Principle (set 2026-06-02): dryvist is the canonical home for everything dryvist uses. JacobPEvans-personal/* may depend on dryvist/*, never the reverse.
Release-please was just made dryvist-native (see #22 and the consumer flips). The same inversion still needs doing for the rest of the shared layer:
Each bullet is its own PR set. Filed as the parent tracker for the broader inversion surfaced while making release-please dryvist-native.
Principle (set 2026-06-02): dryvist is the canonical home for everything dryvist uses.
JacobPEvans-personal/*may depend ondryvist/*, never the reverse.Release-please was just made dryvist-native (see #22 and the consumer flips). The same inversion still needs doing for the rest of the shared layer:
.githubreusable workflows (_markdown-lint,_file-size,_osv-scan,_ci-gate, …) fromJacobPEvans-personal/.github→dryvist/.github; repoint every consumeruses:(one PR per repo, per the sweep inai-assistant-instructions/agentsmd/rules/shared-workflow-org-refs.md).JacobPEvans/.github:renovate-presets) into dryvist and have personal repos extend the dryvist preset.SECURITY.md/ community-health inheritance so dryvist does not depend on the personal account.GH_ACTION_RELEASE_PLEASE_PRIVATE_KEYis a dryvist org secret, unreachable from personal-account repos. Either install/grant the App on the personal account with matching var/secret names, or keep a thin personal release-please that depends on (not owns) dryvist logic.Each bullet is its own PR set. Filed as the parent tracker for the broader inversion surfaced while making release-please dryvist-native.