Findings submissions

.hypatia-ignore

@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# .hypatia-ignore - Exemptions for banned language files (ReScript)
+# These ReScript files in bots/sustainabot are legacy and approved for use
+# in the sustainabot integration. See robot-repo-automaton for the migration path.
+
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Analysis.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Config.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/GitHubAPI.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/GitHubApp.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Main.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Oikos.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Report.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Router.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/ServerTea.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Types.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/src/Webhook.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/bindings/Deno.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/bindings/Fetch.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Analysis.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Config.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/GitHubAPI.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/GitHubApp.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Main.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Oikos.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Report.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Router.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/ServerTea.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Types.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/lib/ocaml/Webhook.res
+cicd_rules/banned_language_file:bots/sustainabot/bot-integration/rescript-runtime/package.json

shared-context/dispatch/events.jsonl

@@ -390,3 +390,43 @@
   "findings_count": "17",
   "event_file": "shared-context/dispatch/events/20260524-043101-26351917025-hypatia-security-alert.json"
 }
+{
+  "received_at": "2026-05-24T06:48:00Z",
+  "event_type": "hypatia-security-alert",
+  "source_repo": "hyperpolymath/rrecord-verity",
+  "source_sha": "unknown",
+  "findings_count": "2",
+  "event_file": "shared-context/dispatch/events/20260524-064800-26354377579-hypatia-security-alert.json"
+}
+{
+  "received_at": "2026-05-24T06:48:04Z",
+  "event_type": "hypatia-security-alert",
+  "source_repo": "hyperpolymath/git-reticulator",
+  "source_sha": "unknown",
+  "findings_count": "16",
+  "event_file": "shared-context/dispatch/events/20260524-064804-26354378924-hypatia-security-alert.json"
+}
+{
+  "received_at": "2026-05-24T06:48:08Z",
+  "event_type": "hypatia-security-alert",
+  "source_repo": "hyperpolymath/social-media-polygraph",
+  "source_sha": "unknown",
+  "findings_count": "4",
+  "event_file": "shared-context/dispatch/events/20260524-064808-26354379123-hypatia-security-alert.json"
+}
+{
+  "received_at": "2026-05-24T20:04:14Z",
+  "event_type": "hypatia-security-alert",
+  "source_repo": "hyperpolymath/hypatia",
+  "source_sha": "4258322a55338e8423a7454b648db4d2fe8c58ec",
+  "findings_count": "44",
+  "event_file": "shared-context/dispatch/events/20260524-200414-26371413359-hypatia-security-alert.json"
+}
+{
+  "received_at": "2026-05-24T20:07:20Z",
+  "event_type": "hypatia-security-alert",
+  "source_repo": "hyperpolymath/hypatia",
+  "source_sha": "128e0fa59714487ffc8348e9fdfe1ce2c8066880",
+  "findings_count": "43",
+  "event_file": "shared-context/dispatch/events/20260524-200720-26371481384-hypatia-security-alert.json"
+}

shared-context/dispatch/events/20260524-064800-26354377579-hypatia-security-alert.json

