Skip to content

fix: security hardening, RSR structure alignment, README restoration#18

Merged
hyperpolymath merged 1 commit into
mainfrom
fix/security-and-rsr-alignment
Mar 13, 2026
Merged

fix: security hardening, RSR structure alignment, README restoration#18
hyperpolymath merged 1 commit into
mainfrom
fix/security-and-rsr-alignment

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

  • Security: SHA-pin mlugg/setup-zig@v2 in zig-test.yml (was unpinned tag ref — supply chain risk)
  • Security: Add input validation to MCP bridge — cartridge name regex + encodeURIComponent to prevent path traversal via boj_cartridge_info/boj_cartridge_invoke
  • Structure: Move docs to docs/ (ABI-FFI-README, READINESS, RSR_OUTLINE, TOPOLOGY) to match rsr-template-repo layout
  • Structure: Remove root duplicates already in .github/ (CODEOWNERS), delete redundant AI tool configs (.clinerules, .cursorrules, .windsurfrules), remove unused files (.maintenance-perms-ignore, .nojekyll)
  • README: Restore full original content with clean Glama badge placement, add MCP installation section, update internal doc paths

Test plan

  • Verify MCP bridge still responds to tools/list and tools/call
  • Verify Glama badge renders on GitHub
  • Verify zig-test workflow runs with SHA-pinned action
  • Verify docs/ files are accessible from updated README links

🤖 Generated with Claude Code

- SHA-pin mlugg/setup-zig@v2 in zig-test.yml (was unpinned tag ref)
- Add input validation to MCP bridge: cartridge name regex + encodeURIComponent
  to prevent path traversal via boj_cartridge_info/boj_cartridge_invoke
- Move docs to docs/: ABI-FFI-README, READINESS, RSR_OUTLINE, TOPOLOGY
- Remove root duplicates already in .github/: CODEOWNERS
- Delete redundant AI tool configs: .clinerules, .cursorrules, .windsurfrules
- Delete unused: .maintenance-perms-ignore, .nojekyll
- Fix README.md: restore full original content, clean Glama badge placement,
  add MCP installation section, update doc paths to docs/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath merged commit ecc5bc0 into main Mar 13, 2026
13 of 17 checks passed
@hyperpolymath hyperpolymath deleted the fix/security-and-rsr-alignment branch March 13, 2026 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant