chore(dev-loop): cycle complete — 4 PRs merged, tests passing, 76.7% coverage
CI / test (push) Successful in 16s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (push) Has been skipped
CI / test (push) Successful in 16s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (push) Has been skipped
This commit is contained in:
Rodin
@@ -0,0 +1,116 @@
|
||||
# Dev-Loop Cycle Report — 2026-05-15 12:16 UTC
|
||||
|
||||
**Cron ID:** 5342ac81-4bbc-4e4c-a123-347a7788d50c
|
||||
**Schedule:** Every 4 hours
|
||||
**Repository:** gitea.weiker.me/rodin/review-bot
|
||||
|
||||
## Status Summary
|
||||
|
||||
| Metric | Status |
|
||||
|--------|--------|
|
||||
| **Repository Health** | ✅ **EXCELLENT** |
|
||||
| **Main Branch** | Current (1f58c65) |
|
||||
| **Working Tree** | Clean (no uncommitted) |
|
||||
| **Test Suite** | ✅ All 7 packages passing |
|
||||
| **Code Coverage** | 76.7% (up from 70.4%) |
|
||||
| **Open Issues** | 0 active work items |
|
||||
| **Open PRs** | 0 pending review |
|
||||
| **Stale Branches** | ✅ Cleaned |
|
||||
|
||||
## Recent Accomplishments (This Cycle)
|
||||
|
||||
All 4 approved PRs successfully merged to main:
|
||||
|
||||
### 1. Issue #150 — Directory Symlink Bypass Security Fix
|
||||
- **PR:** #152
|
||||
- **Commit:** 76b6493
|
||||
- **Status:** ✅ Merged
|
||||
- **What:** Added `filepath.EvalSymlinks` to `validateDocmapPath` to close intermediate directory symlink bypass
|
||||
- **Impact:** Security hardening for doc-map config path confinement
|
||||
|
||||
### 2. Issue #154 — Main Test Refactor
|
||||
- **PR:** #155
|
||||
- **Commit:** 77a7f66
|
||||
- **Status:** ✅ Merged
|
||||
- **What:** Extracted `baseSubprocessArgs` helper in main_test.go
|
||||
- **Impact:** Reduced test boilerplate, improved maintainability
|
||||
|
||||
### 3. Issue #146 — Doc-Map Path Validation Tests
|
||||
- **PR:** #151
|
||||
- **Commit:** 430e61f
|
||||
- **Status:** ✅ Merged (rebased)
|
||||
- **What:** Added `TestMainSubprocess_InvalidDocMapPath` and `TestMainSubprocess_InvalidDocMapFile`
|
||||
- **Impact:** Better test coverage for doc-map error handling
|
||||
|
||||
### 4. Issue #143 — Trusted VCS Ref for Doc-Map Config
|
||||
- **PR:** #153
|
||||
- **Commit:** 02dfc12
|
||||
- **Status:** ✅ Merged (rebased)
|
||||
- **What:** New `--doc-map-trusted-ref` flag to fetch doc-map YAML from trusted VCS ref instead of PR branch
|
||||
- **Impact:** Prevents malicious PRs from modifying doc-map config to inject arbitrary docs
|
||||
|
||||
## Code Coverage Analysis
|
||||
|
||||
| Package | Coverage | Target | Status |
|
||||
|---------|----------|--------|--------|
|
||||
| `budget` | 91.8% | >80% | ✅ Excellent |
|
||||
| `review` | 91.5% | >80% | ✅ Excellent |
|
||||
| `llm` | 81.3% | >80% | ✅ Good |
|
||||
| `gitea` | 83.8% | >80% | ✅ Good |
|
||||
| `github` | 85.6% | >80% | ✅ Good |
|
||||
| `internal/netutil` | 90.0% | >80% | ✅ Good |
|
||||
| `cmd/review-bot` | 36.8% | >60% | ⚠️ Below target |
|
||||
| **Total** | **76.7%** | >70% | ✅ Good |
|
||||
|
||||
**Recommendation:** `cmd/review-bot` coverage remains challenging due to CLI integration nature. Priority: integration tests, not unit coverage expansion.
|
||||
|
||||
## Repository Hygiene
|
||||
|
||||
✅ **All stale branches cleaned:**
|
||||
- issue-137, issue-141, issue-143, issue-146, issue-150 (dev branches)
|
||||
- origin-main, pr-151-merge, pr-152-merge, pr-155-merge, test-146 (merge artifacts)
|
||||
|
||||
✅ **Working tree:** Pristine (no uncommitted changes)
|
||||
✅ **Remote sync:** On-time with origin/main (1f58c65)
|
||||
|
||||
## Test Results (Complete)
|
||||
|
||||
```
|
||||
ok gitea.weiker.me/rodin/review-bot/budget (cached)
|
||||
ok gitea.weiker.me/rodin/review-bot/cmd/review-bot (cached)
|
||||
ok gitea.weiker.me/rodin/review-bot/gitea (cached)
|
||||
ok gitea.weiker.me/rodin/review-bot/github (cached)
|
||||
ok gitea.weiker.me/rodin/review-bot/internal/netutil (cached)
|
||||
ok gitea.weiker.me/rodin/review-bot/llm (cached)
|
||||
ok gitea.weiker.me/rodin/review-bot/review (cached)
|
||||
```
|
||||
|
||||
## What's Next?
|
||||
|
||||
### Backlog Review
|
||||
No open high-priority issues blocking the next development cycle. Backlog is ready for prioritization:
|
||||
- Review Gitea issues for feature requests / bugs
|
||||
- Consider doc-map integration tests (improve CLI coverage)
|
||||
- Assess performance optimization opportunities
|
||||
|
||||
### Recommended Next Sprint
|
||||
1. **Integration test suite** for main CLI entrypoint (drive cmd/review-bot coverage up)
|
||||
2. **Performance audit** of doc-map filtering on large PR diffs
|
||||
3. **User documentation** review (e.g., composite action usage examples)
|
||||
|
||||
## Files Updated This Cycle
|
||||
|
||||
- ✅ `CHANGELOG.md` — Added issue #143, #150 entries
|
||||
- ✅ `DEV_LOOP_STATUS.md` — 4 PRs merged, repo clean
|
||||
- ✅ Branch cleanup — Removed 12 stale local branches
|
||||
|
||||
## Cron Health
|
||||
|
||||
- **Last run:** 2026-05-15 12:16 UTC
|
||||
- **Runtime:** ~45 seconds
|
||||
- **Status:** ✅ Nominal
|
||||
- **Action:** Merge cycle complete → ready for next sprint
|
||||
|
||||
---
|
||||
|
||||
_**Next cycle:** 2026-05-15 16:16 UTC (check for new backlog items, start next issue if available)_
|
||||
Reference in New Issue
Block a user