Release: merge dev into main (code review pylint, docs, agent-rules)

[djm81]

Promotes the current dev line to main, including recently merged work:

• Code review / pylint (#208): coerce pylint line 0 and empty messages for ReviewFinding; treat empty/whitespace-only stdout as a parse failure with stderr/returncode context and stdout/stderr truncation previews; strengthen unit tests.
• Agent rules (#209): document --bug-hunt on manual specfact code review run invocations in quality gates and repository context.
• Docs / validation (#207 and related): code review run docs (--level semantics), bundle overview link validation, docs site validation tests, and OpenSpec/docs-15 followups as already merged on dev.

Verification: dev reflects the merged PRs above; CI on this PR should run the full quality matrix for the main merge path.

Made with Cursor

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f302e713-63b1-4f61-b9ab-1e50fcdd0fd3

📥 Commits

Reviewing files that changed from the base of the PR and between dc23ce9 and b5c5366.

⛔ Files ignored due to path filters (2)

• registry/modules/specfact-code-review-0.47.12.tar.gz is excluded by !**/*.gz
• registry/modules/specfact-code-review-0.47.13.tar.gz is excluded by !**/*.gz

📒 Files selected for processing (6)

• packages/specfact-code-review/module-package.yaml
• registry/index.json
• registry/modules/specfact-code-review-0.47.12.tar.gz.sha256
• registry/modules/specfact-code-review-0.47.13.tar.gz.sha256
• registry/signatures/specfact-code-review-0.47.12.tar.sig
• registry/signatures/specfact-code-review-0.47.13.tar.sig

📜 Recent review details

🧰 Additional context used

📓 Path-based instructions (2)

registry/**

⚙️ CodeRabbit configuration file

registry/**: Registry and index consistency: bundle listings, version pins, and compatibility with
published module artifacts.

Files:

• registry/signatures/specfact-code-review-0.47.12.tar.sig
• registry/signatures/specfact-code-review-0.47.13.tar.sig
• registry/modules/specfact-code-review-0.47.12.tar.gz.sha256
• registry/modules/specfact-code-review-0.47.13.tar.gz.sha256
• registry/index.json

packages/**/module-package.yaml

⚙️ CodeRabbit configuration file

packages/**/module-package.yaml: Validate metadata: name, version, commands, dependencies, and parity with packaged src.
Call out semver and signing implications when manifests or payloads change.

Files:

• packages/specfact-code-review/module-package.yaml

🧠 Learnings (7)

📓 Common learnings

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .cursorrules:0-0
Timestamp: 2026-04-13T10:38:15.855Z
Learning: Adhere to worktree policy, OpenSpec gating, GitHub hierarchy-cache refresh, TDD order, quality gates, versioning, and documentation rules as defined in `docs/agent-rules/`

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: This repository enforces the clean-code review gate through hatch run specfact code review run --json --out .specfact/code-review.json

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Fix SpecFact code review findings, including warnings, unless a rare explicit exception is documented

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: When a change is paired with work in specfact-cli, review the paired public change artifacts there before widening scope or redefining shared workflow semantics

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Work belongs on feature/*, bugfix/*, hotfix/*, or chore/* branches, normally in a worktree rooted under ../specfact-cli-modules-worktrees/

📚 Learning: 2026-04-02T21:49:07.435Z

Learnt from: djm81
Repo: nold-ai/specfact-cli-modules PR: 136
File: registry/modules/specfact-spec-0.40.17.tar.gz.sha256:1-1
Timestamp: 2026-04-02T21:49:07.435Z
Learning: In nold-ai/specfact-cli-modules, module tarball signature files under registry/signatures/*.tar.sig are produced by the publish-modules GitHub Actions runner during the publish workflow (not committed to the branch). During PR pre-merge review, do not flag missing *.tar.sig files as blockers; treat signatures as publish-time artifacts.

Applied to files:

• registry/signatures/specfact-code-review-0.47.12.tar.sig
• registry/signatures/specfact-code-review-0.47.13.tar.sig

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Signed module or manifest changes require version-bump review and verify-modules-signature

Applied to files:

• registry/signatures/specfact-code-review-0.47.12.tar.sig
• registry/signatures/specfact-code-review-0.47.13.tar.sig
• registry/modules/specfact-code-review-0.47.13.tar.gz.sha256
• registry/index.json
• packages/specfact-code-review/module-package.yaml

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Fix SpecFact code review findings, including warnings, unless a rare explicit exception is documented

Applied to files:

• registry/signatures/specfact-code-review-0.47.12.tar.sig
• packages/specfact-code-review/module-package.yaml

📚 Learning: 2026-04-02T21:49:11.371Z

Learnt from: djm81
Repo: nold-ai/specfact-cli-modules PR: 136
File: registry/modules/specfact-spec-0.40.17.tar.gz.sha256:1-1
Timestamp: 2026-04-02T21:49:11.371Z
Learning: In nold-ai/specfact-cli-modules, module tarball signatures (registry/signatures/*.tar.sig) are generated by the `publish-modules` GitHub Actions runner during the publish workflow, not committed locally to the branch. Missing signature files should NOT be flagged as a pre-merge blocker in PRs.

Applied to files:

• registry/modules/specfact-code-review-0.47.12.tar.gz.sha256
• registry/modules/specfact-code-review-0.47.13.tar.gz.sha256
• registry/index.json
• packages/specfact-code-review/module-package.yaml

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: This repository enforces the clean-code review gate through hatch run specfact code review run --json --out .specfact/code-review.json

Applied to files:

• registry/modules/specfact-code-review-0.47.13.tar.gz.sha256
• registry/index.json
• packages/specfact-code-review/module-package.yaml

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Enforce module signatures and version bumps when signed module assets or manifests are affected

Applied to files:

• packages/specfact-code-review/module-package.yaml

🔀 Multi-repo context nold-ai/specfact-cli

Linked repositories findings

nold-ai/specfact-cli

• scripts/pre_commit_code_review.py — builds and runs nested specfact code review run --json --out .specfact/code-review.json via build_review_command() and _run_review_subprocess(); the helper expects the report at .specfact/code-review.json and parses it with CodeReviewReport/ReviewFinding. Changes that affect JSON shape, missing-stdout handling, or tool_error findings from the specfact-code-review package will be observed/handled here. [::nold-ai/specfact-cli::scripts/pre_commit_code_review.py]

• build_review_command() — enforces --json and --out .specfact/code-review.json in the created subprocess argv (no --bug-hunt present in this repository copy). If the specfact-code-review package documents/examples now add --bug-hunt, callers (like this helper) may need to add it to preserve parity with documented manual invocations. [::nold-ai/specfact-cli::scripts/pre_commit_code_review.py: build_review_command]

