hyperpolymath · hyperpolymath · Jun 24, 2026 · May 26, 2026 · Jun 1, 2026 · Jun 3, 2026
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: MPL-2.0
+# Copyright (c) Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
 # Used by "mix format"
 [
   inputs: ["{mix,.formatter}.exs", "{config,lib,test}/**/*.{ex,exs}"]

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: MPL-2.0
+# CODEOWNERS - Define code review assignments for GitHub
+# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default: sole maintainer for all files
+* @hyperpolymath
+
+# Security-sensitive files require explicit ownership
+SECURITY.md @hyperpolymath
+.github/workflows/ @hyperpolymath
+.machine_readable/ @hyperpolymath
+contractiles/ @hyperpolymath
+
+# License files
+LICENSE @hyperpolymath
+LICENSES/ @hyperpolymath
+
+# Configuration
+.gitignore @hyperpolymath
+.github/ @hyperpolymath
+
+# Documentation
+README* @hyperpolymath
+CONTRIBUTING* @hyperpolymath
+CODE_OF_CONDUCT* @hyperpolymath
+GOVERNANCE* @hyperpolymath
+MAINTAINERS* @hyperpolymath
+CHANGELOG* @hyperpolymath
+ROADMAP* @hyperpolymath
+
+# Build and CI
+Justfile @hyperpolymath
+Makefile @hyperpolymath
+*.sh @hyperpolymath
@@ -0,0 +1,6 @@
+mcp_servers:
+  boj-server:
+    command: npx
+    args: ["-y", "@hyperpolymath/boj-server@latest"]
+    env:
+      BOJ_URL: http://localhost:7700
@@ -7,6 +7,7 @@ on:
 jobs:
   trigger-boj:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

@@ -1,34 +1,16 @@
-# SPDX-License-Identifier: MPL-2.0
-# governance.yml — single wrapper calling the shared estate governance bundle
-# in hyperpolymath/standards instead of carrying per-repo copies.
-#
-# Replaces the per-repo governance scaffolding removed in the same commit:
-#   quality.yml, guix-nix-policy.yml, npm-bun-blocker.yml, ts-blocker.yml,
-#   security-policy.yml, rsr-antipattern.yml, wellknown-enforcement.yml,
-#   workflow-linter.yml
-#
-# Load-bearing build/security workflows stay standalone in the repo
-# (rust-ci, codeql, dependabot, release, scan/mirror/pages plumbing).
-
+# SPDX-License-Identifier: PMPL-1.0-or-later
 name: Governance
 
 on:
   push:
     branches: [main, master]
   pull_request:
+    branches: [main, master]
   workflow_dispatch:
 
-# Estate guardrail: cancel superseded runs so re-pushes / rebased PR
-# updates do not pile up queued runs against the shared account-wide
-# Actions concurrency pool. Applied only to read-only check workflows
-# (no publish/mutation), so cancelling a superseded run is always safe.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 permissions:
   contents: read
 
