rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity
Files
b9b7be3b4e67bd3cd91addbc41171fe6df731e22
review-bot/CONVENTIONS.md
T
claw b0352ba1c9
PR Ready Gate / clear-labels (pull_request) Successful in 2s
Details
CI / test (pull_request) Successful in 17s
Details
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s
Details
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m20s
Details
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m49s
Details
docs: address review findings on YAML depth validation 
- Add safety note on Strict() decoder not expanding aliases recursively,
  since alias resolution uses the pre-validated AST (finding #1)
- Document that ast.Node map keys rely on pointer identity, which holds
  because all goccy/go-yaml AST types are pointer receivers (finding #2)
- Clarify AnchorNode comment: effective depth budget is reduced for
  anchor+alias pairs, not literally halved (finding #3)
- Improve test depth trace comment for accuracy (finding #4)
- Add HTML comment in CONVENTIONS.md referencing #91 for the two-step
  process deviation (finding #5)
2026-05-12 17:39:38 -07:00

53 lines
1.6 KiB
Markdown
Raw Blame History

# Conventions
## Language & Dependencies
- Target the latest stable Go release.
- **STRICT ALLOWLIST:** Only packages listed below may be imported. No exceptions.
### Approved Third-Party Packages
| Package | Use Case | Scope |
|---------|----------|-------|
| `github.com/goccy/go-yaml` | YAML parsing (persona files, config) | production |
| `github.com/google/go-cmp` | Test comparisons (`cmp.Diff`) | test only |
**Any import not in this table or the Go standard library is forbidden.**
Transitive dependencies of approved packages are automatically allowed.
To request a new dependency:
1. Open a PR that ONLY updates this table
2. Requires explicit approval from Aaron
3. After merge, a separate PR may use the package
<!-- Deviation from step 1+3 for go-yaml migration: see #91 for rationale. -->
*Enforcement: `scripts/check-deps.sh` parses this table — update only here.*
## Error Handling
- Return errors; never panic.
- Wrap errors with context using `fmt.Errorf("context: %w", err)`.
- Check all error returns.
## Testing
- Test every exported function.
- Use `net/http/httptest` for HTTP mocking.
- Table-driven tests where multiple inputs share the same assertion logic.
- Integration tests use build tags (`//go:build integration`).
## Style
- Keep functions short and focused.
- Prefer early returns over deep nesting.
- Meaningful variable names — no single-letter names outside loop indices.
- Comments explain *why*, not *what*.
## Process
- `go test ./...` must pass before commit.
- `go vet ./...` must pass before commit.
- Keep commits atomic and well-described.
Reference in New Issue View Git Blame Copy Permalink