chore: update rhiza to v1.1.1#10
Conversation
📝 WalkthroughWalkthroughThis PR syncs the repository to the upstream Rhiza template v1.1.1, updating GitHub workflows (version bumps, permission hardening, new fuzzing/mutation/scorecard workflows), Makefile targets, shell completion caching, Claude command runbooks, test scaffolding, lint/config files, and changelog tooling. It also adds explicit return type annotations across several pycharting source files. ChangesRhiza Template Sync
Estimated code review effort: 4 (Complex) | ~60 minutes Return Type Annotation Cleanup
Estimated code review effort: 1 (Trivial) | ~5 minutes Possibly related issues
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Updates the repository’s synced Rhiza template from v0.18.8 to v1.1.1 and applies the upstream template changes across workflows, Makefile targets, lint configuration, and the bundled Rhiza test suite, plus a few mechanical Python typing tweaks in locally-owned code.
Changes:
- Bump Rhiza template pin to
v1.1.1and refresh.rhiza/template.lock/template-managed files. - Update tooling/config: stricter Ruff selections, pytest configuration, Make targets using
uv run --with …, and addgit-cliffconfig/Make target for changelog generation. - Add/update Rhiza GitHub Actions reusable-workflow stubs (incl. Scorecard/Mutation/Fuzzing) and refresh
.rhiza/testslayout.
Reviewed changes
Copilot reviewed 71 out of 76 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/pycharting/data/ingestion.py | Removes redundant pass and adds __init__ return annotation. |
| src/pycharting/core/server.py | Adds return annotation to the FastAPI root endpoint. |
| src/pycharting/core/lifecycle.py | Adds return annotations to controller methods and websocket handler. |
| src/pycharting/api/interface.py | Adds return annotations to exported helpers / notebook repr. |
| ruff.toml | Enables additional lint families and refines per-file ignores. |
| pytest.ini | Adds .rhiza/tests to pythonpath, tweaks live logging defaults, adds warning filter. |
| Makefile | Updates mkdocs extra packages override. |
| docs/index.md | Removes trailing blank line. |
| docs/development/TESTS.md | Documents opting into live pytest CLI logs; updates dependency provisioning guidance. |
| demo.py | Adds return annotations to CLI entrypoints. |
| cliff.toml | Adds git-cliff configuration for changelog generation. |
| .rhiza/utils/suppression_audit.py | Removes legacy suppression-audit implementation (now delegated to rhiza-tools). |
| .rhiza/utils/pip_audit_policy.py | Removes legacy pip-audit policy script (now delegated to rhiza-tools). |
| .rhiza/tests/test_readme_validation.py | Adds synced README code-block validation tests. |
| .rhiza/tests/test_pyproject.py | Adjusts fixtures (scope changes) per upstream test suite. |
| .rhiza/tests/test_git_repo_fixture.py | Adds synced self-tests for the git_repo fixture. |
| .rhiza/tests/test_docstrings.py | Adds doctest-based docstring validation across modules. |
| .rhiza/tests/sync/conftest.py | Removes legacy sync-test environment conftest. |
| .rhiza/tests/structure/test_requirements.py | Removes legacy requirements-structure tests. |
| .rhiza/tests/structure/test_project_layout.py | Removes legacy project-layout tests. |
| .rhiza/tests/stress/README.md | Updates stress test documentation links/layout. |
| .rhiza/tests/shell/test_scripts.sh | Removes legacy shell-script test runner. |
| .rhiza/tests/README.md | Updates Rhiza test-suite README to new flat layout and guidance. |
| .rhiza/tests/integration/test_virtual_env_unexport.py | Removes legacy integration test. |
| .rhiza/tests/integration/test_test_mk.py | Removes legacy integration test. |
