- Remove retired _archive/ and scripts/archive/ trees (site, book filters, games, vault); vault CHANGELOG points to git history for old scripts.
- CONTRIBUTING: site project row, site/ in area map, root vs TinyTorch pre-commit, vault schema drift wording.
- Newsletter CLI: path-agnostic news alias; tinytorch pre-commit comments; add tools/ and staffml-vault-types READMEs for maintainers.
Issue #1393 calls out four gaps in the root CONTRIBUTING that first-time
contributors hit: that tito is the TinyTorch CLI, that src/ edits need
`tito src export`, that Co-Labs run in Pyodide and Marimo cells must
return UI elements (release invariant #4 in labs/PROTOCOL.md), and that
large binaries should not be committed.
The existing project-area table covers folder mapping; this section
names the gotchas explicitly and links to the canonical per-area docs
rather than duplicating their content.
Relates to #1393.
The previous wording told every contributor to run `./book/binder setup`,
but binder is the textbook's CLI — it pulls in Quarto, Java, epubcheck and
other book-only tooling. A TinyTorch or StaffML contributor shouldn't need
a book-branded entry point to wire up repo-wide commit hooks.
Split the section so the universal step is the project-agnostic
`pip install pre-commit && pre-commit install`, and route project-specific
setup (binder, tinytorch deps, vault-cli, mlsysim, mlperf-edu, staffml)
through a small table.
Aligns the repository with GitHub community-standard recommendations and
makes the project's policies discoverable from the root, where contributors
and tooling actually look for them.
- CONTRIBUTING.md (root): router to per-project guides plus universal
policies (branch from dev, ./book/binder setup, no `git add .`).
- CODE_OF_CONDUCT.md (root): canonical Contributor Covenant 2.1, lifted
from book/docs/. The book/docs version becomes a thin pointer so we
have a single source of truth.
- SECURITY.md: private vulnerability reporting via GitHub Security
Advisory + maintainer email, with explicit in-scope/out-of-scope
boundaries (textbook typos are not security issues).
- CITATION.cff: machine-readable mirror of CITATION.bib so GitHub's
"Cite this repository" button works.
- .github/dependabot.yml: weekly bumps against `dev` for every actual
ecosystem in the repo (pip, npm, github-actions), grouped where it
makes sense (Next/React together).
- .github/ISSUE_TEMPLATE/config.yml: blank_issues_enabled=false to keep
reports on-template; added security-advisory contact link.
