Conversation
kkmookhey
approved these changes
Apr 16, 2026
kkmookhey
left a comment
Collaborator
There was a problem hiding this comment.
Approve. Clean scope, good judgment calls. The new_check_proposal.yml encoding principles at intake is the standout addition.
Two things to verify post-merge:
- Confirm GitHub Discussions is enabled (config.yml links to it)
- Click-test the
CLAUDE.md#required-tests-on-every-pranchor in CONTRIBUTING.md
The VIBE_CODING.md body-text reference concern turned out clean — no prose links to the old root path outside the tree block.
Structural polish for the repo now that it has public traction. Adds the community files drive-by contributors expect and tidies the root. Content is sourced from existing canonical docs — no duplicated rules. Structural reorg ---------------- - Move DEPLOYMENT.md, VIBE_CODING.md, CONVERSATIONS.md into docs/. - Fix the 3 inbound links in README.md to their new paths. - Update the README project-structure tree block to reflect the move. Community files (thin pointers) ------------------------------- - CONTRIBUTING.md — points at ENGINEERING_PRINCIPLES.md and CLAUDE.md's "Required tests on every PR" section. Zero duplicated rules. - SECURITY.md — contact@transilience.ai, 48 h / 7 d / 30 d SLAs. - CODE_OF_CONDUCT.md — Contributor Covenant v2.1 by reference. .github/ scaffolding -------------------- - ISSUE_TEMPLATE/bug_report.yml (YAML form) - ISSUE_TEMPLATE/feature_request.yml (YAML form) - ISSUE_TEMPLATE/new_check_proposal.yml (encodes Principles 3/4/6/7 at intake) - ISSUE_TEMPLATE/config.yml (blank_issues_enabled: false, mailto for security) - pull_request_template.md (requires Closes #N + principles checklist) README hero overhaul -------------------- Centered hero block with CI / license / Python / stars / Claude badges, pipe-separated nav row to Quick Start / Skills / Architecture / TRUST / Principles / Contributing. contrib.rocks contributors block at the bottom. Also fixes a pre-existing drift: the tree-block claim "515+ tests" is stale — actual collected is 514 — updated to "500+". pyproject.toml metadata ----------------------- authors, license, readme, keywords, classifiers, and [project.urls] for PyPI and GitHub sidebar discoverability. No runtime dep changes. No ruff / lint config changes. Not in scope ------------ - No Python source edits (src/, tests/). - No CI workflow edits. - No docs/INCIDENT_RESPONSE.md — an SLA-backed incident runbook is the wrong shape for a small-team OSS scanner with no on-call. - Pre-existing issues acknowledged but deliberately untouched: the integrity workflow has been red on main since 2026-04-09 (broken pyproject force-include + pycairo install + pre-existing ruff state). Those are separate fixes that should ride their own PRs with a post-mortem on why the build has been red unnoticed for days.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Structural polish for the repo now that it has public traction. Adds the community files drive-by contributors expect and tidies the root. Content is sourced from existing canonical docs — no duplicated rules. No Python source edits.
Reduced from the previous version of this PR per maintainer feedback — see "Changes since previous revision" at the bottom.
What's in
Structural reorg
DEPLOYMENT.md,VIBE_CODING.md,CONVERSATIONS.mdmoved intodocs/README.mdfixedCommunity files (thin pointers, no new rules)
CONTRIBUTING.md→ points atENGINEERING_PRINCIPLES.md+CLAUDE.md's "Required tests on every PR"SECURITY.md→contact@transilience.ai, 48 h / 7 d / 30 dCODE_OF_CONDUCT.md→ Contributor Covenant v2.1 by reference.github/scaffoldingISSUE_TEMPLATE/bug_report.yml,feature_request.yml,new_check_proposal.yml(encodes Principles 3/4/6/7 at intake),config.yml(blank_issues_enabled: false + mailto security link)pull_request_template.mdrequiresCloses #N+ a principles checklist mirroringCLAUDE.mdREADME hero
Centered block with 5 badges (CI, License, Python, Stars, Powered by Claude), pipe-separated nav row,
contrib.rockscontributors section near the bottom. The 865-line body is byte-identical except for the 3 inbound-link fixes, the tree-block update, and one pre-existing drift fix: the tree-block claim515+ testswas stale (actual 514), updated to500+.pyproject.tomlmetadataauthors,license,readme,keywords,classifiers,[project.urls]. Improves PyPI / GitHub sidebar discoverability. No runtime dep changes, no lint config changes, no packaging-layout changes.What's deliberately NOT in
git diff main...HEAD -- src/ tests/is empty.git diff main...HEAD -- .github/workflows/is empty.docs/INCIDENT_RESPONSE.md. Removed per maintainer + user feedback. An SLA-backed incident runbook with Sev-1/2/3 tables and named roles is the wrong shape for a small-team OSS scanner with no on-call. Shasta-the-project isn't an audited entity — trying to frame an internal runbook as "evidence for SOC 2 CC7.3 / ISO 27001 A.5.24" is the same scanner-vs-audited-entity category error the tool is supposed to fix for customers.SECURITY.md's 48 h / 7 d / 30 d reporter SLAs stand alone.E501ignore, no auto-formatting passes. Those were mixed in via the previous revision and have been fully reverted.pyproject.tomlforce-include fix. The broken force-include pointing atsrc/whitney/code/rules(deleted in4873079) is still there as of this PR, unchanged frommain. That fix should ride its own PR with a post-mortem.Pre-existing issues acknowledged but out of scope
The integrity workflow has been red on
mainsince it was introduced on2026-04-09(every run since24215229845). Three independent problems contribute to that, all predate this PR, and none are addressed here:pyproject.tomlforce-include points atsrc/whitney/code/ruleswhich was deleted in4873079.pip install -e .fails at the metadata generation step.pycairotransitive dep viaxhtml2pdf → svglib → rlpycairo → pycaironeeds systemcairo+pkg-configon the CI runner.main, none of them in files this PR touches.Each of these deserves its own focused PR. I'd also suggest a short post-mortem on principle #1 ("numbers in docs are tests") — the build was red for 6 days and the team didn't notice, which is the same failure mode the integrity workflow exists to prevent.
Test plan
git diff main...HEAD -- src/ tests/— emptygit diff main...HEAD -- .github/workflows/— emptygit diff main...HEAD -- pyproject.toml— metadata-onlygrep -rE 'INCIDENT_RESPONSE' README.md SECURITY.md CONTRIBUTING.md CODE_OF_CONDUCT.md docs/— zero matchestomllibparse ofpyproject.tomlyaml.safe_loadof all 4 issue forms