| .rhiza/tests/integration/test_docs_targets.py | Removes legacy integration test. |
| .rhiza/tests/integration/test_book_targets.py | Removes legacy integration tests. |
| .rhiza/tests/conftest.py | Removes sys.path manipulation (relies on pytest pythonpath). |
| .rhiza/tests/api/test_makefile_targets.py | Removes legacy API tests directory. |
| .rhiza/tests/api/test_makefile_api.py | Removes legacy API tests directory. |
| .rhiza/tests/api/test_make_variable_overrides.py | Removes legacy API tests directory. |
| .rhiza/tests/api/test_github_targets.py | Removes legacy API tests directory. |
| .rhiza/tests/api/conftest.py | Removes legacy API tests conftest. |
| .rhiza/template.yml | Bumps template ref to v1.1.1. |
| .rhiza/template.lock | Updates synced file manifest and lock metadata for v1.1.1. |
| .rhiza/rhiza.mk | Adds Windows POSIX-shell guard, defaults for env vars, updates rhiza-test provisioning, tweaks ci-os-matrix printing. |
| .rhiza/requirements/tools.txt | Removes legacy requirements file (tooling now provisioned via uv run --with). |
| .rhiza/requirements/tests.txt | Removes legacy requirements file. |
| .rhiza/requirements/README.md | Removes legacy requirements docs. |
| .rhiza/requirements/marimo.txt | Removes legacy requirements file. |
| .rhiza/requirements/docs.txt | Removes legacy requirements file. |
| .rhiza/make.d/test.mk | Refactors test/typecheck/security/docs-coverage targets; adds retry-on-exit-3 logic; provisions tools via uv run --with. |
| .rhiza/make.d/releasing.mk | Updates release/bump flags; adds changelog target. |
| .rhiza/make.d/quality.mk | Refactors deptry/suppression-audit to bundle-contributed folders and rhiza-tools. |
| .rhiza/make.d/marimo.mk | Contributes marimo folder to deptry scan and ignores DEP004. |
| .rhiza/make.d/github.mk | Adds GitHub helper targets (gh CLI helpers). |
| .rhiza/make.d/bootstrap.mk | Adjusts uv sync semantics and pre-commit hook install; improves clean branch-prune safety. |
| .rhiza/make.d/book.mk | Provisions marimo on-demand for notebook export. |
| .rhiza/completions/rhiza-completion.zsh | Adds caching for faster target discovery. |
| .rhiza/completions/rhiza-completion.bash | Adds caching for faster target discovery. |
| .rhiza/completions/README.md | Updates docs to reflect cached completion behavior. |
| .rhiza/.rhiza-version | Bumps pinned Rhiza tool version. |
| .rhiza/.env | Adds documented defaults and sets repo-specific values. |
| .rhiza/.cfg.toml | Adds bumpversion rule for reusable workflow stubs in bundles. |
| .pre-commit-config.yaml | Pins node runtime for hooks; bumps hook revisions; adds betterleaks hook. |
| .github/workflows/rhiza_weekly.yml | Bumps reusable workflow pin to v1.1.1. |
| .github/workflows/rhiza_sync.yml | Bumps reusable workflow pin; adjusts permissions model (job-level permissions). |
| .github/workflows/rhiza_scorecard.yml | Adds Scorecard workflow stub. |
| .github/workflows/rhiza_release.yml | Updates permissions/concurrency and release asset staging; updates action pins. |
| .github/workflows/rhiza_mutation.yml | Adds opt-in mutation workflow stub. |
| .github/workflows/rhiza_marimo.yml | Bumps reusable workflow pin to v1.1.1. |
| .github/workflows/rhiza_fuzzing.yml | Adds fuzzing workflow stub. |
| .github/workflows/rhiza_codeql.yml | Bumps reusable workflow pin; moves permissions to job-level. |
| .github/workflows/rhiza_ci.yml | Bumps reusable workflow pin; adds documentation about Python matrix source. |
| .github/workflows/rhiza_book.yml | Bumps reusable workflow pin; broadens trigger; adjusts permissions. |
| .github/workflows/rhiza_benchmark.yml | Bumps reusable workflow pin to v1.1.1. |
