workflow: add risk-scoped productivity toolkit#713
Conversation
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
CI triageCI failed on this PR. Automated classification of the 2 failed job(s):
Heuristic only — a main-side or flake label is a starting point, not a verdict. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ccd5391421
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ccd5391421
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (7)
📝 WalkthroughWalkthroughAdds an offline-first productivity workflow system with risk classification, approval-gated plans, CLI execution, portable workflow launching, repository-local skills, documentation, and automated tests. ChangesProductivity workflows
Estimated code review effort: 3 (Moderate) | ~30 minutes Sequence Diagram(s)sequenceDiagram
participant Developer
participant WorkflowCLI
participant ChangeScope
participant ProductivityCore
participant LocalChecks
Developer->>WorkflowCLI: Select workflow and options
WorkflowCLI->>ChangeScope: Read changed-file scope
ChangeScope-->>WorkflowCLI: Return scope classification
WorkflowCLI->>ProductivityCore: Build risk-scoped plan
ProductivityCore-->>WorkflowCLI: Return checks, approvals, and proof
WorkflowCLI->>LocalChecks: Run selected offline checks
LocalChecks-->>WorkflowCLI: Return status and failures
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 00fbc3803c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.agents/skills/clinical-change-proof/SKILL.md:
- Around line 18-20: Update the command-execution guidance in the Clinical
Governance Preflight section to require a separate explicit user approval for
every command listed by the planner’s approvalRequired output, including
retrieval, deployment, and release commands such as npm run verify:release.
Prohibit bundling, implicit approval, or indirect execution, and align the
wording with the approvalRequired and approvalChecks contract in
productivity-core.mjs.
In @.gitignore:
- Around line 23-26: Update the .agents/plugins gitignore rules so plugin
descendants remain ignored by adding a recursive ignore for /.agents/plugins/**
before the marketplace exceptions, then preserve the directory and marketplace
negations needed to allow only the intended marketplace files.
In `@scripts/ci-change-scope.mjs`:
- Around line 466-471: Update the assertScope call for "repo-skill" to isolate
the .agents/skills/database-flightplan/SKILL.md path by removing
scripts/productivity-core.mjs from its tracked paths. Preserve the existing
expected workflow_changed, source_changed, docs_only, and build_changed
assertions so the test specifically validates repository-skill detection.
In `@scripts/productivity-core.mjs`:
- Around line 296-301: Update the diagnostic pattern in the classification logic
around the probable-regression check to recognize the concatenated lowercase
“typeerror” form produced by standard TypeError messages. Preserve the existing
matches and probable-regression result for all other listed diagnostics.
- Around line 5-6: Update PROVIDER_COMMAND_PATTERN to match remote Git
operations such as git push, ensuring commands accidentally classified as
localChecks still trigger the approval-required safety guard. Preserve all
existing provider-command matches.
- Around line 90-115: Repository skill files under .agents/skills/**/SKILL.md
must not be classified as documentation-only. Update the risk classification
logic used by buildWorkflowPlan so these files set risks.workflow while leaving
risks.docsOnly false, then add a regression test asserting docsOnly is false and
localChecks includes npm run verify:pr-local for a representative skill path.
In `@scripts/productivity-workflow.mjs`:
- Around line 131-136: Update the output flow around the JSON rendering,
writeWorkflowEvidence, and runLocalChecks calls so --json always produces
machine-parseable JSON on stdout. Either reject incompatible --json combinations
or include the evidence path in the JSON result and redirect workflow and
child-process output away from stdout, while preserving normal non-JSON
behavior.
- Around line 56-62: Update the option parsing branches for --files, --phase,
and --log to validate that the next token exists and is not another flag before
consuming it. Reject missing values instead of assigning an empty value or
treating the next option as data, while preserving the existing parsing behavior
for valid values.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: ef65917d-065a-4bc7-8d0f-f43426022477
📒 Files selected for processing (23)
.agents/skills/clinical-change-proof/SKILL.md.agents/skills/clinical-change-proof/agents/openai.yaml.agents/skills/database-flightplan/SKILL.md.agents/skills/database-flightplan/agents/openai.yaml.agents/skills/live-design-sweep/SKILL.md.agents/skills/live-design-sweep/agents/openai.yaml.agents/skills/operator-closeout/SKILL.md.agents/skills/operator-closeout/agents/openai.yaml.agents/skills/rag-change-lab/SKILL.md.agents/skills/rag-change-lab/agents/openai.yaml.agents/skills/session-lifecycle/SKILL.md.agents/skills/session-lifecycle/agents/openai.yaml.agents/skills/verify-triage-fix/SKILL.md.agents/skills/verify-triage-fix/agents/openai.yaml.gitignoreAGENTS.mddocs/productivity-workflows.mdpackage.jsonscripts/ci-change-scope.mjsscripts/external-workflow.mjsscripts/productivity-core.mjsscripts/productivity-workflow.mjstests/productivity-workflow.test.ts
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b52112df6a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a1732cf993
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Summary
workflow:*commands portable across linked and detached worktreesWhy
Repeated Database tasks already had strong individual checks but still required manual risk classification, verification selection, provider gating, failure triage, and evidence assembly. This centralizes that orchestration without duplicating the existing gates.
Areas touched
.agents/skills/**scripts/productivity-core.mjs,scripts/productivity-workflow.mjs,scripts/external-workflow.mjsscripts/ci-change-scope.mjs,package.json,AGENTS.md,.gitignoretests/productivity-workflow.test.ts,docs/productivity-workflows.mdVerification
npm run verify:pr-local— passed on the rebased headquick_validate.pyChecks not run
npm run verify:ui: no UI, routing, browser, or styling behavior changedRisk and limitations
.local-devtool installation, orCODEX_LOCAL_WORKFLOW_ROOTwhen installed elsewhereSummary by CodeRabbit