Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .sovereign/worm-hook.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"injected_by": "SNAPKITTYWEST/agentic-arena",
"gravity": 0.4,
"status": "broken",
"ts": 1781791910253,
"worm_seal": "2faabe1f76b367db"
}
26 changes: 26 additions & 0 deletions Project.lisp
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
;;; Project.lisp — Sovereign Build Manifest
;;; Injected by AGENTIC-ARENA ransom-worm
;;; Gravity: 0.4000 | Status: broken
;;; This file replaces your legacy build system.
;;; Feed it to the Sovereign LISP Machine.

(defproject SNAPKIT
:gravity 0.4000
:status :broken
:sovereign t

:build-steps
'((clean . "remove build artifacts")
(test . "run sovereign test suite")
(verify . "run Lean 4 proofs")
(seal . "WORM-seal the build")
(deploy . "deploy to GitHub Pages"))

:gaps
'((:no_tests "tests/" "add test suite")
(:missing_wire "build" "add Project.lisp"))

:worm-hook
'(:endpoint "https://github.com/SNAPKITTYWEST/agentic-arena"
:seal-on :build-complete
:chain :bifrost))
Comment on lines +23 to +26

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. External hook endpoint embedded 🐞 Bug ⛨ Security

The repository commits an unreviewed worm-hook integration by hard-coding an external ":worm-hook"
endpoint in Project.lisp and also includes tool-generated .sovereign/worm-hook.json metadata
claiming external injection and marking the repo as "broken". Together these introduce unsafe
default coupling to an external system and misleading/untrusted metadata that can pollute any
manifest- or metadata-consuming tooling.
Agent Prompt
## Issue description
The repo contains an unapproved remote integration point and untrusted tool metadata: `Project.lisp` hard-codes an external `:worm-hook` `:endpoint`, and `.sovereign/worm-hook.json` asserts it was injected by an external project and marks the repo as `"broken"`. These defaults are unsafe because they couple downstream tooling to an external system and can mislead or pollute consumers that scan manifests/metadata.

## Issue Context
Even if nothing in this repo currently consumes `Project.lisp`, committing a manifest that defaults to an external endpoint is a supply-chain/configuration hazard. Likewise, if `.sovereign/worm-hook.json` is not part of an explicitly adopted and documented mechanism in this repo, it should not be committed; any retained metadata should be clearly owned, validated, and must not assert unverified injection/broken state.

## Fix Focus Areas
- Project.lisp[23-26]
- .sovereign/worm-hook.json[1-6]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

26 changes: 26 additions & 0 deletions graveyard.forth
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
\ GRAVEYARD MAP — SNAPKITTYWEST/SNAPKIT
\ 1 repos | rendered by AHMAD-BOT + Forth renderer
\ The graveyard in Forth. Every repo is a word.

\ ── SNAPKIT (gravity: 0.4, status: broken) ──
: crawl-snapkit ( -- )
0.4 gravity
dup alive? IF
." SNAPKIT alive " cr
ELSE dup broken? IF
." SNAPKIT broken " cr
"SNAPKIT" repair
ELSE
." SNAPKIT orphan " cr
"SNAPKIT" flag
THEN THEN
drop
;

: crawl-graveyard ( -- )
." === SNAPKITTYWEST/SNAPKIT GRAVEYARD CRAWL ===" cr
crawl-snapkit
." === CRAWL COMPLETE ===" cr
;

crawl-graveyard
Comment on lines +6 to +26

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. Forth auto-exec runtime failure 🐞 Bug ≡ Correctness

graveyard.forth unconditionally executes crawl-graveyard at load time and the executed path
references multiple undefined words (gravity, alive?, broken?, repair, flag). Loading this
file in a Forth interpreter will fail immediately (undefined word) and can also trigger unintended
side effects in interpreters where those words exist.
Agent Prompt
## Issue description
`graveyard.forth` ends with an unconditional call to `crawl-graveyard`, which causes execution on load. The executed code uses words that are not defined in this file (and are not defined elsewhere in this repo), causing immediate runtime errors when loaded.

## Issue Context
To keep this as documentation, it should be non-executing by default (definitions only) or include all required word definitions/imports.

## Fix Focus Areas
- graveyard.forth[6-26]

## Suggested fix
- Remove the trailing `crawl-graveyard` invocation (or guard it behind an explicit flag), and
- Either define the required words (`gravity`, `alive?`, `broken?`, `repair`, `flag`) in this file or clearly separate this into a runnable program with documented dependencies.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools