Skip to content

licence(#7): normalise PMPL-1.0 -> PMPL-1.0-or-later (owner carve-out…#18

Merged
hyperpolymath merged 1 commit into
mainfrom
licence-debt/07-pmpl-suffix
May 20, 2026
Merged

licence(#7): normalise PMPL-1.0 -> PMPL-1.0-or-later (owner carve-out…#18
hyperpolymath merged 1 commit into
mainfrom
licence-debt/07-pmpl-suffix

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 20, 2026

…, SPDX-only)

Not a relicence; owner-sanctioned standards LICENCE-POLICY A8(1). Refs LICENCE-DEBT-LEDGER-2026-05-18.

Summary

Changes

RSR Quality Checklist

Required

  • Tests pass (just test or equivalent)
  • Code is formatted (just fmt or equivalent)
  • Linter is clean (no new warnings or errors)
  • No banned language patterns (no TypeScript, no npm/bun, no Go/Python)
  • No unsafe blocks without // SAFETY: comments
  • No banned functions (believe_me, unsafeCoerce, Obj.magic, Admitted, sorry)
  • SPDX license headers present on all new/modified source files
  • No secrets, credentials, or .env files included

As Applicable

  • .machine_readable/STATE.a2ml updated (if project state changed)
  • .machine_readable/ECOSYSTEM.a2ml updated (if integrations changed)
  • .machine_readable/META.a2ml updated (if architectural decisions changed)
  • Documentation updated for user-facing changes
  • TOPOLOGY.md updated (if architecture changed)
  • CHANGELOG or release notes updated
  • New dependencies reviewed for license compatibility (AGPL-3.0-or-later / MPL-2.0)
  • ABI/FFI changes validated (src/interface/abi/ and src/interface/ffi/ consistent)

Testing

Screenshots

@hyperpolymath @claude
licence(#7): normalise PMPL-1.0 -> PMPL-1.0-or-later (owner carve-out…
8789ead 
…, SPDX-only)

Not a relicence; owner-sanctioned standards LICENCE-POLICY A8(1).
Refs LICENCE-DEBT-LEDGER-2026-05-18.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath merged commit 617c9d6 into main May 20, 2026
17 of 37 checks passed
@hyperpolymath hyperpolymath deleted the licence-debt/07-pmpl-suffix branch May 20, 2026 21:35
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026

🔍 Hypatia Security Scan

Findings: 14 issues detected

Severity Count
🔴 Critical 2
🟠 High 8
🟡 Medium 4

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (2 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/game-server-admin/game-server-admin/src/gui/fli/fli-terminal.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (4 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/game-server-admin/game-server-admin/src/gui/fli/fli-gauge.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (1 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/game-server-admin/game-server-admin/src/gui/fli/fli-tooltip.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (1 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/game-server-admin/game-server-admin/src/gui/fli/fli-editable.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "Deno -A grants all permissions -- use specific --allow-* flags (4 occurrences, CWE-250)",
    "type": "js_deno_all_perms",
    "file": "/home/runner/work/game-server-admin/game-server-admin/run.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "HTTP URL in Nickel config -- must use HTTPS (1 occurrences, CWE-319)",
    "type": "ncl_http_url",
    "file": "/home/runner/work/game-server-admin/game-server-admin/.machine_readable/svc/k9/template-hunt.k9.ncl",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "Nickel file missing SPDX-License-Identifier header (1 occurrences, CWE-1104)",
    "type": "ncl_missing_spdx",
    "file": "/home/runner/work/game-server-admin/game-server-admin/configs/config.ncl",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath