ci: deploy dogfood-gate, add Groove manifest and CRG tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

.github/workflows/wellknown-enforcement.yml

@@ -33,7 +33,7 @@ jobs:
           [ -f "security.txt" ] && SECTXT="security.txt"
           
           if [ -z "$SECTXT" ]; then
-            echo "::warning::No security.txt found. See https://github.com/{{OWNER}}/well-known-ecosystem"
+            echo "::warning::No security.txt found. See https://github.com/hyperpolymath/well-known-ecosystem"
             exit 0
           fi
           
@@ -69,7 +69,7 @@ jobs:
           
           if [ -n "$MISSING" ]; then
             echo "::warning::Missing RSR recommended files:$MISSING"
-            echo "Reference: https://github.com/{{OWNER}}/well-known-ecosystem/.well-known/"
+            echo "Reference: https://github.com/hyperpolymath/well-known-ecosystem/.well-known/"
           else
             echo "✅ RSR well-known compliant"
           fi

.well-known/groove/manifest.json

@@ -0,0 +1,26 @@
+{
+  "applicability": [
+    "individual",
+    "team"
+  ],
+  "capabilities": {
+    "primary": {
+      "description": "TODO: describe this service's primary capability",
+      "panel_compatible": true,
+      "protocol": "cli",
+      "requires_auth": false,
+      "type": "custom"
+    }
+  },
+  "consumes": [],
+  "groove_version": "1",
+  "health": null,
+  "invoke_patterns": {
+    "ci": "wordpress-tools --ci --format json",
+    "local": "wordpress-tools --interactive",
+    "mcp": "boj cartridge_invoke wordpress-tools"
+  },
+  "mode": "passive",
+  "service_id": "wordpress-tools",
+  "service_version": "0.1.0"
+}

project-wharf/.github/workflows/security-scan.yml

@@ -27,24 +27,24 @@ jobs:
         with:
           toolchain: stable
 
-      - name: Cache panic-attacker binary
+      - name: Cache panic-attack binary
         id: cache-pa
         uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
         with:
-          path: ~/.cargo/bin/panic-attacker
-          key: panic-attacker-${{ runner.os }}
+          path: ~/.cargo/bin/panic-attack
+          key: panic-attack-${{ runner.os }}
 
-      - name: Build panic-attacker
+      - name: Build panic-attack
         if: steps.cache-pa.outputs.cache-hit != 'true'
         run: |
           git clone https://github.com/hyperpolymath/panic-attacker.git /tmp/panic-attacker
           cd /tmp/panic-attacker
           cargo build --release
-          cp target/release/panic-attacker ~/.cargo/bin/
+          cp target/release/panic-attack ~/.cargo/bin/
 
       - name: Run panic-attack assail
         run: |
-          panic-attacker assail . --output /tmp/scan-results.json
+          panic-attack assail . --output /tmp/scan-results.json
           echo "## Panic-Attack Scan Results" >> $GITHUB_STEP_SUMMARY
           WEAK_POINTS=$(jq '.weak_points | length' /tmp/scan-results.json 2>/dev/null || echo 0)
           echo "- Weak points found: $WEAK_POINTS" >> $GITHUB_STEP_SUMMARY