From e426c85e4d5da01459371306cf67629d20c7f021 Mon Sep 17 00:00:00 2001 From: jscraik <154467285+jscraik@users.noreply.github.com> Date: Sun, 29 Mar 2026 00:28:51 +0000 Subject: [PATCH 1/3] chore(security): remediate dependency advisories Update dependency manifests and lockfiles to address current vulnerability findings. Co-authored-by: Codex --- package-lock.json | 6 +++--- package.json | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index f18a7b7..319fdff 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1256,9 +1256,9 @@ } }, "node_modules/smol-toml": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.0.tgz", - "integrity": "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw==", + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.1.tgz", + "integrity": "sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==", "dev": true, "license": "BSD-3-Clause", "engines": { diff --git a/package.json b/package.json index 7be78f9..8196f42 100644 --- a/package.json +++ b/package.json @@ -29,6 +29,9 @@ "url": "https://github.com/jscraik/code-archaeology-kit/issues" }, "homepage": "https://github.com/jscraik/code-archaeology-kit#readme", + "overrides": { + "smol-toml": "1.6.1" + }, "devDependencies": { "markdownlint-cli2": "^0.22.0" } From c70b8c91ac635c1a110c503cd11f6d0a8a2f0885 Mon Sep 17 00:00:00 2001 From: jscraik <154467285+jscraik@users.noreply.github.com> Date: Fri, 3 Apr 2026 14:17:43 +0100 Subject: [PATCH 2/3] chore: checkpoint local WIP before prune sweep --- .codex/environments/environment.toml | 116 +++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) diff --git a/.codex/environments/environment.toml b/.codex/environments/environment.toml index dffd06f..578c25c 100644 --- a/.codex/environments/environment.toml +++ b/.codex/environments/environment.toml @@ -10,3 +10,119 @@ echo "[codex] setup: /Users/jamiecraik/dev/config" echo "[codex] no known setup step for this repository" ''' + +[[actions]] +name = "Tools" +icon = "tool" + +[[actions]] +name = "Run" +icon = "run" + +[[actions]] +name = "Debug" +icon = "debug" + +[[actions]] +name = "Test" +icon = "test" + +[[actions]] +name = "Prek" +icon = "test" + +[[actions]] +name = "Diagram" +icon = "tool" + +[[actions]] +name = "Ralph" +icon = "debug" + +[[actions]] +name = "Mise" +icon = "tool" + +[[actions]] +name = "Vale" +icon = "debug" + +[[actions]] +name = "Argos" +icon = "test" + +[[actions]] +name = "Cosign" +icon = "debug" + +[[actions]] +name = "Cloudflared" +icon = "run" + +[[actions]] +name = "Vitest" +icon = "test" + +[[actions]] +name = "Ruff" +icon = "debug" + +[[actions]] +name = "ESLint" +icon = "debug" + +[[actions]] +name = "Agent Browser" +icon = "tool" + +[[actions]] +name = "Agentation" +icon = "tool" + +[[actions]] +name = "Mermaid CLI" +icon = "tool" + +[[actions]] +name = "MarkdownLint" +icon = "debug" + +[[actions]] +name = "Wrangler" +icon = "run" + +[[actions]] +name = "1Password" +icon = "tool" + +[[actions]] +name = "Beautiful Mermaid" +icon = "tool" + +[[actions]] +name = "Auth0" +icon = "tool" + +[[actions]] +name = "Semgrep" +icon = "debug" + +[[actions]] +name = "Semver" +icon = "tool" + +[[actions]] +name = "Trivy" +icon = "debug" + +[[actions]] +name = "Gitleaks" +icon = "debug" + +[[actions]] +name = "Research" +icon = "tool" + +[[actions]] +name = "WSearch" +icon = "tool" From 9b886cde750b96048dd510a547e1a9bfbd2647f0 Mon Sep 17 00:00:00 2001 From: jscraik <154467285+jscraik@users.noreply.github.com> Date: Sun, 10 May 2026 13:11:24 +0100 Subject: [PATCH 3/3] Update Codex environment config Refresh the repo-local Codex environment file from the canonical harness template so setup and action commands stay aligned with current project scripts. Co-authored-by: Codex --- .codex/environments/environment.toml | 375 ++++++++++++++++++++++++++- 1 file changed, 371 insertions(+), 4 deletions(-) diff --git a/.codex/environments/environment.toml b/.codex/environments/environment.toml index 578c25c..852b13c 100644 --- a/.codex/environments/environment.toml +++ b/.codex/environments/environment.toml @@ -1,128 +1,495 @@ # THIS IS AUTOGENERATED. DO NOT EDIT MANUALLY version = 1 -name = "config local environment" +name = "harness local environment" [setup] script = ''' set -euo pipefail -echo "[codex] setup: /Users/jamiecraik/dev/config" - -echo "[codex] no known setup step for this