Skip to content

CI: streamline risk-scoped PR verification#454

Merged
BigSimmo merged 3 commits into
mainfrom
codex/pr-testing-streamlining
Jul 10, 2026
Merged

CI: streamline risk-scoped PR verification#454
BigSimmo merged 3 commits into
mainfrom
codex/pr-testing-streamlining

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add repository-owned change classification and one always-reporting required PR aggregate.
  • Run coverage, builds, migration replay, critical UI, Codex workflow guards, and offline RAG checks only when their scopes apply.
  • Replace the placeholder RAG preflight with 57 production-backed tests using static fixtures and mocked providers.
  • Keep five Chromium contract tests required and run the remaining 119 as advisory PR regression coverage.
  • Align local PR verification, review automation guidance, and the PR checklist with the new CI flow.
  • Fail closed when a diff base is unknown, preserve both sides of renames, and classify coverage config and runtime data inputs correctly.

Why

The previous required workflow repeated expensive work and made broad browser and migration checks block unrelated pull requests. This keeps deterministic and clinical safety checks while reducing the required UI gate from roughly ten minutes to about thirty seconds.

Verification

  • npm run verify:cheap: passed; 152 test files passed, 1 skipped; 1,426 tests passed, 1 skipped.
  • npm run verify:pr-local: passed; runtime, full formatting, lint, typecheck, 1,426 unit tests, production Next.js build, and offline RAG preflight completed.
  • npm run eval:rag:offline: passed; 36 fixture cases validated and 57/57 production contract tests passed with providers mocked and credentials removed.
  • npm run test:e2e:critical: passed; 5/5 Chromium contract tests in about 29 seconds.
  • npm run test:e2e:advisory: passed; 119/119 Chromium regression tests in 9.8 minutes.
  • npm run check:ci-scope: passed, including coverage-config, runtime-data, rename, unknown-base, and unstaged-path regression cases.
  • npm run check:github-actions: passed; GitHub Action pin validation completed.
  • npm run check:codex-autofix-workflow: passed; scoped auto-resolve workflow guard completed.
  • npm run format:check: passed; all repository files match Prettier formatting.
  • git diff --check: passed; no whitespace errors.

Not Run

  • No live Supabase or OpenAI evaluations.
  • No production deployment or data mutation.
  • No release gate, because this process-only PR does not change production clinical behavior.

Risk and Governance

This is CI, test, and process infrastructure only. The offline RAG gate invokes production retrieval and answer-contract code with credentials removed and providers mocked; live clinical eval requirements remain unchanged for relevant future PRs. Branch protection now requires CI / PR required and Secret Scan / Gitleaks; Semgrep remains advisory.

Add conservative change classification, an always-reporting required aggregate, production-backed offline RAG contracts, and a fast critical UI gate with advisory regression coverage. Verified with verify:cheap, verify:pr-local, 124 Chromium tests, and CI workflow guards.
@supabase

supabase Bot commented Jul 10, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The PR adds path-scoped CI classification, local PR verification, offline RAG preflight checks, critical/advisory UI test commands, a consolidated required gate, and updated Codex review-policy and process documentation.

Changes

PR verification and merge gating

Layer / File(s) Summary
Change scope classification
scripts/ci-change-scope.mjs, package.json
Changed files are classified into documentation, source, UI, database, RAG, workflow, container, Codex, coverage, and build scopes, with CLI output and self-tests.
Local verification and offline RAG checks
scripts/verify-pr-local.mjs, scripts/eval-rag-offline.mjs, tests/rag-offline-answer.test.ts, .github/pull_request_template.md, package.json
Local verification runs common checks and conditionally runs build and offline RAG evaluation; RAG fixtures and answer citation contracts receive expanded validation.
Conditional CI and required aggregation
.github/workflows/ci.yml, docs/process-hardening.md, scripts/check-codex-autofix-workflow.mjs, AGENTS.md, docs/branch-review-ledger.md
CI is split into scoped jobs with safety, coverage, build, UI, database, and aggregate required checks; Codex instruction boundaries and process records are updated.
Critical UI test partitioning
tests/ui-smoke.spec.ts, package.json
Critical Playwright tests are tagged and use landing-state assertions, while critical and advisory command variants are exposed for CI.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant GitHubActions
  participant changes
  participant ScopedJobs
  participant pr-required
  participant release-browser-matrix
  GitHubActions->>changes: classify changed files
  changes->>ScopedJobs: provide scope outputs
  ScopedJobs->>pr-required: report job results
  pr-required->>release-browser-matrix: provide required aggregate status
Loading
🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 70.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (10 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Generated And Sensitive Files ✅ Passed Changed files are only workflow/docs/scripts/tests; no secrets, .envs, caches, build outputs, or local artifacts were added.
Verification Claims ✅ Passed PR description lists exact commands with pass/results; no vague verification claims found.
Risky Git Or Deployment Actions ✅ Passed No edited doc, script, or workflow adds unsafe git/destructive/deployment instructions; the changes reinforce scoped review and confirmation boundaries.
Supabase Project And Schema Safety ✅ Passed No changed app/scripts/migrations/env files re-point Supabase; PR only updates CI/docs/workflow code and adds no RLS/policy/schema migrations.
Runtime And Package Manager Integrity ✅ Passed PR keeps npm@11.17.0, Node 24.x, engine-strict, and package-lock.json; changed files only add npm-based scripts and CI using npm ci.
Api Route Failure Handling ✅ Passed No runtime API/server-action changes; the new RAG offline script and answer/search paths fail closed on invalid input, auth/rate-limit, provider failures, and empty evidence.
Title check ✅ Passed The title is concise and accurately summarizes the main change: streamlining risk-scoped PR verification.
Description check ✅ Passed The description is detailed and covers summary, verification, and risk context, with only minor template section naming differences.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/pr-testing-streamlining
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch codex/pr-testing-streamlining

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e66c2a9fc6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/ci-change-scope.mjs Outdated
Comment thread scripts/ci-change-scope.mjs Outdated
Comment thread scripts/ci-change-scope.mjs Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/ci-change-scope.mjs`:
- Around line 292-294: Update the GITHUB_ACTIONS fallback in classify() so
unknown-base changes also trigger RAG evaluation: add a sentinel path matching
ragEvalPatterns (or return an explicit force_all scope), and ensure the
corresponding CI output/job consumes it to run offline RAG verification.
- Around line 255-259: Prevent a feature-branch upstream from being used as the
local diff base: in the base-ref selection logic, replace the `return upstream
|| null` fallback after checking known branches with `return null`, or otherwise
classify the scope as full when no recognized base branch is available.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f8d43e5d-4f6b-455c-b078-3814db08d31a

📥 Commits

Reviewing files that changed from the base of the PR and between 155c801 and e66c2a9.

📒 Files selected for processing (12)
  • .github/pull_request_template.md
  • .github/workflows/ci.yml
  • AGENTS.md
  • docs/branch-review-ledger.md
  • docs/process-hardening.md
  • package.json
  • scripts/check-codex-autofix-workflow.mjs
  • scripts/ci-change-scope.mjs
  • scripts/eval-rag-offline.mjs
  • scripts/verify-pr-local.mjs
  • tests/rag-offline-answer.test.ts
  • tests/ui-smoke.spec.ts

Comment thread scripts/ci-change-scope.mjs Outdated
Comment thread scripts/ci-change-scope.mjs
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

# Conflicts:
#	AGENTS.md
#	docs/branch-review-ledger.md
#	scripts/check-codex-autofix-workflow.mjs
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@BigSimmo
BigSimmo merged commit 01f2cee into main Jul 10, 2026
17 checks passed
@BigSimmo
BigSimmo deleted the codex/pr-testing-streamlining branch July 10, 2026 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant