Merge remote-tracking branch 'origin/main' into chore/simplify-coderabbit-spec-prompt

# Conflicts:
#	.coderabbit.yaml

Author: skulidropek

.coderabbit.yaml

@@ -60,8 +60,8 @@ reviews:
     issue_assessment:
       mode: "warning"
     custom_checks:
-      - name: "Spec alignment"
-        mode: "warning"
+      - name: "Requirements alignment"
+        mode: "error"
         instructions: |
           Fail if the diff contradicts the visible spec/TZ, linked issue, PR
           discussion, README/docs, or changes behavior without documenting it.
@@ -71,9 +71,14 @@ reviews:
       - name: "Security regression"
         mode: "warning"
         instructions: |
-          Fail only for high-confidence security regressions: injection,
-          path traversal, secret leaks, unsafe Docker/GitHub Actions settings,
-          or unjustified supply-chain risk.
+          Fail if changed files introduce a high-confidence security regression, including:
+          - command injection or unsafe shell/process execution with user-controlled input;
+          - path traversal or writes outside intended project/container state directories;
+          - credential, token, private-key, or PII exposure in source, generated config, logs, or CI output;
+          - unsafe Docker/GitHub Actions configuration such as privileged containers, broad host mounts, unbounded Docker socket access, unsafe `pull_request_target`, or unnecessary write permissions;
+          - dependency or package-manager changes that materially increase supply-chain risk without justification.
+
+          Pass when no high-confidence regression is found. Return Inconclusive when the diff is too large or lacks enough context to determine risk.
 
   tools:
     github-checks:

.greptile/config.json

@@ -0,0 +1,43 @@
+{
+  "strictness": 1,
+  "commentTypes": ["logic", "syntax", "style", "info"],
+  "triggerOnUpdates": true,
+  "triggerOnDrafts": true,
+  "ignorePatterns": "node_modules/**\ndist/**\ncoverage/**\nthird_party/**",
+  "statusCheck": true,
+  "statusCommentsEnabled": true,
+  "updateExistingSummaryComment": true,
+  "summarySection": {
+    "included": true,
+    "collapsible": true,
+    "defaultOpen": false
+  },
+  "instructions": "This is a public MIT open-source TypeScript/Bun monorepo. Review every PR as SPEC DRIVEN DEVELOPMENT: compare the diff with README.md, repository Markdown docs, linked issues, PR description, PR comments and the relevant codebase. Flag spec drift, undocumented behavior changes, missing tests for promised behavior, high-confidence security risks, weak formal invariants, and game-theory incentive problems.",
+  "rules": [
+    {
+      "id": "spec-source-required",
+      "rule": "Every behavioral change must be traceable to a visible source of truth: linked issue, PR description, PR discussion, README/docs, or changed-code reference. If the spec is missing, ask the author to add it before approval.",
+      "severity": "high"
+    },
+    {
+      "id": "spec-alignment",
+      "rule": "Flag any change that contradicts the visible issue/TZ/spec, PR discussion, README/docs, or changes behavior without documentation.",
+      "severity": "high"
+    },
+    {
+      "id": "security-review",
+      "rule": "Look for injection, path traversal, secret leaks, unsafe Docker/GitHub Actions settings, supply-chain risk, and cross-container isolation regressions.",
+      "severity": "high"
+    },
+    {
+      "id": "formal-verification",
+      "rule": "Assess which invariants, preconditions, and postconditions are mathematically defensible. Flag weak or unstated invariants when they affect correctness.",
+      "severity": "medium"
+    },
+    {
+      "id": "game-theory",
+      "rule": "Assess whether the implementation creates incentives to bypass intended rules or safety controls. Suggest a stronger mechanism when incentives are misaligned.",
+      "severity": "medium"
+    }
+  ]
+}

.greptile/files.json

@@ -0,0 +1,16 @@
+{
+  "files": [
+    {
+      "path": "README.md",
+      "description": "Main project behavior, CLI usage, runtime contracts, and architecture notes."
+    },
+    {
+      "path": "AGENTS.md",
+      "description": "Repository engineering rules, formal verification expectations, and review constraints."
+    },
+    {
+      "path": "LICENSE",
+      "description": "Project license text, legal terms, and copyright."
+    }
+  ]
+}

.greptile/rules.md

@@ -0,0 +1,15 @@
+# SPEC-DRIVEN DEVELOPMENT Review Rules
+
+Review every PR against its source of truth, not only against the diff.
+
+Use README.md, repository Markdown docs, linked issues, PR description, PR comments/discussion, and the relevant codebase as review context.
+
+Flag:
+- Spec drift or contradiction with the issue/TZ/spec.
+- Undocumented behavior changes.
+- Missing tests for promised behavior.
+- Security regressions.
+- Weak formal invariants, preconditions, or postconditions.
+- Game-theory incentive problems where users can profitably bypass intended rules.
+
+If the spec is not visible, ask the author to copy the final requirements into the issue or PR description.

.pr_agent.toml

@@ -0,0 +1,24 @@
+[github_app]
+pr_commands = [
+  "/agentic_describe",
+  "/agentic_review"
+]
+handle_push_trigger = true
+push_commands = [
+  "/agentic_review"
+]
+
+[review_agent]
+comments_location_policy = "both"
+inline_comments_severity_threshold = 2
+issues_user_guidelines = """
+Review as SPEC DRIVEN DEVELOPMENT.
+Read README.md, repository Markdown docs, linked issues, PR description, PR comments/discussion, and relevant code.
+Flag spec drift, undocumented behavior changes, missing tests for promised behavior, and security risks.
+"""
+compliance_user_guidelines = """
+Check whether the code matches the visible issue/TZ/spec and discussion.
+Check formal-verification quality: invariants, preconditions, postconditions, and what can be proved mathematically.
+Check game-theory quality: whether incentives let users bypass intended rules, and suggest stronger mechanisms.
+If the spec is missing, ask the author to add it to the issue or PR description.
+"""

.sourcery.yaml

@@ -0,0 +1,13 @@
+ignore:
+  - .git
+  - node_modules
+  - dist
+  - coverage
+  - third_party
+
+github:
+  labels: []
+  ignore_labels:
+    - sourcery-ignore
+    - do-not-review
+    - skip-review

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ProverCoderAI Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -3,6 +3,8 @@
 `docker-git` создаёт отдельную Docker-среду для каждого репозитория, issue или PR.
 По умолчанию проекты лежат в `~/.docker-git`.
 
+License: MIT. See [LICENSE](LICENSE).
+
 ## Установка
 
 ```bash

package.json

@@ -68,5 +68,5 @@
     "url": "https://github.com/ProverCoderAI/docker-git/issues"
   },
   "homepage": "https://github.com/ProverCoderAI/docker-git#readme",
-  "license": "ISC"
+  "license": "MIT"
 }

packages/api/package.json

@@ -31,6 +31,7 @@
     "type": "git",
     "url": "git+https://github.com/ProverCoderAI/docker-git.git"
   },
+  "license": "MIT",
   "bugs": {
     "url": "https://github.com/ProverCoderAI/docker-git/issues"
   },