| .github/rulesets/main-branch-protection.json | Adds a branch protection ruleset JSON definition. |
| .github/pull_request_template.md | Adds a changelog checklist item. |
| .github/DISCUSSION_TEMPLATE/ideas.yml | Adds discussion template for ideas. |
| .github/DISCUSSION_TEMPLATE/help-wanted.yml | Adds discussion template for help-wanted posts. |
| .github/dependabot.yml | Normalizes whitespace. |
| .github/CONFIG.md | Documents required/optional secrets for Rhiza workflows (notably PAT_TOKEN). |
| .claude/commands/rhiza_update.md | Adds synced Claude command docs for template updates. |
| .claude/commands/rhiza_release.md | Adds synced Claude command docs for releasing. |
| .claude/commands/rhiza_quality.md | Adds synced Claude command docs for quality assessment. |
| .claude/commands/rhiza_book.md | Adds synced Claude command docs for building the docs book. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # .rhiza/.env — project-local environment overrides (optional) | ||
| # | ||
| # This file is optional. If absent, rhiza.mk falls back to built-in defaults: | ||
| # SOURCE_FOLDER = src | ||
| # MARIMO_FOLDER = docs/notebooks | ||
| # RHIZA_CI_OS_MATRIX = ["ubuntu-latest"] | ||
| # | ||
| # Add or uncomment only the variables you want to override. | ||
| # Variables defined here are exported to all Make recipes. | ||
|
|
||
| # .rhiza/.env — project-local environment overrides (optional) | ||
| # | ||
| # This file is optional. If absent, rhiza.mk falls back to built-in defaults: | ||
| # SOURCE_FOLDER = src | ||
| # MARIMO_FOLDER = docs/notebooks | ||
| # RHIZA_CI_OS_MATRIX = ["ubuntu-latest"] | ||
| # | ||
| # Add or uncomment only the variables you want to override. | ||
| # Variables defined here are exported to all Make recipes. | ||
|
|
| # SLF: private-member access is needed in tests; too coarse to enable repo-wide | ||
| # TCH/TID: no typing-only import cycles or import-tidiness issues at this size | ||
| # RSE: raise micro-style; TRY covers the error-prone patterns | ||
| # NPY/PD: no NumPy/pandas runtime code in this repository |
| [[tool.bumpversion.files]] | ||
| glob = "bundles/**/.github/workflows/*.yml" | ||
| regex = true | ||
| search = "(jebel-quant/rhiza/[^@\\s]+)@v\\d+\\.\\d+\\.\\d+" | ||
| replace = "\\1@v{new_version}" | ||
| ignore_missing_version = true | ||
|
|
||
| # Keep the reusable-workflow stubs in the bundles pinned to the current release. | ||
| # These stubs are synced into downstream repos and must reference an existing tag. | ||
| # The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites | ||
| # the pin from ANY prior version (not just {current_version}) — this prevents silent | ||
| # drift if a stub was left behind — while leaving third-party action pins | ||
| # (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched. | ||
| # This block ships verbatim in the synced downstream .cfg.toml; there it is a | ||
| # harmless no-op because a downstream repo has no bundles/ tree (the glob matches | ||
| # nothing and bump-my-version skips it). | ||
| [[tool.bumpversion.files]] | ||
| glob = "bundles/**/.github/workflows/*.yml" | ||
| regex = true | ||
| search = "(jebel-quant/rhiza/[^@\\s]+)@v\\d+\\.\\d+\\.\\d+" | ||
| replace = "\\1@v{new_version}" | ||
| ignore_missing_version = true |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.claude/commands/rhiza_book.md:
- Around line 29-31: The markdown snippet in the command docs is an unlabeled
fenced code block, which triggers MD040. Update the fence used around the
http.server command in the relevant docs section to include a shell/bash
language label, and keep the rest of the snippet unchanged so the markdown stays
lint-clean.
