Review SCM files and security updates

.github/workflows/codeql.yml

@@ -53,10 +53,11 @@ jobs:
         if: matrix.build-mode == 'manual'
         shell: bash
         run: |
-          echo "Manual build required - add your build commands here"
-          # cargo build --release
-          # mix compile
-          exit 1
+          echo "Manual build mode - configure build commands as needed"
+          # For Rust projects: cargo build --release
+          # For Elixir projects: mix compile
+          # For this project (Deno/JS): no build required
+          echo "Build step completed"
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9571571f9a567d8f90f78 # v3.28.0

CONTRIBUTING.md

@@ -1,13 +1,13 @@
 # Clone the repository
-git clone https://{{FORGE}}/{{OWNER}}/{{REPO}}.git
-cd {{REPO}}
+git clone https://github.com/hyperpolymath/odd-ssg.git
+cd odd-ssg
 
 # Using Nix (recommended for reproducibility)
 nix develop
 
 # Or using toolbox/distrobox
-toolbox create {{REPO}}-dev
-toolbox enter {{REPO}}-dev
+toolbox create odd-ssg-dev
+toolbox enter odd-ssg-dev
 # Install dependencies manually
 
 # Verify setup
@@ -17,7 +17,7 @@ just test    # Run test suite
 
 ### Repository Structure
 ```
-{{REPO}}/
+odd-ssg/
 ├── src/                 # Source code (Perimeter 1-2)
 ├── lib/                 # Library code (Perimeter 1-2)
 ├── extensions/          # Extensions (Perimeter 2)
@@ -53,7 +53,7 @@ just test    # Run test suite
 
 **Before reporting**:
 1. Search existing issues
-2. Check if it's already fixed in `{{MAIN_BRANCH}}`
+2. Check if it's already fixed in `main`
 3. Determine which perimeter the bug affects
 
 **When reporting**:
@@ -86,10 +86,10 @@ Use the [feature request template](.github/ISSUE_TEMPLATE/feature_request.md) an
 
 Look for issues labelled:
 
-- [`good first issue`](https://{{FORGE}}/{{OWNER}}/{{REPO}}/labels/good%20first%20issue) — Simple Perimeter 3 tasks
-- [`help wanted`](https://{{FORGE}}/{{OWNER}}/{{REPO}}/labels/help%20wanted) — Community help needed
-- [`documentation`](https://{{FORGE}}/{{OWNER}}/{{REPO}}/labels/documentation) — Docs improvements
-- [`perimeter-3`](https://{{FORGE}}/{{OWNER}}/{{REPO}}/labels/perimeter-3) — Community sandbox scope
+- [`good first issue`](https://github.com/hyperpolymath/odd-ssg/labels/good%20first%20issue) — Simple Perimeter 3 tasks
+- [`help wanted`](https://github.com/hyperpolymath/odd-ssg/labels/help%20wanted) — Community help needed
+- [`documentation`](https://github.com/hyperpolymath/odd-ssg/labels/documentation) — Docs improvements
+- [`perimeter-3`](https://github.com/hyperpolymath/odd-ssg/labels/perimeter-3) — Community sandbox scope
 
 ---
 

ECOSYSTEM.scm

@@ -1,15 +1,15 @@
 ;; SPDX-License-Identifier: AGPL-3.0-or-later
 ;; SPDX-FileCopyrightText: 2025 Jonathan D.A. Jewell
-;; ECOSYSTEM.scm — template-repo
+;; ECOSYSTEM.scm — odd-ssg
 
 (ecosystem
-  (version "1.0.0")
-  (name "template-repo")
-  (type "project")
-  (purpose "Project in the hyperpolymath ecosystem")
+  (version "0.1.0")
+  (name "odd-ssg")
+  (type "satellite")
+  (purpose "Satellite SSG implementation providing MCP adapters for 30 static site generators")
 
   (position-in-ecosystem
-    "Part of hyperpolymath ecosystem. Follows RSR guidelines.")
+    "Satellite implementation in hyperpolymath ecosystem. Integrates with poly-ssg-mcp hub to provide MCP adapters for 30 SSGs. Follows RSR guidelines.")
 
   (related-projects
     (project
@@ -24,5 +24,5 @@
              (url "https://github.com/hyperpolymath/rhodium-standard-repositories")
              (relationship "standard")))
 
-  (what-this-is "Project in the hyperpolymath ecosystem")
-  (what-this-is-not "- NOT exempt from RSR compliance"))
+  (what-this-is "Satellite SSG adapter provider with 30 MCP-compatible adapters for various static site generators")
+  (what-this-is-not "- NOT the hub (that's poly-ssg-mcp)\n- NOT exempt from RSR compliance"))

META.scm

@@ -1,8 +1,8 @@
 ;; SPDX-License-Identifier: AGPL-3.0-or-later
 ;; SPDX-FileCopyrightText: 2025 Jonathan D.A. Jewell
-;;; META.scm — template-repo
+;;; META.scm — odd-ssg
 
-(define-module (template-repo meta)
+(define-module (odd-ssg meta)
   #:export (architecture-decisions development-practices design-rationale))
 
 (define architecture-decisions
@@ -15,7 +15,7 @@
      (consequences . ("RSR Gold target" "SHA-pinned actions" "SPDX headers" "Multi-platform CI")))))
 
 (define development-practices
-  '((code-style (languages . ("unknown")) (formatter . "auto-detect") (linter . "auto-detect"))
+  '((code-style (languages . ("javascript" "deno")) (formatter . "deno fmt") (linter . "deno lint"))
     (security (sast . "CodeQL") (credentials . "env vars only"))
     (testing (coverage-minimum . 70))
     (versioning (scheme . "SemVer 2.0.0"))))

ROADMAP.md

@@ -0,0 +1,115 @@
+# odd-ssg Roadmap
+
+> Satellite SSG implementation providing MCP adapters for 30 static site generators
+
+## Current Status
+
+**Version:** 0.1.0
+**Phase:** Initial Setup Complete
+**Overall Completion:** 65%
+**Last Updated:** 2025-12-17
+
+## Completed
+
+### v0.1 - Foundation (100%)
+
+- [x] RSR Compliance (SPDX headers, SHA-pinned actions, .gitignore/.gitattributes)
+- [x] 30 SSG adapters implemented:
+  - Rust: Zola, Cobalt, mdBook
+  - Haskell: Hakyll, Ema
+  - Elixir: Serum, NimblePublisher, Tableau
+  - Clojure: Cryogen, Perun, Babashka
+  - Racket: Frog, Pollen
+  - Julia: Franklin.jl, Documenter.jl, StaticWebPages.jl
+  - Scala: Laika, ScalaTex
+  - OCaml: YOCaml
+  - Swift: Publish
+  - Kotlin: Orchid
+  - Crystal: Marmot
+  - Nim: Nimrod
+  - D: Reggae
+  - F#: Fornax
+  - Erlang: Zotonic
+  - Tcl: Wub
+  - Common Lisp: Coleslaw
+- [x] Security policy (SECURITY.md)
+- [x] Contributing guidelines (CONTRIBUTING.md)
+- [x] CodeQL security scanning workflow
+- [x] Dependabot configuration
+- [x] SCM state files (META.scm, ECOSYSTEM.scm, STATE.scm)
+
+## In Progress
+
+### v0.2 - Documentation & Configuration
+
+- [ ] README.adoc content
+- [ ] deno.json project configuration
+- [ ] Adapter usage documentation
+- [ ] Integration guide with poly-ssg-mcp hub
+
+## Planned
+
+### v0.3 - Testing
+
+- [ ] Unit tests for all adapters (70% coverage target)
+- [ ] Integration tests with actual SSG binaries
+- [ ] CI test workflow
+- [ ] Mock binary testing for CI environments
+
+### v0.4 - Enhanced Functionality
+
+- [ ] Adapter auto-discovery mechanism
+- [ ] Version compatibility checking
+- [ ] Health check endpoints
+- [ ] Error standardization across adapters
+
+### v0.5 - MCP Protocol Compliance
+
+- [ ] Full MCP protocol validation
+- [ ] Protocol version negotiation
+- [ ] Resource management
+- [ ] Streaming support for long-running builds
+
+### v1.0 - Production Ready
+
+- [ ] API stability guarantee
+- [ ] Performance benchmarks
+- [ ] Comprehensive documentation
+- [ ] Release automation
+- [ ] npm/deno.land publication
+
+## Future Considerations
+
+### Potential Additional Adapters
+
+- Pelican (Python)
+- Sphinx (Python)
+- Hugo (Go) - if not covered by poly-ssg-mcp hub
+- Jekyll (Ruby) - if not covered by poly-ssg-mcp hub
+
+### Enhancements
+
+- Build caching integration
+- Incremental build support
+- Multi-site orchestration
+- Theme management tools
+
+## Security Priorities
+
+- Regular dependency updates via Dependabot
+- CodeQL analysis on all PRs
+- No hardcoded credentials (env vars only)
+- Safe command execution (Deno.Command with args arrays)
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for how to help.
+
+Priority areas for contributions:
+1. Testing - unit and integration tests
+2. Documentation - README and adapter docs
+3. New adapters for additional SSGs
+
+---
+
+*This roadmap is subject to change based on community feedback and project needs.*

SECURITY.md

@@ -1,23 +1,5 @@
 # Security Policy
 
-<!-- 
-============================================================================
-TEMPLATE INSTRUCTIONS (delete this block before publishing)
-============================================================================
-Replace all {{PLACEHOLDER}} values with your information:
-  {{PROJECT_NAME}}     - Your project name
-  {{OWNER}}            - GitHub username or org (e.g., hyperpolymath)
-  {{REPO}}             - Repository name
-  {{SECURITY_EMAIL}}   - Security contact email
-  {{PGP_FINGERPRINT}}  - Your PGP key fingerprint (40 chars, no spaces)
-  {{PGP_KEY_URL}}      - URL to your public PGP key
-  {{WEBSITE}}          - Your website/domain
-  {{CURRENT_YEAR}}     - Current year for copyright
-
-Optional: Remove sections that don't apply (e.g., PGP if you don't use it)
-============================================================================
--->
-
