licence(#7): PMPL-1.0 -> PMPL-1.0-or-later (owner carve-out, SPDX-only)

.github/workflows/codeql.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 name: CodeQL Security Analysis
 
 on:

.github/workflows/scorecard.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 name: OSSF Scorecard
 on:
   push:

.github/workflows/secret-scanner.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Prevention workflow - scans for hardcoded secrets before they reach main
 name: Secret Scanner
 

bots/echidnabot/CITATION.cff

@@ -1,6 +1,6 @@
 # CITATION.cff - Citation File Format for echidnabot
 # https://citation-file-format.github.io/
-# SPDX-License-Identifier: PMPL-1.0 OR LicenseRef-Palimpsest-0.5
+# SPDX-License-Identifier: PMPL-1.0-or-later OR LicenseRef-Palimpsest-0.5
 
 cff-version: 1.2.0
 title: "echidnabot"

bots/echidnabot/Containerfile

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Build stage
 FROM docker.io/library/rust:1.83-slim AS builder
 

bots/echidnabot/Mustfile

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Mustfile - hyperpolymath mandatory checks
 # See: https://github.com/hyperpolymath/mustfile
 

bots/echidnabot/contracts/Token.sol

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 // Copyright (C) 2024 Jonathan D.A. Jewell / Hyperpolymath
 
 pragma solidity ^0.8.19;

bots/echidnabot/contracts/TokenEchidnaTest.sol

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 // Copyright (C) 2024 Jonathan D.A. Jewell / Hyperpolymath
 
 pragma solidity ^0.8.19;

bots/echidnabot/flake.nix

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # SPDX-FileCopyrightText: 2025 hyperpolymath
 {
   description = "ECHIDNABOT - Proof-aware CI bot for theorem verification";

bots/echidnabot/hooks/pre-commit-tsjs-blocker.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Pre-commit hook: block TypeScript/JavaScript and Node configs
 set -euo pipefail
 

bots/echidnabot/hooks/validate-codeql.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Pre-commit hook: Validate CodeQL language matrix matches repo
 set -euo pipefail
 

bots/echidnabot/hooks/validate-permissions.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Pre-commit hook: Validate workflow permissions declarations
 set -euo pipefail
 ERRORS=0

bots/echidnabot/hooks/validate-sha-pins.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Pre-commit hook: Validate GitHub Actions are SHA-pinned
 
 set -euo pipefail

bots/echidnabot/hooks/validate-spdx.sh

@@ -1,19 +1,19 @@
 #!/usr/bin/env bash
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Pre-commit hook: Validate SPDX headers in workflow files
 
 set -euo pipefail
 
 ERRORS=0
-SPDX_PATTERN="^# SPDX-License-Identifier:PMPL-1.0
+SPDX_PATTERN="^# SPDX-License-Identifier:PMPL-1.0-or-later
 
 for workflow in .github/workflows/*.yml .github/workflows/*.yaml; do
     [ -f "$workflow" ] || continue
 
     first_line=$(head -n1 "$workflow")
     if ! echo "$first_line" | grep -qE "$SPDX_PATTERN"; then
         echo "ERROR: Missing SPDX header in $workflow"
-        echo "  First line should be: # SPDX-License-Identifier: PMPL-1.0
+        echo "  First line should be: # SPDX-License-Identifier: PMPL-1.0-or-later
         ERRORS=$((ERRORS + 1))
     fi
 done

bots/echidnabot/packaging/aur/PKGBUILD

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Maintainer: hyperpolymath <packages@hyperpolymath.dev>
 
 pkgname=echidnabot-bin

bots/echidnabot/packaging/chocolatey/echidnabot.nuspec

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- SPDX-License-Identifier: PMPL-1.0 -->
+<!-- SPDX-License-Identifier: PMPL-1.0-or-later -->
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>echidnabot</id>

bots/echidnabot/packaging/debian/rules

@@ -1,5 +1,5 @@
 #!/usr/bin/make -f
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 
 %:
 	dh $@

bots/echidnabot/packaging/macports/Portfile

@@ -1,5 +1,5 @@
 # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 
 PortSystem          1.0
 PortGroup           cargo 1.0

bots/echidnabot/scripts/echidna-gen.js

@@ -1,11 +1,11 @@
 #!/usr/bin/env -S deno run --allow-read --allow-write
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 // Echidna Test Property Generator
 // Generates Echidna test contracts from Solidity source files
 //
 // Usage: deno run --allow-read --allow-write scripts/echidna-gen.js <contract.sol>
 
-const SPDX_HEADER = `// SPDX-License-Identifier: PMPL-1.0
+const SPDX_HEADER = `// SPDX-License-Identifier: PMPL-1.0-or-later
 // Generated by echidnabot - Echidna Test Generator
 // https://github.com/hyperpolymath/echidnabot
 `;

bots/echidnabot/src/adapters/bitbucket.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Bitbucket platform adapter (minimal clone support)
 
 use async_trait::async_trait;

bots/echidnabot/src/adapters/gitlab.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! GitLab platform adapter (minimal clone support)
 
 use async_trait::async_trait;

bots/echidnabot/src/adapters/mod.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Platform adapters for GitHub, GitLab, Bitbucket
 
 use serde::{Deserialize, Serialize};

bots/rhodibot/fuzz/Cargo.toml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 [package]
 name = "rhodibot-fuzz"
 version = "0.0.0"

bots/rhodibot/fuzz/fuzz_targets/fuzz_input.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Generic fuzz target for arbitrary input processing
 
 #![no_main]

bots/seambot/fuzz/fuzz_targets/fuzz_input.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Generic fuzz target for arbitrary input processing
 
 #![no_main]

robot-repo-automaton/.github/workflows/codeql.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 name: CodeQL Security Analysis
 on:
   push:

robot-repo-automaton/.github/workflows/instant-sync.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 # Instant Forge Sync - Triggers propagation to all forges on push/release
 name: Instant Sync
 

robot-repo-automaton/.github/workflows/mirror.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 name: Mirror to GitLab and Bitbucket
 
 on:

robot-repo-automaton/.github/workflows/scorecard.yml

@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: PMPL-1.0
+# SPDX-License-Identifier: PMPL-1.0-or-later
 name: OSSF Scorecard
 on:
   push:

shared-context/src/context.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Shared context for coordinating bot executions
 
 use crate::bot::{BotExecution, BotId, BotStatus, Tier};

shared-context/src/finding.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Finding representation for cross-bot communication
 
 use crate::bot::BotId;

shared-context/src/lib.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Gitbot Fleet Shared Context Layer
 //!
 //! This crate provides the coordination infrastructure for the gitbot-fleet,

shared-context/src/state.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! State management for session and repository tracking
 
 use crate::bot::BotId;

shared-context/src/storage.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Context storage backends
 
 use crate::context::Context;

shared-context/src/triangle.rs

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: PMPL-1.0
+// SPDX-License-Identifier: PMPL-1.0-or-later
 //! Safety Triangle types for the gitbot-fleet remediation pipeline.
 //!
 //! The Safety Triangle prioritizes remediation actions: