Add Summit Competitive Subsumption Protocol Prompt

.github/workflows/ci-security.yml

@@ -70,6 +70,7 @@ jobs:
         uses: actions/checkout@v4 # v4.1.7
         with:
           fetch-depth: 0
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Prepare report directory
         run: mkdir -p "$REPORT_DIR"
       - name: Run Gitleaks
@@ -122,15 +123,15 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Prepare report directory
         run: mkdir -p "$REPORT_DIR"
       - name: Run Semgrep CI ruleset
         uses: returntocorp/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d # v1
         with:
           config: p/ci
-          generateSarif: true
-          sarifFile: ${{ env.REPORT_DIR }}/semgrep.sarif
-          auditOn: push
+        env:
+           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
       - name: Upload Semgrep SARIF
         if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
         uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.25.10
@@ -153,6 +154,7 @@ jobs:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN || secrets.snyk_token }}
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Prepare report directory
         run: mkdir -p "$REPORT_DIR"
       - name: Ensure SNYK_TOKEN is configured
@@ -193,6 +195,7 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Install Trivy
         uses: aquasecurity/setup-trivy@3fb12ec12f41e471780db15c232d5dd185dcb514 # v0.2.0
       - name: Prepare report directory
@@ -228,6 +231,7 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Prepare report directory
         run: mkdir -p "$REPORT_DIR"
       - name: Build server image for scanning
@@ -276,6 +280,7 @@ jobs:
     needs: context
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - uses: aquasecurity/setup-trivy@3fb12ec12f41e471780db15c232d5dd185dcb514 # v0.2.5
       - name: Prepare report directory
         run: mkdir -p "$REPORT_DIR"
@@ -301,6 +306,7 @@ jobs:
     needs: context
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Install Checkov
         run: pip install --no-cache-dir checkov==3.2.23
       - name: Run Checkov across Terraform and Helm assets
@@ -331,6 +337,8 @@ jobs:
     needs: context
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Install Helm
         uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.1.0
         with:
@@ -402,6 +410,7 @@ jobs:
     needs: context
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Execute baseline checks
         run: |
           chmod +x scripts/security/baseline-check.sh
@@ -422,6 +431,7 @@ jobs:
     timeout-minutes: 45
     steps:
       - uses: actions/checkout@v4 # v4.1.7
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - name: Prepare report directory
         run: mkdir -p "$REPORT_DIR"
       - name: Boot application stack
@@ -559,7 +569,7 @@ jobs:
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4.1.0
         with:
           retention-days: 14
-          name: security-reports
+          name: security-reports-aggregated
           path: aggregated-security/security-summary.json
       - name: Record dashboard location
         id: dashboard

.github/workflows/ci-verify.yml

@@ -146,6 +146,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4 # v6
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - uses: actions/setup-node@v4 # v6
         with:
           cache: 'pnpm'
@@ -311,6 +312,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4 # v6
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
       - uses: actions/setup-node@v4 # v6
         with:
           cache: 'pnpm'

.github/workflows/governance-lockfile-verify.yml

@@ -58,6 +58,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4 # v4
 
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
+
       - name: Make Scripts Executable
         run: chmod +x scripts/release/*.sh
 

.github/workflows/mvp4-gate.yml

@@ -78,7 +78,7 @@ jobs:
       - name: Setup OPA
         uses: open-policy-agent/setup-opa@950f159a49aa91f9323f36f1de81c7f6b5de9576 # v2
         with:
-          version: v0.61.0
+          version: v0.68.0
       - name: Verify Policies
         run: |
           opa check policies/

.github/workflows/pr-quality-gate.yml

@@ -16,17 +16,17 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4 # v6
 
+      - name: Install pnpm
+        uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
+        with:
+          version: 9
+
       - name: Setup Node.js
         uses: actions/setup-node@v4 # v6
         with:
           node-version: 20
           cache: "pnpm"
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 9
-
       - name: Install Dependencies
         run: pnpm install --frozen-lockfile
 
@@ -40,17 +40,17 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4 # v6
 
+      - name: Install pnpm
+        uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
+        with:
+          version: 9
+
       - name: Setup Node.js
         uses: actions/setup-node@v4 # v6
         with:
           node-version: 20
           cache: "pnpm"
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 9
-
       - name: Install Dependencies
         run: pnpm install --frozen-lockfile
 
@@ -73,6 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4 # v6
+      - uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c # v4
 
       - name: Install Syft
         uses: anchore/sbom-action/download-syft@v0

packages/advanced-caching/package.json

@@ -17,7 +17,7 @@
     "zod": "^3.24.1",
     "lru-cache": "^11.0.0",
     "async-mutex": "^0.5.0",
-    "xxhash": "^0.3.0"
+    "xxhash-wasm": "^1.0.2"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",

packages/nlp/package.json

@@ -44,7 +44,6 @@
     "stopword": "^3.1.1",
     "wink-nlp": "^2.2.0",
     "wink-eng-lite-web-model": "^1.5.0",
-    "spellchecker": "^3.7.1",
     "unorm": "^1.6.0"
   },
   "devDependencies": {