chore(ci): convert elixir-ci.yml to wrapper of standards reusable

[hyperpolymath]

Summary

Replaces the per-repo elixir-ci.yml copy (50+ lines of duplicated plumbing) with a 16-line wrapper calling hyperpolymath/standards/.github/workflows/elixir-ci-reusable.yml@4fdf4314b4ab54269adbaff10e30e483b5e86845 (standards#174 HEAD SHA).

Same pattern as the rust-ci wrapper sweep filed 2026-05-26.

Pin-to-not-yet-merged-SHA

Intentional: the SHA points at standards#174's PR HEAD, not main. This wrapper file is staged but the action runner won't load the reusable until standards#174 lands on main. Per estate-template-propagation guidance.

Test plan

• pull_request triggers run the wrapper unchanged from main (target-branch semantics)
• After standards#174 merges, the next push exercises the reusable end-to-end
• OTP 26 / Elixir 1.15 preserved (the prior elixir-ci.yml pinned these)

Refs standards#174.

🤖 Generated with Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 79 issues detected

Severity	Count
🔴 Critical	14
🟠 High	43
🟡 Medium	22

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in rescript-deno-ci.yml",
    "type": "npermissions_typo",
    "file": "rescript-deno-ci.yml",
    "action": "fix_typo",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/bofig/bofig/tests/unit/evidence_graph_test.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/bofig/bofig/tests/aspect/security_test.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/bofig/bofig/tests/e2e/graph_lifecycle_test.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/bofig/bofig/tests/bench/graph_bench.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/bofig/bofig/tests/property/graph_properties_test.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (1 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/bofig/bofig/assets/js/hooks/evidence_graph_hook.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (2 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/bofig/bofig/assets/js/hooks/timeline_hook.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (2 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/bofig/bofig/assets/js/hooks/prompt_radar_hook.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence