rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity
Files
4b96231b328ac0de46eb736a7f5b4054d231da89
review-bot/CONVENTIONS.md
T
Rodin 4b96231b32
PR Ready Gate / clear-labels (pull_request) Successful in 2s
Details
CI / test (pull_request) Successful in 15s
Details
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 28s
Details
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m40s
Details
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s
Details
docs: strict dependency allowlist with CI enforcement 
STRICT ALLOWLIST policy: Only packages explicitly listed in CONVENTIONS.md
may be imported. No exceptions.

## Changes

- Updates CONVENTIONS.md with strict allowlist language
- Adds scripts/check-deps.sh to enforce the allowlist
- Adds 'make check-deps' and 'make precommit' targets
- CI will fail if any unapproved dependency is detected

## Approved packages

- gopkg.in/yaml.v3 — YAML parsing
- github.com/google/go-cmp — test comparisons

## Process for new dependencies

1. Open a PR that ONLY updates CONVENTIONS.md
2. Requires explicit approval from Aaron
3. After merge, a separate PR may use the package
2026-05-10 13:45:12 -07:00

1.3 KiB
Raw Blame History

Conventions

Language & Dependencies

  • Target the latest stable Go release.
  • STRICT ALLOWLIST: Only packages listed below may be imported. No exceptions.

Approved Third-Party Packages

Package Use Case
gopkg.in/yaml.v3 YAML parsing (persona files, config)
github.com/google/go-cmp Test comparisons (cmp.Diff)

Any import not in this table or the Go standard library is forbidden.

To request a new dependency:

  1. Open a PR that ONLY updates this table with justification
  2. Requires explicit approval from Aaron
  3. After merge, a separate PR may use the package

Error Handling

  • Return errors; never panic.
  • Wrap errors with context using fmt.Errorf("context: %w", err).
  • Check all error returns.

Testing

  • Test every exported function.
  • Use net/http/httptest for HTTP mocking.
  • Table-driven tests where multiple inputs share the same assertion logic.
  • Integration tests use build tags (//go:build integration).

Style

  • Keep functions short and focused.
  • Prefer early returns over deep nesting.
  • Meaningful variable names — no single-letter names outside loop indices.
  • Comments explain why, not what.

Process

  • go test ./... must pass before commit.
  • go vet ./... must pass before commit.
  • Keep commits atomic and well-described.
Reference in New Issue View Git Blame Copy Permalink