a4e667de10
Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.
1.1 KiB
No dependency bumps
You MUST NOT add, remove, or upgrade dependencies. Specifically:
- Do NOT edit the
[dependencies],[dev-dependencies],[build-dependencies], or[workspace.dependencies]sections of anyCargo.toml - Do NOT write or regenerate
Cargo.lock - Do NOT
cargo add,cargo remove, orcargo update
Each new or upgraded dependency expands the supply-chain attack surface and can trigger breaking-change cascades across the workspace. Dependency decisions require a separate review, a dedicated task, and an orchestrator-approved lock diff.
Editing other sections of Cargo.toml (e.g. [package],
[features], [[bin]], [lib], [package.metadata.*]) is allowed
if the file is in your whitelist and not in your denylist. The gate
inspects the specific region of the diff.
If your task genuinely requires a new dependency, STOP. Describe the crate, version, and reason in your return. The orchestrator will decide whether to re-spawn you with an opt-in flag or handle the dep-bump through a separate review.
On return, the verifier diffs Cargo.lock against main; any change
rejects the return.