Affaan Mustafa
af9b2c1c4c
feat: extend harness audit integration scoring ( #1990 )
...
Salvages the useful harness-audit scoring work from #1989 while preserving the current hook registry and newer plugin install detection. Adds GitHub integration checks, conditional deploy-provider categories, dynamic applicable category metadata, and CODEOWNERS coverage.
2026-05-19 06:20:54 -04:00
Affaan Mustafa
9ee1e15564
docs: define ECC 2.0 hypergrowth release lane
...
Refresh the active 2.0 release surface for the affaan-m/ECC repo identity, update package/plugin/workflow launch metadata, and add an operator command center for release video, partner, sponsor, consulting, and social launch execution.
2026-05-19 05:42:38 -04:00
Affaan Mustafa
7911af4a39
security: scope release oidc publishing
2026-05-18 13:41:10 -04:00
dependabot[bot]
cde0b12180
chore(deps): bump pnpm/action-setup from 6.0.6 to 6.0.8
...
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup ) from 6.0.6 to 6.0.8.
- [Release notes](https://github.com/pnpm/action-setup/releases )
- [Commits](91ab88e261...0e279bb959support@github.com >
2026-05-17 01:33:19 -04:00
Affaan Mustafa
a8e3bcb00f
Add supply-chain advisory source refresh
2026-05-15 23:09:54 -04:00
Affaan Mustafa
f7035b5644
Harden CI installs against supply-chain lifecycle hooks
2026-05-15 17:29:03 -04:00
Affaan Mustafa
6951b8d5d2
Add scheduled supply-chain watch workflow
2026-05-15 16:56:49 -04:00
Affaan Mustafa
c2c54e7c0b
ci: restore dependency caches without saving ( #1934 )
2026-05-15 13:51:51 -04:00
Affaan Mustafa
13585f1092
feat: add platform and supply-chain audit commands ( #1926 )
2026-05-15 08:06:26 -04:00
Affaan Mustafa
f7315016c0
feat: add command registry and coverage checks ( #1906 )
...
Salvages the useful parts of #1897 without generated .caliber state or stale counts.
- adds a deterministic command registry generator and drift check
- commits the current command registry for 75 commands
- validates the rc.1 README catalog summary against live counts
- adds a single Ubuntu Node 20 coverage job instead of running coverage in every matrix cell
Co-authored-by: jodunk <jodunk@users.noreply.github.com >
2026-05-14 22:02:36 -04:00
Affaan Mustafa
7d15a2282b
security: add supply-chain IOC scanner ( #1904 )
2026-05-14 21:15:35 -04:00
Affaan Mustafa
209abd403b
ci: disable checkout credential persistence in privileged workflows ( #1851 )
2026-05-13 01:15:49 -04:00
Affaan Mustafa
797f283036
ci: require npm audit signature checks
...
Require npm registry signature verification wherever workflow npm audit checks run.
- add npm audit signatures to CI Security Scan and maintenance security audit jobs
- teach the workflow security validator to reject npm audit without signature verification
- keep the repair and Copilot prompt tests portable across Windows path/case and CRLF frontmatter behavior
Validation:
- node tests/run-all.js (2376 passed, 0 failed)
- CI current-head matrix green on #1846
2026-05-12 23:48:56 -04:00
Girish Kanjiyani
766f4ee1d8
feat: add GitHub Copilot prompt support
...
Adds GitHub Copilot VS Code instruction and prompt files for ECC workflows, with VS Code prompt frontmatter/settings aligned to current docs and tests covering the surface.
Co-authored-by: Girish Kanjiyani <girish.kanjiyani5040@gmail.com >
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-12 23:00:00 -04:00
Affaan Mustafa
daf0355531
ci: harden workflow install boundaries
...
- run non-test workflow installs with npm ci --ignore-scripts where lifecycle scripts are not needed\n- reject plain npm ci in workflows with write permissions\n- reject actions/cache in id-token: write workflows to reduce OIDC publish cache-poisoning risk
2026-05-12 21:55:36 -04:00
Affaan Mustafa
33db548be3
ci: ignore install scripts in release workflows ( #1839 )
2026-05-12 21:36:36 -04:00
Affaan Mustafa
6fbf58d590
ci: keep package manager cache failures non-blocking
2026-05-12 18:03:30 -04:00
Affaan Mustafa
e674a7dbd7
fix: harden CI validators
...
Ports personal-path validator hardening and quoted checkout detection onto current main.
2026-05-11 03:08:43 -04:00
dependabot[bot]
c013479019
build(deps): bump pnpm/action-setup from 6.0.0 to 6.0.6 ( #1708 )
...
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup ) from 6.0.0 to 6.0.6.
- [Release notes](https://github.com/pnpm/action-setup/releases )
- [Commits](08c4be7e2e...91ab88e261support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 01:12:31 -04:00
dependabot[bot]
01b171947c
chore(deps): bump actions/cache from 5.0.4 to 5.0.5 ( #1497 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 5.0.4 to 5.0.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](668228422a...27d5ce7f10support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 01:11:50 -04:00
Affaan Mustafa
0a87323eda
feat(ecc2): finalize rc1 release surface
2026-04-28 22:10:04 -04:00
Affaan Mustafa
6b7bd7156c
fix: relax pnpm strict build checks in CI
2026-04-15 16:44:58 -07:00
Affaan Mustafa
8b5c0c1b07
fix: allow manual release workflow dispatch
2026-04-14 21:02:23 -07:00
Affaan Mustafa
b5c4d2beb9
fix: wire npm auth into release publish
2026-04-14 20:43:22 -07:00
Affaan Mustafa
34380326c8
fix: publish npm releases and clarify install identifiers
2026-04-14 20:42:28 -07:00
Affaan Mustafa
85e331e49a
Merge pull request #1369 from affaan-m/dependabot/github_actions/pnpm/action-setup-6.0.0
...
build(deps): bump pnpm/action-setup from 5.0.0 to 6.0.0
2026-04-13 01:05:16 -07:00
Affaan Mustafa
5c4570baa5
Merge pull request #1370 from affaan-m/dependabot/github_actions/softprops/action-gh-release-3.0.0
...