• _load_review_report() / CodeReviewReport / ReviewFinding — the helper validates and normalizes review JSON via pydantic models (extra="ignore"); it only validates severity in ReviewFinding and expects report.findings to be a list of objects. Changes in the code-review tool that add new finding categories (tool_error, security, etc.) or change fields used by downstream summaries must still produce objects accepted by these models. [::nold-ai/specfact-cli::scripts/pre_commit_code_review.py: definitions of ReviewFinding, CodeReviewReport, _load_review_report]

• _emit_completed_output() and _print_review_findings_summary() — the script treats missing/invalid JSON report as a parse/read failure, emits nested subprocess stdout/stderr, and counts findings by normalized severity; the updated pylint_runner behavior that surfaces parse failures as tool_error findings (and includes truncated stderr/returncode text) interacts with this logic (i.e., parse failures may now be reported as findings in the JSON rather than only appearing as missing-report stderr). [::nold-ai/specfact-cli::scripts/pre_commit_code_review.py: _emit_completed_output, _print_review_findings_summary]

• Tests referencing CLI invocation and dogfood workflows:

  • tests/unit/specfact_cli/test_dogfood_self_review.py — asserts specfact code review run overall_verdict behavior and will be sensitive to --bug-hunt-induced CrossHair timeouts or changes to verdict/ci_exit_code semantics. [::nold-ai/specfact-cli::tests/unit/specfact_cli/test_dogfood_self_review.py]
  • tests/unit/docs/test_wow_entrypoint_contract.py and tests/unit/scripts/test_code_review_module_docs.py — include/expect the command string and docs parity; documentation changes that always show --bug-hunt should be consistent with these tests or updated examples. [::nold-ai/specfact-cli::tests/unit/docs/test_wow_entrypoint_contract.py][::nold-ai/specfact-cli::tests/unit/scripts/test_code_review_module_docs.py]

• docs and scripts that call or document the command:

  • docs/modules/code-review.md and multiple docs/agent-rules/* files include the specfact code review run --json --out .specfact/code-review.json invocation (some updated to show --bug-hunt in the PR). The repository’s pre-commit helper and README reference the same report path and invocation style; documentation-only changes adding --bug-hunt should be mirrored where the helper actually invokes the command if intended. [::nold-ai/specfact-cli::docs/modules/code-review.md][::nold-ai/specfact-cli::docs/agent-rules/20-repository-context.md]

• openspec/specs/* — several spec documents in this repo (review-run-command, code-review-bug-finding, review-cli-contracts, etc.) define --bug-hunt, JSON/ci_exit_code behavior, and additional finding categories (e.g., security, tool_error). The helper’s validation/summary logic should be reviewed against these specs to ensure it accepts/handles the newly specified findings and exit-code semantics. [::nold-ai/specfact-cli::openspec/specs/review-run-command/spec.md][::nold-ai/specfact-cli::openspec/specs/code-review-bug-finding/spec.md][::nold-ai/specfact-cli::openspec/specs/review-cli-contracts/spec.md]

Summary evaluation

• The repository contains a pre-commit helper (scripts/pre_commit_code_review.py) that invokes and parses specfact code review run JSON output at .specfact/code-review.json. Changes in the specfact-code-review package (pylint_runner parse-failure -> tool_error findings, added --bug-hunt flag behavior, new finding categories) are relevant: they may change whether failures appear as missing JSON vs JSON tool_error findings, add new severities/categories, and alter CLI exit-code semantics that the helper and tests assert on. Tests and docs in this repo reference the command and should be checked for consistency with the new --bug-hunt documentation and the altered JSON/tool-error behavior.

🔇 Additional comments (6)

registry/signatures/specfact-code-review-0.47.12.tar.sig (1)

1-1: Signature artifact format looks correct.

Single-line base64 signature content is in the expected shape for registry signature artifacts.

As per coding guidelines, registry signature files should contain a single base64-encoded string with no extra content.

registry/modules/specfact-code-review-0.47.12.tar.gz.sha256 (1)

1-1: Checksum file format is valid.

Digest-only single-line SHA-256 value is correctly formatted for module checksum artifacts.

As per coding guidelines, checksum files should contain only the digest value with no formatting noise.

registry/modules/specfact-code-review-0.47.13.tar.gz.sha256 (1)

1-1: 0.47.13 checksum artifact is correctly structured.

The file contains a single SHA-256 digest value, matching expected registry artifact format.

As per coding guidelines, each tarball version referenced by the registry should have a single digest-only checksum file.

registry/signatures/specfact-code-review-0.47.13.tar.sig (1)

1-1: 0.47.13 signature artifact format is correct.

Single base64 payload with no extra text/new structure is aligned with signing/verification flow.

As per coding guidelines, signature files must be version-aligned and contain only the base64 signature string.

packages/specfact-code-review/module-package.yaml (1)

2-2: Manifest version/signing metadata is coherent.

Version bump and integrity metadata are present and correctly shaped for signature verification (checksum + signature).

As per coding guidelines, packages/**/module-package.yaml changes should call out and preserve semver/signing integrity when manifests or payloads change.

Also applies to: 26-27

registry/index.json (1)

81-83: Registry index update is consistent for the release boundary.

latest_version, download_url, and checksum_sha256 are aligned to the same 0.47.13 artifact, with no unrelated metadata drift in this segment.

As per coding guidelines, registry updates must keep latest_version, download_url, and checksum_sha256 synchronized to the same release.

---

📝 Walkthrough

Release: dev→main merge (0.47.9→0.47.13)

Bundle & Module Surface

• Command surface (specfact code review run)
  • New flags:
    • --bug-hunt: raises CrossHair per-path timeout to 10s and subprocess timeout to 120s; composable with existing options.
    • --mode shadow|enforce: shadow forces process exit 0 while preserving computed overall_verdict in JSON; enforce preserves legacy exit semantics.
    • --level error|warning: pre-scoring severity filter that narrows emitted findings before scoring; affects findings, overall_verdict, and ci_exit_code.
    • --focus source|tests|docs (repeatable): facet-based narrowing (union of facets intersected with scope-resolved files); explicitly incompatible with --include-tests / --exclude-tests.
• Tool robustness and parsing
  • Pylint runner: line values coerced (0/negative → 1); missing/blank message replaced with "(pylint provided no message text)"; stdout trimmed before JSON parse; empty or whitespace-only stdout is treated as a parse/tool_error including truncated stdout/stderr and returncode context.
  • Tool availability detection (specified by new docs/spec): runtime checks for external review tools (ruff, radon, semgrep, basedpyright, pylint, crosshair, pytest/pytest-cov). Missing tools are skipped and emit exactly one ReviewFinding with category="tool_error" naming the missing pip package; missing tools do not cause misleading JSON parse errors.
• Contract/contract-runner behavior
  • run_contract_check accepts bug_hunt flag/parameter, configurable per-path timeout, and suppresses MISSING_ICONTRACT when icontract imports are absent in scan roots.
• Semgrep bug-finding pass
  • Optional .semgrep/bugs.yaml pass (runs alongside clean_code pass); skipped silently if absent. Findings labeled category="security" or "clean_code" and reference rule ids. JSON includes combined findings and run_review wires run_semgrep_bugs with run_semgrep.

Manifest & Integrity

• Package bump: packages/specfact-code-review/module-package.yaml version 0.47.9 → 0.47.13; integrity sha256 checksum and signature updated accordingly.
• Registry updates: registry/index.json updated to point to modules/specfact-code-review-0.47.13.tar.gz with new checksum; new .sha256 and .tar.sig files added for 0.47.12 and 0.47.13 artifacts.
• Manifest completeness: new spec requires module-package.yaml's pip_dependencies to include all external tool pip packages for the default run_review pipeline; CI guard required to fail when module-package.yaml omits required pip dependencies.

Cross-repo / specfact-cli compatibility

• ReviewRunRequest interface changes (cross-repo impact):
  • New boolean field bug_hunt (default false).
  • New string field mode ("shadow"|"enforce", default enforce).
  • New repeated string field focus (values: "source","tests","docs").
  • New string field level ("error"|"warning" or omitted).
  • New fields are composable with existing scope/include/exclude/json/out options.
• ReviewFinding contract considerations:
  • line field coercion to ≥1; message may be placeholder when blank.
  • tool_error findings appear when external tools are unavailable; downstream consumers should handle these consistently.
• ReviewReport contract:
  • --mode shadow forces process exit 0 and ci_exit_code 0 in JSON while preserving computed overall_verdict.
  • --level filtering is pre-scoring and reduces the findings list that scoring and ci_exit_code use.
• Consumers must ensure specfact-cli and any integration layers understand/serialize the new fields and tolerate coerced ReviewFinding shapes.

Docs, site validation & CHANGELOG

• Docs link normalization
  • Multiple docs/bundles/* and modules link references converted from relative paths to absolute site-root permalinks (e.g., /bundles/..., /modules/..., /reference/...).
  • scripts/docs_site_validation.py now enforces hybrid resolution for bundle-scoped published pages: links with parent traversal (..) must agree between filesystem resolution and permalink/browser resolution; divergence yields a broken-link mismatch diagnostic.
• Documentation content updates
  • docs/bundles/code-review/run.md and docs/modules/code-review.md document new flags/semantics (bug-hunt, mode, level, focus), scoring/ci_exit_code interactions, focus/facet examples, and guidance to run python scripts/check-docs-commands.py.
  • Agent-rules docs (docs/agent-rules/*) and quality gates docs instruct that manual invocations of specfact code review run (outside pre-commit helpers) should include --bug-hunt to use extended CrossHair timeouts.
• Tests and validation
  • New unit tests for docs link hybrid resolution and for pylintrunner behaviors (coercion, tool_error for empty stdout, truncation behavior).
  • CHANGELOG/openspec followups recorded: docs-15 validation guardrails, TDD_EVIDENCE updated with verification outcomes and guidance for module-docs-tree commands.

OpenSpec changes & scenario coverage

• New or updated OpenSpec entries relevant to module behavior and CI:
  • New specs: agent-governance-loading, ci-integration, ci-module-signing-on-approval, code-review-bug-finding, code-review-tool-dependencies, sidecar-route-extraction.
  • Updated specs: contract-runner (per-path timeout, icontract detection, bug_hunt support), review-run-command (formalizes --bug-hunt, --mode, --focus, --level semantics), review-cli-contracts (expanded CLI scenario coverage), modules-docs-command-validation (bundle permalink agreement), github-hierarchy-cache (cache refresh and reporting).
• Spec scenarios cover permutations of --mode, --bug-hunt, --focus, --level, tool-absence error reporting, signing CI behavior across dev/main targets, and docs permalink agreement for /bundles/ pages.

Testing & Verification

• Strengthened unit tests:
  • tests/unit/specfact_code_review/tools/test_pylint_runner.py: assertions for normal mapping, coercion (line→1, blank message→placeholder), whitespace-wrapped JSON parsing, and tool_error creation for empty/whitespace stdout with stderr/returncode truncation checks.
  • tests/unit/scripts/test_docs_site_validation_link_agreement.py: hybrid resolution acceptance/rejection scenarios, legacy filesystem-first behavior outside /bundles/, and published fallback when filesystem misses.
• CI note: merging dev→main should run full quality matrix for main merge path per PR description.

Migration Guidance (actionable items)

• For specfact-cli and downstream integrators:
  • Ensure consumers accept/serialize new ReviewRunRequest fields (bug_hunt, mode, focus, level) and tolerate coerced ReviewFinding shapes; bump dependency to a compatible specfact-cli version exposing these fields.
  • Update any parsing or tooling that assumed numeric line≥1 and non-empty message strings to handle coerced values and tool_error findings.
  • If relying on module-package.yaml pip_dependencies, ensure manifests include the canonical pip packages for required external tools to satisfy CI guard checks.
  • Update docs references and bookmarks to use absolute site permalinks where appropriate; audit cross-bundle links for ../ traversal in published bundle pages.
• For repository maintainers:
  • Update quality gate invocations and agent rule guidance to include --bug-hunt for manual runs where longer CrossHair timeouts are intended.
  • Adapt any downstream automation that treated empty stdout from linters/tools as parse exceptions — these are now surfaced as tool_error findings with stderr/returncode snippets and truncation metadata.

Walkthrough

Adds --bug-hunt and other CLI flags/specs for specfact code review, strengthens pylint_runner robustness, implements bundle-scoped hybrid docs link resolution with tests, introduces multiple new/open-spec documents (governance, CI signing, code-review tooling), and bumps the specfact-code-review package and registry metadata.

