Skip to content

workflow: add risk-scoped productivity toolkit#713

Merged
BigSimmo merged 7 commits into
mainfrom
codex/chat-workflow-ideas-0916
Jul 17, 2026
Merged

workflow: add risk-scoped productivity toolkit#713
BigSimmo merged 7 commits into
mainfrom
codex/chat-workflow-ideas-0916

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 17, 2026

Copy link
Copy Markdown
Owner

Summary

  • add seven lightweight repository-local productivity skills for planning, triage, clinical proof, design QA, RAG validation, operator closeout, and session lifecycle
  • add one shared offline-first workflow engine with explicit provider approval separation and structured evidence output
  • make the existing shared workflow:* commands portable across linked and detached worktrees
  • register the new workflow surface with CI scope detection and document usage

Why

Repeated Database tasks already had strong individual checks but still required manual risk classification, verification selection, provider gating, failure triage, and evidence assembly. This centralizes that orchestration without duplicating the existing gates.

Areas touched

  • .agents/skills/**
  • scripts/productivity-core.mjs, scripts/productivity-workflow.mjs, scripts/external-workflow.mjs
  • scripts/ci-change-scope.mjs, package.json, AGENTS.md, .gitignore
  • tests/productivity-workflow.test.ts, docs/productivity-workflows.md

Verification

  • npm run verify:pr-local — passed on the rebased head
    • formatting, ESLint, and TypeScript passed
    • 273 test files / 2,594 tests passed
    • Next.js production build completed, including 1,043 static pages
    • client-bundle secret scan passed
    • offline RAG fixture and manifest validation passed: 36 golden cases / 21 suites
  • all seven workflow CLI smoke plans passed locally
  • all seven skills passed quick_validate.py
  • documentation link and npm-script reference checks passed during implementation

Checks not run

  • npm run verify:ui: no UI, routing, browser, or styling behavior changed
  • live Supabase/OpenAI, release, deployment, or other provider-backed checks: not applicable and intentionally excluded

Risk and limitations

  • provider-backed commands are plan-only and cannot enter the local executable sequence without the workflow engine throwing
  • shared legacy workflow commands still require the existing .local-dev tool installation, or CODEX_LOCAL_WORKFLOW_ROOT when installed elsewhere
  • no application runtime, API contract, database schema, retrieval behavior, or clinical output changed

Summary by CodeRabbit

  • New Features
    • Added offline-first workflow planners for triage, clinical change proof, live design sweep, RAG validation, operator closeout, database flight planning, and session lifecycle.
    • Introduced an evidence-focused workflow CLI with approval-gated provider-backed actions and plan-only safety for operator closeout.
    • Added external workflow launcher support for shared workflow entrypoints.
  • Documentation
    • Added workflow usage/safety guidance and expanded repository productivity skill instructions, including new skill documentation.
  • Tests
    • Expanded CLI and planning coverage for risk classification, proof generation, failure diagnosis, operator item extraction, and workflow portability.
  • Chores
    • Updated workflow script entrypoints, workflow scoping rules, and repository ignore patterns.

@supabase

supabase Bot commented Jul 17, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@github-actions

Copy link
Copy Markdown

CI triage

CI failed on this PR. Automated classification of the 2 failed job(s):

  • Unit coverageneeds investigation.
  • PR requiredneeds investigation: use the uploaded JUnit classification and trace; job type alone is not evidence of a known flake.

Heuristic only — a main-side or flake label is a starting point, not a verdict.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ccd5391421

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread tests/productivity-workflow.test.ts Outdated
Comment thread .agents/skills/session-lifecycle/SKILL.md Outdated
@BigSimmo

Copy link
Copy Markdown
Owner Author

@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ccd5391421

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread tests/productivity-workflow.test.ts Outdated
@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 660510e1-3b3c-43f3-9e4b-ecd75a8f385d

📥 Commits

Reviewing files that changed from the base of the PR and between b52112d and 07b4af0.

📒 Files selected for processing (7)
  • .agents/skills/clinical-change-proof/SKILL.md
  • .gitignore
  • docs/branch-review-ledger.md
  • scripts/ci-change-scope.mjs
  • scripts/productivity-core.mjs
  • scripts/productivity-workflow.mjs
  • tests/productivity-workflow.test.ts

📝 Walkthrough

Walkthrough

Adds an offline-first productivity workflow system with risk classification, approval-gated plans, CLI execution, portable workflow launching, repository-local skills, documentation, and automated tests.

Changes

Productivity workflows

Layer / File(s) Summary
Risk classification and workflow plans
scripts/productivity-core.mjs, scripts/ci-change-scope.mjs, tests/productivity-workflow.test.ts
Classifies changed files, builds workflow-specific checks and proofs, enforces provider-command separation, and extends workflow scope detection with coverage.
Productivity workflow CLI and evidence
scripts/productivity-core.mjs, scripts/productivity-workflow.mjs, tests/productivity-workflow.test.ts
Adds argument parsing, report and JSON output, triage and operator-closeout data loading, evidence generation, guarded local execution, failure classification, backlog extraction, and CLI validation.
Workflow command portability
scripts/external-workflow.mjs, package.json, tests/productivity-workflow.test.ts
Resolves allowlisted external workflows from configured or Git-common-directory locations and updates npm workflow scripts to use the new entrypoints.
Repository skills and workflow guidance
.agents/skills/*, AGENTS.md, docs/productivity-workflows.md, .gitignore, docs/branch-review-ledger.md
Adds workflow skill definitions and interfaces, documents planner usage and safety defaults, updates repository guidance and ignore rules, and records the review follow-up.