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
2026-04-13 00:30:59 -07:00
Affaan Mustafa
1a950e4f83
fix: allow pnpm cache probe under node 18
2026-04-13 00:21:42 -07:00
Affaan Mustafa
ef7613c526
fix: use corepack pnpm on node 18
2026-04-13 00:17:17 -07:00
Affaan Mustafa
bd207aabe1
fix: use pnpm 9 for node 18 workflow jobs
2026-04-13 00:13:54 -07:00
Affaan Mustafa
6eadf786f5
fix: pin pnpm version for setup action v6
2026-04-13 00:10:39 -07:00
Affaan Mustafa
db8247d701
chore: update release action version comments
2026-04-12 23:54:26 -07:00
Affaan Mustafa
adb46a95a6
chore: update pnpm action version comments
2026-04-12 23:53:57 -07:00
Affaan Mustafa
48e5a1fa75
Merge pull request #1371 from affaan-m/dependabot/github_actions/actions/github-script-9.0.0
...
build(deps): bump actions/github-script from 8.0.0 to 9.0.0
2026-04-12 23:53:17 -07:00
Affaan Mustafa
2fb041c6de
Merge pull request #1368 from affaan-m/dependabot/github_actions/actions/upload-artifact-7.0.1
...
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
2026-04-12 23:53:01 -07:00
Affaan Mustafa
3792b69a38
fix: block unsafe privileged workflow checkouts
2026-04-12 23:23:01 -07:00
Affaan Mustafa
28edd197c2
fix: harden release surface version and packaging sync ( #1388 )
...
* fix: keep ecc release surfaces version-synced
* fix: keep lockfile release version in sync
* fix: remove release version drift from locks and tests
* fix: keep root release metadata version-synced
* fix: keep codex marketplace metadata version-synced
* fix: gate release workflows on full metadata sync
* fix: ship all versioned release metadata
* fix: harden manual release path
* fix: keep localized release docs version-synced
* fix: sync install architecture version examples
* test: cover shipped plugin metadata in npm pack
* fix: verify final npm payload in release script
* fix: ship opencode lockfile in npm package
* docs: sync localized release highlights
* fix: stabilize windows ci portability
* fix: tighten release script version sync
* fix: prefer repo-relative hook file paths
* fix: make npm pack test shell-safe on windows
2026-04-12 22:33:32 -07:00
dependabot[bot]
57de4129da
build(deps): bump actions/github-script from 8.0.0 to 9.0.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](ed597411d8...3a2844b7e9support@github.com >
2026-04-12 04:52:39 +00:00
dependabot[bot]
5ae63b301f
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](153bb8e044...b430933298support@github.com >
2026-04-12 04:52:35 +00:00
dependabot[bot]
4b92288a27
build(deps): bump pnpm/action-setup from 5.0.0 to 6.0.0
...
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/pnpm/action-setup/releases )
- [Commits](fc06bc1257...08c4be7e2esupport@github.com >
2026-04-12 04:52:33 +00:00
dependabot[bot]
45faeb90a7
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](bbbca2ddaa...043fb46d1asupport@github.com >
2026-04-12 04:52:29 +00:00
Affaan Mustafa
4967dad08c
ci: gate releases on opencode payload verification
2026-04-06 14:08:08 -07:00
Affaan Mustafa
c2199710c2
chore: bump actions stale workflow
2026-04-05 15:22:27 -07:00
Affaan Mustafa
bf5961e8d1
fix: refresh existing monthly metrics snapshots
2026-04-05 15:15:56 -07:00
Affaan Mustafa
43ac81f1ac
fix: harden reusable release tag validation
2026-03-31 23:00:58 -07:00
dependabot[bot]
87363f0e59
chore(deps): bump actions/checkout from 4.3.1 to 6.0.2 ( #1060 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.3.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](34e114876b...de0fac2e45support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Affaan Mustafa <me@affaanmustafa.com >
2026-03-31 14:07:40 -07:00
dependabot[bot]
a1cebd29f7
chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 ( #1061 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.2 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](ea165f8d65...bbbca2ddaasupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 14:06:07 -07:00
dependabot[bot]
09398b42c2
chore(deps): bump actions/setup-node from 4.4.0 to 6.3.0 ( #1058 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4.4.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](49933ea528...53b83947a5support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 14:06:02 -07:00
dependabot[bot]
d1e2209a52
chore(deps): bump actions/cache from 4.3.0 to 5.0.4 ( #1057 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.3.0 to 5.0.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0057852bfa...668228422asupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 14:04:33 -07:00
dependabot[bot]
cfb3476f02
chore(deps): bump actions/github-script from 7.1.0 to 8.0.0 ( #1059 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7.1.0 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](f28e40c7f3...ed597411d8support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 14:04:30 -07:00
