From fb0e0eeb14b8b4b106daf52bc65991c6c2e72323 Mon Sep 17 00:00:00 2001 From: Recovery Script Date: Fri, 19 Jun 2026 21:26:08 -0700 Subject: [PATCH] chore(tier-0): complete hygiene files for HeliosLab --- .../workflows/{cargo-audit.yml => audit.yml} | 4 +++ .../workflows/{cargo-deny.yml => deny.yml} | 3 +- crates/pheno-ffi-go/src/lib.rs | 16 +++++++++++ crates/pheno-ffi-python/src/lib.rs | 16 +++++++++++ justfile | 28 +++++++++++++++---- pheno-cli/src/main.rs | 16 +++++++++++ pheno-cli/src/tui.rs | 16 +++++++++++ pheno-core/src/lib.rs | 16 +++++++++++ pheno-crypto/src/lib.rs | 16 +++++++++++ pheno-db/src/lib.rs | 16 +++++++++++ 10 files changed, 140 insertions(+), 7 deletions(-) rename .github/workflows/{cargo-audit.yml => audit.yml} (84%) rename .github/workflows/{cargo-deny.yml => deny.yml} (95%) diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/audit.yml similarity index 84% rename from .github/workflows/cargo-audit.yml rename to .github/workflows/audit.yml index c44c85968..8fde42c02 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/audit.yml @@ -2,6 +2,10 @@ name: cargo-audit permissions: contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + 'on': workflow_dispatch: null push: diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/deny.yml similarity index 95% rename from .github/workflows/cargo-deny.yml rename to .github/workflows/deny.yml index b6980f0f1..a3b54efd7 100644 --- a/.github/workflows/cargo-deny.yml +++ b/.github/workflows/deny.yml @@ -1,4 +1,4 @@ -name: cargo-deny +name: cargo-deny on: workflow_dispatch: pull_request: @@ -15,4 +15,3 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true - diff --git a/crates/pheno-ffi-go/src/lib.rs b/crates/pheno-ffi-go/src/lib.rs index 25c163c4c..c546f6862 100644 --- a/crates/pheno-ffi-go/src/lib.rs +++ b/crates/pheno-ffi-go/src/lib.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #![expect(clippy::missing_safety_doc)] use chrono::Utc; diff --git a/crates/pheno-ffi-python/src/lib.rs b/crates/pheno-ffi-python/src/lib.rs index f66056678..f48b3e7f7 100644 --- a/crates/pheno-ffi-python/src/lib.rs +++ b/crates/pheno-ffi-python/src/lib.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + use chrono::Utc; use pheno_core::*; use pheno_db::Database; diff --git a/justfile b/justfile index 7636e98f8..7ca986fc7 100644 --- a/justfile +++ b/justfile @@ -1,16 +1,34 @@ # HeliosLab Justfile # # After 2026-06-11, this justfile is a thin shell that re-exports the shared -# `phenotype.just` library (defined in just/phenotype.just). The 9 most -# common recipes (default, build, test, lint, fmt, audit, unused, ci, docs) -# are now defined once in the library and parameterized over the build -# system. +# `phenotype.just` library (defined in just/phenotype.just). The most common +# recipes (default, build, test, lint, fmt, audit, unused, ci, docs) are +# defined once in the library and parameterized over the build system. # -# Stack-specific recipes (e.g. `clean`, `dev`) stay in this file. +# Stack-specific recipes (`deny`, `grade`) stay in this file so the library +# stays polyglot-neutral. # # To upgrade: pull the latest phenotype.just from the central repo, or # vendor it as a git submodule. import "just/phenotype.just" +# Run cargo-deny against the checked-in deny.toml policy. +# Stack: cargo. Hard-fails if cargo-deny is not installed (mirrors CI). +deny: + @if [ -f Cargo.toml ]; then \ + command -v cargo-deny >/dev/null || { echo "cargo-deny not installed; install with: cargo install cargo-deny"; exit 1; }; \ + cargo deny check; \ + else echo "no Cargo.toml at repo root; nothing to deny-check"; fi +# Generate the tier-0 hygiene grade report (audit_scorecard.json). +# Stack-agnostic: prints the committed scorecard summary if present, +# otherwise reminds the operator to run the upstream grader. +grade: + @if [ -f audit_scorecard.json ]; then \ + echo "Tier-0 grade summary ($(basename "$PWD")):"; \ + jq -r '" overall: \(.overall)\n grade: \(.grade)\n top wins:\n\(.scores | to_entries | sort_by(-.value) | .[0:5] | map(" - \(.key): \(.value)") | join("\n"))"' audit_scorecard.json; \ + else \ + echo "audit_scorecard.json not found in repo root."; \ + echo "Run the upstream Phenotype grader, or: just audit && just deny && just lint && just test"; \ + fi diff --git a/pheno-cli/src/main.rs b/pheno-cli/src/main.rs index d8e18b51f..4cf5d2303 100644 --- a/pheno-cli/src/main.rs +++ b/pheno-cli/src/main.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + mod tui; use chrono::Utc; diff --git a/pheno-cli/src/tui.rs b/pheno-cli/src/tui.rs index 64bc5987e..ed543b58e 100644 --- a/pheno-cli/src/tui.rs +++ b/pheno-cli/src/tui.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + use crossterm::{ event::{self, Event, KeyCode, KeyEventKind}, terminal::{disable_raw_mode, enable_raw_mode, EnterAlternateScreen, LeaveAlternateScreen}, diff --git a/pheno-core/src/lib.rs b/pheno-core/src/lib.rs index 0aa3e9e15..93c50d364 100644 --- a/pheno-core/src/lib.rs +++ b/pheno-core/src/lib.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + use chrono::{DateTime, Utc}; use serde::{Deserialize, Serialize}; use std::fmt; diff --git a/pheno-crypto/src/lib.rs b/pheno-crypto/src/lib.rs index b923120c3..563e4bd24 100644 --- a/pheno-crypto/src/lib.rs +++ b/pheno-crypto/src/lib.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + use aes_gcm::aead::{Aead, KeyInit, OsRng}; use aes_gcm::{Aes256Gcm, AeadCore, Key, Nonce}; use pheno_core::{Error, Result}; diff --git a/pheno-db/src/lib.rs b/pheno-db/src/lib.rs index 29ea98f50..4b8778f59 100644 --- a/pheno-db/src/lib.rs +++ b/pheno-db/src/lib.rs @@ -1,3 +1,19 @@ +// SPDX-License-Identifier: MIT OR Apache-2.0 +// +// Copyright (c) 2026 Koosha Pari +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + use chrono::{DateTime, Utc}; use pheno_core::*; use rusqlite::{params, Connection};