templates, Makefile, security/contributing#8
arham766 merged 10 commits into
mainfrom
chore/repo-hardening

Conversation

@arham766

@arham766 arham766 commented Jul 3, 2026

Copy link
Copy Markdown
Member

Repo-hardening pass: standard project infrastructure and a real cross-platform bug fix. No README changes.

  • fix(gauntlet): tools/gauntlet.py hardcoded a POSIX /tmp profile/HOME and the bare tilion launcher, so it could not run on Windows. Now uses tempfile.mkdtemp() and cmd /c tilion.cmd, and cleans up on exit.
  • chore: stop tracking the generated sdk/python/tilion_fortress.egg-info/ build artifact; broaden .gitignore.
  • build: .gitattributes pinning LF (so git apply on patches/ can't be corrupted by a CRLF checkout); a Makefile (lint/test/gauntlet/apply/bundle).
  • ci: .pre-commit-config.yaml running the patch linter locally; issue templates (Detection vector / Bug) + PR checklist.
  • docs: SECURITY.md and CONTRIBUTING.md (no README touched).

Verified locally: python tools/check_patches.py green, 21 SDK tests pass, gauntlet.py compiles.

arham766 added 10 commits July 2, 2026 23:09
The sdk/python/tilion_fortress.egg-info/ directory is regenerated by the
Python build and should never be in version control. Remove it from the
index and ignore it going forward.
git apply on patches/*.patch is whitespace-sensitive; a CRLF checkout on
Windows silently breaks it. Force LF for patches, scripts, and source, keep
CRLF for .cmd/.ps1, and mark binary assets so they are never normalized.
gauntlet.py hardcoded a POSIX /tmp user-data-dir and HOME and the bare
'tilion' launcher, so it could not run on Windows (launcher is tilion.cmd,
and /tmp does not exist). Use tempfile.mkdtemp() for the profile/home, pick
the .cmd launcher via cmd /c on Windows, and clean up the temp dirs on exit.
make lint/test/check/gauntlet/apply/bundle over the scripts already in the
repo, plus a self-documenting help target. No Chromium build involved.
Mirrors the CI gates before each commit: whitespace/EOF/YAML/JSON hooks plus
tools/check_patches.py, with patches/ excluded from the whitespace fixers.
A 'Detection vector' form (the most valuable report), a bug form that steers
security issues to SECURITY.md, a config linking Security advisories and
Discussions, and a PR checklist enforcing the single-surface/uxr-only rules.
Separates detection vectors (public issues) from binary vulnerabilities
(private advisory), documents private reporting and the supported-version
policy.
How to report a detection, how the patch series works (series-sync,
single-surface, the uxr- prefix rule), and the local checks (make check /
pre-commit) that mirror CI.
@arham766 arham766 merged commit f3f932d into main Jul 3, 2026
5 checks passed
@arham766 arham766 deleted the chore/repo-hardening branch July 3, 2026 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant