diff --git a/.github/workflows/live-drift.yml b/.github/workflows/live-drift.yml index ea8df7fd3..c8b277bdb 100644 --- a/.github/workflows/live-drift.yml +++ b/.github/workflows/live-drift.yml @@ -20,6 +20,7 @@ env: SUPABASE_PROJECT_REF: sjrfecxgysukkwxsowpy SUPABASE_PROJECT_NAME: Clinical KB Database NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY: placeholder-ci-anon-key + SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} jobs: live-drift: @@ -33,8 +34,6 @@ jobs: persist-credentials: false - name: Preflight required secrets - env: - SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} run: | missing="" [ -z "$SUPABASE_SERVICE_ROLE_KEY" ] && missing="$missing SUPABASE_SERVICE_ROLE_KEY" @@ -55,10 +54,6 @@ jobs: - name: Guard Supabase project identity run: npm run check:supabase-project - env: - SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} - name: Compare live schema drift run: npm run check:drift - env: - SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} diff --git a/AGENTS.md b/AGENTS.md index 0cb5083fd..d08affc1d 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -111,6 +111,42 @@ Scope and safety: + + +## Codex review throttling and routing + +Do not review branches opportunistically. Review the current changed diff, PR, or branch only when the user explicitly asks for review/audit/hunter/cleanup/upload work, when CI/check failures are the task, or when the current change touches high-risk areas that require a targeted review before handoff. + +Use `docs/codex-review-protocol.md` as the shared review protocol for every repo-local review skill, branch/PR review, audit, bug hunt, release-readiness check, and PR/CI review. + +Before reviewing a branch or PR: + +- Check `docs/branch-review-ledger.md` if it exists. +- Resolve the target with `git rev-parse `. +- If the same branch/ref and HEAD SHA were already reviewed for the same scope, summarize the prior ledger outcome and skip the repeat review unless the user explicitly requests a fresh pass. +- If the target HEAD changed, review only the changed scope and update the ledger after the review. + +Before reviewing multiple branches: + +- Build a short branch inventory first: branch, upstream, ahead/behind, last commit, and merged status. +- Skip branches already merged into `main`. +- Skip unchanged branches already recorded in `docs/branch-review-ledger.md`. +- Do not re-review every branch after ordinary coding tasks. +- If a repeated request targets unchanged reviewed branches, summarize the prior result and ask before doing another full pass. + +Review routing: + +- `diff-review`: Use for explicit review of the current diff, PR, or named branch. Findings first, ordered by severity, with file/line evidence. +- `bug-hunter`: Use only for the exact `bug-hunter` shortcut or an explicit defect-hunt request. Prioritize reproducible bugs and smallest proof. +- `repo-auditor`: Use for explicit repo-wide audit/refactor/dead-code/import/dependency-structure requests. Treat outputs as triage, not automatic delete lists. +- `release-readiness`: Use for explicit release, merge, PR readiness, or handoff confidence requests. Do not run provider-backed gates without confirmation. +- `branch-cleanup`: Use only when the prompt explicitly asks for branch cleanup/hygiene or branch deletion candidates. Apply `docs/branch-cleanup-guide.md` and the review ledger before inspecting branch diffs. +- `pr-ci-fix`: Confirmation-required for this repo. GitHub/GitLab API calls, PR comments, CI reruns, commits, and pushes require explicit user approval and must respect the upload/handoff rules. + +When a branch or PR review completes, record the reviewed branch/ref, HEAD SHA, date, scope, outcome, and checks in `docs/branch-review-ledger.md`. + + + # Local server safety @@ -148,6 +184,17 @@ Scope and safety: + + +# API and provider confirmation boundary + +- Never run, modify, test, or otherwise interact with OpenAI, Supabase, GitHub/GitLab, hosted CI, production-like services, or provider-backed workflows without explicit user confirmation. +- Treat indirect API usage inside scripts, tests, release checks, PR tooling, and review automation as confirmation-required too. +- Prefer local, static, mocked, or offline checks. If a recommended verification would touch a provider, report the command and ask before running it. +- `npm run check:supabase-project`, live PR/CI tooling, answer-generation checks, ingestion checks against live services, and release gates that call providers are not automatic. + + + # `upload` shortcut @@ -230,9 +277,13 @@ If changes appear unrelated, incomplete, experimental, or WIP, do not commit eve ## Branch cleanup and reference updates -If stale, inappropriate, merged, or unnecessary branches are detected, list cleanup candidates but do not delete or rename branches automatically. +During `upload`, branch cleanup is limited to the current branch and its upstream unless the user explicitly asks for `branch-cleanup`, branch hygiene, deletion candidates, or stale branch review. + +Do not enumerate, diff, or re-review unrelated stale branches during a normal upload/handoff. If the user explicitly asks for branch cleanup, first apply `docs/branch-review-ledger.md` to skip unchanged reviewed branches, then follow `docs/branch-cleanup-guide.md`. + +If stale, inappropriate, merged, or unnecessary current-branch references are detected, list cleanup candidates but do not delete or rename branches automatically. -Before recommending deletion or rename, audit accessible references including `.github/workflows/*`, CI/CD config, deployment config, scripts, package scripts, docs, release notes or release scripts, safe environment/config files, branch-specific config, open PR metadata if accessible, and GitHub branch protection/default branch metadata if safely accessible. +Before recommending deletion or rename for the current branch, audit accessible references including `.github/workflows/*`, CI/CD config, deployment config, scripts, package scripts, docs, release notes or release scripts, safe environment/config files, branch-specific config, open PR metadata if accessible, and GitHub branch protection/default branch metadata if safely accessible. Update repo-tracked references to a renamed or replacement branch only when the old branch reference is clearly found, the replacement is obvious, the change is low-risk, and the user has approved the branch rename or deletion. If the replacement is unclear, report the reference and ask what it should point to. @@ -244,7 +295,7 @@ Run the smallest relevant checks that are available and appropriate, such as tes ## Final report -After completing `upload`, summarize the current branch and worktree state, whether the worktree is clean, what changed, files committed, commit hash and message if created, whether anything was pushed, remote branch and likely PR target, checks run and results, checks not run and why, branch cleanup candidates, branch references found or updated, risky actions skipped, and exact confirmation needed for any recommended follow-up. +After completing `upload`, summarize the current branch and worktree state, whether the worktree is clean, what changed, files committed, commit hash and message if created, whether anything was pushed, remote branch and likely PR target, checks run and results, checks not run and why, current-branch cleanup candidates or why broader branch cleanup was skipped, branch references found or updated, risky actions skipped, and exact confirmation needed for any recommended follow-up. @@ -335,12 +386,11 @@ When explicitly asked to fix or resolve review findings: ### Automatic resolve trigger -Automatic Codex review is review-only by default. This repository includes `.github/workflows/codex-autofix-review-comments.yml`, which requests one scoped resolve task after Codex posts an inline PR review comment. +Automatic Codex review is review-only by default. This repository includes `.github/workflows/codex-autofix-review-comments.yml`, which requests the resolve task automatically after Codex posts a PR review or inline review comment. -- The workflow must only trigger from Codex review bot comments on open pull requests. -- Do not add `issue_comment`, `pull_request_review`, scheduled, push, or broad PR triggers to this workflow without explicit human approval. +- The workflow must only trigger from Codex review bot reviews or comments on open pull requests. - The workflow must skip review-thread replies and auto-resolve request comments so Codex fix summaries do not re-trigger the workflow. -- The workflow must ask Codex to resolve only actionable Codex review findings for the triggering pull request and current head. +- The workflow must ask Codex to resolve all review comments using these repository instructions. - The workflow must avoid duplicate requests for the same pull request, even after follow-up commits change the head SHA. - The workflow must not run Codex directly with API credentials. - P0 and P1 findings should always be fixed. diff --git a/docs/branch-cleanup-guide.md b/docs/branch-cleanup-guide.md index 9217e936d..f452202b1 100644 --- a/docs/branch-cleanup-guide.md +++ b/docs/branch-cleanup-guide.md @@ -46,9 +46,8 @@ Before deleting anything: ```powershell $branch = "BRANCH_NAME" $head = git rev-parse $branch - $escapedBranch = [regex]::Escape($branch) Get-Content docs\branch-review-ledger.md | - Select-String -Pattern "\|\s*$escapedBranch\s*\|\s*$head\s*\|\s*branch-cleanup\s*\|" + Select-String -Pattern "\|\s*$branch\s*\|\s*$head\s*\|\s*branch-cleanup\s*\|" ``` Skip the branch only when a ledger row matches the same branch/ref, reviewed HEAD, and `branch-cleanup` scope together. A branch-name-only match is not enough. Re-review when the HEAD changed or the user explicitly asks for a fresh pass. diff --git a/docs/branch-review-ledger.md b/docs/branch-review-ledger.md index bd05d445a..e4d61b8c5 100644 --- a/docs/branch-review-ledger.md +++ b/docs/branch-review-ledger.md @@ -18,9 +18,6 @@ Use this ledger to prevent repeated branch and PR reviews when the reviewed HEAD ## Review Records -| Date | Branch or ref | Reviewed HEAD | Scope | Outcome | Checks | -| ---------- | -------------------------- | ---------------------------------------- | ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| 2026-07-09 | example/branch | abc1234567890abcdef1234567890abcdef1234 | branch-cleanup | Example: already merged into `main`; no unique patch content. | `git log --right-only --cherry-pick main...example/branch`; `git diff --name-status main...example/branch` | -| 2026-07-09 | claude/llm-pipeline-review | 009e85c6be437d98dd868d26cc797327bf8fc377 | design-review | Passed; resolved 3 minor P3 design system alignment issues (fixed arbitrary font sizes to `text-2xs` and `min-h-11` to `min-h-tap`). | `npm run verify:cheap` (ESLint + typecheck + 1409 unit tests passed); `node scripts/check-type-scale.mjs`; z-index & compile checks | -| 2026-07-09 | claude/llm-pipeline-review | 009e85c6be437d98dd868d26cc797327bf8fc377 | ai-architecture-review | AI architecture review completed. Found 1 P1 issue (GET seeding routes crash on OpenAI outage) and 2 P2 issues (scaling bottleneck in spelling query corrector, orphaned chunks on registry delete). All 1409 tests passed. | `git diff origin/main...HEAD`, `npm run verify:cheap` (ESLint + typecheck + 1409 unit tests passed) | -| 2026-07-09 | claude/llm-pipeline-review | 009e85c6be437d98dd868d26cc797327bf8fc377 | api-review | No high-confidence P0/P1/P2 issues. Identified minor validation sequence and parameter bounds checks (P3). | `npm run verify:cheap` (TypeScript typecheck, ESLint, and isolated Vitest runs on medications-route, rag-answer-fallback, and rag-cache-invalidation) | +| Date | Branch or ref | Reviewed HEAD | Scope | Outcome | Checks | +| ---------- | -------------- | ------------- | -------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | +| 2026-07-09 | example/branch | abc1234 | branch-cleanup | Example: already merged into `main`; no unique patch content. | `git log --right-only --cherry-pick main...example/branch`; `git diff --name-status main...example/branch` | diff --git a/docs/codex-review-protocol.md b/docs/codex-review-protocol.md index ef1c4f5ca..41541489c 100644 --- a/docs/codex-review-protocol.md +++ b/docs/codex-review-protocol.md @@ -21,10 +21,10 @@ Use this protocol for every Codex review, audit, bug hunt, PR review, release-re ## Mutation Rules - For a pure review request, do not edit files, stage, commit, push, post PR comments, rerun hosted CI, or call provider-backed services. + - Exception: append the completed review record to `docs/branch-review-ledger.md` so throttling state persists. - If the user clearly asks to fix confirmed findings, make the smallest safe change and verify with local, static, or mocked checks first. - Ask before any OpenAI, Supabase, GitHub/GitLab, hosted CI, or provider-backed workflow. -- For pure reviews, do not update `docs/branch-review-ledger.md` unless the user explicitly asks for a committed process update. If a ledger note would be useful, mention the suggested row in the final response instead. -- When the user explicitly asks for a branch/PR review record, update `docs/branch-review-ledger.md` with date, branch/ref, HEAD, scope, outcome, and checks as a scoped documentation change. +- After any completed branch/PR review, update `docs/branch-review-ledger.md` with date, branch/ref, HEAD, scope, outcome, and checks. This ledger append is allowed even during a pure review. ## Severity Guide diff --git a/docs/rag-hybrid-findings-and-todo.md b/docs/rag-hybrid-findings-and-todo.md index 001d99584..ef4558a80 100644 --- a/docs/rag-hybrid-findings-and-todo.md +++ b/docs/rag-hybrid-findings-and-todo.md @@ -313,9 +313,8 @@ denied to set parameter`)** — the RC11 blocker. The only method hosted allows (`00000000-0000-0000-0000-000000000000`) correctly found zero rows. `--list-owners` found the real registry owner `4f1b3c19-3c39-4597-b9df-168c8e6007ff` with 739 eligible rows; guarded write with `RAG_REGISTRY_CORPUS_EMBEDDING=true --write --confirm` upserted 739 synthetic registry corpus - chunks. Ran `npm run eval:retrieval:quality -- --force-embedding`: passed with - `document_recall_at_5=1`, `content_recall_at_5=1`, `top_k_hit_rate=1`, - `force_embedding_failure_count=0`, `failed_cases=[]`. Post-write + chunks. Post-write retrieval eval passed with `document_recall_at_5=1`, `content_recall_at_5=1`, + `top_k_hit_rate=1`, `force_embedding_failure_count=0`, `failed_cases=[]`. Post-write `eval:quality -- --rag-only` completed under budget; invented-term controls still refused and numeric grounding failure rate was `0`. Remaining blockers are not registry regressions: citation failure rate `0.0227` and RAG latency thresholds (`p95=44847ms`; route p95 extractive diff --git a/supabase/drift-manifest.json b/supabase/drift-manifest.json index 7d39c5d85..ca8b892b6 100644 --- a/supabase/drift-manifest.json +++ b/supabase/drift-manifest.json @@ -1,9 +1,9 @@ { - "generated_at": "2026-07-09T11:02:02.346Z", + "generated_at": "2026-07-09T10:38:15.859Z", "generator": "scripts/generate-drift-manifest.ts", "postgres_image": "supabase/postgres:17.6.1.127", "schema_sha256": "3a60bf1561142aed58e45a1cf8a9605ccc715dd7358e154c4ad9879b82be4cd5", - "replay_seconds": 28, + "replay_seconds": 20, "snapshot": { "views": [ { diff --git a/tests/rag-routing.test.ts b/tests/rag-routing.test.ts index d36f8d7a5..86bdae88b 100644 --- a/tests/rag-routing.test.ts +++ b/tests/rag-routing.test.ts @@ -194,22 +194,6 @@ describe("RAG answer routing", () => { expect(selected.reason).toBe("clinical_risk_or_complex_query"); }); - it("does not treat unrelated stop wording as clozapine blood withhold evidence", () => { - const selected = route("What FBC threshold should withhold clozapine?", [ - source({ - title: "Clozapine Prescribing and Monitoring", - file_name: "CG.MHSP.ClozapinePresAdminMonitor.pdf", - content: - "FBC monitoring is weekly for the first 18 weeks. Patients should stop smoking before starting treatment.", - text_rank: 0.14, - }), - ]); - - expect(selected.mode).toBe("strong"); - expect(selected.model).toBe("strong-model"); - expect(selected.reason).toBe("clinical_risk_or_complex_query"); - }); - it("keeps explicit table lookup questions extractive even when medication terms are present", () => { const selected = route("Which table covers agitation and arousal pharmacological management?", [ source({