review-bot

Author	SHA1	Message	Date
Rodin	e560781c87	Removing intermediate files CI / test (pull_request) Successful in 18s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 21s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 24s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 41s Details	2026-05-19 02:15:06 +00:00
Rodin	ec6fdbff42	fix(#158 ): address bot feedback — correct S8/S10 description, fix §9 prose break PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 24s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 55s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m0s Details	2026-05-15 15:40:53 -07:00
Rodin	f883f39dbf	fix(#158 ): address NIT feedback — clarify enforcement split, clean §9 prose PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 18s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 22s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 24s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m7s Details	2026-05-15 11:06:49 -07:00
Rodin	fb7d8d5e3b	fix(#158 ): add S10 invariant to spec, fix enforcement wording in §8 PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 17s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 23s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 26s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 49s Details Address MINOR and NIT findings from Sonnet and GPT review of PR #158. MINOR (Sonnet + GPT): No static invariant for 'no close-PR in worker templates'. - Add S10 to §6 Safety Invariants table: checks that no worker template contains close-PR API calls AND every template contains NEVER-close constraint text. - Symmetric to S8 (no merge in worker templates) and S9 (no close in dispatch). NIT (GPT): Enforcement mapping sentence in §8 was ambiguous. - Rewrite to explicitly map: S1+S9 cover dispatch; S8+S10 cover worker templates. NIT (Sonnet): The 'all 7 templates contain NEVER-close text' claim is now verified by S10 (grep-based), not just prose. Implementation: S10 added to check-invariants.sh + Bug-157-S10 regression tests added to dispatch.bats (in rodin/workspace). All 11 invariants pass.	2026-05-15 10:26:14 -07:00
Rodin	6cefbb070e	fix(#157 ): add S9 invariant and never-close constraint to dev-loop spec CI / test (pull_request) Successful in 18s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 28s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 30s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m16s Details - Add S9 to §6 Safety Invariants: zero close-PR API calls in dispatch - Document worker ABSOLUTE CONSTRAINTS in §8 Worker Templates - Add §9 entry for Issue #157 explaining the fix All worker templates already contain the NEVER-close constraint from a prior session. This commit makes the spec authoritative. Companion changes in rodin/workspace: - check-invariants.sh: add S9 static check - dispatch.bats: add Bug-157-regression test	2026-05-15 14:47:54 +00:00
rodin	30fe48d265	docs(#148 ): add SKILL.md and dev-loop-spec.md for dispatch redesign (#149 ) CI / test (push) Successful in 18s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (push) Has been skipped Details	2026-05-15 08:12:02 +00:00
claw	60c6bd9f49	test(budget): add DesignDocs tests; replace PLAN-137 with clean design doc PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 48s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m52s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Failing after 2m8s Details - budget/budget_test.go: add TestFit_DesignDocsInSystemPrompt, TestFit_DesignDocsTrimmedBeforeFileContext, TestFit_DesignDocsEmptyNoHeading to cover the new DesignDocs section through Fit() and buildResult() - Remove PLAN-137.md (contained raw thinking stream, not suitable as repo doc) - Add docs/DESIGN-137-doc-map.md with clean architectural decision record	2026-05-14 20:36:22 -07:00
claw	5cedeee9f4	address self-review findings on PR #89 PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 39s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m12s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m33s Details MINOR fixes: - docs/DESIGN-57-yaml-persona.md: fix Error Cases table entry to reflect custom AST walk (checkYAMLDepth) instead of stale library-level reference - review/persona.go: add EOF check after JSON decode to reject trailing garbage after a valid JSON object (prevents silent acceptance of malformed input like '{"name":"x"}garbage') - review/persona_test.go: add TestJSONTrailingContentRejected test NIT fixes: - review/persona.go: add default case to checkYAMLDepth switch with explanatory comment about scalar leaf nodes - review/persona.go: document AnchorNode depth+1 conservative asymmetry - review/persona.go: simplify redundant if-guard in ListBuiltinPersonas	2026-05-12 14:42:22 -07:00
claw	01b6af03a8	fix(review): address review 2792 feedback PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 33s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m11s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m53s Details - Document nodeCount overcounting as intentional conservative behavior (bounds total validation work, not unique nodes) - Improve TestYAMLDeeplyNestedRejection comment with concrete depth trace - Replace outdated gopkg.in/yaml.v3 pseudocode in design doc with reference to authoritative implementation - Update PR description to clarify pre-approval via issue #57	2026-05-12 14:24:06 -07:00
claw	80091fb080	fix(review): address feedback from reviews 2788, 2789, 2791 PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 23s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 39s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m45s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m7s Details - Move nodeCount increment after cycle detection to avoid over-counting cyclic references (sonnet #2) - Use underscores in test case names used as filenames (sonnet #3) - Fix function comment: 'prevent silent data loss' → 'prevent confusing behavior where additional documents are silently ignored' (sonnet #4) - Mark design doc pseudocode as historical since implementation uses goccy/go-yaml ast.Node, not gopkg.in/yaml.v3 yaml.Node (sonnet #5)	2026-05-12 14:13:59 -07:00
