docs(reports): open-issue triage 2026-06-02 (refs #106) by hyperpolymath · Pull Request #110 · hyperpolymath/burble

hyperpolymath · 2026-06-02T10:44:56Z

DRAFT — please do not auto-merge.

Addresses concern 3 of #106 (self-audit, 2026-06-02).

Summary

Adds docs/reports/audit/issue-triage-2026-06-02.md — a reproducible
triage record of all 7 open issues at the time of the audit, grouped
by theme.

Findings: no closures, no merges. All 7 are distinct concerns.
Suggested two new labels (realtime, security-triage-needed) but
this PR does NOT create them — that's an owner action.

Themes (full table in the file)

Earn-the-Core epic (5 of 7): Earn the Core — foundational-hardening program (tracking) #53 tracking + Earn-core: reproducible one-command deploy — publish/tag/submodule selur-compose + CI smoke #49/Earn-core: validate headline performance/scale numbers (<10ms, 500+ concurrent) #52/Earn-core: formal-proof runtime-enforcement PoC for one ABI module (ADR-0008 Option C) #55/burble: re-arm Elixir test gate (split from #35) #100.
Realtime correctness (1 of 7): 4 RTSP tests fail in series — order/isolation issue manifesting as missing Session: header #77 — elevate to P0, cross-link
from Earn the Core — foundational-hardening program (tracking) #53.
Security-finding triage (1 of 7): security: 19 Critical/High panic-attack findings need human triage (Track C) #91 — surface in next
maintainer sync.

Scope discipline

Pure docs, single new file, ~83 LoC.
SPDX-License-Identifier: MPL-2.0.
Reproducible: regenerable from origin/main + the same SHA via the
same gh issue list command.

Test plan

Owner sanity-check the recommendations per row.
If realtime / security-triage-needed labels are desired,
create them and apply via separate PR or gh label/gh issue edit.

Echo-types audit

Not relevant at this surface.

🤖 Generated with Claude Code

Addresses concern 3 of #106 (self-audit). Records the triage of all 7 open issues against origin/main HEAD 7727ceb, grouped by theme: - Theme 1: Earn-the-Core epic (#53 + #49/#52/#55/#100) — keep all. - Theme 2: Realtime-path correctness (#77) — keep, elevate; suggest new "realtime" label (owner action). - Theme 3: Security-finding triage (#91) — keep, surface in next maintainer sync. No closures, no merges. Reproducible from origin/main + same SHA.

github-actions · 2026-06-02T10:47:56Z

🔍 Hypatia Security Scan

Findings: 95 issues detected

Severity	Count
🔴 Critical	3
🟠 High	7
🟡 Medium	85

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-canary.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-canary.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in affinescript-canary.yml",
    "type": "missing_timeout_minutes",
    "file": "affinescript-canary.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

hyperpolymath marked this pull request as ready for review June 2, 2026 11:17

hyperpolymath merged commit 560cf17 into main Jun 2, 2026
23 checks passed

hyperpolymath deleted the audit/issue-triage branch June 2, 2026 11:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

docs(reports): open-issue triage 2026-06-02 (refs #106)#110

docs(reports): open-issue triage 2026-06-02 (refs #106)#110
hyperpolymath merged 1 commit into
mainfrom
audit/issue-triage

hyperpolymath commented Jun 2, 2026

Uh oh!

github-actions Bot commented Jun 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

hyperpolymath commented Jun 2, 2026

Summary

Themes (full table in the file)

Scope discipline

Test plan

Echo-types audit

Uh oh!

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant