Weekly scheduled run was failing with 'Resource not accessible by
integration' when trying to open a maintenance issue. Default
GITHUB_TOKEN is read-only for contents and has no access to issues
under restrictive repo defaults.
Three governance-tier additions to convert Master-skill from a demo into a
defensible long-lived project:
**ETHICS.md** — mandatory governance document:
- AI transparency: outputs are AI-synthesized, not masters' own words
- Copyright tiers A (public domain, current 8), B (in-copyright, needs
license), C (never admit: living masters, Buddhas/bodhisattvas, apocryphal
figures), D (case-by-case)
- Religious boundary: AI must refuse precept transmission, awakening
certification, karmic diagnosis, spirit-medium framing, etc.
- Dual-track content license: code MIT, master content CC BY-NC-SA 4.0,
prompts CC BY 4.0
- Takedown + appeal channel with 48h / 7d SLAs
**CHANGELOG.md** — Keep a Changelog format:
- [Unreleased] captures the current governance + community + npm work
- [0.3.0] retroactively documents the architectural rebuild (provenance,
fidelity, NPX, multi-platform, HARD-GATE, two-stage review)
- [0.2.0], [0.1.0] historical sections
**CI fidelity smoke** — make HARD-GATE a real gate, not just documentation:
- New `fidelity-smoke` job runs one basic-difficulty fixture against one
master per PR; picks the master touched by the diff, else rotates by
day-of-year for uniform coverage
- Cost cap ≈ $0.05/PR (~10k-token system prompt × 1 request × Sonnet 4.6
pricing). Forks without ANTHROPIC_API_KEY get an advisory pass so
external PRs can still land
- `scripts/test-fidelity.py` gains `--max-tests N` flag; when capping, it
sorts by difficulty (basic → intermediate → advanced) so smoke runs hit
the reliable floor, not stress cases
- Old `fidelity` job renamed to `fidelity-full` (still workflow_dispatch)
README 声明 section now links to ETHICS.md so every reader sees the AI
disclosure and boundary rules before copying master content.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-script's context.repo object has {owner, repo}, not {owner, name}.
The typo caused the weekly Verify FoJin Links workflow to POST to
repos/xr843//issues (double slash, empty repo name) and fail with 404.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update test-fidelity.py to support must_not_contain and
must_not_contain_first_turn fields for boundary/pressure tests
- Add validate-fidelity.py for structural validation of all
fidelity.jsonl files (no API needed)
- Add GitHub Actions workflow: runs validate + dry-run on every
push/PR touching prebuilt/scripts/prompts/tools
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
xianren