claw	b5f17ddfc4	fix(security): prevent alias depth bypass in YAML validator PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 38s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m18s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m20s Details The global 'seen' set allowed anchored subtrees validated at a shallow depth to be skipped when later referenced via alias at a greater depth. This could let effective nesting exceed MaxYAMLDepth, enabling DoS. Fix: replace the single 'seen' set with two tracking maps: - validated (node -> min depth): only short-circuits when current depth <= previously validated depth; re-checks at deeper contexts. - visiting (node -> bool): per-path recursion stack for true cycle detection (breaks alias loops without suppressing depth checks). Add TestYAMLAliasDepthBypass that constructs a document with an anchored 15-level subtree referenced via alias under 6 levels of nesting, verifying the combined effective depth (22) is rejected. Addresses security-review-bot findings on review #2774.	2026-05-12 14:07:05 -07:00
rodin	144a36a2a7	docs: update DESIGN-57 to reflect goccy/go-yaml as the supported YAML library PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 15s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 31s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m19s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m57s Details	2026-05-12 20:52:37 +00:00
Rodin	6035afeea7	fix: address MINOR review findings from `c3e8f0f` review PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 9m33s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 9m51s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 11m13s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 11m25s Details	2026-05-10 16:29:44 -07:00
Rodin	c3e8f0f231	fix: address PR review findings PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 9m32s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 9m53s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 10m52s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 11m0s Details MAJOR fixes: - Remove false security claim about gopkg.in/yaml.v3 having built-in depth protection - Add explicit YAML depth limiting via yaml.Node API (MaxYAMLDepth=20) - Add file size limit for persona files (MaxPersonaFileSize=64KB) - Add test for deeply nested YAML rejection MINOR fixes: - Add sort.Strings to ListBuiltinPersonas for deterministic ordering - Update design doc to reflect actual library used (gopkg.in/yaml.v3) - Update README: 'Zero dependencies' → 'Minimal dependencies' - Add test for file size limit - Add test for sorted persona list	2026-05-10 14:43:31 -07:00
Rodin	7898dd939f	feat: add YAML support for persona files (#57 ) PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 9m33s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 9m55s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 10m32s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 11m0s Details - Add gopkg.in/yaml.v3 dependency (approved in CONVENTIONS.md) - Update parsePersona to detect format by file extension - Support both .yaml and .yml extensions (case-insensitive) - Convert built-in personas to YAML format - Add comprehensive tests for YAML parsing - Update README with YAML examples and documentation YAML provides cleaner multi-line strings via literal block scalars and supports comments, making persona definitions more readable. JSON remains supported for backwards compatibility. Closes #57	2026-05-10 14:16:41 -07:00
Rodin	4dd67742f9	fix: address review feedback on persona feature PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 15s Details CI / review (/anthropic/v1, anthropic--claude-4.6-sonnet, sonnet, anthropic, SONNET_REVIEW_TOKEN) (pull_request) Successful in 43s Details CI / review (/openai/v1, gpt-5, gpt, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m28s Details CI / review (/openai/v1, gpt-5, security, openai, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m55s Details MAJOR fixes: - Remove external YAML dependency (github.com/goccy/go-yaml) Per project convention: Go standard library only, zero dependencies. Convert all persona files from YAML to JSON format. - Fix TestValidateWorkspacePath error expectation Go 1.21+ filepath.Join normalizes absolute paths differently. MINOR fixes: - Remove custom contains helper in persona_test.go (use strings.Contains) - Add Unicode-safe CapitalizeFirst function for header titles - ListBuiltinPersonas returns empty slice instead of nil on error - Fix test comment about filepath.Join behavior Documentation: - Update README to reflect JSON-only persona format - Update design doc with note about JSON decision - Fix action.yml description for persona-file input	2026-05-10 10:01:34 -07:00
Rodin	57e62a345f	feat(persona): add role-based review personas PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 9m31s Details CI / review (/anthropic/v1, anthropic--claude-4.6-sonnet, sonnet, anthropic, SONNET_REVIEW_TOKEN) (pull_request) Successful in 10m3s Details CI / review (/openai/v1, gpt-5, gpt, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 11m30s Details CI / review (/openai/v1, gpt-5, security, openai, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 10m56s Details Add persona system for specialized review roles. Each persona defines: - A specific review focus (security, architecture, documentation) - Custom system prompt additions - Personality/tone adjustments Built-in personas: security, architect, docs Custom personas: load from JSON via persona-file flag Includes workspace validation to prevent path traversal attacks. Closes #51	2026-05-10 09:14:48 -07:00
Rodin	a9c8ecfb0b	docs: add review update strategy with state transition diagram CI / test (pull_request) Successful in 12s Details CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 24s Details CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m17s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m22s Details Explains the edit-in-place approach, state transition rules, worst-wins escalation, and inline comment lifecycle. Includes a Mermaid state diagram for visual reference.	2026-05-01 23:01:32 -07:00

18 Commits