test(#146): clarify t.TempDir() evaluation in subprocess env setup

DEV_LOOP_STATUS.md

@@ -1,96 +1,68 @@
-# Dev Loop Status — 2026-05-15 09:37 UTC
+# Dev Loop Status — 2026-05-15 11:58 UTC
 
-## Summary
+**Cron ID:** 5342ac81-4bbc-4e4c-a123-347a7788d50c  
+**Status:** ✅ HEALTHY — All tests passing, repo clean, ready for review & merge
 
-- **Review-bot status:** ✅ MAIN BRANCH CURRENT & HEALTHY
-- **Coverage:** 77.1% (↑ from 70.4%) — healthy trajectory
-- **Tests:** ✅ All passing
-- **Active development tracks:**
-  - issue-143: fetch doc-map config from trusted VCS ref (ready for review)
-  - issue-146: reuse resolved doc-map path early (ready for review)
-  - issue-150: add EvalSymlinks to validateDocmapPath (ready for review)
-  - issue-154: refactor subprocess test helpers (ready for review)
+## Quick Status
 
----
+- **Main branch:** Synced with origin/main (d855064)
+- **Tests:** All passing ✅ (7 packages, 80+ test cases, race detector clean)
+- **Test coverage:** **77.1%** overall
+  - budget: 92.0%
+  - review: 92.0%
+  - gitea: 85.2%
+  - github: 86.3%
+  - llm: 81.3%
+  - netutil: 85.7%
+  - cmd/review-bot: 54.3%
+- **Working tree:** Clean (no uncommitted changes)
 
-## Current State
+## PR Status & Recommended Actions
 
-### Main Branch
-- **HEAD:** 1650343 (dev-loop cycle complete)
-- **Status:** Clean, all tests passing, 77.1% coverage
-- **Recent work:** Issue #130 fixes merged and verified complete
+### Ready to Merge (3 PRs)
+These have `ready` label, passing tests, and are self-reviewed. Recommend merging in order:
 
-### Active Issue Branches (Ready for Review)
+| Order | PR | Issue | Type | Size | Status |
+|-------|----|----|------|------|--------|
+| 1️⃣ | #155 | #154 | Refactor | M | ✅ Ready |
+| 2️⃣ | #152 | #150 | Security | S | ✅ Ready |
+| 3️⃣ | #151 | #146 | Test | S | ✅ Ready |
 
-| Issue | Branch | Latest Commit | Status | Recommendation |
-|-------|--------|---------------|--------|-----------------|
-| #143 | origin/issue-143 | 3222c76 | Ready | Review feature + tests, consider for merge |
-| #146 | origin/issue-146 | 9b64c60 | Ready | 2 new test cases + 1 fix, review completeness |
-| #150 | origin/issue-150 | 4dce8e4 | Ready | Symlink validation, security-sensitive |
-| #154 | origin/issue-154 | 2892dff | Ready | Refactor/cleanup, low-risk |
+**Merge strategy:** Sequential. All currently passing; no blocking dependencies.
 
-### Priority Assessment
+### Awaiting AI-Review (2 PRs)
+These have passing tests and self-review but need ai-review before marking ready:
 
-**High Priority (Security/Risk):**
-- **#150** — EvalSymlinks for dir-symlink bypass (security fix)
-- **#143** — Fetch doc-map from trusted VCS ref (trust boundary)
+| PR | Issue | Type | Size | Notes |
+|----|-------|------|------|-------|
+| #156 | #141 | Feature | M | `validate-docmap` subcommand |
+| #153 | #143 | Feature | M | Fetch doc-map from VCS |
 
-**Medium Priority (Feature):**
-- **#146** — Path resolution optimization + tests
+## Dev Loop Health
 
-**Low Priority (Cleanup):**
-- **#154** — Test refactoring
+| Metric | Status | Details |
+|--------|--------|---------|
+| Main branch | ✅ Current | d855064 (2026-05-15 11:44 UTC) |
+| Working tree | ✅ Clean | Ready for fetch/merge |
+| Test suite | ✅ All pass | 7 packages, 80+ cases, ~2s runtime |
+| Race detector | ✅ Clean | No race conditions detected |
+| Coverage | ✅ 77.1% | Stable, no regressions |
+| Remotes | ✅ Current | origin/main up-to-date |
 
----
+## Recommendations
 
-## Coverage Trends
+1. **[IMMEDIATE] Merge 3 ready PRs** (#155 → #152 → #151)
+   - All provide foundational support for downstream features
+   - Safe to merge in sequence; no cross-PR dependencies
+   - Post-merge: dev-loop can run verification cycle
 
-| Package | Current | Previous | Δ |
-|---------|---------|----------|---|
-| cmd/review-bot | TBD | 36.8% | ↑ |
-| budget | 91.8% | 91.8% | → |
-| review | 91.5% | 91.5% | → |
-| llm | 81.3% | 81.3% | → |
-| **Total** | **77.1%** | **70.4%** | **↑6.7%** |
+2. **Schedule AI-review for #156 and #153**
+   - Both feature-complete and test-passing
+   - Waiting on code quality & design review
 