Changes

Cohort / File(s)	Summary
CLI Spec & Contracts openspec/specs/review-run-command/spec.md, openspec/specs/review-cli-contracts/spec.md, openspec/specs/code-review-bug-finding/spec.md, openspec/specs/contract-runner/spec.md	Adds --bug-hunt, --mode (shadow/enforce), repeated --focus facets, --level pre-scoring filtering, semgrep bug-finding pass requirements, CrossHair timeout/bug-hunt semantics, and contract-test scenario requirements.
Docs: Code Review & Agent Rules docs/bundles/code-review/run.md, docs/modules/code-review.md, docs/agent-rules/20-repository-context.md, docs/agent-rules/50-quality-gates-and-review.md	Documents --bug-hunt, clarifies Python-file-only scope and --focus semantics, expands examples, and updates last_reviewed dates.
Docs Link Path Normalization docs/bundles/code-review/overview.md, docs/bundles/codebase/overview.md, docs/bundles/govern/overview.md, docs/bundles/project/overview.md, docs/bundles/spec/overview.md	Replaced relative internal links with absolute site-root/permalink-style paths.
Docs Validation: Hybrid Link Resolution & Tests scripts/docs_site_validation.py, tests/unit/scripts/test_docs_site_validation_link_agreement.py	Adds hybrid filesystem+permalink resolution for /bundles/ pages containing .., rejects mismatches, and adds unit tests covering divergence, published fallback, and legacy semantics.
Pylint Runner & Tests packages/specfact-code-review/src/specfact_code_review/tools/pylint_runner.py, tests/unit/specfact_code_review/tools/test_pylint_runner.py	Coerces/normalizes pylint line/message, changes payload parsing to accept stderr/returncode and raise clear tool-error on empty stdout, and extends tests for empty/whitespace stdout and coercion behaviors.
Module Package & Registry packages/specfact-code-review/module-package.yaml, registry/index.json, registry/modules/specfact-code-review-0.47.13.tar.gz.sha256, registry/signatures/specfact-code-review-0.47.13.tar.sig, registry/signatures/specfact-code-review-0.47.12.tar.sig	Bumps specfact-code-review version to 0.47.13, updates integrity checksum/signature and registry metadata, and adds checksum/signature artifacts.
Openspec Additions & Edits openspec/specs/agent-governance-loading/spec.md, openspec/specs/ci-integration/spec.md, openspec/specs/ci-module-signing-on-approval/spec.md, openspec/specs/code-review-tool-dependencies/spec.md, openspec/specs/sidecar-route-extraction/spec.md, openspec/specs/github-hierarchy-cache/spec.md, openspec/changes/...	Adds new/open-spec documents covering deterministic agent governance loading, CI integration and signing workflows, tool-dependency requirements, sidecar route extraction exclusions, hierarchy cache rules, and archival/TDD-evidence updates.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant CLI as specfact CLI
    participant Runner as lint/analysis runners
    participant Pylint as pylint (subprocess)
    participant CrossHair as CrossHair (subprocess)
    participant Reporter as JSON report/write

    User->>CLI: invoke `specfact code review run` (--bug-hunt, --focus, --level, --mode)
    CLI->>Runner: resolve file set (scope + repeated --focus facets)
    Runner->>Pylint: run_pylint(files)
    Pylint-->>Runner: stdout/stderr/returncode
    Runner->>Runner: _payload_from_output(stdout, stderr, returncode)
    Runner->>Runner: coerce line/message → findings
    alt bug-hunt enabled
        Runner->>CrossHair: run with per_path_timeout=10, total_timeout=120
    else
        Runner->>CrossHair: run with default timeouts
    end
    Runner->>Reporter: apply --level filter (pre-scoring)
    CLI->>Reporter: enforce/shadow exit logic → write `.specfact/code-review.json`
    Reporter-->>User: final JSON + exit (0 in shadow, conditional in enforce)

Loading

sequenceDiagram
    participant DocsTool as docs_site_validation.py
    participant Hybrid as resolve_internal_link_hybrid()
    participant FS as filesystem resolver
    participant Permalink as permalink/browser resolver

    DocsTool->>Hybrid: resolve link from page with `permalink` under `/bundles/` and `..` path
    Hybrid->>FS: resolve relative filesystem path
    Hybrid->>Permalink: resolve via page permalink + browser rules
    FS-->>Hybrid: filesystem target
    Permalink-->>Hybrid: published target
    Hybrid->>Hybrid: compare Path.resolve() results
    alt targets match
        Hybrid-->>DocsTool: return resolved target (ok)
    else
        Hybrid-->>DocsTool: return error (mismatch diagnostic)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• [Feature] Code Review External Repo Quality and Bug Finding #175 — Overlaps: implements --bug-hunt, semgrep bug-finding, CrossHair timeout and sidecar/.specfact exclusion features referenced by the issue.
• [Change] Code review bug-finding mode and sidecar venv self-scan fix #174 — Overlaps: adds --bug-hunt semantics, semgrep bugs pass, CrossHair timeout adjustments and related docs/validation changes.

Possibly related PRs

• fix(code-review): coerce pylint line 0 and empty messages for ReviewFinding #208 — Makes matching changes to pylint_runner.py (coercion and payload parsing) and tests.
• feat(governance): deterministic agent governance loading (governance-04) #182 — Updates agent-rules documentation to include --bug-hunt in code-review invocations.
• docs-15: bundle link validation, OpenSpec deltas, Code Review run guide #207 — Modifies docs validation scripts and tests related to hybrid link resolution and docs gating.

Suggested labels

bug

🚥 Pre-merge checks | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title uses a release/merge label format rather than a Conventional Commits-style prefix, does not follow the specified prefix convention.	Adopt a Conventional Commits-style prefix (e.g., 'chore: merge dev into main (code review, docs, agent-rules)') to align with repository standards.
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.74% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The PR description covers key objectives (code review, agent rules, docs) and mentions verification, but lacks complete alignment with the required template structure: missing explicit Refs/issue links, incomplete Scope checklist, no Bundle Impact version details, and incomplete Validation Evidence and CI expectations sections.	Fill in missing template sections: add specfact-cli issue refs, complete Scope checkboxes, list specific bundle versions (specfact-code-review: 0.47.9→0.47.13), document CI job expectations and local validation gate results.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc23ce9d34

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 15

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@openspec/specs/agent-governance-loading/spec.md`:
- Line 4: Replace the "TBD" purpose line with a concise description of the
spec's intent: explain that this governance loading spec defines deterministic
agent bootstrap and rule-loading semantics (including order of operations,
idempotency guarantees, versioning/rollback behavior, and how runtime resolves
conflicts), and ensure the Purpose section references the archived change
"governance-04-deterministic-agent-governance-loading" for traceability; update
the Purpose paragraph in spec.md to explicitly state these goals and the
expected outcomes for agent initialization and rule resolution.
- Around line 3-6: The markdown headings (e.g., "## Purpose", "## Requirements",
"### Requirement: Compact AGENTS bootstrap contract") need blank lines before
and after them to satisfy markdownlint MD022; update the spec.md by inserting a
single blank line above each top-level and subheading and ensuring a blank line
separates the heading from the following paragraph or list so headings are
consistently spaced.

In `@openspec/specs/ci-integration/spec.md`:
- Around line 3-6: Add blank lines before and after the top-level headings shown
in the diff (specifically the "## Purpose" and "## Requirements" headings) to
satisfy markdownlint MD022; update the spec content around these markers so
there's an empty line above "## Purpose" and an empty line both above and below
"## Requirements" (and similarly for the "### Requirement: pr-orchestrator skips
signature requirement for dev-targeting events" subheading) to ensure consistent
markdown spacing.

In `@openspec/specs/ci-module-signing-on-approval/spec.md`:
- Around line 3-6: The Markdown headings (e.g., "## Purpose", "## Requirements",
and "### Requirement: Sign packages manifests on PR approval") need surrounding
blank lines for consistency with MD022; add a single blank line before and after
each heading so each heading is separated from adjacent paragraphs or lists to
satisfy markdownlint and match the other specs.
- Line 4: Replace the "TBD" Purpose placeholder under the Purpose heading with a
concise description mirroring the ci-integration spec: state that the CI signing
workflow will automatically sign changed module manifests on PR approval by
detecting changed files via merge-base, performing idempotent commits containing
only signature updates, and ensuring the process runs only after the archive
(marketplace-06-ci-module-signing) completion; mention merge-base detection,
automated signing of changed module manifests, idempotent commits, and that this
purpose replaces the placeholder once archive finalization completes.

In `@openspec/specs/code-review-bug-finding/spec.md`:
- Line 4: Replace the placeholder "TBD" in the Purpose section of the spec
(openspec/specs/code-review-bug-finding/spec.md) with a concise, final Purpose
statement that explains the spec's intent for downstream governance/docs
consumers; locate the Purpose header or the text on line 4 and update it to a
clear description summarizing the proposal/tasks/spec deltas, expected bundle
behavior, CHANGE_ORDER considerations, and how this spec relates to shipped
modules/docs.
- Around line 3-6: Add the required blank-line separation around markdown
headings to satisfy markdownlint MD022: ensure there is a single blank line
before each top-level/sub-heading and after the preceding paragraph or heading —
specifically insert a blank line before "## Purpose", before "## Requirements",
and before "### Requirement: Semgrep bug-finding rules pass" (and likewise add a
blank line after any preceding content) so each heading is separated by an empty
line.

In `@openspec/specs/code-review-tool-dependencies/spec.md`:
- Around line 3-6: Add blank lines before and after each Markdown heading in the
spec (e.g., "## Purpose", "## Requirements", and "### Requirement:
pip_dependencies cover all external review tools") so headings are separated
from surrounding text; update the section blocks to ensure a single blank line
above and below every heading throughout the file to satisfy MD022 and maintain
consistent markdown formatting.
- Line 4: Replace the placeholder Purpose line "TBD - created by archiving
change code-review-bug-finding-and-sidecar-venv-fix. Update Purpose after
archive." with a concise purpose statement describing this spec's intent: assert
completeness of pip_dependencies for required tools and define expected behavior
when tools are unavailable (graceful degradation, clear errors, and
telemetry/logging). Update the Purpose section in
openspec/specs/code-review-tool-dependencies/spec.md to explicitly mention
verifying pip_dependencies completeness and handling tool unavailability, so
reviewers and implementers know the spec goals.

In `@openspec/specs/review-run-command/spec.md`:
- Around line 85-188: Add assertions and new test cases in
test_dogfood_self_review.py to cover the new flags and JSON fields: invoke the
CLI via the existing helper that runs specfact code review run but include flag
combinations like "--bug-hunt --mode shadow --level error --json" and assert
that the parsed JSON includes ReviewRunRequest.bug_hunt == True,
ReviewReport.ci_exit_code == 0 when mode is "shadow" (and the process exitcode
returned by the runner is 0), and that the "findings" list has been pre-filtered
by severity for "--level error"/"--level warning" (e.g., only severity=="error"
for --level error; no "info" items for --level warning) and that score/verdict
are computed from the filtered list; add a focused test that composes flags
"--bug-hunt --mode shadow --json --out report.json" to assert CrossHair uses
bug-hunt timeouts via the same stubbing/mocking used for timeouts in other
tests, and ensure the new assertions reuse existing JSON parsing helpers (the
functions in test_dogfood_self_review.py that read CLI JSON output) so tests
remain consistent with current test harness.

In `@openspec/specs/sidecar-route-extraction/spec.md`:
- Around line 38-42: The scenario "Route count reflects real application routes
only" references a specific external repo "gpt-researcher" and an exact route
count which is too test-specific for the spec; update the spec.md by clarifying
the gpt-researcher mention (e.g., note it is a canonical reference repo used for
validation), or move this scenario into test documentation/TDD_EVIDENCE, or
generalize the wording to an abstract requirement such as "Route count reflects
actual application routes and is not inflated by scanning framework dependencies
(e.g., venv folders)"; ensure the scenario title and description are updated
accordingly so readers know whether this is a canonical example or a test
artifact.
- Around line 3-4: Replace the "TBD" under the Purpose heading with a concrete
statement that explains why the spec excludes ".specfact/" (i.e., to prevent the
sidecar-created virtualenv and workspace artifacts under .specfact/ from being
interpreted as application source during route extraction), mention the risk of
false positives in route discovery and the intended behavior (exclude .specfact/
so only real app files are used), and keep it concise and actionable; update the
Purpose paragraph under the "Purpose" heading to clearly reference ".specfact/"
and route extraction behavior so reviewers know the intent.

In `@packages/specfact-code-review/module-package.yaml`:
- Around line 25-26: The manifest is missing integrity.signature which causes
verify-modules-signature.py (used by pr-orchestrator) to fail; restore the
integrity.signature field in packages/**/module-package.yaml to a valid
signature value for the current payload and, if the payload changed, re-sign the
module (or bump semver per project signing policy) so the signature matches the
checksum and payload; after updating, run verify-modules-signature.py
--payload-from-filesystem --enforce-version-bump to confirm the restored
signature is accepted.

In
`@packages/specfact-code-review/src/specfact_code_review/tools/pylint_runner.py`:
- Around line 98-102: The stdout/stderr truncation logic in run_pylint
(variables out/err using stdout/stderr and the literal 4096) is duplicated;
extract a small helper (e.g., _truncate_text or truncate_output) that takes
(text, max_len=4096) and returns the truncated preview string, then replace the
two duplicated blocks in pylint_runner.py to call that helper for both out and
err (preserve the 4096 default and include the total-chars suffix behavior);
this centralizes the logic, removes duplication, and keeps naming
KISS/DRY-friendly.

In `@tests/unit/scripts/test_docs_site_validation_link_agreement.py`:
- Around line 22-57: The test can accidentally exercise the "missing published
route" path; instead ensure both filesystem and published routes exist but
differ so the function hits the explicit mismatch branch. In
test_hybrid_rejects_repo_relative_when_disk_and_browser_targets_diverge, keep
creating both source and target files but give the target a published permalink
that differs from its filesystem-derived route (so
dsv.resolve_internal_link_hybrid sees a valid pub_target and an fs_target that
are not equal), then assert target is None and err contains the mismatch
diagnostic (referencing resolve_internal_link_hybrid, published_page_route,
raw_link, fs_target and pub_target).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 507dffb4-2321-4447-a22f-c7e1838e02b0

📥 Commits

Reviewing files that changed from the base of the PR and between a839a59 and dc23ce9.

📒 Files selected for processing (56)

• docs/agent-rules/20-repository-context.md
• docs/agent-rules/50-quality-gates-and-review.md
• docs/bundles/code-review/overview.md
• docs/bundles/code-review/run.md
• docs/bundles/codebase/overview.md
• docs/bundles/govern/overview.md
• docs/bundles/project/overview.md
• docs/bundles/spec/overview.md
• docs/modules/code-review.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/.openspec.yaml
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/TDD_EVIDENCE.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/design.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/proposal.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/specs/code-review-bug-finding/spec.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/specs/code-review-tool-dependencies/spec.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/specs/contract-runner/spec.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/specs/review-cli-contracts/spec.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/specs/review-run-command/spec.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/specs/sidecar-route-extraction/spec.md
• openspec/changes/archive/2026-04-16-code-review-bug-finding-and-sidecar-venv-fix/tasks.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/.openspec.yaml
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/CHANGE_VALIDATION.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/TDD_EVIDENCE.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/design.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/proposal.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/specs/agent-governance-loading/spec.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/specs/github-hierarchy-cache/spec.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/.openspec.yaml
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/TDD_EVIDENCE.md
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/design.md
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/proposal.md
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/specs/ci-integration/spec.md
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/specs/ci-module-signing-on-approval/spec.md
• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/bundle-overview-pages/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-command-validation/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-publishing/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-pre-commit-quality-parity/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• openspec/specs/agent-governance-loading/spec.md
• openspec/specs/ci-integration/spec.md
• openspec/specs/ci-module-signing-on-approval/spec.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/specs/code-review-tool-dependencies/spec.md
• openspec/specs/contract-runner/spec.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/review-cli-contracts/spec.md
• openspec/specs/review-run-command/spec.md
• openspec/specs/sidecar-route-extraction/spec.md
• packages/specfact-code-review/module-package.yaml
• packages/specfact-code-review/src/specfact_code_review/tools/pylint_runner.py
• scripts/docs_site_validation.py
• tests/unit/scripts/test_docs_site_validation_link_agreement.py
• tests/unit/specfact_code_review/tools/test_pylint_runner.py

📜 Review details

🧰 Additional context used

📓 Path-based instructions (8)

docs/**/*.md

⚙️ CodeRabbit configuration file

docs/**/*.md: User-facing and cross-site accuracy: Jekyll front matter, links per documentation-url-contract,
CLI examples matching bundled commands.

Files:

• docs/bundles/govern/overview.md
• docs/bundles/spec/overview.md
• docs/bundles/codebase/overview.md
• docs/agent-rules/20-repository-context.md
• docs/bundles/code-review/overview.md
• docs/bundles/project/overview.md
• docs/modules/code-review.md
• docs/agent-rules/50-quality-gates-and-review.md
• docs/bundles/code-review/run.md

openspec/**/*.md

⚙️ CodeRabbit configuration file

openspec/**/*.md: Specification truth: proposal/tasks/spec deltas vs. bundle behavior, CHANGE_ORDER, and
drift vs. shipped modules or docs.

Files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/bundle-overview-pages/spec.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-publishing/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-command-validation/spec.md
• openspec/specs/contract-runner/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/sidecar-route-extraction/spec.md
• openspec/specs/ci-integration/spec.md
• openspec/specs/review-cli-contracts/spec.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/specs/ci-module-signing-on-approval/spec.md
• openspec/specs/review-run-command/spec.md
• openspec/specs/code-review-tool-dependencies/spec.md
• openspec/specs/agent-governance-loading/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-pre-commit-quality-parity/spec.md

docs/agent-rules/**/*.md

📄 CodeRabbit inference engine (.cursorrules)

Load docs/agent-rules/INDEX.md and canonical rule files selected by its applicability matrix

Files:

• docs/agent-rules/20-repository-context.md
• docs/agent-rules/50-quality-gates-and-review.md

packages/**/module-package.yaml

⚙️ CodeRabbit configuration file

packages/**/module-package.yaml: Validate metadata: name, version, commands, dependencies, and parity with packaged src.
Call out semver and signing implications when manifests or payloads change.

Files:

• packages/specfact-code-review/module-package.yaml

**/*.{js,ts,tsx,jsx,py,java,cs,go,rb,php,cpp,c,h}

📄 CodeRabbit inference engine (CLAUDE.md)

Preserve the clean-code compliance gate and its category references (naming, kiss, yagni, dry, and solid)

Files:

• scripts/docs_site_validation.py
• packages/specfact-code-review/src/specfact_code_review/tools/pylint_runner.py
• tests/unit/specfact_code_review/tools/test_pylint_runner.py
• tests/unit/scripts/test_docs_site_validation_link_agreement.py

scripts/**/*.py

⚙️ CodeRabbit configuration file

scripts/**/*.py: Deterministic tooling: signing, publishing, docs generation; subprocess and path safety.

Files:

• scripts/docs_site_validation.py

packages/**/src/**/*.py

⚙️ CodeRabbit configuration file

packages/**/src/**/*.py: Focus on adapter and bridge patterns: imports from specfact_cli (models, runtime, validators),
Typer/Rich command surfaces, and clear boundaries so core upgrades do not silently break bundles.
Flag breaking assumptions about registry loading, lazy imports, and environment/mode behavior.

Files:

• packages/specfact-code-review/src/specfact_code_review/tools/pylint_runner.py

tests/**/*.py

⚙️ CodeRabbit configuration file

tests/**/*.py: Contract-first and integration tests: migration suites, bundle validation, and flakiness.
Ensure changes to adapters or bridges have targeted coverage.

Files:

• tests/unit/specfact_code_review/tools/test_pylint_runner.py
• tests/unit/scripts/test_docs_site_validation_link_agreement.py

🧠 Learnings (28)

📓 Common learnings

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .cursorrules:0-0
Timestamp: 2026-04-13T10:38:15.855Z
Learning: Adhere to worktree policy, OpenSpec gating, GitHub hierarchy-cache refresh, TDD order, quality gates, versioning, and documentation rules as defined in `docs/agent-rules/`

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: Treat canonical rule docs (docs/agent-rules/INDEX.md) as the source of truth for worktree policy, OpenSpec gating, GitHub completeness checks, TDD order, quality gates, versioning, and documentation rules

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: This repository enforces the clean-code review gate through hatch run specfact code review run --json --out .specfact/code-review.json

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Fix SpecFact code review findings, including warnings, unless a rare explicit exception is documented

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: When a change is paired with work in specfact-cli, review the paired public change artifacts there before widening scope or redefining shared workflow semantics

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Work belongs on feature/*, bugfix/*, hotfix/*, or chore/* branches, normally in a worktree rooted under ../specfact-cli-modules-worktrees/

Learnt from: djm81
Repo: nold-ai/specfact-cli-modules PR: 136
File: registry/modules/specfact-spec-0.40.17.tar.gz.sha256:1-1
Timestamp: 2026-04-02T21:49:11.371Z
Learning: In nold-ai/specfact-cli-modules, module tarball signatures (registry/signatures/*.tar.sig) are generated by the `publish-modules` GitHub Actions runner during the publish workflow, not committed locally to the branch. Missing signature files should NOT be flagged as a pre-merge blocker in PRs.