@@ -0,0 +1,173 @@
+{
+  "action": "hypatia-security-alert",
+  "branch": "main",
+  "client_payload": {
+    "findings": [
+      {
+        "ecosystem": "NPM",
+        "ghsa": "GHSA-5c6j-r48x-rmvq",
+        "package": "serialize-javascript",
+        "patched": "7.0.3",
+        "range": "<= 7.0.2",
+        "severity": "HIGH"
+      },
+      {
+        "ecosystem": "NPM",
+        "ghsa": "GHSA-qj8w-gfj5-8c6v",
+        "package": "serialize-javascript",
+        "patched": "7.0.5",
+        "range": ">= 5.0.0, < 7.0.5",
+        "severity": "MODERATE"
+      }
+    ],
+    "findings_count": 2,
+    "run_url": "https://github.com/hyperpolymath/hypatia/actions/runs/26354368583",
+    "scan_kind": "fleet_dependabot_sweep",
+    "source": "hypatia-remediation-sweep",
+    "source_repo": "hyperpolymath/rrecord-verity",
+    "top_severity": "HIGH"
+  },
+  "repository": {
+    "allow_forking": true,
+    "archive_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/{archive_format}{/ref}",
+    "archived": false,
+    "assignees_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/assignees{/user}",
+    "blobs_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/git/blobs{/sha}",
+    "branches_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/branches{/branch}",
+    "clone_url": "https://github.com/hyperpolymath/gitbot-fleet.git",
+    "collaborators_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/collaborators{/collaborator}",
+    "comments_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/comments{/number}",
+    "commits_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/commits{/sha}",
+    "compare_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/compare/{base}...{head}",
+    "contents_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/contents/{+path}",
+    "contributors_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/contributors",
+    "created_at": "2026-01-04T14:56:49Z",
+    "default_branch": "main",
+    "deployments_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/deployments",
+    "description": "Bot fleet for repository quality enforcement",
+    "disabled": false,
+    "downloads_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/downloads",
+    "events_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/events",
+    "fork": false,
+    "forks": 0,
+    "forks_count": 0,
+    "forks_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/forks",
+    "full_name": "hyperpolymath/gitbot-fleet",
+    "git_commits_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/git/commits{/sha}",
+    "git_refs_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/git/refs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/git/tags{/sha}",
+    "git_url": "git://github.com/hyperpolymath/gitbot-fleet.git",
+    "has_discussions": true,
+    "has_downloads": true,
+    "has_issues": true,
+    "has_pages": false,
+    "has_projects": true,
+    "has_pull_requests": true,
+    "has_wiki": true,
+    "homepage": null,
+    "hooks_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/hooks",
+    "html_url": "https://github.com/hyperpolymath/gitbot-fleet",
+    "id": 1127765949,
+    "is_template": false,
+    "issue_comment_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/issues/comments{/number}",
+    "issue_events_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/issues/events{/number}",
+    "issues_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/issues{/number}",
+    "keys_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/keys{/key_id}",
+    "labels_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/labels{/name}",
+    "language": "Rust",
+    "languages_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/languages",
+    "license": {
+      "key": "other",
+      "name": "Other",
+      "node_id": "MDc6TGljZW5zZTA=",
+      "spdx_id": "NOASSERTION",
+      "url": null
+    },
+    "merges_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/merges",
+    "milestones_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/milestones{/number}",
+    "mirror_url": null,
+    "name": "gitbot-fleet",
+    "node_id": "R_kgDOQzhXvQ",
+    "notifications_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/notifications{?since,all,participating}",
+    "open_issues": 1,
+    "open_issues_count": 1,
+    "owner": {
+      "avatar_url": "https://avatars.githubusercontent.com/u/6759885?v=4",
+      "events_url": "https://api.github.com/users/hyperpolymath/events{/privacy}",
+      "followers_url": "https://api.github.com/users/hyperpolymath/followers",
+      "following_url": "https://api.github.com/users/hyperpolymath/following{/other_user}",
+      "gists_url": "https://api.github.com/users/hyperpolymath/gists{/gist_id}",
+      "gravatar_id": "",
+      "html_url": "https://github.com/hyperpolymath",
+      "id": 6759885,
+      "login": "hyperpolymath",
+      "node_id": "MDQ6VXNlcjY3NTk4ODU=",
+      "organizations_url": "https://api.github.com/users/hyperpolymath/orgs",
+      "received_events_url": "https://api.github.com/users/hyperpolymath/received_events",
+      "repos_url": "https://api.github.com/users/hyperpolymath/repos",
+      "site_admin": false,
+      "starred_url": "https://api.github.com/users/hyperpolymath/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/hyperpolymath/subscriptions",
+      "type": "User",
+      "url": "https://api.github.com/users/hyperpolymath",
+      "user_view_type": "public"
+    },
+    "private": false,
+    "pull_request_creation_policy": "all",
+    "pulls_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/pulls{/number}",
+    "pushed_at": "2026-05-24T05:18:22Z",
+    "releases_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/releases{/id}",
+    "size": 3861,
+    "ssh_url": "git@github.com:hyperpolymath/gitbot-fleet.git",
+    "stargazers_count": 2,
+    "stargazers_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/stargazers",
+    "statuses_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/statuses/{sha}",
+    "subscribers_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/subscribers",
+    "subscription_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/subscription",
+    "svn_url": "https://github.com/hyperpolymath/gitbot-fleet",
+    "tags_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/tags",
+    "teams_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/teams",
+    "topics": [
+      "automation",
+      "bots",
+      "ci-cd",
+      "collaboration",
+      "devops",
+      "git",
+      "git-and-workflow",
+      "hyperpolymath",
+      "palimpsest",
+      "quality-enforcement",
+      "starred",
+      "workflow"
+    ],
+    "trees_url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet/git/trees{/sha}",
+    "updated_at": "2026-05-24T05:18:25Z",
+    "url": "https://api.github.com/repos/hyperpolymath/gitbot-fleet",
+    "visibility": "public",
+    "watchers": 2,
+    "watchers_count": 2,
+    "web_commit_signoff_required": true
+  },
+  "sender": {
+    "avatar_url": "https://avatars.githubusercontent.com/u/6759885?v=4",
+    "events_url": "https://api.github.com/users/hyperpolymath/events{/privacy}",
+    "followers_url": "https://api.github.com/users/hyperpolymath/followers",
+    "following_url": "https://api.github.com/users/hyperpolymath/following{/other_user}",
+    "gists_url": "https://api.github.com/users/hyperpolymath/gists{/gist_id}",
+    "gravatar_id": "",
+    "html_url": "https://github.com/hyperpolymath",
+    "id": 6759885,
+    "login": "hyperpolymath",
+    "node_id": "MDQ6VXNlcjY3NTk4ODU=",
+    "organizations_url": "https://api.github.com/users/hyperpolymath/orgs",
+    "received_events_url": "https://api.github.com/users/hyperpolymath/received_events",
+    "repos_url": "https://api.github.com/users/hyperpolymath/repos",
+    "site_admin": false,
+    "starred_url": "https://api.github.com/users/hyperpolymath/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/hyperpolymath/subscriptions",
+    "type": "User",
+    "url": "https://api.github.com/users/hyperpolymath",
+    "user_view_type": "public"
+  }
+}