docs(campaigns): add 2026-05-26 driver scripts + README

hyperpolymath · claude · hyperpolymath · commit ce54b2103c5b · 2026-05-26T10:55:01.000+01:00
Bundles the driver scripts used to run the campaign so it's reproducible. The output JSONs/triage plan are still ephemeral (under /tmp during the run) but the scripts themselves are tiny and worth keeping in-repo. Notable: file-ffi-pr-v2.sh is the corrected version of file-ffi-pr.sh (the v1 chained-OR jq prefix filter was broken under operator precedence; v2 uses --argjson + any()). Refs #32. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/docs/campaigns/2026-05-26/00-per-repo.sh b/docs/campaigns/2026-05-26/00-per-repo.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# Per-repo assail loop with timeout. No single repo can stall the campaign.
+set -uo pipefail
+
+ESTATE="${ESTATE:-/home/hyperpolymath/developer/repos}"
+CAMP="${CAMP:-/tmp/panic-attack-campaign-2026-05-26}"
+BIN="${BIN:-$ESTATE/panic-attack/target/release/panic-attack}"
+TIMEOUT="${TIMEOUT:-90}"
+PER_REPO="$CAMP/per-repo"
+LOG="$CAMP/00-per-repo.log"
+DONE_FILE="$CAMP/00-per-repo-done.txt"
+SKIPPED_FILE="$CAMP/00-per-repo-skipped.txt"
+
+mkdir -p "$PER_REPO"
+: > "$LOG"
+: > "$DONE_FILE"
+: > "$SKIPPED_FILE"
+
+echo "=== per-repo assail $(date -u --iso=seconds) timeout=${TIMEOUT}s ===" | tee -a "$LOG"
+
+# Build repo list: top-level dirs with .git/ as a directory
+REPOS=()
+for d in "$ESTATE"/*; do
+  [ -d "$d/.git" ] || continue
+  REPOS+=("$d")
+done
+TOTAL=${#REPOS[@]}
+echo "estate: $TOTAL repos" | tee -a "$LOG"
+
+I=0
+for repo in "${REPOS[@]}"; do
+  I=$((I + 1))
+  name=$(basename "$repo")
+  # Skip the canonical tool repo (we don't audit ourselves here)
+  if [ "$name" = "panic-attack" ]; then
+    echo "[$I/$TOTAL] $name — SKIP (canonical tool)" | tee -a "$LOG"
+    continue
+  fi
+  out="$PER_REPO/${name}.json"
+  start=$SECONDS
+  if timeout "${TIMEOUT}s" "$BIN" assail "$repo" --headless --output "$out" >/dev/null 2>&1; then
+    dur=$((SECONDS - start))
+    findings=$(jq '.weak_points | length' "$out" 2>/dev/null || echo "?")
+    crit=$(jq '[.weak_points[] | select(.severity == "Critical")] | length' "$out" 2>/dev/null || echo "?")
+    high=$(jq '[.weak_points[] | select(.severity == "High")] | length' "$out" 2>/dev/null || echo "?")
+    echo "[$I/$TOTAL] $name ✓ ${dur}s findings=$findings crit=$crit high=$high" | tee -a "$LOG"
+    echo "$name" >> "$DONE_FILE"
+  else
+    dur=$((SECONDS - start))
+    echo "[$I/$TOTAL] $name ✗ TIMEOUT(${dur}s)" | tee -a "$LOG"
+    echo "$name" >> "$SKIPPED_FILE"
+    rm -f "$out"
+  fi
+done
+
+echo "=== pass complete $(date -u --iso=seconds) ===" | tee -a "$LOG"
+echo "done: $(wc -l < "$DONE_FILE")" | tee -a "$LOG"
+echo "skipped: $(wc -l < "$SKIPPED_FILE")" | tee -a "$LOG"
diff --git a/docs/campaigns/2026-05-26/00b-nested.sh b/docs/campaigns/2026-05-26/00b-nested.sh
@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+# Pass 1b: per-repo assail loop for NESTED sub-repos and peer locations
+# Picks up everything the top-level walker missed.
