-
Notifications
You must be signed in to change notification settings - Fork 0
234 lines (198 loc) · 7.82 KB
/
rhodibot.yml
File metadata and controls
234 lines (198 loc) · 7.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
# SPDX-License-Identifier: MPL-2.0
# rhodibot.yml — Automated RSR compliance enforcement
#
# Reads root-hygiene rules and auto-fixes what it can:
# - Delete banned files (AI.djot, duplicate CONTRIBUTING.adoc, stale snapshots)
# - Rename misnamed files (AI.a2ml → 0-AI-MANIFEST.a2ml)
# - Fix SPDX headers (AGPL → PMPL in dotfiles)
# - Create missing required files (SECURITY.md, CONTRIBUTING.md)
# - Report unfixable issues as PR comments
#
# Runs weekly and on Hypatia scan completion.
name: "🤖 Rhodibot — RSR Auto-Fix"
on:
schedule:
- cron: '0 6 * * 1' # Every Monday at 06:00 UTC
workflow_dispatch: # Manual trigger
workflow_run:
workflows: ["Hypatia Neurosymbolic Analysis"]
types: [completed]
permissions:
contents: write
pull-requests: write
jobs:
rhodibot:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 1
- name: Rhodibot — Scan and Fix
id: fix
run: |
set -euo pipefail
FIXES=""
ISSUES=""
CHANGED=false
# --- 1. Delete banned files ---
for pattern in "AI.djot" "NEXT_STEPS.md" "TODO.md" "NOTES.md" "TASKS.md"; do
if [ -f "$pattern" ]; then
rm "$pattern"
FIXES="$FIXES\n- Deleted \`$pattern\` (superseded)"
CHANGED=true
fi
done
# Delete stale snapshot files
for f in *-STATUS-*.md *-COMPLETION-*.md *-COMPLETE.md *-VERIFIED-*.md; do
if [ -f "$f" ]; then
rm "$f"
FIXES="$FIXES\n- Deleted stale snapshot \`$f\`"
CHANGED=true
fi
done
# --- 2. Rename misnamed files ---
if [ -f "AI.a2ml" ] && [ ! -f "0-AI-MANIFEST.a2ml" ]; then
mv AI.a2ml 0-AI-MANIFEST.a2ml
FIXES="$FIXES\n- Renamed \`AI.a2ml\` → \`0-AI-MANIFEST.a2ml\`"
CHANGED=true
fi
# --- 3. Delete duplicate format files ---
if [ -f "CONTRIBUTING.md" ] && [ -f "CONTRIBUTING.adoc" ]; then
rm CONTRIBUTING.adoc
FIXES="$FIXES\n- Deleted duplicate \`CONTRIBUTING.adoc\` (keeping .md for GitHub)"
CHANGED=true
fi
if [ -f "README.md" ] && [ -f "README.adoc" ]; then
# Only delete README.md if it's a stub (<5 lines)
lines=$(wc -l < README.md)
if [ "$lines" -lt 5 ]; then
rm README.md
FIXES="$FIXES\n- Deleted stub \`README.md\` (keeping .adoc)"
CHANGED=true
fi
fi
# --- 4. Fix SPDX headers in dotfiles ---
for dotfile in .gitignore .gitattributes .editorconfig; do
if [ -f "$dotfile" ] && grep -q "AGPL-3.0" "$dotfile" 2>/dev/null; then
sed -i 's/AGPL-3.0-or-later/MPL-2.0/g; s/AGPL-3.0/MPL-2.0/g' "$dotfile"
FIXES="$FIXES\n- Fixed SPDX header in \`$dotfile\` (AGPL → PMPL)"
CHANGED=true
fi
done
# --- 5. Create missing required files ---
if [ ! -f "SECURITY.md" ]; then
cat > SECURITY.md << 'SECEOF'
