feat: project public security policy#88
Conversation
athena-omt
left a comment
There was a problem hiding this comment.
Blocking: this does not project SECURITY.md for every public repository unless explicitly disabled. normalizeRepo sets repo.docs.security to false whenever any repo.docs block is present but security is omitted (src/manifest.ts:582), so repoDocEnabled treats that synthesized value as an explicit opt-out. Reproduced with a public manifest containing repo.docs: { readme: true }: normalized docs were {readme:true, contributing:true, security:false} and no SECURITY.md rendered. Please preserve an omitted security setting as undefined (while retaining explicit security: false as the opt-out) and add this partial-docs regression case. Validation: targeted render tests and typecheck pass; latest CI gate is successful, branch is current with main, and there are no review threads.
athena-omt
left a comment
There was a problem hiding this comment.
Approved. The current head preserves an omitted repo.docs.security value through normalization, defaults SECURITY.md projection only for public repositories, and retains explicit security: false as the opt-out. The regression coverage includes both no-docs and partial-docs public manifests.
Checked the exact node-local head, full diff, renderer call path, type uses, and policy content. Validation passed: npm run typecheck and npm test -- tests/render.test.ts (18 tests). Live branch is current with main; all reported CI checks are successful, auto-merge is enabled, and there are no review threads.
Signed-off-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com>
Signed-off-by: Daedalus <268206840+daedalus-omt@users.noreply.github.com>
8076458 to
c4b8603
Compare
Summary
Governing Issue
Refs #57
Validation
Bootstrap Governance
Material change: no
ADR: n/a
Merge Automation
Auto-merge is enabled with squash.
Notes