+set -uo pipefail
+
+CAMP="${CAMP:-/tmp/panic-attack-campaign-2026-05-26}"
+BIN="${BIN:-/home/hyperpolymath/developer/repos/panic-attack/target/release/panic-attack}"
+TIMEOUT="${TIMEOUT:-90}"
+PER_REPO="$CAMP/per-repo"
+LOG="$CAMP/00b-nested.log"
+DONE_FILE="$CAMP/00b-nested-done.txt"
+SKIPPED_FILE="$CAMP/00b-nested-skipped.txt"
+
+mkdir -p "$PER_REPO"
+: > "$LOG"
+: > "$DONE_FILE"
+: > "$SKIPPED_FILE"
+
+echo "=== nested-repo assail $(date -u --iso=seconds) timeout=${TIMEOUT}s ===" | tee -a "$LOG"
+
+# Container dirs: scan their direct children that have .git/
+CONTAINERS=(
+  /home/hyperpolymath/developer/repos/a2ml
+  /home/hyperpolymath/developer/repos/awesome-projects
+  /home/hyperpolymath/developer/repos/idaptik
+  /home/hyperpolymath/developer/repos/isers
+  /home/hyperpolymath/developer/repos/julia-libraries
+  /home/hyperpolymath/developer/repos/k9
+)
+# Peer locations: scan top-level + 1 level deep
+PEERS=(
+  /home/hyperpolymath/typed-wasm-final
+  /home/hyperpolymath/ephapax-fix
+)
+
+REPOS=()
+for parent in "${CONTAINERS[@]}"; do
+  for d in "$parent"/*; do
+    [ -d "$d/.git" ] && REPOS+=("$d")
+  done
+done
+for peer in "${PEERS[@]}"; do
+  [ -d "$peer/.git" ] && REPOS+=("$peer")
+  if [ -d "$peer" ]; then
+    for d in "$peer"/*; do
+      [ -d "$d/.git" ] && REPOS+=("$d")
+    done
+  fi
+done
+
+TOTAL=${#REPOS[@]}
+echo "nested + peers: $TOTAL repos" | tee -a "$LOG"
+
+I=0
+for repo in "${REPOS[@]}"; do
+  I=$((I + 1))
+  # Use parent/child slug to avoid name collisions
+  parent=$(basename "$(dirname "$repo")")
+  child=$(basename "$repo")
+  name="${parent}__${child}"
+  out="$PER_REPO/${name}.json"
+  start=$SECONDS
+  if timeout "${TIMEOUT}s" "$BIN" assail "$repo" --headless --output "$out" >/dev/null 2>&1; then
+    dur=$((SECONDS - start))
+    findings=$(jq '.weak_points | length' "$out" 2>/dev/null || echo "?")
+    crit=$(jq '[.weak_points[] | select(.severity == "Critical")] | length' "$out" 2>/dev/null || echo "?")
+    high=$(jq '[.weak_points[] | select(.severity == "High")] | length' "$out" 2>/dev/null || echo "?")
+    echo "[$I/$TOTAL] $name ✓ ${dur}s findings=$findings crit=$crit high=$high" | tee -a "$LOG"
+    echo "$name" >> "$DONE_FILE"
+  else
+    dur=$((SECONDS - start))
+    echo "[$I/$TOTAL] $name ✗ TIMEOUT/EARLY-EXIT(${dur}s)" | tee -a "$LOG"
+    echo "$name" >> "$SKIPPED_FILE"
+    rm -f "$out"
+  fi
+done
+
+echo "=== nested pass complete $(date -u --iso=seconds) ===" | tee -a "$LOG"
+echo "done: $(wc -l < "$DONE_FILE")" | tee -a "$LOG"
+echo "skipped: $(wc -l < "$SKIPPED_FILE")" | tee -a "$LOG"
diff --git a/docs/campaigns/2026-05-26/01-triage.ts b/docs/campaigns/2026-05-26/01-triage.ts
@@ -0,0 +1,183 @@
+#!/usr/bin/env -S deno run --allow-read --allow-write
+// panic-attack estate sweep — triage
+// Reads per-repo AssailReport JSONs, classifies findings, emits a PR-candidate plan.
+
+import { walk } from "https://deno.land/std@0.224.0/fs/walk.ts";
+import { dirname, basename, resolve } from "https://deno.land/std@0.224.0/path/mod.ts";
+
+type Severity = "Low" | "Medium" | "High" | "Critical";
+type WeakPoint = {
+  category: string;       // PA001..PA025 or enum name
+  location?: string;
+  file?: string;
+  line?: number;
+  severity: Severity;
+  description: string;
+  suppressed: boolean;
+};
+type AssailReport = {
+  schema_version: string;
+  program_path: string;
+  language: string;
+  weak_points: WeakPoint[];
+  suppressed_count?: number;
+};
+
+const PROOF_EXTS = new Set([
+  ".lean", ".agda", ".lagda", ".v", ".idr", ".idr2", ".fst", ".fsti",
+  ".thy", ".spthy", ".smt2", ".tla",
+]);
+
+const PARKED_PROOF_DEBTS = [
+  { repo: "ephapax", path: "formal/Semantics.v", line: 3327, reason: "preservation, deferred per ephapax-preservation-closure-plan" },
+  { repo: "betlang", file_match: "substTop_preserves_typing", reason: "discharge recipe in PR#27 body" },
+];
+
+// PA-categories with reliable automated fixes (Critical/High only)
+const AUTOFIX_OK = new Set([
+  "PA001", "UnsafeCode",          // unwrap → ?, mostly
+  "PA006", "PanicPath",
+  "PA022", "CryptoMisuse",        // md5/sha1 → sha256 (limited)
+]);
+
+// PA-categories that need human judgement → file as issue
+const ISSUE_ONLY = new Set([
+  "PA023", "SupplyChain",         // version pinning choices
+  "PA024", "InputBoundary",       // schema validation design
+  "PA025", "MutationGap",         // requires new test infra
+  "PA021", "ProofDrift",          // proof refactor, never blind-fix
+]);
+
+type Bucket = "autofix" | "issue" | "proof-draft" | "skip-known" | "skip-suppressed" | "skip-unknown-cat";
+
+type PrCandidate = {
+  repo: string;
+  bucket: Bucket;
+  category: string;
+  severity: Severity;
+  file: string;
+  line?: number;
+  description: string;
+};
+
+function categoryCode(cat: string): string {
+  // category may be either "PA001" or "UnsafeCode" or "{ category: "UnsafeCode" }"
+  if (/^PA\d{3}/.test(cat)) return cat;
+  const map: Record<string, string> = {
+    UnsafeCode: "PA001", PanicPath: "PA006",
+    CommandInjection: "PA003", UnsafeDeserialization: "PA004",
+    AtomExhaustion: "PA005", UnsafeFFI: "PA007",
+    PathTraversal: "PA008", HardcodedSecret: "PA009",
+    ProofDrift: "PA021", CryptoMisuse: "PA022",
+    SupplyChain: "PA023", InputBoundary: "PA024",
+    MutationGap: "PA025",
+  };
+  return map[cat] ?? cat;
+}
+
+function isProofFile(file: string): boolean {
+  const dot = file.lastIndexOf(".");
+  if (dot < 0) return false;
+  return PROOF_EXTS.has(file.slice(dot).toLowerCase());
+}
+
+function isParked(repo: string, wp: WeakPoint): boolean {
+  for (const p of PARKED_PROOF_DEBTS) {
+    if ((p as any).repo === repo) {
+      if ((p as any).path && wp.file?.endsWith((p as any).path) && wp.line === (p as any).line) return true;
+      if ((p as any).file_match && wp.description.includes((p as any).file_match)) return true;
+    }
+  }
+  return false;
+}
+
+function classify(repo: string, wp: WeakPoint): Bucket {
+  if (wp.suppressed) return "skip-suppressed";
+  if (wp.severity !== "Critical" && wp.severity !== "High") return "skip-unknown-cat"; // out-of-scope this wave
+  if (isParked(repo, wp)) return "skip-known";
+  // Skip in-tree worktree-branch findings — main checkout state is the source of truth
+  if (wp.file && (wp.file.includes(".claude/worktrees/") || wp.file.includes("/_wt-"))) return "skip-known";
+  const code = categoryCode(wp.category);
+  if (wp.file && isProofFile(wp.file)) return "proof-draft";
+  if (ISSUE_ONLY.has(code) || ISSUE_ONLY.has(wp.category)) return "issue";
+  if (AUTOFIX_OK.has(code) || AUTOFIX_OK.has(wp.category)) return "autofix";
+  return "issue"; // default conservative: needs human eye
+}
+
+async function main() {
+  const [perRepoDir, planPath] = Deno.args;
+  if (!perRepoDir || !planPath) {
+    console.error("Usage: 01-triage.ts <per-repo-dir> <plan.json>");
+    Deno.exit(2);
+  }
+
+  const candidates: PrCandidate[] = [];
+  let scanned = 0;
+
+  for await (const entry of walk(perRepoDir, { exts: [".json"], maxDepth: 1 })) {
+    scanned++;
+    const repo = basename(entry.path).replace(/\.json$/, "");
+    let raw: string;
+    try { raw = await Deno.readTextFile(entry.path); }
+    catch { continue; }
+    let rpt: AssailReport;
+    try { rpt = JSON.parse(raw); }
+    catch { console.error(`bad json: ${entry.path}`); continue; }
+    if (!rpt.weak_points) continue;
+
+    for (const wp of rpt.weak_points) {
+      const bucket = classify(repo, wp);
+      candidates.push({
+        repo,
+        bucket,
+        category: categoryCode(wp.category),
+        severity: wp.severity,
+        file: wp.file ?? wp.location ?? "<unknown>",
+        line: wp.line,
+        description: wp.description,
+      });
+    }
+  }
+
+  // Group by (repo, file, category) — that's the PR unit
+  const groups = new Map<string, PrCandidate[]>();
+  for (const c of candidates) {
+    if (c.bucket.startsWith("skip-")) continue;
+    const key = `${c.repo}::${c.file.split("/").slice(0, -1).join("/")}::${c.category}`;
+    if (!groups.has(key)) groups.set(key, []);
+    groups.get(key)!.push(c);
+  }
+
+  const summary = {
+    generated_at: new Date().toISOString(),
+    per_repo_scanned: scanned,
+    total_candidates: candidates.length,
+    by_bucket: Object.fromEntries(
+      ["autofix", "issue", "proof-draft", "skip-suppressed", "skip-known", "skip-unknown-cat"].map(
+        b => [b, candidates.filter(c => c.bucket === b).length]
+      )
+    ),
+    by_repo: Object.fromEntries(
+      [...new Set(candidates.map(c => c.repo))].sort().map(r => [
+        r,
+        candidates.filter(c => c.repo === r && !c.bucket.startsWith("skip-")).length,
+      ]).filter(([_, n]) => (n as number) > 0)
+    ),
+    pr_groups: [...groups.entries()].map(([k, members]) => ({
+      key: k,
+      repo: members[0].repo,
+      file_dir: k.split("::")[1],
+      category: members[0].category,
+      bucket: members[0].bucket,
+      finding_count: members.length,
+      severities: [...new Set(members.map(m => m.severity))],
+      examples: members.slice(0, 3),
+    })),
+  };
+
+  await Deno.writeTextFile(planPath, JSON.stringify(summary, null, 2));
+  console.error(`triage complete: ${candidates.length} candidates, ${groups.size} PR groups → ${planPath}`);
+  console.error(`buckets: ${JSON.stringify(summary.by_bucket)}`);
+}
+
+main();
diff --git a/docs/campaigns/2026-05-26/README.md b/docs/campaigns/2026-05-26/README.md
@@ -0,0 +1,44 @@
+<!--
+SPDX-License-Identifier: MPL-2.0
+Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+-->
+
+# Campaign 2026-05-26 — driver scripts
+
+These are the driver scripts used to run the 2026-05-26 estate sweep. They're filed alongside the human + machine campaign reports so the campaign is reproducible. See [`../2026-05-26.md`](../2026-05-26.md) for the report.