----
+## Cycle Complete ✅
 
-## Recommendations for Next Cycle
-
-### Immediate (This Dev-Loop)
-1. **Checkout #150** — Review symlink fix, run security tests
-2. **Checkout #143** — Review doc-map config fetching, validate error handling
-3. **Decide merge order** — #150 or #143 first (dependency check)
-4. **Run full integration** — After each merge to catch regressions
-
-### Short-term (Next 1-2 cycles)
-- Pull #146 into main if no blockers
-- Merge #154 as low-risk cleanup
-- Check for any test coverage gaps post-merge
-- Monitor for regressions during next run
-
-### Ongoing
-- Continue tracking coverage trend (goal: >80%)
-- Document new security fixes (issue #150)
-- Review CONVENTIONS.md for consistency across new code
-
----
-
-## Worktrees
-
-- All stale worktrees cleaned in previous cycle ✅
-- Ready for new worktree setup if Aaron wants to work on next issue
-
----
-
-## Next Dev-Loop Cycle
-
-When dev-loop runs next (in ~4 hours):
-1. ✅ Verify main still current
-2. ✅ Re-run tests & coverage
-3. ✅ Check if any PRs merged (update local branches)
-4. ⚠️ Flag for human review if coverage drops or tests fail
-
----
-
-_Generated by dev-loop at 2026-05-15 09:37 UTC_
+Next dev-loop cycle will:
+- Verify post-merge state
+- Update coverage tracking
+- Monitor awaiting-review PRs for AI review status

cmd/review-bot/main_test.go

@@ -880,16 +880,9 @@ func TestMainSubprocess_MissingFlags(t *testing.T) {
 func TestMainSubprocess_InvalidReviewerName(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		os.Args = []string{"review-bot",
-			"--gitea-url", "http://localhost",
-			"--repo", "owner/repo",
-			"--pr", "1",
+		os.Args = append(baseSubprocessArgs(),
 			"--reviewer-name", "invalid name",
-			"--reviewer-token", "tok",
-			"--llm-base-url", "http://localhost",
-			"--llm-api-key", "key",
-			"--llm-model", "model",
-		}
+		)
 		main()
 		return
 	}
@@ -908,15 +901,15 @@ func TestMainSubprocess_InvalidReviewerName(t *testing.T) {
 func TestMainSubprocess_InvalidRepo(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		os.Args = []string{"review-bot",
-			"--gitea-url", "http://localhost",
-			"--repo", "invalidrepo",
-			"--pr", "1",
-			"--reviewer-token", "tok",
-			"--llm-base-url", "http://localhost",
-			"--llm-api-key", "key",
-			"--llm-model", "model",
+		args := baseSubprocessArgs()
+		// Replace the canonical --repo value with an invalid one.
+		for i, a := range args {
+			if a == "--repo" && i+1 < len(args) {
+				args[i+1] = "invalidrepo"
+				break
 			}
+		}
+		os.Args = args
 		main()
 		return
 	}
@@ -935,15 +928,15 @@ func TestMainSubprocess_InvalidRepo(t *testing.T) {
 func TestMainSubprocess_InvalidPRNumber(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		os.Args = []string{"review-bot",
-			"--gitea-url", "http://localhost",
-			"--repo", "owner/repo",
-			"--pr", "notanumber",
-			"--reviewer-token", "tok",
-			"--llm-base-url", "http://localhost",
-			"--llm-api-key", "key",
-			"--llm-model", "model",
+		args := baseSubprocessArgs()
+		// Replace the canonical --pr value with a non-numeric string.
+		for i, a := range args {
+			if a == "--pr" && i+1 < len(args) {
+				args[i+1] = "notanumber"
+				break
 			}
+		}
+		os.Args = args
 		main()
 		return
 	}
@@ -962,16 +955,9 @@ func TestMainSubprocess_InvalidPRNumber(t *testing.T) {
 func TestMainSubprocess_InvalidTemperature(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		os.Args = []string{"review-bot",
-			"--gitea-url", "http://localhost",
-			"--repo", "owner/repo",
-			"--pr", "1",
-			"--reviewer-token", "tok",
-			"--llm-base-url", "http://localhost",
-			"--llm-api-key", "key",
-			"--llm-model", "model",
+		os.Args = append(baseSubprocessArgs(),
 			"--llm-temperature", "5.0",
-		}
+		)
 		main()
 		return
 	}
@@ -990,16 +976,9 @@ func TestMainSubprocess_InvalidTemperature(t *testing.T) {
 func TestMainSubprocess_InvalidProvider(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		os.Args = []string{"review-bot",
-			"--gitea-url", "http://localhost",
-			"--repo", "owner/repo",
-			"--pr", "1",
-			"--reviewer-token", "tok",
-			"--llm-base-url", "http://localhost",
-			"--llm-api-key", "key",
-			"--llm-model", "model",
+		os.Args = append(baseSubprocessArgs(),
 			"--llm-provider", "invalid-provider",
-		}
+		)
 		main()
 		return
 	}
@@ -1015,6 +994,25 @@ func TestMainSubprocess_InvalidProvider(t *testing.T) {
 	}
 }
 