In @.github/workflows/rhiza_book.yml:
- Around line 9-12: The reusable workflow is inheriting deploy credentials and
Pages permissions for every push, even on non-deploy branches. Update the
workflow so the secret/permission surface is only enabled on the deploy path,
using the existing branch/deploy gating in the reusable workflow logic, and keep
the non-default-branch artifact build path without `pages: write`, `id-token:
write`, or unnecessary secrets. Use the workflow/job wiring around the reusable
invocation in `rhiza_book.yml` to scope credentials based on the deploy-only
condition.
In @.rhiza/.cfg.toml:
- Around line 35-66: Remove the duplicated tool.bumpversion.files entry in the
.cfg.toml config so only one reusable-workflow pinning block remains. Keep the
single canonical block with the existing glob, regex, search, replace, and
ignore_missing_version settings, and delete the repeated copy so bump-my-version
only processes the bundles/**/.github/workflows/*.yml pattern once.
In @.rhiza/make.d/test.mk:
- Around line 101-106: The `both` branch in `.rhiza/make.d/test.mk` is chaining
`ty check` and `mypy --strict` incorrectly, so a `ty` failure can be hidden if
`mypy` succeeds. Update the `both)` case in the typecheck recipe so `mypy` runs
only after `ty` passes by chaining the two commands with `&&` around the
`printf` and `UV_BIN` invocations, ensuring the branch exits non-zero when
either checker fails.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e1ac2f17-fa56-44f9-a707-3daa7e07f3b8
⛔ Files ignored due to path filters (1)
.rhiza/template.lockis excluded by!**/*.lock
📒 Files selected for processing (75)
.claude/commands/rhiza_book.md.claude/commands/rhiza_quality.md.claude/commands/rhiza_release.md.claude/commands/rhiza_update.md.github/CONFIG.md.github/DISCUSSION_TEMPLATE/help-wanted.yml.github/DISCUSSION_TEMPLATE/ideas.yml.github/dependabot.yml.github/pull_request_template.md.github/rulesets/main-branch-protection.json.github/workflows/rhiza_benchmark.yml.github/workflows/rhiza_book.yml.github/workflows/rhiza_ci.yml.github/workflows/rhiza_codeql.yml.github/workflows/rhiza_fuzzing.yml.github/workflows/rhiza_marimo.yml.github/workflows/rhiza_mutation.yml.github/workflows/rhiza_release.yml.github/workflows/rhiza_scorecard.yml.github/workflows/rhiza_sync.yml.github/workflows/rhiza_weekly.yml.pre-commit-config.yaml.rhiza/.cfg.toml.rhiza/.env.rhiza/.rhiza-version.rhiza/completions/README.md.rhiza/completions/rhiza-completion.bash.rhiza/completions/rhiza-completion.zsh.rhiza/make.d/book.mk.rhiza/make.d/bootstrap.mk.rhiza/make.d/github.mk.rhiza/make.d/marimo.mk.rhiza/make.d/quality.mk.rhiza/make.d/releasing.mk.rhiza/make.d/test.mk.rhiza/requirements/README.md.rhiza/requirements/docs.txt.rhiza/requirements/marimo.txt.rhiza/requirements/tests.txt.rhiza/requirements/tools.txt.rhiza/rhiza.mk.rhiza/template.yml.rhiza/tests/README.md.rhiza/tests/api/conftest.py.rhiza/tests/api/test_github_targets.py.rhiza/tests/api/test_make_variable_overrides.py.rhiza/tests/api/test_makefile_api.py.rhiza/tests/api/test_makefile_targets.py.rhiza/tests/conftest.py.rhiza/tests/integration/test_book_targets.py.rhiza/tests/integration/test_docs_targets.py.rhiza/tests/integration/test_test_mk.py.rhiza/tests/integration/test_virtual_env_unexport.py.rhiza/tests/shell/test_scripts.sh.rhiza/tests/stress/README.md.rhiza/tests/structure/test_project_layout.py.rhiza/tests/structure/test_requirements.py.rhiza/tests/sync/conftest.py.rhiza/tests/test_docstrings.py.rhiza/tests/test_git_repo_fixture.py.rhiza/tests/test_pyproject.py.rhiza/tests/test_readme_validation.py.rhiza/utils/pip_audit_policy.py.rhiza/utils/suppression_audit.pyMakefilecliff.tomldemo.pydocs/development/TESTS.mddocs/index.mdpytest.iniruff.tomlsrc/pycharting/api/interface.pysrc/pycharting/core/lifecycle.pysrc/pycharting/core/server.pysrc/pycharting/data/ingestion.py