+
+## Scripts
+
+| Script | Purpose |
+|---|---|
+| `00-per-repo.sh` | Iterates top-level dirs with `.git/` and runs `panic-attack assail --headless` against each with a 90s timeout. Writes per-repo JSON to `/tmp/panic-attack-campaign-<date>/per-repo/<repo>.json`. Pivot away from `assemblyline` so no single slow repo can stall the whole batch. |
+| `00b-nested.sh` | Same scan loop but for nested-repo containers (`a2ml`, `awesome-projects`, `idaptik`, `isers`, `julia-libraries`, `k9`). Output filenames use `parent__child.json` to avoid collisions. |
+| `01-triage.ts` | Deno script that reads per-repo JSONs and classifies into autofix / issue / proof-draft / skip buckets. Writes `02-plan.json`. |
+| `file-ffi-pr-v2.sh` | Per-repo classification PR generator. Accepts `REPO_NAME`, `PREFIX_JSON` (JSON array of path prefixes), `SHORT_RATIONALE`, optional `CLASSIFICATION` (default `legitimate-ffi`). Builds the `audits/assail-classifications.a2ml` + audit doc, commits with the GPG override flags, pushes, opens a PR. **v2** uses `--argjson` + `any()` for the prefix filter (the v1 chained-OR form was broken under jq operator precedence). |
+
+## Known gotchas
+
+1. `file-ffi-pr-v2.sh` does `cat > audits/assail-classifications.a2ml` without checking whether the file already exists on `origin/main`. If it does, the existing entries get overwritten. **Always `git show origin/main:audits/assail-classifications.a2ml` before running the script**, and if entries exist, edit the script to preserve them.
+2. Some repos are forks on GitHub with issues disabled (`linguist`, `rescript`, `HOL`) — Track A PRs land, but Track C tracking issues can't be filed.
+3. Some repos are archived (`polystack`) or deleted (`hyperpolymath-archive`); skip them.
+4. valence-shell-style local-only commits on `main` need branching from `origin/main` (not local `main`) to preserve them.
+
+## Re-running
+
+```sh
+# Phase 1: per-repo scan (~10 min)
+bash 00-per-repo.sh && bash 00b-nested.sh
+
+# Phase 1b: triage
+deno run --allow-read --allow-write 01-triage.ts
+
+# Phase 2..N: per-repo PRs (one invocation per repo)
+BRANCH=panic-fix/PA001-PA007-ffi-legitimate \
+  bash file-ffi-pr-v2.sh \
+    <repo-name> \
+    '["src/<prefix>/", "ffi/<prefix>/"]' \
+    "Rationale text..." \
+    "legitimate-ffi"
+```
+
+The output JSONs and triage plan are NOT committed to the repo (they're ephemeral, scan-time-sensitive). See [`../2026-05-26.md`](../2026-05-26.md) for the persistent campaign record.
diff --git a/docs/campaigns/2026-05-26/file-ffi-pr-v2.sh b/docs/campaigns/2026-05-26/file-ffi-pr-v2.sh
