Claude/add docs and roadmap 39b7r #5
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Expand README.adoc with detailed explanation of RSR philosophy, three pillars (security-first, consent-aware, provenance-tracked), repository anatomy, CI/CD pipeline, and language policy - Add ROADMAP.adoc with v10+ vision covering: - v1.0: Foundation (template completion) - v2.0: Self-enforcing trust network - v3.0-5.0: Consent protocol and HTTP 430 RFC - v6.0-8.0: Provenance chain and SLSA Level 4 - v9.0: Formal verification integration - v10.0+: Decentralised self-sovereign software infrastructure The roadmap outlines how RSR can evolve from a template repository into a decentralised trust infrastructure for ethical software development.
- Add ATS (Applied Type System) as Tier 0: Verification Platinum in the language hierarchy - proofs-as-types, dependent + linear types - Expand ROADMAP.adoc Phase 4 (Formal Verification) to explain: - The ATS philosophy (if it compiles, proofs are valid) - Why ATS over external provers (proofs IN types, not beside code) - ATS CI integration as P0 priority - Position Ada/SPARK as pragmatic fallback for industry adoption ATS represents the pinnacle of "correctness by construction" - memory safety, bounds checking, and resource management are proven at compile time with zero runtime overhead.
Replace ATS with Idris 2 as the Tier 0 verification language: - Idris 2's Quantitative Type Theory (QTT) is more expressive: - Quantities (0, 1, ω) vs just linear types - 0-quantity proofs erased at runtime - First-class totality checking - Better ecosystem: - Active development by Edwin Brady - "Type-Driven Development with Idris" book - Multiple backends (Scheme, RefC, JS) - no C dependency - Update formal verification roadmap phase for Idris 2 - Update references and implementation path
Infrastructure: - .gitignore: Add Idris 2, Zig, Nix patterns; organize by tier - .gitattributes: Add Idris 2, linguist overrides; organize by tier - .editorconfig: Add Idris 2; organize by tier with SPDX header Community Health: - .github/CODEOWNERS: Protect security-critical files - .github/PULL_REQUEST_TEMPLATE.md: RSR compliance checklist - .pre-commit-config.yaml: Gitleaks, TruffleHog, RSR anti-pattern checks CI/CD: - .github/workflows/casket-ssg.yml: Static site generation using hyperpolymath/cerro-torre container with casket.ssg Cleanup: - Delete duplicate ROADMAP.md (keep ROADMAP.adoc as primary) - Fix RSR_COMPLIANCE.adoc: Update to reflect actual file presence, add Idris 2 as Tier 0, document container strategy (svalinn/cerro-torre) Container strategy now uses: - hyperpolymath/svalinn for container tooling - hyperpolymath/cerro-torre as secure base image - Podman as fallback runtime
Infrastructure:
- Containerfile: Multi-stage build using hyperpolymath/cerro-torre
- Builder stage with full tooling
- Minimal runtime stage with non-root user
- Development stage for local work
Security:
- .github/workflows/slsa-provenance.yml: SLSA Level 3 provenance
- Generates cryptographic attestations for releases
- Self-verification step
- Uploads to GitHub Releases
Testing:
- tests/README.adoc: Test infrastructure documentation
- Coverage requirements (80% line, 70% branch)
- Language-specific examples (Idris 2, Rust, Elixir)
- RSR verification tiers
Placeholder fixes:
- SECURITY.md: Filled all {{PLACEHOLDER}} values, removed template block
- CONTRIBUTING.md: Filled forge, owner, repo, branch placeholders
- .well-known/security.txt: Set expiry to 2026-12-26
- .well-known/humans.txt: Set last update to 2025-12-26
- .well-known/consent-required.txt: Filled project name
Compliance:
- RSR_COMPLIANCE.adoc: All items now ✅ complete
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Type of Change
RSR Compliance
Security Checklist
Testing
Documentation
Related Issues