chore: deploy UX infrastructure (contractile.just, .well-known, manifest)

hyperpolymath · claude · hyperpolymath · commit 6b9baff4a6ff · 2026-03-28T23:57:12.000Z
Batch deployment of missing UX infrastructure files:
- contractile.just (policy enforcement recipes)
- .well-known/ (ai.txt, humans.txt, security.txt, groove/)
- 0-AI-MANIFEST.a2ml (AI agent entry point)
- agent_instructions/ (methodology, coverage, debt)
- Justfile with doctor/heal/tour/help-me recipes
- setup.sh bootstrap script
- llm-warmup-user.md

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.well-known/ai.txt b/.well-known/ai.txt
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# ai.txt - AI interaction policy
+# See: https://site.spawning.ai/spawning-ai-txt
+
+User-Agent: *
+Disallow-Training: yes
+Disallow-Summarization: no
+Disallow-Generation: yes
+
+# This project's code is licensed under PMPL-1.0-or-later.
+# AI agents may read and analyze this code for assisting contributors.
+# AI agents must NOT use this code for model training without explicit consent.
+# AI agents must preserve Emotional Lineage per PMPL Section 3.
+#
+# For AI agent integration instructions, see:
+#   0-AI-MANIFEST.a2ml (universal AI entry point)
+#   AI.a2ml (Claude-specific instructions)
+#   .machine_readable/ (structured project state)
diff --git a/.well-known/humans.txt b/.well-known/humans.txt
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# humanstxt.org
+
+/* TEAM */
+Maintainer: Jonathan D.A. Jewell (hyperpolymath)
+Contact: j.d.a.jewell@open.ac.uk
+From: United Kingdom
+
+/* SITE */
+Last update: 2026-03-28
+Standards: RSR (Rhodium Standard Repository)
+License: PMPL-1.0-or-later (Palimpsest MPL)
+Components: Idris2 ABI, Zig FFI
+Tools: just, Podman, Guix
diff --git a/.well-known/security.txt b/.well-known/security.txt
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# RFC 9116 - security.txt
+# https://securitytxt.org/
+
+Contact: mailto:j.d.a.jewell@open.ac.uk
+Expires: 2027-12-31T23:59:59.000Z
+Preferred-Languages: en
+Canonical: https://github.com/hyperpolymath/palimpsest-license/.well-known/security.txt
+Policy: https://github.com/hyperpolymath/palimpsest-license/blob/main/SECURITY.md
diff --git a/contractile.just b/contractile.just
@@ -0,0 +1,75 @@
+# Auto-generated by: contractile gen-just
+# Source directory: contractiles
+# Re-generate with: contractile gen-just --dir contractiles
+#
+# SPDX-License-Identifier: PMPL-1.0-or-later
+
+# === DUST (Recovery & Rollback) ===
+# Source: Dustfile.a2ml
+
+# List available dust recovery actions
+dust-status:
+    @echo '  dust-source-rollback: Revert all source changes to last commit [rollback]'
+
+# Revert all source changes to last commit
+dust-source-rollback:
+    @echo 'Executing rollback for source-rollback'
+    git checkout HEAD -- .
+
+
+# === INTEND (Declared Future Intent) ===
+# Source: Intentfile.a2ml
+
+# Display declared future intents
+intend-list:
+    @echo '=== Declared Intent ==='
+    @echo ''
+    @echo 'Features:'
+    @echo ''
+    @echo 'Quality:'
+
+
+# === MUST (Physical State Checks) ===
+# Source: Mustfile.a2ml
+
+# Run all must checks
+must-check: must-license-present must-readme-present must-spdx-headers must-no-banned-files
+    @echo 'All must checks passed'
+
+# LICENSE file must exist
+must-license-present:
+    test -f LICENSE
+
+# README must exist
+must-readme-present:
+    test -f README.adoc || test -f README.md
+
+# Source files should have SPDX license headers
+must-spdx-headers:
+    find . -name '*.rs' -o -name '*.res' -o -name '*.gleam' | head -20 | xargs -r grep -L 'SPDX-License-Identifier' | wc -l | grep -q '^0$'
+
+# No Dockerfiles or Makefiles
+must-no-banned-files:
+    test ! -f Dockerfile && test ! -f Makefile
+
+
+# === TRUST (Integrity & Provenance Verification) ===
+# Source: Trustfile.a2ml
+
+# Run all trust verifications
+trust-verify: trust-license-content trust-no-secrets-committed trust-container-images-pinned
+    @echo 'All trust verifications passed'
+
+# LICENSE contains expected SPDX identifier
+trust-license-content:
+    grep -q 'SPDX\|License\|MIT\|Apache\|PMPL\|MPL' LICENSE
+
+# No .env or credential files in repo
+trust-no-secrets-committed:
+    test ! -f .env && test ! -f credentials.json && test ! -f .env.local
+
+# Containerfile base images use pinned digests
+trust-container-images-pinned:
+    test ! -f Containerfile || grep -q '@sha256:' Containerfile
+
+