repository" +for candidate in "$HOME/.local/share/mise/shims" "$HOME/.local/bin" "/opt/homebrew/bin" "/opt/homebrew/sbin" "/usr/local/bin" "/usr/sbin" "/sbin"; do + if [[ -d "$candidate" && ":$PATH:" != *":$candidate:"* ]]; then + PATH="$candidate:$PATH" + fi +done +export PATH + +if command -v mise >/dev/null 2>&1; then + mise trust --yes .mise.toml || true + mise install +fi +if [[ -f scripts/prepare-worktree.sh ]]; then + bash scripts/prepare-worktree.sh +else + npm install +fi ''' [[actions]] name = "Tools" icon = "tool" +command = ''' +set -euo pipefail + +for candidate in "$HOME/.local/share/mise/shims" "$HOME/.local/bin" "/opt/homebrew/bin" "/opt/homebrew/sbin" "/usr/local/bin" "/usr/sbin" "/sbin"; do + if [[ -d "$candidate" && ":$PATH:" != *":$candidate:"* ]]; then + PATH="$candidate:$PATH" + fi +done +export PATH + +if command -v mise >/dev/null 2>&1; then + mise trust --yes .mise.toml || true + mise install +fi +if [[ -f scripts/prepare-worktree.sh ]]; then + bash scripts/prepare-worktree.sh +else + npm install +fi +''' [[actions]] name = "Run" icon = "run" +command = ''' +set -euo pipefail + +echo "[codex] no run script found in package.json" +exit 1 +''' [[actions]] name = "Debug" icon = "debug" +command = ''' +set -euo pipefail + +npm run 'docs:lint' +''' [[actions]] name = "Test" icon = "test" +command = ''' +set -euo pipefail + +npm run 'test' +''' [[actions]] name = "Prek" icon = "test" +command = ''' +set -euo pipefail + +command -v prek >/dev/null 2>&1 +prek --version +''' + +[[actions]] +name = "Release Finalize" +icon = "tool" +command = ''' +set -euo pipefail + +release_branch="${1:-}" +if [ -z "$release_branch" ]; then + echo "Usage: Release Finalize " + echo "Example: Release Finalize codex/release-0.12.1-coherence" + exit 2 +fi + +case "$release_branch" in + codex/release-*|release-*) ;; + *) + echo "Expected a release branch matching codex/release-* or release-*" + exit 2 + ;; +esac + +git fetch --prune origin main "$release_branch" +git checkout main +local_main_ahead_count="$(git rev-list --count origin/main..HEAD)" +if [ "$local_main_ahead_count" -ne 0 ]; then + echo "Local main is ahead of origin/main; aborting." + echo "Reconcile local commits before running Release Finalize." + exit 2 +fi + +git pull --ff-only origin main +pull_status=$? +if [ "$pull_status" -ne 0 ]; then + local_main_ahead_count="$(git rev-list --count origin/main..HEAD 2>/dev/null || echo 0)" + if [ "$local_main_ahead_count" -ne 0 ]; then + echo "Local main is ahead of origin/main; aborting." + echo "Reconcile local commits before running Release Finalize." + exit 2 + fi + exit "$pull_status" +fi + +git merge --ff-only "origin/$release_branch" +git push origin main + +echo "Merged $release_branch into main and pushed origin/main." +echo "Optional PR follow-up:" +echo " gh pr list --state open --head \"$release_branch\" --json number,url" +echo " gh pr comment --body \"Published to npm and merged into main.\"" +echo " gh pr close --delete-branch=false" +''' [[actions]] name = "Diagram" icon = "tool" +command = ''' +set -euo pipefail + +command -v diagram >/dev/null 2>&1 +diagram --help +''' [[actions]] name = "Ralph" icon = "debug" +command = ''' +set -euo pipefail + +command -v ralph >/dev/null 2>&1 +ralph --help +''' [[actions]] name = "Mise" icon = "tool" +command = ''' +set -euo pipefail + +command -v mise >/dev/null 2>&1 +if git rev-parse --is-inside-work-tree >/dev/null 2>&1; then + current_branch="$(git symbolic-ref --short -q HEAD || true)" + if [ -z "$current_branch" ]; then + repo_slug="$(basename "$PWD" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g; s/^-+//; s/-+$//')" + if [ -z "$repo_slug" ]; then + repo_slug="worktree" + fi + short_sha="$(git rev-parse --short HEAD)" + branch_base="jscraik/feature/$repo_slug-worktree-$short_sha" + branch_name="$branch_base" + suffix=1 + while git show-ref --verify --quiet "refs/heads/$branch_name"; do + branch_name="$branch_base-$suffix" + suffix=$((suffix + 1)) + done + echo "[codex] detached HEAD detected; creating branch $branch_name" + git switch -c "$branch_name" + if git show-ref --verify --quiet "refs/remotes/origin/main"; then + git branch --set-upstream-to=origin/main "$branch_name" >/dev/null 2>&1 || true + echo "[codex] tracking origin/main for $branch_name" + echo "[codex] fast-forwarding $branch_name