Review SCM files and security updates

.github/workflows/quality.yml

@@ -34,7 +34,7 @@ jobs:
           find . -type f -size +1M -not -path "./.git/*" | head -10 || echo "No large files"
 
       - name: EditorConfig check
-        uses: editorconfig-checker/action-editorconfig-checker@main
+        uses: editorconfig-checker/action-editorconfig-checker@8d9ca9cf96953707b7299eaec419c6cfcd3a65ac # main
         continue-on-error: true
 
   docs:

.well-known/security.txt

@@ -2,7 +2,7 @@
 # https://securitytxt.org/
 
 Contact: security@hyperpolymath.org
-Expires: {{EXPIRY_DATE}}
+Expires: 2026-12-17T00:00:00.000Z
 Encryption: https://hyperpolymath.org/gpg/security.asc
 Preferred-Languages: en, nl
 Canonical: https://github.com/hyperpolymath/modshells/.well-known/security.txt

STATE.scm

@@ -15,7 +15,7 @@
   '((version . "0.1.0")
     (schema-version . "1.0")
     (created . "2025-12-15")
-    (updated . "2025-12-15")
+    (updated . "2025-12-17")
     (project . "modshells")
     (repo . "github.com/hyperpolymath/modshells")))
 
@@ -25,23 +25,25 @@
 
 (define project-context
   '((name . "modshells")
-    (tagline . "(See full README structure from the previous response. This is a placeholder.)")
+    (tagline . "Declarative shell configuration manager for modular environments")
     (version . "0.1.0")
     (license . "AGPL-3.0-or-later")
     (rsr-compliance . "gold-target")
 
     (tech-stack
-     ((primary . "See repository languages")
-      (ci-cd . "GitHub Actions + GitLab CI + Bitbucket Pipelines")
-      (security . "CodeQL + OSSF Scorecard")))))
+     ((primary . "Ada/GNAT")
+      (build . "gprbuild + GNAT project files")
+      (package-manager . "Guix (primary), Nix (fallback)")
+      (ci-cd . "GitHub Actions + GitLab CI")
+      (security . "OSSF Scorecard + TruffleHog + Custom workflow linter")))))
 
 ;;;============================================================================
 ;;; CURRENT POSITION
 ;;;============================================================================
 
 (define current-position
   '((phase . "v0.1 - Initial Setup and RSR Compliance")
-    (overall-completion . 25)
+    (overall-completion . 30)
 
     (components
      ((rsr-compliance
@@ -51,58 +53,105 @@
 
       (documentation
        ((status . "foundation")
-        (completion . 30)
-        (notes . "README exists, META/ECOSYSTEM/STATE.scm added")))
+        (completion . 40)
+        (notes . "README, META/ECOSYSTEM/STATE.scm, CITATIONS complete")))
 
       (testing
        ((status . "minimal")
         (completion . 10)
-        (notes . "CI/CD scaffolding exists, limited test coverage")))
+        (notes . "CI/CD scaffolding exists, AUnit framework ready")))
 
       (core-functionality
        ((status . "in-progress")
-        (completion . 25)
-        (notes . "Initial implementation underway")))))
+        (completion . 30)
+        (notes . "Shell detection and config path resolution implemented")))
+
+      (security
+       ((status . "complete")
+        (completion . 100)
+        (notes . "All workflow actions SHA-pinned, security.txt valid")))))
 
     (working-features
      ("RSR-compliant CI/CD pipeline"
-      "Multi-platform mirroring (GitHub, GitLab, Bitbucket)"
+      "Multi-platform mirroring (GitHub, GitLab)"
       "SPDX license headers on all files"
-      "SHA-pinned GitHub Actions"))))
+      "SHA-pinned GitHub Actions (all workflows)"
+      "Security.txt with valid expiry date"
+      "Guix package with GNAT build system"
+      "Shell detection (Bash, Zsh, Fish, Nushell, etc.)"
+      "Config path resolution with env fallback"))))
 