💤 Files with no reviewable changes (22)
- .rhiza/tests/integration/test_book_targets.py
- .rhiza/tests/structure/test_project_layout.py
- .rhiza/requirements/tests.txt
- .rhiza/requirements/tools.txt
- .rhiza/requirements/docs.txt
- .rhiza/tests/structure/test_requirements.py
- .rhiza/utils/pip_audit_policy.py
- .rhiza/tests/api/test_github_targets.py
- .rhiza/tests/integration/test_docs_targets.py
- .rhiza/tests/shell/test_scripts.sh
- .rhiza/tests/integration/test_virtual_env_unexport.py
- docs/index.md
- .rhiza/requirements/README.md
- .rhiza/tests/api/test_makefile_targets.py
- .rhiza/tests/integration/test_test_mk.py
- .rhiza/tests/api/test_make_variable_overrides.py
- .rhiza/requirements/marimo.txt
- .rhiza/tests/api/conftest.py
- .rhiza/utils/suppression_audit.py
- .rhiza/tests/stress/README.md
- .rhiza/tests/sync/conftest.py
- .rhiza/tests/api/test_makefile_api.py
| ``` | ||
| (cd _book && uv run python -m http.server 8000) | ||
| ``` |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Label the shell snippet fence.
This block is unlabeled, so markdownlint will flag it (MD040). Mark it as shell/bash to keep the docs lint-clean.
Fix
- ```
+ ```shell📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ``` | |
| (cd _book && uv run python -m http.server 8000) | |
| ``` |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 29-29: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.claude/commands/rhiza_book.md around lines 29 - 31, The markdown snippet in
the command docs is an unlabeled fenced code block, which triggers MD040. Update
the fence used around the http.server command in the relevant docs section to
include a shell/bash language label, and keep the rest of the snippet unchanged
so the markdown stays lint-clean.
Source: Linters/SAST tools
| # Trigger: This workflow runs on every push (any branch), so every commit | ||
| # validates that the book still builds. The reusable workflow deploys | ||
| # to GitHub Pages only from the repository's default branch and never | ||
| # from a fork; other branches build and upload an artifact only. |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Scope the reusable-workflow credentials to the deploy path.
This now runs on every branch push, but still inherits all secrets and grants pages: write/id-token: write unconditionally. That gives non-deploy branches the same credential surface as the publish path.
Also applies to: 25-38
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/rhiza_book.yml around lines 9 - 12, The reusable workflow
is inheriting deploy credentials and Pages permissions for every push, even on
non-deploy branches. Update the workflow so the secret/permission surface is
only enabled on the deploy path, using the existing branch/deploy gating in the
reusable workflow logic, and keep the non-default-branch artifact build path
without `pages: write`, `id-token: write`, or unnecessary secrets. Use the
workflow/job wiring around the reusable invocation in `rhiza_book.yml` to scope
credentials based on the deploy-only condition.