<!-- SPDX-License-Identifier: MPL-2.0 -->
# Security Policy
## Reporting a Vulnerability
**Email:** j.d.a.jewell@open.ac.uk
**Response timeline:**
- Acknowledgement within 48 hours
- Initial assessment within 7 days
- Fix or mitigation within 90 days
**Safe harbour:** We will not pursue legal action against security researchers who follow responsible disclosure.
SECEOF
FIXES="$FIXES\n- Created missing \`SECURITY.md\`"
CHANGED=true
fi
if [ ! -f "CONTRIBUTING.md" ]; then
cat > CONTRIBUTING.md << 'CONTEOF'
<!-- SPDX-License-Identifier: MPL-2.0 -->
# Contributing
1. Fork the repository
2. Create a feature branch
3. Ensure SPDX headers on all files
4. Submit a pull request
**Author:** Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
CONTEOF
FIXES="$FIXES\n- Created missing \`CONTRIBUTING.md\`"
CHANGED=true
fi
# --- 6. Check for issues we can't auto-fix ---
if [ ! -f "0-AI-MANIFEST.a2ml" ] && [ ! -f "AI.a2ml" ]; then
ISSUES="$ISSUES\n- Missing AI manifest (0-AI-MANIFEST.a2ml)"
fi
if [ ! -f "LICENSE" ] && [ ! -f "LICENSE.md" ] && [ ! -f "LICENSE.txt" ]; then
ISSUES="$ISSUES\n- Missing LICENSE file"
fi
if [ ! -f "README.adoc" ] && [ ! -f "README.md" ]; then
ISSUES="$ISSUES\n- Missing README"
fi
# Check for third-party fork (skip SPDX enforcement)
if [ -f "LICENSE" ] && grep -q "multiple licenses\|LGPL\|Apache" LICENSE 2>/dev/null; then
echo "FORK=true" >> $GITHUB_OUTPUT
fi
# --- 7. Check dangerous patterns ---
DANGEROUS=""
for pattern in "believe_me" "assert_total" "Admitted" "sorry" "unsafeCoerce" "Obj.magic"; do
count=$(grep -r "$pattern" --include='*.idr' --include='*.v' --include='*.lean' --include='*.hs' --include='*.ml' --include='*.res' . 2>/dev/null | grep -v node_modules | wc -l || echo 0)
if [ "$count" -gt 0 ]; then
DANGEROUS="$DANGEROUS\n- \`$pattern\`: $count occurrences"
fi
done
# Output results
echo "CHANGED=$CHANGED" >> $GITHUB_OUTPUT
{
echo "FIXES<<EOF"
echo -e "$FIXES"
echo "EOF"
} >> $GITHUB_OUTPUT
{
echo "ISSUES<<EOF"
echo -e "$ISSUES"
echo "EOF"
} >> $GITHUB_OUTPUT
{
echo "DANGEROUS<<EOF"
echo -e "$DANGEROUS"
echo "EOF"
} >> $GITHUB_OUTPUT
- name: Create PR with fixes
if: steps.fix.outputs.CHANGED == 'true'
run: |
git config user.name "rhodibot"
git config user.email "rhodibot@hyperpolymath.dev"
BRANCH="rhodibot/rsr-compliance-$(date +%Y%m%d)"
git checkout -b "$BRANCH"
git add -A
git commit -m "fix(rhodibot): automated RSR compliance fixes
${{ steps.fix.outputs.FIXES }}
Co-Authored-By: rhodibot <rhodibot@hyperpolymath.dev>"
git push origin "$BRANCH"
BODY="## 🤖 Rhodibot — RSR Compliance Fixes
### Changes Made
${{ steps.fix.outputs.FIXES }}
"
if [ -n "${{ steps.fix.outputs.ISSUES }}" ]; then
BODY="$BODY
### Issues Found (manual fix needed)
${{ steps.fix.outputs.ISSUES }}
"
fi
if [ -n "${{ steps.fix.outputs.DANGEROUS }}" ]; then
BODY="$BODY
### ⚠️ Dangerous Patterns Detected
${{ steps.fix.outputs.DANGEROUS }}
_These bypass formal verification. See \`proven\` repo for alternatives._
"
fi
gh pr create \
--title "🤖 Rhodibot: RSR compliance fixes" \
--body "$BODY" \
--base main \
--head "$BRANCH"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Report (no changes needed)
if: steps.fix.outputs.CHANGED != 'true'
run: |
echo "✅ Repository is RSR-compliant. No fixes needed."
if [ -n "${{ steps.fix.outputs.ISSUES }}" ]; then
echo "⚠️ Issues found (manual fix needed):"
echo -e "${{ steps.fix.outputs.ISSUES }}"
fi
if [ -n "${{ steps.fix.outputs.DANGEROUS }}" ]; then
echo "⚠️ Dangerous patterns:"
echo -e "${{ steps.fix.outputs.DANGEROUS }}"
fi