KILL SWITCH ACTIVATED: emergency stop

Author: tbitcs

.clang-tidy

@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: MIT
+# clang-tidy configuration for arbiter engine C sources.
+#
+# Run:  clang-tidy -p build lib/*.c -- -I include
+#
+# Checks target safety-critical embedded C patterns:
+#   bugprone-*    — common bug patterns (use-after-move, narrowing, etc.)
+#   cert-*        — CERT C Coding Standard rules
+#   clang-analyzer-* — Clang Static Analyzer checks
+#   misc-*        — miscellaneous (unused parameters, static asserts, etc.)
+#   performance-* — unnecessary copies, moves, etc.
+#   readability-identifier-naming — enforce Zephyr-style naming conventions
+
+Checks: >
+  -*,
+  bugprone-*,
+  cert-*,
+  clang-analyzer-*,
+  misc-*,
+  performance-*,
+  readability-identifier-naming,
+  -bugprone-easily-swappable-parameters,
+  -bugprone-reserved-identifier,
+  -cert-dcl37-c,
+  -cert-dcl51-cpp,
+  -misc-include-cleaner,
+  -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling
+
+WarningsAsErrors: '*'
+
+CheckOptions:
+  # Struct/enum types: UPPER_SNAKE for ARBITER_* types
+  - key: readability-identifier-naming.TypedefCase
+    value: UPPER_CASE
+  # Macros: UPPER_SNAKE
+  - key: readability-identifier-naming.MacroDefinitionCase
+    value: UPPER_CASE
+  # Functions: mixed (ARBITER_* public API, snake_case internal)
+  - key: readability-identifier-naming.FunctionCase
+    value: aNy_CasE
+  # Local variables: snake_case
+  - key: readability-identifier-naming.LocalVariableCase
+    value: lower_case
+  # Parameters: snake_case
+  - key: readability-identifier-naming.ParameterCase
+    value: lower_case
+  # Global constants: UPPER_CASE
+  - key: readability-identifier-naming.GlobalConstantCase
+    value: UPPER_CASE
+  # Enum constants: UPPER_CASE
+  - key: readability-identifier-naming.EnumConstantCase
+    value: UPPER_CASE

.github/workflows/ci.yml

@@ -38,6 +38,41 @@ jobs:
       - name: Validate sample model
         run: arbiterc validate samples/battery_policy/models/battery.arb.yaml --strict
 
+      - name: Profile validation — compile all samples on standard profile
+        run: |
+          for model in samples/*/models/*.arb.yaml; do
+            echo "--- $model ---"
+            arbiterc compile "$model" --profile standard --out-c /dev/null --out-h /dev/null
+          done
+
+  clang-tidy:
+    name: clang-tidy Static Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install clang-tidy
+        run: sudo apt-get install -y --no-install-recommends clang-tidy
+
+      - name: Run clang-tidy on engine sources
+        run: |
+          clang-tidy \
+            lib/arbiter_engine.c \
+            lib/arbiter_eval.c \
+            lib/arbiter_fact_store.c \
+            lib/arbiter_trace.c \
+            lib/arbiter_blob.c \
+            lib/arbiter_action.c \
+            -- \
+            -I include \
+            -isystem tools/clang-tidy-stubs \
+            -std=c11 \
+            -DCONFIG_ARBITER_LOG_LEVEL=3 \
+            -DCONFIG_ARBITER_MAX_FACTS=64 \
+            -DCONFIG_ARBITER_MAX_ACTIONS_PER_EVAL=16 \
+            -DCONFIG_ARBITER_MAX_TRACE_ENTRIES=64 \
+            -DCONFIG_ARBITER_MAX_TRACE_INPUTS=8
+
   spdx:
     name: SPDX Header Check
     runs-on: ubuntu-latest

.specsmith/ledger-chain.txt

@@ -35,3 +35,4 @@ a2c7514ffce939e62da66e41a99eb1daa279b22f963675ff7dd06ff6defc7367
 ca42124cb56eade5ea6262ac28dc68824d4333141a0a87f1be9f50efffe37617
 15ec9c182dac2256743599464cfa6a970b556ca5d9fa0655f079b0aa1b4b2d3d
 93b3525850de7bfd3e044b60b3a90ce069e1a286b5cd6044ca23e9e1d29a3eeb
+63c25bfd300d98352d154198e23e5ce803b53ce3c333c6a93e03586952f761ba