Skip to content

fix(ci): preserve high-risk auto-resolve routing across renames#873

Merged
BigSimmo merged 6 commits into
mainfrom
codex/chat-audit-remediation-pr-0a27
Jul 18, 2026
Merged

fix(ci): preserve high-risk auto-resolve routing across renames#873
BigSimmo merged 6 commits into
mainfrom
codex/chat-audit-remediation-pr-0a27

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Classify both filename and previous_filename when routing renamed pull-request files.
  • Derive non-excluded paths first, then use that same set for high-risk and complexity routing so excluded test/generated rename history cannot consume the single repair pass.
  • Treat src/data, reusable GitHub actions, and the action-pin/Codex guard scripts as high-risk repository infrastructure.
  • Lock the behavior with the workflow guard, focused rename/path coverage, and the review ledger.

The broader audit remediation was already on main through #814. This PR contained only the residual routing fix and its verification record.

Verification

  • npm run verify:pr-local
    • Node 24.18.0 / npm 11.17.0 runtime checks passed.
    • Changed-file format, ESLint, and TypeScript passed.
    • 301 Vitest files / 2,788 tests passed.
    • 36 offline RAG fixtures across 21 suites passed.
    • Build skipped by the selector because no build-affecting files changed.
  • Review-fix focused proof: node C:\Dev\Apps\Database\node_modules\vitest\vitest.mjs run tests/codex-autofix-workflow.test.ts tests/github-action-pins.test.ts --reporter=dot — 2 files / 54 tests passed.
  • node scripts/check-codex-autofix-workflow.mjs
  • node scripts/check-github-action-pins.mjs
  • Affected-file Prettier and git diff --check
  • Final hosted head: Change scope, Static PR checks, Unit coverage, Safety/config, PR required, PR policy, Semgrep, Gitleaks, and GitGuardian passed.
  • npm run verify:ui — not run; no UI, routing, styling, browser, or accessibility behavior changed.
  • npm run verify:release — not run; disproportionate for a workflow-only change and may include provider-backed gates.

Review resolution

  • Automated review found one P2: exclusion and high-risk checks could evaluate different rename paths.
  • Fixed by deriving routeableFilePaths first and using it for both risk and source-complexity checks.
  • Added the exact excluded-test-to-docs rename regression case; the review thread was replied to with the repository disposition marker and resolved.

Risk and rollout

  • Risk: Low product risk; CI automation only. The change broadens which reviewed PRs qualify for the existing single repair pass while retaining trusted-bot, completed-review, inline-finding, label, token, and lifetime-deduplication gates.
  • Rollback: Revert main commit ebb8c90ca.
  • Provider or production effects: Authorized Git/GitHub PR operations only. No Supabase, OpenAI, deployment, live-service, or production-data operation was run locally.

Clinical Governance Preflight

Not applicable: no ingestion, retrieval, answer generation, clinical output, source rendering, privacy, document access, or production environment behavior changed.

Notes

@supabase

supabase Bot commented Jul 18, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@BigSimmo, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 6 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: a34106fe-54b9-4fe0-8c35-0bd8e2d86756

📥 Commits

Reviewing files that changed from the base of the PR and between a6d17e2 and deaab58.

📒 Files selected for processing (1)
  • docs/branch-review-ledger.md
📝 Walkthrough

Walkthrough

The Codex auto-resolve workflow recognizes additional high-risk paths and evaluates current and previous filenames for renamed files. Its validation guard and tests were updated, and the branch review ledger gained a record.

Changes

Codex routing

Layer / File(s) Summary
Rename-aware risk routing
.github/workflows/codex-autofix-review-comments.yml, scripts/check-codex-autofix-workflow.mjs
Expanded high-risk patterns, normalized current and previous filenames, and updated workflow validation requirements.
Routing coverage and review record
tests/codex-autofix-workflow.test.ts, docs/branch-review-ledger.md
Added rename and infrastructure-path routing tests and recorded the 2026-07-18 branch review.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant GitHub as GitHub PR file metadata
  participant Workflow as GitHub Actions workflow
  participant Patterns as Risk routing checks
  participant Codex as Codex request
  GitHub->>Workflow: Provide current and previous filenames
  Workflow->>Workflow: Normalize candidate paths
  Workflow->>Patterns: Check exclusion, high-risk, and source patterns
  Patterns-->>Workflow: Return route reasons
  Workflow->>Codex: Send auto-resolve request when routed
Loading

Possibly related PRs

Suggested labels: codex

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: preserving high-risk auto-resolve routing across renamed files.
Description check ✅ Passed The description matches the template well, with summary, verification, risk/rollout, governance, and notes sections filled in.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/chat-audit-remediation-pr-0a27

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4fb9bf9e29

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/codex-autofix-review-comments.yml Outdated
@BigSimmo

Copy link
Copy Markdown
Owner Author

@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation.

@BigSimmo

Copy link
Copy Markdown
Owner Author

@copilot resolve the merge conflicts on this branch.

@BigSimmo
BigSimmo enabled auto-merge (squash) July 18, 2026 15:16
…diation-pr-0a27

# Conflicts:
#	docs/branch-review-ledger.md
@chatgpt-codex-connector

Copy link
Copy Markdown

Summary

PR / Commit

  • Committed the scoped fix on the current branch: a549d60 fix(ci): keep rename exclusions path-scoped.
  • Created PR metadata with make_pr titled: fix(ci): keep rename exclusions path-scoped.
  • Included the required thread disposition marker in the PR body for the actionable Codex thread.

Testing

  • node scripts/check-codex-autofix-workflow.mjs
  • npm run test -- tests/codex-autofix-workflow.test.ts --reporter=dot
  • git diff --check
  • ⚠️ npm run test:focused -- --files .github/workflows/codex-autofix-review-comments.yml,scripts/check-codex-autofix-workflow.mjs,tests/codex-autofix-workflow.test.ts — the repo’s focused-test helper refused workflow/test/config paths and instructed running the full unit suite instead.
  • ⚠️ npm run test -- tests/codex-autofix-workflow.test.ts --reporter=dot — first attempt failed before npm ci because node_modules/vitest/vitest.mjs was missing; passed after installing dependencies under Node 24.
  • ⚠️ npm ci — first attempt under Node 20 failed engine checks; passed after switching PATH to Node 24.15.0.
  • ⚠️ npm run verify:cheap — failed in unrelated tests/pdf-extraction-budget.test.ts PDF child-process deadline coverage after the workflow/lint/typecheck portions had progressed; the focused CI workflow guard and regression test passed.

View task →

auto-merge was automatically disabled July 18, 2026 15:19

Head branch was pushed to by a user without write access

Copilot AI commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts on this branch.

Merged origin/main into this branch and resolved the single conflict in docs/branch-review-ledger.md — kept all three rows (PR #873, PR #868, PR #865). Merge commit: a6d17e2c.

...

All actionable Codex review findings were already resolved before this pass. The single P2 thread (excluded rename history triggering high-risk routing) was fixed in 4bea60e9 with path-scoped routing and regression tests. No unresolved threads remain. Also resolved the concurrent merge conflict with origin/main in docs/branch-review-ledger.md (merge commit a6d17e2c).

@BigSimmo
BigSimmo enabled auto-merge (squash) July 18, 2026 15:22
@BigSimmo
BigSimmo merged commit ebb8c90 into main Jul 18, 2026
15 checks passed
@BigSimmo
BigSimmo deleted the codex/chat-audit-remediation-pr-0a27 branch July 18, 2026 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants