Skip to content

docs: clarify required PR check setup#440

Merged
BigSimmo merged 23 commits into
mainfrom
codex/pr-required-check-setup
Jul 9, 2026
Merged

docs: clarify required PR check setup#440
BigSimmo merged 23 commits into
mainfrom
codex/pr-required-check-setup

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 9, 2026

Copy link
Copy Markdown
Owner

Summary

  • Clarifies the intended required PR check setup for verify, ui-smoke, secret scanning, and one migration replay gate.
  • Documents that Docker image builds, full browser matrix, live drift, and eval canary checks are path-filtered, scheduled, or manual rather than normal source-only PR gates.
  • Updates README/process docs and CI workflow comments to avoid stale duplicate required contexts like bare verify / ui-smoke.

Why

The PR status page showed duplicate expected required contexts and several heavier checks. This makes the repo's intended required/advisory split explicit so branch protection can be aligned without blocking ordinary PRs on absent path-filtered or scheduled checks.

Areas touched

  • .github/workflows/ci.yml
  • README.md
  • docs/process-hardening.md

Verification

  • git diff --check HEAD~1..HEAD passed.
  • git merge-base --is-ancestor origin/main HEAD passed.

Checks not run

  • No install, test, build, audit, live Supabase, OpenAI/provider, or branch-protection API changes were run. This is a documentation/comment-only change.

Risks / follow-up

  • Live GitHub branch protection or rulesets still need to be updated separately to remove stale duplicate contexts and require the chosen active contexts.

BigSimmo and others added 22 commits July 9, 2026 00:26
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- Defer embedding until after text/document fast paths and coverage gate
- Rehydrate cached document metadata in attachDocumentRankingMetadata
- Load env-dependent script imports after loadEnvConfig in seed/reindex scripts
- Harden registry corpus: shared identity, medication tags, rollback, detail hrefs
- Route registry citations to detail pages; handle registry rows in signed-url API
- Prioritize safety warnings over registry info; preserve stale registry labels
- Guard OCR repair against dropping isolated single-letter clinical tokens
- Update skill docs, changelog dedup, CI Supabase setup-cli@v3

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
- Backfill NULL document_images.index_generation_id during re-stamp
- Count globally forced embedding eval cases in retrieval summaries

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Treat NULL document_images.index_generation_id as stale even when JSON
metadata already matches the committed generation, and propagate global
--force-embedding into eval reporting/validation so index-unit-vector runs
count forced cases correctly.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
… codex/pr433-fix

# Conflicts:
#	.cursor/skills/supabase-postgres-best-practices/CHANGELOG.md
#	.cursor/skills/supabase-postgres-best-practices/references/security-rls-performance.md
#	scripts/reindex-image-generation-metadata.ts
#	src/lib/differential-seed.ts
#	src/lib/document-index-units.ts
#	src/lib/medication-seed.ts
#	src/lib/rag.ts
#	src/lib/registry-corpus.ts
#	src/lib/registry-seed.ts
#	src/lib/source-governance.ts
#	src/lib/source-metadata.ts
#	supabase/migrations/20260708160000_retrieval_owner_matches_fail_closed.sql
#	supabase/migrations/20260708160001_retrieval_owner_matches_fail_closed.sql
#	supabase/migrations/20260708161000_retrieval_owner_matches_fail_closed.sql
#	tests/document-index-units.test.ts
#	tests/registry-corpus.test.ts
#	tests/source-governance.test.ts
PR #433 preview branch recorded 20260708160000 before the file was removed, causing remote migration versions not found in local migrations directory. Keep a no-op stub for history sync; transactional index DDL stays on 170000.