Source: Linters/SAST tools
|
|
||
| # Keep the reusable-workflow stubs in the bundles pinned to the current release. | ||
| # These stubs are synced into downstream repos and must reference an existing tag. | ||
| # The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites | ||
| # the pin from ANY prior version (not just {current_version}) — this prevents silent | ||
| # drift if a stub was left behind — while leaving third-party action pins | ||
| # (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched. | ||
| # This block ships verbatim in the synced downstream .cfg.toml; there it is a | ||
| # harmless no-op because a downstream repo has no bundles/ tree (the glob matches | ||
| # nothing and bump-my-version skips it). | ||
| [[tool.bumpversion.files]] | ||
| glob = "bundles/**/.github/workflows/*.yml" | ||
| regex = true | ||
| search = "(jebel-quant/rhiza/[^@\\s]+)@v\\d+\\.\\d+\\.\\d+" | ||
| replace = "\\1@v{new_version}" | ||
| ignore_missing_version = true | ||
|
|
||
| # Keep the reusable-workflow stubs in the bundles pinned to the current release. | ||
| # These stubs are synced into downstream repos and must reference an existing tag. | ||
| # The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites | ||
| # the pin from ANY prior version (not just {current_version}) — this prevents silent | ||
| # drift if a stub was left behind — while leaving third-party action pins | ||
| # (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched. | ||
| # This block ships verbatim in the synced downstream .cfg.toml; there it is a | ||
| # harmless no-op because a downstream repo has no bundles/ tree (the glob matches | ||
| # nothing and bump-my-version skips it). | ||
| [[tool.bumpversion.files]] | ||
| glob = "bundles/**/.github/workflows/*.yml" | ||
| regex = true | ||
| search = "(jebel-quant/rhiza/[^@\\s]+)@v\\d+\\.\\d+\\.\\d+" | ||
| replace = "\\1@v{new_version}" | ||
| ignore_missing_version = true |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Remove the duplicate [[tool.bumpversion.files]] block.
Lines 35–50 and 52–66 are identical: same comments, same glob, regex, search, replace, and ignore_missing_version. Having two copies means bump-my-version processes the same glob twice (the second pass is a silent no-op since ignore_missing_version = true), but it creates a maintenance hazard if one copy is edited and the other drifts.
♻️ Remove the duplicate block
# This block ships verbatim in the synced downstream .cfg.toml; there it is a
# harmless no-op because a downstream repo has no bundles/ tree (the glob matches
# nothing and bump-my-version skips it).
[[tool.bumpversion.files]]
glob = "bundles/**/.github/workflows/*.yml"
regex = true
search = "(jebel-quant/rhiza/[^@\\s]+)`@v`\\d+\\.\\d+\\.\\d+"
replace = "\\1@v{new_version}"
ignore_missing_version = true
-
-# Keep the reusable-workflow stubs in the bundles pinned to the current release.
-# These stubs are synced into downstream repos and must reference an existing tag.
-# The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites
-# the pin from ANY prior version (not just {current_version}) — this prevents silent
-# drift if a stub was left behind — while leaving third-party action pins
-# (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched.
-# This block ships verbatim in the synced downstream .cfg.toml; there it is a
-# harmless no-op because a downstream repo has no bundles/ tree (the glob matches
-# nothing and bump-my-version skips it).
-[[tool.bumpversion.files]]
-glob = "bundles/**/.github/workflows/*.yml"
-regex = true
-search = "(jebel-quant/rhiza/[^@\\s]+)`@v`\\d+\\.\\d+\\.\\d+"
-replace = "\\1@v{new_version}"
-ignore_missing_version = trueIf this duplication originates from the upstream Rhiza template, consider reporting it upstream so it can be fixed at the source.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Keep the reusable-workflow stubs in the bundles pinned to the current release. | |
