Audit remediation and production hardening#8
Merged
Conversation
Centralize suggestion and analysis shapes so modules agree on confidence scaling and review comment metadata.
Give the app consistent observability hooks for analysis latency, errors, and operational counters without scattering ad-hoc logs.
Map hunk lines to LEFT/RIGHT positions reliably so GitHub review comments land on the correct side of the PR diff.
Throttle slash-command style actions per actor so abuse cannot flood analysis or GitHub API calls.
Process work asynchronously with budgets and pagination so webhook handlers return quickly and heavy analysis stays bounded.
Persist developer decisions so accepted specs and ignored findings survive across PR updates instead of living only in memory.
Normalize confidence to a 0-1 scale, gate mock usage by policy, and replace brittle live integration coverage with focused unit tests.
Improve symbol and language filtering so downstream analysis only sees extractable, relevant code regions.
Emit safer Lean skeletons and sample closed proofs so generated specs are checkable rather than placeholder-only stubs.
Track spec content identity so coverage reflects real accepted contracts rather than stale or duplicate file names.
Wire analysis to persisted decisions and bounded work so results stay consistent across PR pushes and re-runs.
Validate actors before mutating PR state and align review comments with corrected diff sides and shared types.
Fold overlapping dashboard surfaces into one HTTP dashboard and drop unused vscode/dashboard feedback shims from the app package.
Hook webhooks and CI into the analysis queue, store, and metrics so push-time drift and PR events share one hardened path.
Update secondary surfaces to the shared types and logging so local demos and alerts do not drift from production behavior.
Stabilize test setup and fixtures so webhook and policy regressions are caught without relying on live LLM calls.
Read accepted specs from the workspace store layout, tighten the proof runner, and ship the activity-bar icon and lockfile.
Add security scanning and tighten Node/Lean workflows so regressions and dependency drift surface before merge.
Capture the repo audit findings, update env/app examples, and align README with the hardened analysis and store workflows.
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.specsync, and expand Probot/fixture test coverage without live LLM dependence.Test plan
npm test(or CI Node workflow) passes on the branchlake buildforspecs/succeeds