Co-authored-by: Cursor <cursoragent@cursor.com>
@supabase

supabase Bot commented Jul 9, 2026

Copy link
Copy Markdown

Updates to Preview Branch (codex/pr-required-check-setup) ↗︎

Deployments Status Updated
Database Thu, 09 Jul 2026 10:07:57 UTC
Services Thu, 09 Jul 2026 10:07:57 UTC
APIs Thu, 09 Jul 2026 10:07:57 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks Status Updated
Configurations Thu, 09 Jul 2026 10:07:59 UTC
Migrations Thu, 09 Jul 2026 10:08:00 UTC
Seeding Thu, 09 Jul 2026 10:08:02 UTC
Edge Functions Thu, 09 Jul 2026 10:08:03 UTC

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d25419bb-a69d-4ed0-b08f-63f963348c0d

📥 Commits

Reviewing files that changed from the base of the PR and between e6ab120 and 6721b0c.

📒 Files selected for processing (3)
  • .github/workflows/ci.yml
  • README.md
  • docs/process-hardening.md

📝 Walkthrough

Summary by CodeRabbit

  • Documentation
    • Updated CI and verification guidance to reflect the current set of required checks and how they should be used.
    • Clarified the role of migration replay checks, including when to rely on the external preview check versus the local verification gate.
    • Expanded the README and process hardening docs with more detailed build, test, and readiness workflow notes.

Walkthrough

This PR updates documentation and inline comments describing CI required checks and merge-gate policy. Changes clarify the migration replay gate behavior (preferring an external Supabase Preview check when reliable, falling back to db-reset-verify), and expand described pipeline stages. No code logic changes.

Changes

CI Gate Documentation

Layer / File(s) Summary
CI workflow comment updates
.github/workflows/ci.yml
Comments before the verify and db-reset-verify jobs are revised to describe expanded required gates (gitleaks, migration replay) and advisory guidance for keeping the replay gate only when an external check is reliable.
README CI gates description
README.md
Verification gates section expanded to list coverage, dependency audit, production-readiness mode, edge-function typecheck, parallel ui-smoke/db-reset-verify, and conditional Supabase Preview migration replay.
Process hardening merge gate guidance
docs/process-hardening.md
Documents three required parallel PR jobs and revises required-check policy to require exactly one migration replay gate, preferring Supabase Preview over db-reset-verify, with updated flakiness/bottleneck guidance.

Estimated code review effort: 1 (Trivial) | ~3 minutes

🚥 Pre-merge checks | ✅ 5 | ❌ 6

❌ Failed checks (6 inconclusive)

Check name Status Explanation Resolution
Generated And Sensitive Files ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Verification Claims ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Risky Git Or Deployment Actions ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Supabase Project And Schema Safety ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Runtime And Package Manager Integrity ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Api Route Failure Handling ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the documentation-focused change to required PR check setup.
Description check ✅ Passed The description matches the changeset and clearly explains the updated CI gate guidance and documentation intent.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/pr-required-check-setup
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch codex/pr-required-check-setup

Warning

Tools execution failed with the following error:

Failed to run tools: 13 INTERNAL: Received RST_STREAM with code 2 (Internal server error)


Comment @coderabbitai help to get the list of available commands.

@BigSimmo

BigSimmo commented Jul 9, 2026

Copy link
Copy Markdown
Owner Author

@copilot resolve the merge conflicts in this pull request

@BigSimmo
BigSimmo enabled auto-merge (squash) July 9, 2026 10:05

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Done. Merged origin/main into this branch (commit 6721b0c). The only conflict was a single comment block in .github/workflows/ci.yml — kept the PR's clarifying wording. Working tree is clean.

@chatgpt-codex-connector

Copy link
Copy Markdown

💡 Codex Review

source_kind: stringOrNull(value.source_kind),

P2 Badge Preserve registry route metadata during normalization

When registry corpus chunks are used in answer mode, the answer path normalizes search.results before building the final source list (src/lib/rag.ts:3956). This normalization now keeps source_kind but drops registry_record_kind, registry_record_slug, and registry_record_subkind, so documentCitationHref/sourceResultHref cannot build the native registry URL and fall back to /documents/<uuid> for synthetic registry:// documents. Preserve those registry fields here so registry citations and source cards actually open the intended detail pages.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@BigSimmo
BigSimmo merged commit fd12874 into main Jul 9, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants