Skip to content

docs: adopt doctrine project manifest#190

Merged
shtse8 merged 3 commits into
mainfrom
codex/project-manifest-adoption
Jun 22, 2026
Merged

docs: adopt doctrine project manifest#190
shtse8 merged 3 commits into
mainfrom
codex/project-manifest-adoption

Conversation

@shtse8

@shtse8 shtse8 commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add PROJECT.md and .doctrine/project.json for doctrine project-control-plane adoption.
  • Add a thin AGENTS.md runtime adapter.
  • Record MCP filesystem safety boundaries, required contexts, forward-only package/image recovery, package release facts, and adoption gaps.

Validation

  • jq empty .doctrine/project.json
  • git diff --check
  • python3 /Users/kyle/.doctrine/scripts/project-control-plane-audit.py --local . --fail-on-drift --json -> PRESENT

Scope

Docs/control-plane only. No runtime, CI, deployment, dependency, secret, or infrastructure changes.

@shtse8

shtse8 commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator Author

Pushed a narrow CI producer repair after the first run failed before validation with package-manager drift:

  • workflow was running pnpm install/run commands
  • package.json declares packageManager: bun@1.3.1
  • updated .github/workflows/publish.yml to use oven-sh/setup-bun@v2 and bun install/run/publish commands

Validation after the workflow repair:

  • bunx prettier --write .github/workflows/publish.yml .doctrine/project.json AGENTS.md PROJECT.md
  • git diff --check
  • python3 /Users/kyle/.doctrine/scripts/project-control-plane-audit.py --local . --fail-on-drift --json => PRESENT

Remaining blockers are pre-existing repo quality/dependency debt, not project-manifest drift:

  • bun audit exits non-zero with 81 vulnerabilities locally; GitHub push also reports 55 default-branch vulnerabilities
  • bun run check-format exits non-zero on existing source/test/config/docs files outside this adoption scope
  • bun run lint exits non-zero on existing @modelcontextprotocol/sdk import resolver errors and src/handlers/apply-diff.ts unused var

I am leaving those classified as existing debt rather than broadening this manifest PR into a repo-wide dependency/format/lint cleanup.

@shtse8

shtse8 commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator Author

Latest rerun blocker update:

  • Branch-level control-plane audit remains PRESENT.
  • The workflow bootstrap repair succeeded far enough to reach validation.
  • Current failing step is bun audit: 81 vulnerabilities reported (2 critical, 29 high, 39 moderate, 11 low), including transitive findings through existing dependencies such as @modelcontextprotocol/sdk, vite, vitest, handlebars, and related tooling packages.

Classification remains: existing dependency security debt / validation baseline blocker, not caused by the doctrine manifest files. I am not mixing broad dependency upgrades into this manifest rollout PR.

@shtse8 shtse8 added this pull request to the merge queue Jun 22, 2026
Merged via the queue into main with commit 32a7124 Jun 22, 2026
5 checks passed
@shtse8 shtse8 deleted the codex/project-manifest-adoption branch June 22, 2026 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shtse8