with origin/main" + git pull --ff-only origin main + fi + fi +fi +mise trust --yes .mise.toml || true +mise install +''' [[actions]] name = "Vale" icon = "debug" +command = ''' +set -euo pipefail + +command -v vale >/dev/null 2>&1 +vale --version +''' [[actions]] name = "Argos" icon = "test" +command = ''' +set -euo pipefail + +command -v argos >/dev/null 2>&1 +argos --help +''' [[actions]] name = "Cosign" icon = "debug" +command = ''' +set -euo pipefail + +command -v cosign >/dev/null 2>&1 +cosign version +''' [[actions]] name = "Cloudflared" icon = "run" +command = ''' +set -euo pipefail + +command -v cloudflared >/dev/null 2>&1 +cloudflared --version +''' [[actions]] name = "Vitest" icon = "test" +command = ''' +set -euo pipefail + +command -v vitest >/dev/null 2>&1 +vitest --version +''' [[actions]] name = "Ruff" icon = "debug" +command = ''' +set -euo pipefail + +command -v ruff >/dev/null 2>&1 +ruff --version +''' [[actions]] name = "ESLint" icon = "debug" +command = ''' +set -euo pipefail + +command -v eslint >/dev/null 2>&1 +eslint --version +''' [[actions]] name = "Agent Browser" icon = "tool" +command = ''' +set -euo pipefail + +command -v agent-browser >/dev/null 2>&1 +agent-browser --help +''' [[actions]] name = "Agentation" icon = "tool" +command = ''' +set -euo pipefail + +command -v agentation-mcp >/dev/null 2>&1 +agentation-mcp --help +''' [[actions]] name = "Mermaid CLI" icon = "tool" +command = ''' +set -euo pipefail + +command -v mmdc >/dev/null 2>&1 +mmdc --help +''' [[actions]] name = "MarkdownLint" icon = "debug" +command = ''' +set -euo pipefail + +command -v markdownlint-cli2 >/dev/null 2>&1 +markdownlint-cli2 --help +''' [[actions]] name = "Wrangler" icon = "run" +command = ''' +set -euo pipefail + +command -v wrangler >/dev/null 2>&1 +wrangler --help +''' [[actions]] name = "1Password" icon = "tool" +command = ''' +set -euo pipefail + +command -v op >/dev/null 2>&1 +op --help +''' [[actions]] name = "Beautiful Mermaid" icon = "tool" +command = ''' +set -euo pipefail + +command -v beautiful-mermaid >/dev/null 2>&1 +beautiful-mermaid --help +''' [[actions]] name = "Auth0" icon = "tool" +command = ''' +set -euo pipefail + +command -v auth0 >/dev/null 2>&1 +auth0 --help +''' [[actions]] name = "Semgrep" icon = "debug" +command = ''' +set -euo pipefail + +command -v semgrep >/dev/null 2>&1 +semgrep --help +''' [[actions]] name = "Semver" icon = "tool" +command = ''' +set -euo pipefail + +command -v semver >/dev/null 2>&1 +semver --help +''' [[actions]] name = "Trivy" icon = "debug" +command = ''' +set -euo pipefail + +command -v trivy >/dev/null 2>&1 +trivy --help +''' [[actions]] name = "Gitleaks" icon = "debug" +command = ''' +set -euo pipefail + +command -v gitleaks >/dev/null 2>&1 +gitleaks --help +''' [[actions]] name = "Research" icon = "tool" +command = ''' +set -euo pipefail + +command -v rsearch >/dev/null 2>&1 +rsearch --help +''' [[actions]] name = "WSearch" icon = "tool" +command = ''' +set -euo pipefail + +command -v wsearch >/dev/null 2>&1 +wsearch --help +''' + +[[actions]] +name = "Script: test" +icon = "test" +command = ''' +set -euo pipefail + +npm run 'test' +''' + +[[actions]] +name = "Script: test:deep" +icon = "test" +command = ''' +set -euo pipefail + +npm run 'test:deep' +''' + +[[actions]] +name = "Script: docs:lint" +icon = "debug" +command = ''' +set -euo pipefail + +npm run 'docs:lint' +''' + +[[actions]] +name = "Script: docs:readability" +icon = "tool" +command = ''' +set -euo pipefail + +npm run 'docs:readability' +''' + +[[actions]] +name = "Script: tooling:render" +icon = "tool" +command = ''' +set -euo pipefail + +npm run 'tooling:render' +''' + +[[actions]] +name = "Script: env:check" +icon = "debug" +command = ''' +set -euo pipefail + +npm run 'env:check' +''' + +[[actions]] +name = "Script: test:artifacts" +icon = "test" +command = ''' +set -euo pipefail + +npm run 'test:artifacts' +''' + +[[actions]] +name = "Script: test:artifacts:unit" +icon = "test" +command = ''' +set -euo pipefail + +npm run 'test:artifacts:unit' +''' + +[[actions]] +name = "Script: test:artifacts:integration" +icon = "test" +command = ''' +set -euo pipefail + +npm run 'test:artifacts:integration' +''' + +[[actions]] +name = "Script: test:artifacts:e2e" +icon = "test" +command = ''' +set -euo pipefail + +npm run 'test:artifacts:e2e' +'''