diff --git a/.gitignore b/.gitignore index 8279b2bd..eeb13090 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,5 @@ docs/superpowers/ # Internal benchmark scratch configs/logs/results .archie-bench/ + +.venv-test/ diff --git a/archie/assets/gitignore.default b/archie/assets/gitignore.default index 6ef6b37d..b508c841 100644 --- a/archie/assets/gitignore.default +++ b/archie/assets/gitignore.default @@ -24,9 +24,12 @@ tmp/ # them. EXCEPTION: the small hook-runtime set below is committed so the # enforcement hooks keep working even without a local Archie install. Their file # reads are routed through one validated sink (_common.safe_read_text), so a -# security scanner has nothing to flag. +# security scanner has nothing to flag. intent_review.py is committed for the same +# reason — the Intent Review GitHub Action runs `python3 .archie/intent_review.py` +# in CI, where no Archie install exists to regenerate it. *.py !_common.py !lint_gate.py !align_check.py !arch_review.py +!intent_review.py diff --git a/archie/assets/setup-archie-intent-review.sh b/archie/assets/setup-archie-intent-review.sh new file mode 100755 index 00000000..89229a3a --- /dev/null +++ b/archie/assets/setup-archie-intent-review.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash +# setup-archie-intent-review.sh +# +# Idempotent setup for the Archie Intent Review GitHub Action. +# Prereq checks, secure secret setup, workflow install (copies the canonical +# YAML — no embedded duplicate), Actions probe, fork-PR caveat. +# +# Usage: bash setup-archie-intent-review.sh +set -euo pipefail + +RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; BLUE='\033[0;34m'; NC='\033[0m' + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="${REPO_ROOT:-.}" +WORKFLOW_FILE="${REPO_ROOT}/.github/workflows/archie-intent-review.yml" + +log_info() { echo -e "${BLUE}i ${NC}$*"; } +log_success() { echo -e "${GREEN}OK ${NC}$*"; } +log_warn() { echo -e "${YELLOW}! ${NC}$*"; } +log_error() { echo -e "${RED}x ${NC}$*"; } +die() { log_error "$1"; exit 1; } + +# Resolve the canonical workflow YAML (single source of truth). Priority: +# 1. .archie/workflows/ (if the npx bundle ever places it there) +# 2.