splice 2.8.0

Span-safe refactoring kernel for 7 languages with Magellan code graph integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

name: Validate

on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Check public docs for AI/LLM terminology
        run: |
          echo "🔍 Checking public docs for AI/LLM terminology..."
          # Use word boundaries to avoid matching tool names like 'llmgrep'
          if grep -riE "\bLLM\b|\bAI assistant\b|production-ready" README.md MANUAL.md CHANGELOG.md Cargo.toml 2>/dev/null; then
            echo "❌ FAIL: AI/LLM terminology found in public documentation"
            echo "   This is a code intelligence toolchain, not an AI product"
            echo "   Internal docs (.planning/, .internal/, BUILD_*.md, etc.) are fine"
            exit 1
          fi
          echo "✅ No AI/LLM terminology in public docs"

      - name: Check license is GPL-3.0 only
        run: |
          echo "🔍 Checking license..."
          if grep -q "GPL-3.0-or-later" Cargo.toml; then
            echo "❌ FAIL: License must be GPL-3.0 only, not GPL-3.0-or-later"
            exit 1
          fi
          echo "✅ License is GPL-3.0"

      - name: Check public docs for exaggerated claims
        run: |
          echo "🔍 Checking public docs for exaggerated claims..."
          if grep -ri "production-ready" README.md MANUAL.md CHANGELOG.md 2>/dev/null; then
            echo "❌ FAIL: No software is production-ready, use 'stable' instead"
            echo "   Internal docs can use whatever terminology is useful"
            exit 1
          fi
          echo "✅ No exaggerated claims in public docs"

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          components: clippy

      - name: Cache cargo dependencies
        uses: Swatinem/rust-cache@v2
        with:
          shared-key: splice-ci

      - name: cargo check
        run: cargo check --all-targets

      - name: cargo clippy
        run: cargo clippy --all-targets -- -D warnings

      - name: cargo test
        run: cargo test

      - name: cargo audit
        run: |
          cargo install cargo-audit --locked
          cargo audit

      - name: cargo deny
        run: |
          cargo install cargo-deny --locked
          cargo deny check

  gitleaks:
    name: Gitleaks Secret Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install and run Gitleaks
        run: |
          curl -sL https://github.com/zricethezav/gitleaks/releases/download/v8.24.3/gitleaks_8.24.3_linux_x64.tar.gz | tar -xz -C /usr/local/bin gitleaks
          gitleaks detect --verbose --config .gitleaks.toml

  semgrep:
    name: Semgrep Security Scan
    runs-on: ubuntu-latest
    container:
      image: semgrep/semgrep:latest
    steps:
      - uses: actions/checkout@v4

      - name: Semgrep OSS scan
        run: semgrep ci --oss-only --config .semgrep/rules/