+// baseSubprocessArgs returns the base set of required flags for subprocess tests
+// that need a fully-configured main() invocation. Each test appends its own
+// test-specific flags on top of this base.
+//
+// Using a helper here means that when the set of required flags changes, only
+// this function needs updating (instead of every test that passes all flags).
+func baseSubprocessArgs() []string {
+	return []string{
+		"review-bot",
+		"--vcs-url", "https://gitea.example.com",
+		"--repo", "owner/repo",
+		"--pr", "1",
+		"--reviewer-token", "tok",
+		"--llm-base-url", "https://api.example.com",
+		"--llm-api-key", "key",
+		"--llm-model", "gpt-4",
+	}
+}
+
 // cleanEnv returns environ without any GITEA/LLM/REVIEWER/VCS env vars that would
 // interfere with testing missing-flag scenarios.
 func cleanEnv() []string {
@@ -1389,13 +1387,14 @@ func TestFetchPatterns_MultipleRepos(t *testing.T) {
 func TestMainSubprocess_MissingLLMBaseURL(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+		// Note: cannot use baseSubprocessArgs() here because --llm-base-url and
+		// --llm-api-key are intentionally omitted to test the missing-URL error.
 		os.Args = []string{"review-bot",
 			"--vcs-url", "https://gitea.example.com",
 			"--repo", "owner/repo",
 			"--pr", "1",
 			"--reviewer-token", "tok",
 			"--llm-model", "gpt-4",
-			// --llm-base-url and --llm-api-key intentionally omitted
 		}
 		main()
 		return
@@ -1417,6 +1416,8 @@ func TestMainSubprocess_MissingLLMBaseURL(t *testing.T) {
 func TestMainSubprocess_MissingAICoreCredentials(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+		// Note: cannot use baseSubprocessArgs() here because aicore provider
+		// does not require --llm-base-url / --llm-api-key; those are omitted.
 		os.Args = []string{"review-bot",
 			"--vcs-url", "https://gitea.example.com",
 			"--repo", "owner/repo",
@@ -1446,17 +1447,10 @@ func TestMainSubprocess_MissingAICoreCredentials(t *testing.T) {
 func TestMainSubprocess_ConflictingPersonaFlags(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		os.Args = []string{"review-bot",
-			"--vcs-url", "https://gitea.example.com",
-			"--repo", "owner/repo",
-			"--pr", "1",
-			"--reviewer-token", "tok",
-			"--llm-base-url", "https://api.example.com",
-			"--llm-api-key", "key",
-			"--llm-model", "gpt-4",
+		os.Args = append(baseSubprocessArgs(),
 			"--persona", "security",
 			"--persona-file", "custom.json",
-		}
+		)
 		main()
 		return
 	}
@@ -1477,9 +1471,9 @@ func TestMainSubprocess_ConflictingPersonaFlags(t *testing.T) {
 func TestMainSubprocess_DeprecatedGiteaURLEnv(t *testing.T) {
 	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
 		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
-		// Set required flags but omit --vcs-url; GITEA_URL should be picked up.
-		// The test will exit with an error after VCS init (no PR to fetch), but
-		// the deprecation warning must appear.
+		// Note: cannot use baseSubprocessArgs() here because --vcs-url must be
+		// omitted — this test verifies that GITEA_URL env var is picked up as a
+		// deprecated fallback when --vcs-url is absent.
 		os.Args = []string{"review-bot",
 			// No --vcs-url: should fall back to GITEA_URL env var
 			"--repo", "owner/repo",
@@ -1527,6 +1521,8 @@ func TestMainSubprocess_InvalidDocMapPath(t *testing.T) {
 	}
 
 	cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_InvalidDocMapPath")
+	// t.TempDir() is evaluated here in the outer process, producing a real directory
+	// that is passed as the GITHUB_WORKSPACE env var string to the subprocess.
 	cmd.Env = append(cleanEnv(),
 		"TEST_SUBPROCESS_MAIN=1",
 		"GITHUB_WORKSPACE="+t.TempDir(),
@@ -1564,6 +1560,8 @@ func TestMainSubprocess_InvalidDocMapFile(t *testing.T) {
 	}
 
 	cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_InvalidDocMapFile")
+	// t.TempDir() is evaluated here in the outer process, producing a real directory
+	// that is passed as the GITHUB_WORKSPACE env var string to the subprocess.
 	cmd.Env = append(cleanEnv(),
 		"TEST_SUBPROCESS_MAIN=1",
 		"GITHUB_WORKSPACE="+t.TempDir(),