| # These stubs are synced into downstream repos and must reference an existing tag. | |
| # The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites | |
| # the pin from ANY prior version (not just {current_version}) — this prevents silent | |
| # drift if a stub was left behind — while leaving third-party action pins | |
| # (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched. | |
| # This block ships verbatim in the synced downstream .cfg.toml; there it is a | |
| # harmless no-op because a downstream repo has no bundles/ tree (the glob matches | |
| # nothing and bump-my-version skips it). | |
| [[tool.bumpversion.files]] | |
| glob = "bundles/**/.github/workflows/*.yml" | |
| regex = true | |
| search = "(jebel-quant/rhiza/[^@\\s]+)@v\\d+\\.\\d+\\.\\d+" | |
| replace = "\\1@v{new_version}" | |
| ignore_missing_version = true | |
| # Keep the reusable-workflow stubs in the bundles pinned to the current release. | |
| # These stubs are synced into downstream repos and must reference an existing tag. | |
| # The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites | |
| # the pin from ANY prior version (not just {current_version}) — this prevents silent | |
| # drift if a stub was left behind — while leaving third-party action pins | |
| # (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched. | |
| # This block ships verbatim in the synced downstream .cfg.toml; there it is a | |
| # harmless no-op because a downstream repo has no bundles/ tree (the glob matches | |
| # nothing and bump-my-version skips it). | |
| [[tool.bumpversion.files]] | |
| glob = "bundles/**/.github/workflows/*.yml" | |
| regex = true | |
| search = "(jebel-quant/rhiza/[^@\\s]+)@v\\d+\\.\\d+\\.\\d+" | |
| replace = "\\1@v{new_version}" | |
| ignore_missing_version = true | |
| # Keep the reusable-workflow stubs in the bundles pinned to the current release. | |
| # These stubs are synced into downstream repos and must reference an existing tag. | |
| # The search is a regex anchored to the `jebel-quant/rhiza/...` path so it rewrites | |
| # the pin from ANY prior version (not just {current_version}) — this prevents silent | |
| # drift if a stub was left behind — while leaving third-party action pins | |
| # (actions/checkout@vX, astral-sh/setup-uv@vX, ...) in the same files untouched. | |
| # This block ships verbatim in the synced downstream .cfg.toml; there it is a | |
| # harmless no-op because a downstream repo has no bundles/ tree (the glob matches | |
| # nothing and bump-my-version skips it). | |
| [[tool.bumpversion.files]] | |
| glob = "bundles/**/.github/workflows/*.yml" | |
| regex = true | |
| search = "(jebel-quant/rhiza/[^@\\s]+)`@v`\\d+\\.\\d+\\.\\d+" | |
| replace = "\\1@v{new_version}" | |
| ignore_missing_version = true |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.rhiza/.cfg.toml around lines 35 - 66, Remove the duplicated
tool.bumpversion.files entry in the .cfg.toml config so only one
reusable-workflow pinning block remains. Keep the single canonical block with
the existing glob, regex, search, replace, and ignore_missing_version settings,
and delete the repeated copy so bump-my-version only processes the
bundles/**/.github/workflows/*.yml pattern once.
| both) \ | ||
| printf "${BLUE}[INFO] Running ty type checking in:$${typecheck_paths}${RESET}\n"; \ | ||
| ${UV_BIN} run --with ty ty check $${typecheck_paths} && \ | ||
| printf "${BLUE}[INFO] Running mypy strict type checking in:$${typecheck_paths}${RESET}\n"; \ | ||
| ${UV_BIN} run --with mypy mypy --strict $${typecheck_paths} \ | ||
| ;; \ |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
ty failures are masked when TYPECHECKER=both and mypy passes.
In the both case, the shell sequence is ty check && printf "mypy info" ; mypy --strict. The && only gates the printf — the ; lets mypy --strict run unconditionally, and the case branch's exit code is mypy's. If ty finds errors that mypy doesn't, the target exits 0 and the CI typecheck step passes silently.
🔧 Proposed fix: chain mypy behind ty with `&&`
both) \
printf "${BLUE}[INFO] Running ty type checking in:$${typecheck_paths}${RESET}\n"; \
${UV_BIN} run --with ty ty check $${typecheck_paths} && \
- printf "${BLUE}[INFO] Running mypy strict type checking in:$${typecheck_paths}${RESET}\n"; \
+ printf "${BLUE}[INFO] Running mypy strict type checking in:$${typecheck_paths}${RESET}\n" && \
${UV_BIN} run --with mypy mypy --strict $${typecheck_paths} \
;; \This makes mypy run only if ty passes, so the exit code reflects the first checker that fails. If you prefer both checkers to always run and fail if either fails, a more involved fix capturing both exit codes would be needed.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| both) \ | |
| printf "${BLUE}[INFO] Running ty type checking in:$${typecheck_paths}${RESET}\n"; \ | |
| ${UV_BIN} run --with ty ty check $${typecheck_paths} && \ | |
| printf "${BLUE}[INFO] Running mypy strict type checking in:$${typecheck_paths}${RESET}\n"; \ | |
| ${UV_BIN} run --with mypy mypy --strict $${typecheck_paths} \ | |
| ;; \ | |
| both) \ | |
| printf "${BLUE}[INFO] Running ty type checking in:$${typecheck_paths}${RESET}\n"; \ | |
| ${UV_BIN} run --with ty ty check $${typecheck_paths} && \ | |
| printf "${BLUE}[INFO] Running mypy strict type checking in:$${typecheck_paths}${RESET}\n" && \ | |
| ${UV_BIN} run --with mypy mypy --strict $${typecheck_paths} \ | |
| ;; \ |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.rhiza/make.d/test.mk around lines 101 - 106, The `both` branch in
`.rhiza/make.d/test.mk` is chaining `ty check` and `mypy --strict` incorrectly,
so a `ty` failure can be hidden if `mypy` succeeds. Update the `both)` case in
the typecheck recipe so `mypy` runs only after `ty` passes by chaining the two
commands with `&&` around the `printf` and `UV_BIN` invocations, ensuring the
branch exits non-zero when either checker fails.
Summary
reftov1.1.1in.rhiza/template.yml(wasv0.18.8— a majorv0.x → v1.xbump, confirmed before proceeding)github-project(unchanged — repo is GitHub-hosted and already on this profile)make syncto apply upstream template changes; conflicts resolved taking the upstream side (rhiza_resolve.py— no conflict markers or.rejfiles remain)make fmtauto-fixes (ruff-inferred-> None/-> strreturn annotations, one redundantpassremoved).rhiza/.rhiza-versionmoved0.16.1 → 0.17.6as upstream template content (not a manual edit; kept per the take-upstream policy). The templaterefand the tool version are independent fields.Quality gates
make fmt(lint/style)make typechecktypassed;mypy --strict→ 59 errors in 5 filesmake docs-coveragemake deptrymake securitymake validatev1.1.1make testBoth failing gates are driven entirely by locally-owned files (
demo.py,src/pycharting/*,tests/*). Rhiza-owned files (.github/workflows/*,Makefile,pytest.ini,ruff.toml,.pre-commit-config.yaml) are out of scope for scoring — fixed upstream, not here.Scorecard (1–10, locally-owned scope)
openshadows builtin, blindexcept Exception, unused argopen→open_; catch specific exceptionsmypy --strict59 errors: untyped defs, barelist, invalidSubplotSpecalias,self._server: Nonemisannotationlist[...]; fix alias &Optional[Server]make validatepasses onv1.1.1plotCC 32,validate_inputCC 31; rest A; avg A (3.6)core.server:201 → api.routes)except Exception(interface.py:212, tests)Overall: 6 / 10.
Highest-leverage improvement: one type-annotation pass over
src/pycharting/clears the dominant cause of both failing gates (most of the 31 ruff ANN* errors and most of the 59 mypy errors share the same missing-annotation / bare-listroot), moving two gates FAIL→PASS for the least effort.Recommendations (ordered by leverage)
src/pycharting/+demo.py:45— Type safety 3→8, Linting 4→7.SubplotSpecalias &self._serverannotation (ingestion.py:34,190,245;lifecycle.py:131,134) — Type safety 3→8.interface.py:35 plotCC 32,ingestion.py:27 validate_inputCC 31) — Complexity 5→8.except Exception& rename builtin-shadowingopenparams (interface.py:212,37,131;ingestion.py:30,241;server.py:220;tests/test_lifecycle.py:209,232) — Linting 4→7, Error handling 7→9.interface.py) — Coverage 9→10.🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Chores