Estimated code review effort: 3 (Moderate) | ~30 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Developer
  participant WorkflowCLI
  participant ChangeScope
  participant ProductivityCore
  participant LocalChecks
  Developer->>WorkflowCLI: Select workflow and options
  WorkflowCLI->>ChangeScope: Read changed-file scope
  ChangeScope-->>WorkflowCLI: Return scope classification
  WorkflowCLI->>ProductivityCore: Build risk-scoped plan
  ProductivityCore-->>WorkflowCLI: Return checks, approvals, and proof
  WorkflowCLI->>LocalChecks: Run selected offline checks
  LocalChecks-->>WorkflowCLI: Return status and failures
Loading

Possibly related PRs

  • BigSimmo/Database#454 — Extends the same change-scope classification model used for verification gating.
  • BigSimmo/Database#594 — Relates to the session-lifecycle skill’s compatibility with older task and handoff interfaces.
  • BigSimmo/Database#705 — Updates related change-scope workflow detection and self-tests.

Suggested reviewers: claude

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately reflects the main change: adding a risk-scoped productivity toolkit.
Description check ✅ Passed The description covers Summary, Why, Areas touched, Verification, and limitations, though it omits the template's checklist-style preflight sections.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/chat-workflow-ideas-0916

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 00fbc3803c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/productivity-core.mjs Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agents/skills/clinical-change-proof/SKILL.md:
- Around line 18-20: Update the command-execution guidance in the Clinical
Governance Preflight section to require a separate explicit user approval for
every command listed by the planner’s approvalRequired output, including
retrieval, deployment, and release commands such as npm run verify:release.
Prohibit bundling, implicit approval, or indirect execution, and align the
wording with the approvalRequired and approvalChecks contract in
productivity-core.mjs.

In @.gitignore:
- Around line 23-26: Update the .agents/plugins gitignore rules so plugin
descendants remain ignored by adding a recursive ignore for /.agents/plugins/**
before the marketplace exceptions, then preserve the directory and marketplace
negations needed to allow only the intended marketplace files.

In `@scripts/ci-change-scope.mjs`:
- Around line 466-471: Update the assertScope call for "repo-skill" to isolate
the .agents/skills/database-flightplan/SKILL.md path by removing
scripts/productivity-core.mjs from its tracked paths. Preserve the existing
expected workflow_changed, source_changed, docs_only, and build_changed
assertions so the test specifically validates repository-skill detection.

In `@scripts/productivity-core.mjs`:
- Around line 296-301: Update the diagnostic pattern in the classification logic
around the probable-regression check to recognize the concatenated lowercase
“typeerror” form produced by standard TypeError messages. Preserve the existing
matches and probable-regression result for all other listed diagnostics.
- Around line 5-6: Update PROVIDER_COMMAND_PATTERN to match remote Git
operations such as git push, ensuring commands accidentally classified as
localChecks still trigger the approval-required safety guard. Preserve all
existing provider-command matches.
- Around line 90-115: Repository skill files under .agents/skills/**/SKILL.md
must not be classified as documentation-only. Update the risk classification
logic used by buildWorkflowPlan so these files set risks.workflow while leaving
risks.docsOnly false, then add a regression test asserting docsOnly is false and
localChecks includes npm run verify:pr-local for a representative skill path.

In `@scripts/productivity-workflow.mjs`:
- Around line 131-136: Update the output flow around the JSON rendering,
writeWorkflowEvidence, and runLocalChecks calls so --json always produces
machine-parseable JSON on stdout. Either reject incompatible --json combinations
or include the evidence path in the JSON result and redirect workflow and
child-process output away from stdout, while preserving normal non-JSON
behavior.
- Around line 56-62: Update the option parsing branches for --files, --phase,
and --log to validate that the next token exists and is not another flag before
consuming it. Reject missing values instead of assigning an empty value or
treating the next option as data, while preserving the existing parsing behavior
for valid values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: ef65917d-065a-4bc7-8d0f-f43426022477

📥 Commits

Reviewing files that changed from the base of the PR and between 2d1fd1b and 00fbc38.

📒 Files selected for processing (23)
  • .agents/skills/clinical-change-proof/SKILL.md
  • .agents/skills/clinical-change-proof/agents/openai.yaml
  • .agents/skills/database-flightplan/SKILL.md
  • .agents/skills/database-flightplan/agents/openai.yaml
  • .agents/skills/live-design-sweep/SKILL.md
  • .agents/skills/live-design-sweep/agents/openai.yaml
  • .agents/skills/operator-closeout/SKILL.md
  • .agents/skills/operator-closeout/agents/openai.yaml
  • .agents/skills/rag-change-lab/SKILL.md
  • .agents/skills/rag-change-lab/agents/openai.yaml
  • .agents/skills/session-lifecycle/SKILL.md
  • .agents/skills/session-lifecycle/agents/openai.yaml
  • .agents/skills/verify-triage-fix/SKILL.md
  • .agents/skills/verify-triage-fix/agents/openai.yaml
  • .gitignore
  • AGENTS.md
  • docs/productivity-workflows.md
  • package.json
  • scripts/ci-change-scope.mjs
  • scripts/external-workflow.mjs
  • scripts/productivity-core.mjs
  • scripts/productivity-workflow.mjs
  • tests/productivity-workflow.test.ts

Comment thread .agents/skills/clinical-change-proof/SKILL.md
Comment thread .gitignore
Comment thread scripts/ci-change-scope.mjs Outdated
Comment thread scripts/productivity-core.mjs Outdated
Comment thread scripts/productivity-core.mjs Outdated
Comment thread scripts/productivity-core.mjs Outdated
Comment thread scripts/productivity-workflow.mjs Outdated
Comment thread scripts/productivity-workflow.mjs Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b52112df6a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/productivity-core.mjs

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a1732cf993

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/productivity-core.mjs Outdated
@BigSimmo
BigSimmo merged commit 9a3cc9f into main Jul 17, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant