From 8622f73971aa50ef87edcb01b1f7c33187591a79 Mon Sep 17 00:00:00 2001 From: BigSimmo <87357024+BigSimmo@users.noreply.github.com> Date: Sun, 19 Jul 2026 04:09:31 +0800 Subject: [PATCH 1/2] docs: record repository cleanup follow-ups --- docs/branch-review-ledger.md | 4 ++++ docs/process-hardening.md | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/docs/branch-review-ledger.md b/docs/branch-review-ledger.md index 4165e5929..62bc24c55 100644 --- a/docs/branch-review-ledger.md +++ b/docs/branch-review-ledger.md @@ -20,6 +20,10 @@ Use this ledger to prevent repeated branch and PR reviews when the reviewed HEAD | Date | Branch or ref | Reviewed HEAD | Scope | Outcome | Checks | | ---------- | -------------------------------------------------------- | ---------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 2026-07-14 | multiple remote branches (16 refs) | multiple SHAs | remote branch cleanup | Safely deleted 16 fully merged and redundant remote branches on origin (including `claude/canary-gate-fixes`, `claude/codebase-index-coverage`, `claude/design-elevation-e1e2`, `claude/design-sync-fixes-p1`, `claude/docs-script-linter`, `claude/document-image-viewer-review-ox7t11`, `claude/generation-token-starvation-fix`, `claude/github-actions-codex-issue-f4t4s5`, `claude/hero-composer-hydration`, `claude/pdf-signed-url-refresh`, `claude/pt-audit-monitor-marker-fix`, `claude/pt-audit-pr2-variant-early-exit`, `claude/pt-audit-pr4-trust-copy`, `claude/pt-audit-pt17-live-monitor`, `codex/eval-canary-quota-handling`, and `cursor/clean-sentry-lockfile-orphans-74cf`). | Confirmed zero unique commits against origin/main and MERGED/CLOSED status on GitHub via `gh pr list`. | +| 2026-07-14 | worktrees (6244, 8ba3, b6ff, e6b5, repo-improvement-review-09945c) | detached HEADs | local worktree cleanup | Safely removed and unregistered 5 clean, inactive worktrees from the git registry. | Ran `git worktree remove` and verified final active worktrees. | +| 2026-07-14 | main | 570e6ba56ae60bea56a32801b9cc96c5a8dfde4f | branch alignment | Fast-forwarded local `main` to latest `origin/main` commit. | Verified main and origin/main revisions and updated ref locally. | +| 2026-07-14 | local branches (5 refs) | multiple SHAs | local branch cleanup | Safely deleted 5 local branches that were squash-merged or had no changes (including `claude/canary-latency-recalibration`, `claude/process-hardening-consolidation`, `codex/fix-registry-indexing-health`, `codex/pr-556-sync`, and `codex/pr-597-fix`). | Verified diff was identical to origin/main and confirmed MERGED status on GitHub. | | 2026-07-18 | local repository cleanup against `origin/main` | 1d9fdcfdd | repository-maintenance summary (non-skip aggregate) | Removed 26 clean, exact-proven redundant worktree registrations (58 -> 32 before the temporary cleanup worktree) and deleted 78 unregistered local branches: 73 direct `origin/main` ancestors plus five exact/covered squash-merge refs for PRs #852, #859, #868, #869, and #870. Preserved all dirty, active, open-PR-owned, backup, ledger-protected, and patch-unique/ambiguous work, including the divergent local `main`; no reset, force operation, remote-branch deletion, or source replay was performed. Six unregistered Windows directory residues remain without `.git` markers after Git cleanup. Clean standalone deltas were either already merged/current-main content or owned by active PR/task work, so no product change was duplicated. This aggregate row is audit history only and must not be used to skip a future branch-level cleanup review. | Mandatory task-start preflight; fresh fetch/prune; full local branch/worktree/status and Codex task ownership inventory; 863-PR GitHub snapshot before the API rate limit was exhausted; cherry-pick-aware history, exact merged-head/descendant proof, and synthetic merge-tree checks; exact-old-value `git update-ref` deletion; per-worktree clean/head rechecks; final worktree/prune inventory. No OpenAI, Supabase, deployment, production-data, or live clinical workflow ran. | | 2026-07-18 | PR batch screenshot queue → #883–#888 / #891 | 8b0a600209 (main tip after #887) | open-PR review + merge babysit | Reviewed and land-safe-merged screenshot PRs. Merged #888 (worker placement dedupe), #891 (PR policy `github.workflow_sha` checkout superseding incorrect #884 `base.sha`), #886 (mobile differentials FAB), #885 (Compare selected href; closed duplicate #883/#882), #887 (Therapy mode-home align + nested-main landmark fix). Closed superseded #884/#883/#882/#881/#877/#875. Fixed PR-policy bodies (Clinical KB governance checkbox), resolved Codex/CodeRabbit threads, Prettier on therapy landmark files, and re-synced branches through main between merges. No high-confidence residual P0-P1 on landed heads. | Hosted required checks green per PR before squash auto-merge (PR policy, Static, Unit, Build, Production UI where UI-scoped, PR required, Semgrep, Gitleaks, GitGuardian). Local: `check:pr-policy`, focused therapy landmark Vitest 5/5, Prettier on touched therapy files. No OpenAI/live Supabase writes. | | 2026-07-18 | codex/chat-audit-remediation-pr-0a27 / PR #873 | 4bea60e9fc5c181fee33b2af27a4b6e3176eac27 | CI auto-resolve risk-routing regression and PR handoff | Confirmed the broader audit remediation was already merged through PR #814. Fixed the residual rename-routing gap by classifying both current and previous paths and explicitly covering `src/data`, reusable GitHub actions, and the action-pin/Codex guard scripts. Automated PR review then found one P2: an excluded old test path could still trigger high-risk routing when paired with a non-excluded new docs path. Fixed before handoff by deriving non-excluded paths first and using that same set for risk and complexity checks. No P0-P2 remained; no product runtime, clinical behavior, provider configuration, or production data changed. | Full `verify:pr-local` passed on the initial three-file patch: Node/npm runtime, changed-file format, ESLint, TypeScript, 301 Vitest files/2,788 tests, and 36 offline RAG fixtures; build skipped as unaffected. After the review fix, the Codex workflow guard, action-pin guard, Prettier, focused Vitest 54/54, and `git diff --check` passed. Hosted checks on the initial PR head passed; the review fix was also verified by the focused local checks before the final main merge. GitHub interactions were user-authorized; no Supabase/OpenAI/live-service command ran. | diff --git a/docs/process-hardening.md b/docs/process-hardening.md index c692dc6f4..c02853b1e 100644 --- a/docs/process-hardening.md +++ b/docs/process-hardening.md @@ -2,6 +2,12 @@ This document turns the current process review into phased, durable repo practice. It separates changes that already take effect from work that should stay explicit until it is implemented. +## Repository cleanup follow-ups (2026-07-19) + +- **High-priority local process ownership:** `scripts/run-eval-safe.mjs` still scans for and terminates residual repository processes through `cleanupResidualEvaluationProcesses()`. A superseded RAG safety worktree contained a narrower child-owned `terminateOwnedProcessTree(child.pid)` approach plus a regression test proving unrelated Vitest, Playwright, and Next processes remain untouched. Do not cherry-pick that stale worktree wholesale; isolate this process-ownership fix on current `main`, then verify it statically without starting a provider-backed evaluation. Modifying or exercising the eval workflow remains approval-gated. +- **Provider-gated RAG safety ideas:** the same stale worktree contained conservative answer-quality thresholds, an evaluation cost-cap preflight, production-safety validation, deep-health assessment, and citation/vector proof tests. Its 754-line retrieval migration and route changes conflict with the later public-title privacy and migration chain and must not be replayed. If explicitly approved, rescope only the still-relevant preflight utilities and tests against current `main`; keep live OpenAI/Supabase validation separate. +- **Semantic reranking rollout debt:** PR #901 keeps `RAG_SEMANTIC_RERANK_ENABLED=false`. Do not enable it until the provider-backed 36/36 retrieval-quality gate and an ambiguity-focused canary are explicitly approved and recorded. + ## Staging tenancy evidence The provider-backed A/B tenancy regression is intentionally outside local and PR From 43301658819fb669cdde6b8ad9fe944e4b388bbd Mon Sep 17 00:00:00 2001 From: BigSimmo <87357024+BigSimmo@users.noreply.github.com> Date: Sun, 19 Jul 2026 04:54:28 +0800 Subject: [PATCH 2/2] docs: finalize repository cleanup ledger --- docs/branch-review-ledger.