docs(audits): reusables-convergence campaign closeout 2026-05-26#215
Merged
Merged
Conversation
Pair of human + machine-readable closure docs documenting the 2026-05-26 estate-wide reusable-workflow convergence session. Headline outcomes: - standards/main stale BP context dropped (one-line, permanent; unblocked ~19 standards PRs that had reported state=blocked despite green CI) - 2 reusables MERGED: #187 mirror, #190 secret-scanner - 569 wrapper PRs filed estate-wide (288 mirror + 281 secret-scanner), all auto-merge ON - 7/7 stuck rust-ci wrapper PRs recovered (3 via BP cleanup, 4 via refile from latest main) - 7 BP-rule cleanups total - Documented stale-BP-context cluster taxonomy for future estate sweep Three reusable PRs (#192/#193/#205) remain awaiting CI burn-in; their pre-built sweep workers + inventories on /tmp survive until tmp-reap. A future session resumes via the campaign memory file. Supersedes the inventory section of standards#199 (its survey methodology remains canonical). Companion machine-readable manifest: audit-reusables-convergence-2026-05-26.a2ml
3 tasks
🔍 Hypatia Security ScanFindings: 123 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/deno-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "deno-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/elixir-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "elixir-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/elixir-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "elixir-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/rust-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "rust-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/rust-ci-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "rust-ci-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
that referenced
this pull request
May 27, 2026
…7 sidecar to #215 (#220) ## Summary Sidecar audit to `audit-admin-merge-wrapper-sweep-2026-05-26.{adoc,a2ml}` (PR #215 closure track) documenting a regression class introduced by the parent reusables-campaign sweep: - The 278-wrapper hypatia-scan sweep pinned each wrapper to `97df762...`, the **PR-branch HEAD** of #193 — NOT the merge-commit. After #193 squash-merged on 2026-05-26T19:37, the SHA was orphaned (`ahead_by=1, behind_by=24` against main); merge-commit is `915139d7...` with byte-identical content. - GitHub Actions can't resolve reusable-workflow references to orphaned commits. Every estate repo's hypatia-scan fails at parse stage (banner: "workflow file issue"; `jobs: []`). - Estate scope: 100 repos. Sweep filed 2026-05-27 by typed-wasm session: 99 PRs via Contents API + auto-merge SQUASH armed. ## Sidebar finding The audit also documents a sibling failure class — **wrapper-prefix BP mismatch**. The wrapper-emitted check name `hypatia / Hypatia Neurosymbolic Analysis` (`<caller-job> / <reusable-display-name>`) does not match branch protection's required bare `Hypatia Neurosymbolic Analysis` (the pre-wrapper monolithic name). Required check never satisfied even when the workflow succeeds. Fixed on typed-wasm with explicit sign-off; out of scope for this audit on the 99 others. ## Test plan - [ ] Review the .adoc narrative for accuracy against the actual sweep - [ ] Review the .a2ml schema for machine-readability + parent-campaign linkage - [ ] Note the three not-discharged items for the next reusables session 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Pair of human + machine-readable closure docs (
docs/audits/audit-reusables-convergence-2026-05-26.{adoc,a2ml}) documenting the 2026-05-26 estate-wide reusable-workflow convergence session.Headline outcomes:
Check Required Filesrequired-status-check context fromstandards/mainBP — unblocked ~19 PRs that had reportedstate=blockeddespite green CI.Still in flight, will land on their own:
Supersedes the inventory section of #199 (its survey methodology remains canonical).
Test plan
Part of estate-wide convergence campaign 2026-05-26 (standards#199 closeout).