 ;;;============================================================================
-;;; ROUTE TO MVP
+;;; ROUTE TO MVP (ROADMAP)
 ;;;============================================================================
 
 (define route-to-mvp
   '((target-version . "1.0.0")
-    (definition . "Stable release with comprehensive documentation and tests")
+    (definition . "Production-ready shell configuration manager")
 
     (milestones
-     ((v0.2
-       ((name . "Core Functionality")
+     ((v0.1
+       ((name . "Initial Setup and RSR Compliance")
+        (status . "complete")
+        (target-date . "2025-12")
+        (items
+         ("RSR Gold compliance" . "done")
+         ("Multi-platform CI/CD" . "done")
+         ("Security hardening" . "done")
+         ("Guix package definition" . "done")
+         ("Basic Ada structure" . "done"))))
+
+      (v0.2
+       ((name . "Core Shell Management")
+        (status . "in-progress")
+        (target-date . "2025-Q1")
+        (items
+         ("Complete Shell_Manager implementation" . "pending")
+         ("Modular directory creation" . "partial")
+         ("Shell config injection" . "pending")
+         ("Idempotency checks" . "pending")
+         ("Unit tests with AUnit" . "pending"))))
+
+      (v0.3
+       ((name . "Configuration Store")
         (status . "pending")
+        (target-date . "2025-Q1")
         (items
-         ("Implement primary features"
-          "Add comprehensive tests"
-          "Improve documentation"))))
+         ("Config file parsing" . "pending")
+         ("TOML/YAML support" . "pending")
+         ("Environment variable expansion" . "pending")
+         ("Config validation" . "pending"))))
 
       (v0.5
        ((name . "Feature Complete")
         (status . "pending")
+        (target-date . "2025-Q2")
+        (items
+         ("All shell backends supported" . "pending")
+         ("Cross-platform paths" . "pending")
+         ("Test coverage > 70%" . "pending")
+         ("API stability" . "pending")
+         ("Integration tests" . "pending"))))
+
+      (v0.8
+       ((name . "Polish and Documentation")
+        (status . "pending")
+        (target-date . "2025-Q2")
         (items
-         ("All planned features implemented"
-          "Test coverage > 70%"
-          "API stability"))))
+         ("User documentation" . "pending")
+         ("Man pages" . "pending")
+         ("Example configurations" . "pending")
+         ("Migration guides" . "pending"))))
 
       (v1.0
        ((name . "Production Release")
         (status . "pending")
+        (target-date . "2025-Q3")
         (items
-         ("Comprehensive test coverage"
-          "Performance optimization"
-          "Security audit"
-          "User documentation complete"))))))))
+         ("Security audit" . "pending")
+         ("Performance optimization" . "pending")
+         ("Packaging for distros" . "pending")
+         ("Guix channel publication" . "pending"))))))))
 
 ;;;============================================================================
 ;;; BLOCKERS & ISSUES
@@ -119,38 +168,51 @@
      ((test-coverage
        ((description . "Limited test infrastructure")
         (impact . "Risk of regressions")
-        (needed . "Comprehensive test suites")))))
+        (needed . "AUnit test suites for all packages")))))
 
     (low-priority
      ((documentation-gaps
        ((description . "Some documentation areas incomplete")
         (impact . "Harder for new contributors")
-        (needed . "Expand documentation")))))))
+        (needed . "Expand API documentation")))))))
 
 ;;;============================================================================
 ;;; CRITICAL NEXT ACTIONS
 ;;;============================================================================
 
 (define critical-next-actions
   '((immediate
-     (("Review and update documentation" . medium)
-      ("Add initial test coverage" . high)
-      ("Verify CI/CD pipeline functionality" . high)))
+     (("Complete Shell_Manager.Create_Modshell_Directories" . high)
+      ("Implement Shell_Manager.Modularise_Config" . high)
+      ("Add AUnit test framework setup" . high)))
 
     (this-week
-     (("Implement core features" . high)
-      ("Expand test coverage" . medium)))
+     (("Implement shell detection for all supported shells" . high)
+      ("Add idempotency checks" . medium)
+      ("Write tests for Config_Store" . medium)))
 
     (this-month
      (("Reach v0.2 milestone" . high)
-      ("Complete documentation" . medium)))))
+      ("Complete Shell_Manager package" . high)
+      ("Begin Config_Store implementation" . medium)))))
 
 ;;;============================================================================
 ;;; SESSION HISTORY
 ;;;============================================================================
 
 (define session-history
   '((snapshots
+     ((date . "2025-12-17")
+      (session . "scm-security-audit")
+      (accomplishments
+       ("Fixed security.txt expiry placeholder with valid ISO 8601 date"
+        "SHA-pinned editorconfig-checker action in quality.yml"
+        "Fixed modshells.gpr main file reference"
+        "Enhanced guix.scm with GNAT build system and inputs"
+        "Added SPDX headers to guix.scm"
+        "Updated STATE.scm with comprehensive roadmap"))
+      (notes . "Security audit and SCM file improvements"))
+
      ((date . "2025-12-15")
       (session . "initial-state-creation")
       (accomplishments
@@ -185,10 +247,11 @@
 (define state-summary
   '((project . "modshells")
     (version . "0.1.0")
-    (overall-completion . 25)
-    (next-milestone . "v0.2 - Core Functionality")
+    (overall-completion . 30)
+    (current-milestone . "v0.1 - Initial Setup (complete)")
+    (next-milestone . "v0.2 - Core Shell Management")
     (critical-blockers . 0)
     (high-priority-issues . 0)
-    (updated . "2025-12-15")))
+    (updated . "2025-12-17")))
 
 ;;; End of STATE.scm

guix.scm

@@ -1,12 +1,16 @@
+;; SPDX-License-Identifier: AGPL-3.0-or-later
+;; SPDX-FileCopyrightText: 2025 Jonathan D.A. Jewell
+;;
 ;; modshells - Guix Package Definition
 ;; Run: guix shell -D -f guix.scm
 
 (use-modules (guix packages)
              (guix gexp)
              (guix git-download)
-             (guix build-system gnu)
+             (guix build-system gnat)
              ((guix licenses) #:prefix license:)
-             (gnu packages base))
+             (gnu packages base)
+             (gnu packages ada))
 
 (define-public modshells
   (package
@@ -15,9 +19,23 @@
     (source (local-file "." "modshells-checkout"
                         #:recursive? #t
                         #:select? (git-predicate ".")))
-    (build-system gnu-build-system)
-    (synopsis "Guix channel/infrastructure")
-    (description "Guix channel/infrastructure - part of the RSR ecosystem.")
+    (build-system gnat-build-system)
+    (arguments
+     '(#:gpr-file "modshells.gpr"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'create-output-dirs
+           (lambda _
+             (mkdir-p "obj")
+             (mkdir-p "bin")
+             #t)))))
+    (native-inputs
+     (list gprbuild gnat))
+    (synopsis "Declarative shell configuration manager")
+    (description
+     "Modshells is a declarative configuration manager for shell environments.
+It establishes modular shell configuration directories and provides idempotent
+initialization of shell-agnostic configurations. Part of the RSR ecosystem.")
     (home-page "https://github.com/hyperpolymath/modshells")
     (license license:agpl3+)))
 

modshells.gpr

@@ -2,7 +2,7 @@
 -- GNAT Project File for the modshells application.
 project Modshells is
    -- Point to the correct main file
-   for Main use ("src/shell_manager/shell_manager.adb");
+   for Main use ("modshells.adb");
    -- Include all source directories
    for Source_Dirs use ("src/**");
    -- Object and executable directories