chore: align CI to the hardened canon, add AGENTS.md#3
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR aligns repository tooling/docs with a shared “hardened canon” by tightening CI’s Nix security posture, standardizing Lua linting to Lua 5.1 expectations, and introducing a single agent-facing instruction source of truth.
Changes:
- Harden CI Nix configuration by removing
accept-flake-config = true, preventing PR-provided flake config from injecting substituters/keys. - Update CI to run
scripts/testviabash(not relying on execute bit) and tuneluacheckto--std lua51 --no-unused-args. - Add
AGENTS.mdas the canonical agent instruction document and pointCLAUDE.mdto it to avoid duplication/drift.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
CLAUDE.md |
Imports AGENTS.md so Claude Code reads the same single source of truth. |
AGENTS.md |
Adds canonical build/test/lint commands and Lua 5.1 + FFI guidance for coding agents. |
.github/workflows/ci.yml |
Hardens Nix config and aligns test/lint execution with repo/tooling expectations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
f056665 to
ef389a1
Compare
ef389a1 to
ad6feaf
Compare
ada51cb to
92a5747
Compare
CI: drop accept-flake-config (supply-chain risk; caches already pinned), run luacheck with --std lua51 --no-unused-args (matches the Lua 5.1 target and the curried-FFI idiom), invoke the test step via bash so it no longer needs the execute bit. AGENTS.md is the single instruction file the coding agents read natively; CLAUDE.md is a one-line @AGENTS.md import so Claude Code shares it. Tooling and docs only, no src/ change.
92a5747 to
34ed04d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Brings this fork in line with the shared tooling canon and gives the AI coding agents a single source of truth.
CI (
.github/workflows/ci.yml):accept-flake-config = true. It let a PR's own flakenixConfiginject extra substituters and keys, which is a supply-chain risk; the caches are already pinned inextra_nix_config, so nothing is lost.--std lua51 --no-unused-argsinstead of--std min.lua51matches the actual target (it knowsmath.pow/math.atan2, whichminflags), and--no-unused-argstolerates the curried fallback args the native FFI stubs ignore.bash ./scripts/testso it no longer depends on the file's execute bit.AGENTS.md+CLAUDE.md:AGENTS.mdis the one instruction file the coding agents read natively (Codex, Cursor, Copilot, Gemini CLI, Aider): the build/test/lint commands, the Lua 5.1 constraints, the FFI parenthesisation rule, and the toolchain pins.CLAUDE.mdis a one-line@AGENTS.mdimport so Claude Code reads the same file instead of a second copy that drifts out of sync.It also drops the dead
bower.jsonandpackage.jsonleft over from the JavaScript build; the toolchain is spago plus nix now. Theclass-diagram.pngreferenced by the README stays.Tooling and docs only, no
src/change, so there is no tag or package-set bump.Verification
nix develop -c ./scripts/build,nix develop -c bash ./scripts/test(regression passes), and luacheck with--std lua51 --no-unused-args src/are all clean locally.