fix(governance)!: banned_language ban is total — no exceptions#280
Open
hyperpolymath wants to merge 1 commit into
Open
fix(governance)!: banned_language ban is total — no exceptions#280hyperpolymath wants to merge 1 commit into
hyperpolymath wants to merge 1 commit into
Conversation
Org policy 2026-05-18: the banned-language ban (incl. Python) is now absolute, with no SaltStack-style carve-outs. - ScannerSuppression.suppressed?/4 gains a hard short-circuit clause: cicd_rules/banned_language_file is NEVER suppressed — not by .hypatia-ignore, built-in default exemptions, universal excludes, or training-corpus paths. (Added the canonical bodiless default head so the guard clause coexists with the optional opts arg.) - cicd_rules :python_detected loses its `exception: "SaltStack"` field. - 4 new tests pin the invariant (unsuppressible via every vector; unrelated rules on the same path remain suppressible). Compiles clean; 24/24 scanner_suppression tests pass. Companion to #279 (which removed hypatia's own Python + revoked its exemption records). Note: the #272 `unwrap_without_check` false positive is NOT a rule defect — the source regex /\.unwrap\(\)/ does not match `unwrap_or` (verified); it was a stale compiled escript, already addressed by #278's escript rebuild. No rule change there. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Companion to #279. Org policy 2026-05-18: the banned-language ban (incl. Python) is now absolute — no SaltStack-style carve-outs. The governance rule must stop honouring
banned_language_fileexemptions.What (follow-up #1)
lib/hypatia/scanner_suppression.ex—suppressed?/4gains a hard short-circuit clause:cicd_rules/banned_language_fileis never suppressed, by any vector (.hypatia-ignore, built-in default exemptions, universal excludes, training-corpus paths). Added the canonical bodiless default head so the guard clause coexists with the optionaloptsarg.lib/rules/cicd_rules.ex—:python_detectedloses itsexception: "SaltStack"field.Compiles clean; 24/24
scanner_suppression_test.exspass.Re: follow-up #2 (the #272
unwrap_without_checkfalse positive) — no change neededVerified empirically: the source regex
~r/\.unwrap\(\)/does not matchunwrap_or(Regex.match?→ false). It is not a rule defect. The false positive came from a stale compiled escript, which is exactly what #278 rebuilds. Fabricating a rule change here would be wrong; #278 landing resolves it.🤖 Generated with Claude Code