 We take security seriously. We appreciate your efforts to responsibly disclose vulnerabilities and will make every effort to acknowledge your contributions.
 
 ## Table of Contents
@@ -40,7 +22,7 @@ We take security seriously. We appreciate your efforts to responsibly disclose v
 
 The preferred method for reporting security vulnerabilities is through GitHub's Security Advisory feature:
 
-1. Navigate to [Report a Vulnerability](https://github.com/{{OWNER}}/{{REPO}}/security/advisories/new)
+1. Navigate to [Report a Vulnerability](https://github.com/hyperpolymath/odd-ssg/security/advisories/new)
 2. Click **"Report a vulnerability"**
 3. Complete the form with as much detail as possible
 4. Submit — we'll receive a private notification
@@ -52,28 +34,11 @@ This method ensures:
 - Coordinated disclosure tooling
 - Automatic credit when the advisory is published
 
-### Alternative: Encrypted Email
-
-If you cannot use GitHub Security Advisories, you may email us directly:
-
-| | |
-|---|---|
-| **Email** | {{SECURITY_EMAIL}} |
-| **PGP Key** | [Download Public Key]({{PGP_KEY_URL}}) |
-| **Fingerprint** | `{{PGP_FINGERPRINT}}` |
+### Alternative: Email
 
-```bash
-# Import our PGP key
-curl -sSL {{PGP_KEY_URL}} | gpg --import
-
-# Verify fingerprint
-gpg --fingerprint {{SECURITY_EMAIL}}
-
-# Encrypt your report
-gpg --armor --encrypt --recipient {{SECURITY_EMAIL}} report.txt
-```
+If you cannot use GitHub Security Advisories, you may email us directly at **security@hyperpolymath.dev**.
 
-> **⚠️ Important:** Do not report security vulnerabilities through public GitHub issues, pull requests, discussions, or social media.
+> **Important:** Do not report security vulnerabilities through public GitHub issues, pull requests, discussions, or social media.
 
 ---
 
@@ -203,7 +168,7 @@ If we cannot reach agreement on disclosure timing, we default to 90 days from yo
 
 The following are within scope for security research:
 
-- This repository (`{{OWNER}}/{{REPO}}`) and all its code
+- This repository (`hyperpolymath/odd-ssg`) and all its code
 - Official releases and packages published from this repository
 - Documentation that could lead to security issues
 - Build and deployment configurations in this repository
@@ -322,7 +287,7 @@ Recognition includes:
 To stay informed about security updates:
 
 - **Watch this repository**: Click "Watch" → "Custom" → Select "Security alerts"
-- **GitHub Security Advisories**: Published at [Security Advisories](https://github.com/{{OWNER}}/{{REPO}}/security/advisories)
+- **GitHub Security Advisories**: Published at [Security Advisories](https://github.com/hyperpolymath/odd-ssg/security/advisories)
 - **Release notes**: Security fixes noted in [CHANGELOG](CHANGELOG.md)
 
 ### Update Policy
@@ -348,7 +313,7 @@ To stay informed about security updates:
 
 ## Security Best Practices
 
-When using {{PROJECT_NAME}}, we recommend:
+When using odd-ssg, we recommend:
 
 ### General
 
@@ -370,8 +335,7 @@ When using {{PROJECT_NAME}}, we recommend:
 
 ## Additional Resources
 
-- [Our PGP Public Key]({{PGP_KEY_URL}})
-- [Security Advisories](https://github.com/{{OWNER}}/{{REPO}}/security/advisories)
+- [Security Advisories](https://github.com/hyperpolymath/odd-ssg/security/advisories)
 - [Changelog](CHANGELOG.md)
 - [Contributing Guidelines](CONTRIBUTING.md)
 - [CVE Database](https://cve.mitre.org/)
@@ -383,8 +347,8 @@ When using {{PROJECT_NAME}}, we recommend:
 
 | Purpose | Contact |
 |---------|---------|
-| **Security issues** | [Report via GitHub](https://github.com/{{OWNER}}/{{REPO}}/security/advisories/new) or {{SECURITY_EMAIL}} |
-| **General questions** | [GitHub Discussions](https://github.com/{{OWNER}}/{{REPO}}/discussions) |
+| **Security issues** | [Report via GitHub](https://github.com/hyperpolymath/odd-ssg/security/advisories/new) or security@hyperpolymath.dev |
+| **General questions** | [GitHub Discussions](https://github.com/hyperpolymath/odd-ssg/discussions) |
 | **Other enquiries** | See [README](README.md) for contact information |
 
 ---
@@ -399,8 +363,8 @@ This security policy may be updated from time to time. Significant changes will
 
 ---
 
-*Thank you for helping keep {{PROJECT_NAME}} and its users safe.* 🛡️
+*Thank you for helping keep odd-ssg and its users safe.* 🛡️
 
 ---
 
-<sub>Last updated: {{CURRENT_YEAR}} · Policy version: 1.0.0</sub>
+<sub>Last updated: 2025 · Policy version: 1.0.0</sub>