 jobs:
   governance:
-    uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@main
+    uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@5a93d9d57cc04de4002d6d0ecd336fc7a8698910
@@ -1,19 +1,17 @@
 # SPDX-License-Identifier: MPL-2.0
 # Instant Forge Sync - Triggers propagation to all forges on push/release
 name: Instant Sync
-
 on:
   push:
     branches: [main, master]
   release:
     types: [published]
-
 permissions:
   contents: read
-
 jobs:
   dispatch:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
       - name: Trigger Propagation
         uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3
@@ -28,6 +26,5 @@ jobs:
               "sha": "${{ github.sha }}",
               "forges": ""
             }
-
       - name: Confirm
         run: echo "::notice::Propagation triggered for ${{ github.event.repository.name }}"
@@ -6,42 +6,29 @@ stages:
   - lint
   - test
   - build
-
 variables:
   CARGO_HOME: ${CI_PROJECT_DIR}/.cargo
-
 cache:
   key: ${CI_COMMIT_REF_SLUG}
   paths:
     - .cargo/
     - target/
-
 # ==================
 # Security Scanning
 # ==================
-
 trivy:
   stage: security
   image: aquasec/trivy:latest
   script:
     - trivy fs --exit-code 0 --severity HIGH,CRITICAL --format table .
     - trivy fs --exit-code 1 --severity CRITICAL .
   allow_failure: false
-
-gitleaks:
-  stage: security
-  image: zricethezav/gitleaks:latest
-  script:
-    - gitleaks detect --source . --verbose --redact
-  allow_failure: false
-
 semgrep:
   stage: security
   image: returntocorp/semgrep
   script:
     - semgrep --config auto --error .
   allow_failure: true
-
 cargo-audit:
   stage: security
   image: rust:latest
@@ -51,7 +38,6 @@ cargo-audit:
   rules:
     - exists:
         - Cargo.toml
-
 cargo-deny:
   stage: security
   image: rust:latest
@@ -62,7 +48,6 @@ cargo-deny:
     - exists:
         - Cargo.toml
   allow_failure: true
-
 mix-audit:
   stage: security
   image: elixir:latest
@@ -75,11 +60,9 @@ mix-audit:
     - exists:
         - mix.exs
   allow_failure: true
-
 # ==================
 # Linting
 # ==================
-
 rustfmt:
   stage: lint
   image: rust:latest
@@ -89,7 +72,6 @@ rustfmt:
   rules:
     - exists:
         - Cargo.toml
-
 clippy:
   stage: lint
   image: rust:latest
@@ -100,7 +82,6 @@ clippy:
     - exists:
         - Cargo.toml
   allow_failure: true
-
 mix-format:
   stage: lint
   image: elixir:latest
@@ -109,7 +90,6 @@ mix-format:
   rules:
     - exists:
         - mix.exs
-
 credo:
   stage: lint
   image: elixir:latest
@@ -121,11 +101,9 @@ credo:
     - exists:
         - mix.exs
   allow_failure: true
-
 # ==================
 # Testing
 # ==================
-
 cargo-test:
   stage: test
   image: rust:latest
@@ -134,7 +112,6 @@ cargo-test:
   rules:
     - exists:
         - Cargo.toml
-
 mix-test:
   stage: test
   image: elixir:latest
@@ -145,11 +122,9 @@ mix-test:
   rules:
     - exists:
         - mix.exs
-
 # ==================
 # Build
 # ==================
-
 cargo-build:
   stage: build
   image: rust:latest
@@ -162,7 +137,6 @@ cargo-build:
   rules:
     - exists:
         - Cargo.toml
-
 mix-build:
   stage: build
   image: elixir:latest
@@ -173,3 +147,8 @@ mix-build:
   rules:
     - exists:
         - mix.exs
+trufflehog:
+  stage: security
+  image: trufflesecurity/trufflehog:latest
+  script:
+    - trufflehog git file://. --only-verified --fail
@@ -0,0 +1,31 @@
+# AI Manifest for 6a2 Directory
+
+## Purpose
+
+This manifest declares the AI-assistant context for the 6a2 machine-readable metadata directory.
+
+## Canonical Locations
+
+The 6 core A2ML files MUST exist in this directory:
+1. AGENTIC.a2ml
+2. ECOSYSTEM.a2ml
+3. META.a2ml
+4. NEUROSYM.a2ml
+5. PLAYBOOK.a2ml
+6. STATE.a2ml
+
+## Invariants
+
+- No duplicate files in root directory
+- Single source of truth: this directory is authoritative
+- No stale metadata
+
+## Protocol
+
+When multiple agents may write to A2ML files concurrently:
+1. Read file and record git-sha-at-read in [provenance] section
+2. Lock by creating .lock-<FILENAME>
+3. Write updated file with new [provenance] metadata
+4. Release by removing lock file
+5. On conflict: re-read and retry if git-sha-at-read does not match HEAD
+
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: MPL-2.0
+// Copyright (c) Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
+# A2ML 6a2 Directory
+
+This directory contains the 6 core A2ML machine-readable metadata files for this repository.
+
+## Files
+
+- `AGENTIC.a2ml` - AI agent operational gating, safety controls
+- `ECOSYSTEM.a2ml` - Project ecosystem position, relationships, explicit boundaries
+- `META.a2ml` - Architecture decisions (ADRs), development practices, design rationale
+- `NEUROSYM.a2ml` - Symbolic semantics, composition algebra
+- `PLAYBOOK.a2ml` - Executable plans, operational runbooks
+- `STATE.a2ml` - Project state, phase, milestones, session history
+
+## Standards Compliance
+
+These files follow the A2ML Format Family specification from:
+https://github.com/hyperpolymath/standards/tree/main/a2ml
+
+## Generation
+
+These files may be generated from .scm source files using transpilation tools.
+Source .scm files should be removed after successful transpilation.
+
+## See Also
+
+- [A2ML Repository Template](https://github.com/hyperpolymath/standards/blob/main/A2ML-REPO-TEMPLATE.adoc)
+- [6A2 Format Family](https://github.com/hyperpolymath/standards#a2ml-format-family-7-formats)
+
@@ -0,0 +1,21 @@
+# AI Manifest for Anchor Directory
+
+## Purpose
+
+This manifest declares the AI-assistant context for the anchor machine-readable metadata directory.
+
+## Canonical Locations
+
+ANCHOR.a2ml files MUST exist in this directory.
+
+## Multiple Versions
+
+Unlike other A2ML files, multiple versions of ANCHOR.a2ml with different dates MAY exist.
+Each version represents a specific recalibration point.
+
+## Invariants
+
+- Multiple versions with different dates are permitted
+- No other A2ML files in this directory
+- Single source of truth for anchor documents
+
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: MPL-2.0
+// Copyright (c) Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
+# A2ML Anchor Directory
+
+This directory contains ANCHOR.a2ml files for project recalibration and scope intervention.
+
+## Files
+
+- `ANCHOR.a2ml` - Project recalibration, scope intervention, canonical authority
+
+## Multiple Versions
+
+Unlike other A2ML files, multiple versions of ANCHOR.a2ml with different dates may exist.
+Each version represents a specific recalibration point in the project history.
+
+## Standards Compliance
+
+These files follow the ANCHOR.a2ml specification from:
+https://github.com/hyperpolymath/standards/tree/main/anchor-a2ml
+
+## See Also
+
+- [A2ML Repository Template](https://github.com/hyperpolymath/standards/blob/main/A2ML-REPO-TEMPLATE.adoc)
+- [Anchor A2ML Spec](https://github.com/hyperpolymath/standards/tree/main/anchor-a2ml)
+