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: This repository enforces the clean-code review gate through hatch run specfact code review run --json --out .specfact/code-review.json

Applied to files:

• docs/bundles/codebase/overview.md
• docs/agent-rules/20-repository-context.md
• docs/bundles/code-review/overview.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/modules/code-review.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• openspec/specs/github-hierarchy-cache/spec.md
• packages/specfact-code-review/module-package.yaml
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/review-cli-contracts/spec.md
• docs/bundles/code-review/run.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/specs/review-run-command/spec.md
• openspec/specs/code-review-tool-dependencies/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Treat the clean-code compliance gate as mandatory: the review surface enforces `naming`, `kiss`, `yagni`, `dry`, and `solid` categories and blocks regressions

Applied to files:

• docs/bundles/codebase/overview.md
• docs/bundles/code-review/overview.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/review-cli-contracts/spec.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-pre-commit-quality-parity/spec.md

📚 Learning: 2026-04-02T21:49:11.371Z

Learnt from: djm81
Repo: nold-ai/specfact-cli-modules PR: 136
File: registry/modules/specfact-spec-0.40.17.tar.gz.sha256:1-1
Timestamp: 2026-04-02T21:49:11.371Z
Learning: In nold-ai/specfact-cli-modules, module tarball signatures (registry/signatures/*.tar.sig) are generated by the `publish-modules` GitHub Actions runner during the publish workflow, not committed locally to the branch. Missing signature files should NOT be flagged as a pre-merge blocker in PRs.

Applied to files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-publishing/spec.md
• packages/specfact-code-review/module-package.yaml
• openspec/specs/ci-integration/spec.md
• openspec/specs/ci-module-signing-on-approval/spec.md

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Signed module or manifest changes require version-bump review and verify-modules-signature

Applied to files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/bundle-overview-pages/spec.md
• docs/agent-rules/50-quality-gates-and-review.md
• packages/specfact-code-review/module-package.yaml
• openspec/specs/ci-integration/spec.md
• openspec/specs/ci-module-signing-on-approval/spec.md

📚 Learning: 2026-04-13T10:38:29.399Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: When a change is paired with work in specfact-cli, review the paired public change artifacts there before widening scope or redefining shared workflow semantics

Applied to files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• docs/bundles/code-review/overview.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/modules/code-review.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• openspec/specs/contract-runner/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/review-cli-contracts/spec.md
• docs/bundles/code-review/run.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/specs/ci-module-signing-on-approval/spec.md
• openspec/specs/review-run-command/spec.md
• openspec/specs/code-review-tool-dependencies/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Enforce module signatures and version bumps when signed module assets or manifests are affected

Applied to files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/specs/ci-integration/spec.md
• openspec/specs/ci-module-signing-on-approval/spec.md

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Work belongs on feature/*, bugfix/*, hotfix/*, or chore/* branches, normally in a worktree rooted under ../specfact-cli-modules-worktrees/

Applied to files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/bundles/project/overview.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/specs/github-hierarchy-cache/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Perform `spec -> tests -> failing evidence -> code -> passing evidence` in that order for behavior changes

Applied to files:

• openspec/changes/archive/2026-04-16-marketplace-06-ci-module-signing/tasks.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/review-cli-contracts/spec.md

📚 Learning: 2026-04-13T10:38:15.855Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .cursorrules:0-0
Timestamp: 2026-04-13T10:38:15.855Z
Learning: Adhere to worktree policy, OpenSpec gating, GitHub hierarchy-cache refresh, TDD order, quality gates, versioning, and documentation rules as defined in `docs/agent-rules/`

Applied to files:

• docs/agent-rules/20-repository-context.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-publishing/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/specs/agent-governance-loading/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-pre-commit-quality-parity/spec.md

📚 Learning: 2026-04-13T10:38:29.399Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: Treat canonical rule docs (docs/agent-rules/INDEX.md) as the source of truth for worktree policy, OpenSpec gating, GitHub completeness checks, TDD order, quality gates, versioning, and documentation rules

Applied to files:

• docs/agent-rules/20-repository-context.md
• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-docs-publishing/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-pre-commit-quality-parity/spec.md

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Full governance rules live in docs/agent-rules/; do not treat this file (GitHub Copilot Instructions) as a complete standalone handbook

Applied to files:

• docs/agent-rules/20-repository-context.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Read docs/agent-rules/INDEX.md to understand the applicability matrix for additional rule files

Applied to files:

• docs/agent-rules/20-repository-context.md
• docs/agent-rules/50-quality-gates-and-review.md

📚 Learning: 2026-04-13T10:38:15.855Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .cursorrules:0-0
Timestamp: 2026-04-13T10:38:15.855Z
Learning: Applies to docs/agent-rules/**/*.md : Load `docs/agent-rules/INDEX.md` and canonical rule files selected by its applicability matrix

Applied to files:

• docs/agent-rules/20-repository-context.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Use docs/agent-rules/INDEX.md as the canonical governance dispatcher for governance rules

Applied to files:

• docs/agent-rules/20-repository-context.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Read docs/agent-rules/05-non-negotiable-checklist.md before implementation

Applied to files:

• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/agent-rules/50-quality-gates-and-review.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Read AGENTS.md as the mandatory bootstrap governance surface for coding agents working in this repository

Applied to files:

• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Run the required verification and quality gates for the touched scope before finalization

Applied to files:

• openspec/changes/archive/2026-04-16-governance-04-deterministic-agent-governance-loading/tasks.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Fix SpecFact code review findings, including warnings, unless a rare explicit exception is documented

Applied to files:

• docs/modules/code-review.md
• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/review-run-command/spec.md
• packages/specfact-code-review/module-package.yaml
• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md
• openspec/specs/review-cli-contracts/spec.md
• openspec/specs/code-review-bug-finding/spec.md
• openspec/specs/review-run-command/spec.md
• openspec/specs/code-review-tool-dependencies/spec.md

📚 Learning: 2026-04-13T10:38:29.399Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: Applies to **/*.{js,ts,tsx,jsx,py,java,cs,go,rb,php,cpp,c,h} : Preserve the clean-code compliance gate and its category references (naming, kiss, yagni, dry, and solid)

Applied to files:

• docs/agent-rules/50-quality-gates-and-review.md
• openspec/changes/docs-15-code-review-validation-guardrails/specs/modules-pre-commit-quality-parity/spec.md

📚 Learning: 2026-04-13T10:38:29.399Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: Treat clean-code regressions (naming, kiss, yagni, dry, solid violations) as blocking until they are fixed or explicitly justified

Applied to files:

• docs/agent-rules/50-quality-gates-and-review.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: If GitHub hierarchy metadata is needed and `.specfact/backlog/github_hierarchy_cache.md` is missing or stale, refresh it with `python scripts/sync_github_hierarchy_cache.py`

Applied to files:

• openspec/specs/github-hierarchy-cache/spec.md

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Refresh .specfact/backlog/github_hierarchy_cache.md with python scripts/sync_github_hierarchy_cache.py when GitHub hierarchy metadata is missing or stale before parent or blocker work

Applied to files:

• openspec/specs/github-hierarchy-cache/spec.md

📚 Learning: 2026-04-13T10:38:29.399Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-13T10:38:29.399Z
Learning: Follow AGENTS.md as the primary bootstrap contract, then load the canonical governance docs in docs/agent-rules/INDEX.md

Applied to files:

• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:15.855Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .cursorrules:0-0
Timestamp: 2026-04-13T10:38:15.855Z
Learning: Applies to AGENTS.md : Follow `AGENTS.md` as the mandatory bootstrap contract

Applied to files:

• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:22.848Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-13T10:38:22.848Z
Learning: Use AGENTS.md as the mandatory bootstrap surface for understanding agent responsibilities and configurations

Applied to files:

• openspec/specs/github-hierarchy-cache/spec.md
• openspec/specs/agent-governance-loading/spec.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Finalize completed OpenSpec changes with `openspec archive <change-id>` and do not manually move change folders under `openspec/changes/archive/`

Applied to files:

• openspec/changes/docs-15-code-review-validation-guardrails/TDD_EVIDENCE.md

📚 Learning: 2026-04-13T10:38:43.535Z

Learnt from: CR
Repo: nold-ai/specfact-cli-modules PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-04-13T10:38:43.535Z
Learning: Load additional rule files required by the applicability matrix in docs/agent-rules/INDEX.md before implementation

Applied to files:

• openspec/specs/agent-governance-loading/spec.md

🪛 GitHub Actions: pr-orchestrator

packages/specfact-code-review/module-package.yaml

[error] 1-1: Module signature verification failed: missing integrity.signature (command: python scripts/verify-modules-signature.py --payload-from-filesystem --enforce-version-bump)

🪛 LanguageTool

openspec/specs/agent-governance-loading/spec.md

[uncategorized] ~114-~114: The official name of this software platform is spelled with a capital “H”.
Context: ...ce such as CLAUDE.md, .cursorrules, .github/copilot-instructions.md, or generated ...

(GITHUB)

🪛 markdownlint-cli2 (0.22.0)

openspec/specs/ci-integration/spec.md

[warning] 3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

openspec/specs/code-review-bug-finding/spec.md

[warning] 3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

openspec/specs/ci-module-signing-on-approval/spec.md

[warning] 3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

openspec/specs/code-review-tool-dependencies/spec.md

[warning] 3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

openspec/specs/agent-governance-loading/spec.md

[warning] 3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

---

[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

🔀 Multi-repo context nold-ai/specfact-cli

nold-ai/specfact-cli

• CLI wiring / callers of the documented command:

  • scripts/pre_commit_code_review.py — builds and runs nested specfact code review run --json --out .specfact/code-review.json (calls the documented invocation). [::nold-ai/specfact-cli::scripts/pre_commit_code_review.py:93,173,210,272,277]
  • docs and README references to the command (many locations updated to include --bug-hunt in docs): docs/modules/code-review.md, docs/agent-rules/20-repository-context.md, docs/agent-rules/50-quality-gates-and-review.md, README.md, docs/_support/*. [::nold-ai/specfact-cli::docs/modules/code-review.md][::nold-ai/specfact-cli::docs/agent-rules/20-repository-context.md][::nold-ai/specfact-cli::docs/agent-rules/50-quality-gates-and-review.md][::nold-ai/specfact-cli::README.md][::nold-ai/specfact-cli::docs/_support/readme-first-contact/capture-metadata.txt]

• Tests and dogfood evidence that exercise/expect specfact code review run behavior (may need to account for --bug-hunt semantics / JSON output changes):

  • tests/unit/specfact_cli/test_dogfood_self_review.py — uses helper to run the review and asserts overall_verdict. [::nold-ai/specfact-cli::tests/unit/specfact_cli/test_dogfood_self_review.py:26,59,72]
  • tests/e2e/test_wow_entrypoint.py and various openspec TDD_EVIDENCE files reference running the command and expecting JSON reports. [::nold-ai/specfact-cli::tests/e2e/test_wow_entrypoint.py][::nold-ai/specfact-cli::openspec/changes/**/TDD_EVIDENCE.md]

• Pylint runner / spec interactions:

  • openspec specs and archive references to run_pylint / pylint_runner indicate expected behavior/contract for run_pylint (including mapping and error reporting). Changes in packages/specfact-code-review (pylint_runner) affect these contracts. [::nold-ai/specfact-cli::openspec/specs/pylint-runner/spec.md][::nold-ai/specfact-cli::openspec/changes/archive/*/TDD_EVIDENCE.md]
  • tests/unit/specfact_code_review/tools/test_pylint_runner.py added/strengthened — ensure the new coercion and tool_error behaviors align with consumers that parse specfact code review run --json output. [::nold-ai/specfact-cli::tests/unit/specfact_code_review/tools/test_pylint_runner.py]

• Config/specs that explicitly require/describe the new --bug-hunt flag and its behavior (timeouts, compatibility with other flags):

  • openspec/specs/review-run-command/spec.md and openspec/specs/code-review-bug-finding/spec.md define --bug-hunt semantics and the additional Semgrep bug-finding pass; documentation changes in this PR align with those specs and will affect any integration tests or CI that expect the flag to be honored. [::nold-ai/specfact-cli::openspec/specs/review-run-command/spec.md][::nold-ai/specfact-cli::openspec/specs/code-review-bug-finding/spec.md]

• Docs site validation / link-resolution changes:

  • scripts/docs_site_validation.py and its new tests (tests/unit/scripts/test_docs_site_validation_link_agreement.py) change link-resolution semantics for /bundles/ pages when .. traversal appears; any tooling or CI that depends on legacy filesystem-first behavior for bundle-scoped pages may be affected. [::nold-ai/specfact-cli::scripts/docs_site_validation.py][::nold-ai/specfact-cli::tests/unit/scripts/test_docs_site_validation_link_agreement.py]

Reflection: the repo contains multiple consumers (pre-commit helper, tests, docs, openspec contracts) that reference or depend on specfact code review run behavior and on the pylint runner contracts. The PR's doc-only changes (adding --bug-hunt to examples) are consistent with spec additions, but the code-level pylint_runner changes and test updates in the specfact-code-review package (mentioned in the PR) are relevant to this repo because tests, docs, and pre-commit hooks expect consistent JSON output and tool-error semantics.