docs(examples): community example — vouchdev/vouch issue-tracker audit#357
Draft
jonathanchang31 wants to merge 2 commits into
Draft
docs(examples): community example — vouchdev/vouch issue-tracker audit#357jonathanchang31 wants to merge 2 commits into
jonathanchang31 wants to merge 2 commits into
Conversation
Adds examples/community/vouch-issue-tracker-audit/, a real vouch KB built by cross-referencing every open issue on vouchdev/vouch against upstream/main and upstream/test for a resolving commit. 13 of the 93 open issues checked turned out to be already fixed but left open on GitHub, or genuinely open and unclaimed; one (vouchdev#168, cross-agent approval bypassing the review gate) is still unfixed and security-relevant, with a prior maintainer review on record describing exactly what a correct fix needs. A 14th finding, a real bug in `vouch source add --url`, surfaced while building the KB itself. Every claim is proposed and approved through the real CLI and cited to a source file containing the actual evidence (git log output, direct code reads, or a maintainer's PR review comment) — no hand-authored artifacts. Closes vouchdev#338.
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Addresses CodeRabbit's review on PR vouchdev#358: - The README and both audit pages said "every open issue" was checked, which contradicted the very next sentence excluding issues already tied to another open PR. Reworded to state the actual in-scope set: 61 of 93 open issues, i.e. all except those already claimed by an in-flight PR. - The "11 of these 13 issues ... already resolved" summary double-counted vouchdev#54 and vouchdev#100 as fully fixed. vouchdev#54's epic only shipped one of several tracks, and vouchdev#100 only drafted a VEP document without building the feature it describes. Corrected to "9 of these 13", with vouchdev#54 and vouchdev#100 now called out explicitly as partial, alongside the already-separate vouchdev#189 (open) and vouchdev#168 (unfixed) callouts. The corresponding decided/ proposal records are updated to match the corrected page text, so the audit trail stays internally consistent (payload.body in decided/ mirrors the durable pages/*.md content, per `vouch doctor`/`fsck`).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
examples/community/vouch-issue-tracker-audit/, a realvouchKBbuilt by cross-referencing every open issue on this repo (93 at audit
time) against
upstream/mainandupstream/testfor a commit thatalready resolves it.
Findings:
because merges to
test, or squash-merge commits, don't triggerGitHub's auto-close).
(visibility, project, agent)[VEP] #100) wasdrafted but the feature it describes was never built.
still unfixed and security-relevant. A prior PR (fix: agent transport allows cross agent approval #169) attempted a fix
and was closed after a maintainer review requested changes; this KB's
claim cites that review verbatim so a future fix has exact acceptance
criteria.
vouch source add PATH --url URLsilently drops
--url(cli.py::source_addalways passes an explicitlocator, sostorage.py'slocator or urlfallback never reachesurl). Found while building this very KB — every source citation hadto have its
locatorcorrected by hand afterward.Every claim went through the real CLI (
vouch propose-claim→vouch approve, one round ofvouch rejecton a bad--typevalue, thenresubmit) and cites a source file with the actual evidence (a
git logtranscript, a direct code excerpt, or a maintainer's PR-review comment
copied from GitHub) — nothing here is hand-authored YAML.
Related Issue
Addresses #338 (a standing call for community examples, not something a
single PR should close).
Change Type
Real Behavior Proof
A fresh copy of the shipped snapshot reconciles cleanly:
Checklist
vouch doctor/lint/fsckclean on the snapshot, both in-place and from a fresh copyexamples/README.mdunder a new "Community examples" sectionCHANGELOG.mdunder[Unreleased]pytest) — unaffected, all greenmake lint