Skip to content

docs: record tech-debt audit findings (2026-05-26)#47

Merged
hyperpolymath merged 2 commits into
mainfrom
claude/tech-debt-2026-05-26
Jun 23, 2026
Merged

docs: record tech-debt audit findings (2026-05-26)#47
hyperpolymath merged 2 commits into
mainfrom
claude/tech-debt-2026-05-26

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Adds docs/tech-debt-2026-05-26.md with this repo's findings from the estate-wide tech-debt scan: proof debt, licence debt, documentation debt.

This file records the findings only — it does not close the debt.

Cross-references:

Summary

Closes #

Type of change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✨ New feature (non-breaking change that adds functionality)
  • 💥 Breaking change (would change existing behaviour)
  • 🕳️ Soundness fix (fixes a checker/proof false-negative)
  • 📖 Documentation
  • 🧹 Refactor / tech debt (behaviour-preserving)
  • ⚡ Performance
  • 🔧 Build / CI / tooling

How has this been verified?

Checklist

  • My commits are signed (git commit -S).
  • I ran the project's own checks/tests locally and they pass.
  • New files carry the correct SPDX-License-Identifier (code/config MPL-2.0,
    prose CC-BY-SA-4.0); I did not relicense existing files.
  • Docs are updated, and no public claim now overstates what the code does.
  • I have not introduced a soundness hole (or I have flagged where I might have).

Notes for reviewers

hyperpolymath and others added 2 commits May 26, 2026 12:50
Adds docs/tech-debt-2026-05-26.md with this repo's findings from the
estate-wide tech-debt scan: proof debt, licence debt, documentation
debt.

This file records the findings only — it does not close the debt.

Cross-references:
- hyperpolymath/standards#195 (estate proof-debt audit)
- hyperpolymath/standards#196 (estate licence-debt audit)
- hyperpolymath/standards#197 (estate documentation-debt audit)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath merged commit 79ea817 into main Jun 23, 2026
@hyperpolymath hyperpolymath deleted the claude/tech-debt-2026-05-26 branch June 23, 2026 16:01
@github-actions

Copy link
Copy Markdown

🔍 Hypatia Security Scan

Findings: 9 issues detected

Severity Count
🔴 Critical 0
🟠 High 3
🟡 Medium 6
View findings
[
  {
    "reason": "Nominal-only SAST in git-reticulator: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
    "type": "StaticAnalysis",
    "file": "/home/runner/work/git-reticulator/git-reticulator",
    "action": "auto_fix",
    "rule_module": "scorecard",
    "severity": "medium",
    "remediation": "Add CodeQL or equivalent SAST workflow.",
    "scorecard_check": "SAST"
  },
  {
    "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
    "type": "GS007",
    "file": ".",
    "action": "delete_remote_branches",
    "rule_module": "git_state",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/structural_drift/SD009 -- Hypatia structural_drift: SD009 -- 36 day(s) old [STALE]",
    "type": "CSA001",
    "file": "src/api/app.rs",
    "action": "update",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/git_state/GS007 -- Hypatia git_state: GS007 -- 36 day(s) old [STALE]",
    "type": "CSA001",
    "file": ".",
    "action": "update",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/scorecard/StaticAnalysis -- Hypatia scorecard: StaticAnalysis -- 36 day(s) old [STALE]",
    "type": "CSA001",
    "file": "git-reticulator",
    "action": "update",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code-scanning alert hypatia/structural_drift/SD009 (medium) at src/api/app.rs is 36 days old (threshold: 30 days) -- overdue for remediation",
    "type": "CSA003",
    "file": "src/api/app.rs",
    "action": "escalate",
    "rule_module": "code_scanning_alerts",
    "severity": "high"
  },
  {
    "reason": "Code-scanning alert hypatia/git_state/GS007 (medium) at . is 36 days old (threshold: 30 days) -- overdue for remediation",
    "type": "CSA003",
    "file": ".",
    "action": "escalate",
    "rule_module": "code_scanning_alerts",
    "severity": "high"
  },
  {
    "reason": "Code-scanning alert hypatia/scorecard/StaticAnalysis (medium) at git-reticulator is 36 days old (threshold: 30 days) -- overdue for remediation",
    "type": "CSA003",
    "file": "git-reticulator",
    "action": "escalate",
    "rule_module": "code_scanning_alerts",
    "severity": "high"
  },
  {
    "reason": "Source file missing SPDX-License-Identifier header",
    "type": "SD009",
    "file": "src/api/app.rs",
    "action": "add_spdx_header",
    "rule_module": "structural_drift",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant