feat(ci): dogfood the root .editorconfig + aggregate 'just ci' on the maintainer repo#9
Merged
Merged
Conversation
Byte-for-byte copy of template/.editorconfig. The template enforces it passively (no checker), so parity is met by dropping the file at root; values already match repo conventions.
Mirror template/justfile.jinja's `ci: fmt-check lint typecheck test audit` (+ `verify: ci`). audit is a member because the template chains it and it is a PR-blocking check here via the scan job. Re-word the audit recipe comments accordingly — it is no longer out-of-band.
Add a "Run every gate" section (recipe shape, roomy-TMPDIR note, scanners stay CI-only, downstream-vs-maintainer `ci`, forward-sync for policy/fuzz). Update the Dependency-audit section: audit is chained into `just ci`, not out-of-band.
The "Run every gate" section described all four per-gate CI jobs as running across the OS×Python matrix, each via `uv run` inline. In fact only `test` is matrixed; `typecheck`, `lint`, and `scan` are single `ubuntu-latest` jobs, and `scan` invokes `uvx`/`mise exec`, not `uv run` — matching this file's own Scanning and Dependency-audit sections. Correct both the section prose and the divergences summary.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Dogfood two Phase-1 template layers on the maintainer repo (roadmap gap #7 + gap #3): drop the shipped
.editorconfigat root, and add the aggregatejust ci/verifyrecipe — so the maintainer runs the same "one command, all gates" entry point it ships to every downstream.Changes
.editorconfig— byte-for-byte copy oftemplate/.editorconfig. The template enforces it passively (no checker), so parity is met by dropping the file at root; values already match repo conventions.just ci+verify— mirrortemplate/justfile.jinja'sci: fmt-check lint typecheck test audit(+verify: ci).auditis a member because the template chains it ({% if enable_dependency_audit %} audit{% endif %}) and it is itself a PR-blocking check here.audittocimeans it is no longer "out-of-band" (this repo defines out-of-band as "ships a recipe but stays offci"), so thejust auditrecipe/section wording is updated;scan's "out-of-band" wording is deliberately left intact (scan stays offci). New## Run every gatesection inAGENTS.md.Testing
TMPDIR=<roomy> just ci→ruff format --check+ruff check+basedpyright(0 errors) +pytest(70 passed, full generation matrix) +pip-audit(no vulns) → endsci: all gates passed.just precommitclean (incl. hygiene on the new root.editorconfig);diff template/.editorconfig .editorconfigempty.Notes for reviewers
auditis intentionally inci(mirrors the template), not dropped — the local aggregate reproduces the full PR gate. CI is unchanged: it still runs parallel per-gate jobs + the OS×Python matrix and does not invokejust ci.check:fast split (the template ships none — usejust fmt-check lint typecheck), and candidate F (pointing CI jobs at thejustrecipes) is deferred: thescanjob's three tools don't map onto theaudit+scanrecipe split, so it is a real restructure for a follow-up.Related
just ci) indocs/superpowers/plans/2026-07-01-dogfood-gap-audit.md; follows gaps docs(specs): add dependency-inventory design spec #1 (chore(pre-commit): dogfood the shipped pre-commit gate on the maintainer repo #6), docs(plan): add dependency-surface inventory implementation plan #2 (feat(scan): dogfood the shipped gitleaks + semgrep gate on the maintainer repo #7), docs(plans): add dogfooding-gap audit of shipped guardrails #5 (feat(audit): dogfood the pip-audit dependency-audit gate on the maintainer repo #8).