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/branch-review-ledger.md b/docs/branch-review-ledger.md index 62bc24c55..92274cb19 100644 --- a/docs/branch-review-ledger.md +++ b/docs/branch-review-ledger.md @@ -619,3 +619,4 @@ Use this ledger to prevent repeated branch and PR reviews when the reviewed HEAD | 2026-07-18 | claude/clinical-kb-pwa-review-asi3wb (PR #890, plan Phase 4; single-batch implementation+ledger commit — Phase 3 landed as squash 44a4c511bc1381168474794d6f89273564659ead) | ceabc04d75fd0cea2a120d504418d44edd704bfb | App-wide performance pass: audit-then-fix + budget ratchet (plan Phase 4) | Audit on post-#872 main: enforced gzip budget +3.13% over the 1,363,382-byte baseline; analyzer treemap showed pdfjs-dist (123 KB) and cross-mode-differentials data (121 KB) already correctly lazy, and disproved the suspected forms-catalog dashboard leak (type-only import). Confirmed one real defect: the 143-line `/services` client home page value-imported `defaultServiceSlug` from `@/lib/services`, compiling the ~915 KB services snapshot (~100 KB gzip) into its route chunk. Fixed by computing the slug in the server page (`src/app/services/page.tsx`) and passing it as a prop; the client component builds its task cards from the prop. Measured result: budget swung from +3.13% to −3.97%; baseline ratcheted down 1,363,382 → 1,309,286 bytes gzip so CI locks the win. pdfjs/differentials/#718 paths deliberately untouched per audit rules. Two transient `.next/dev` generated-type corruptions from the long-lived dev server were resolved by stopping the server and setting the generated dir aside (reversible); nothing hand-deleted. | Build + `check:bundle-budget --json` before/after (artifacts in session scratchpad); `check:bundle-budget -- --update` for the ratchet; `npm run test` 2789 passed/1 failed (known container-only `pdf-extraction-budget` artifact, hosted-CI-green through #826/#835/#872); `verify:cheap` green to the same artifact; `verify:ui` 219 passed/2 failed (the two long-established container artifacts; ui-tools spec covering the services surface passed); `verify:pr-local` unit stage identical; typecheck/lint/format clean. Lighthouse not run (dev-server churn; bundle evidence sufficed for this fix set). No provider-backed checks run. | | 2026-07-18 | PR #871 / codex/design-audit-final-pr-20260718 | bb85b546e + ledger closeout | final current-main design/accessibility audit integration, hosted review resolution, and PR-readiness review | No remaining high-confidence P0-P2 defect after current-main reconciliation, two independent read-only reviews, and remediation of every confirmed review finding. The follow-ups made client demo state fail closed in production for both prototype items and set suggestions, separated local no-auth upload capability from Favourites demo treatment, kept unavailable Favourites controls focusable with accessible reasons, restored visible skip-target focus, limited Favourites selection to the wide layout that exposes its workspace, aligned upload/index semantics with each responsive rendering mode, exposed filtered Tools results as a labelled group, and kept Therapy Compass in an honest loading state until its catalogue resolves. The audit also distinguishes completed browser assertions from an incomplete valid document-source redirect case. External design-target fidelity remains unverified without an approved target. | Canonical local PR verification completed through runtime, changed-file formatting, full ESLint, TypeScript, full Vitest, webpack production build/client-secret scan, and offline RAG fixtures. Focused Therapy, navigation/auth, demo-boundary, and unavailable-control regressions passed after correcting one test-order issue; the final demo/upload boundary selection passed 4/4; scoped zero-warning ESLint, changed-file formatting, and `git diff --check` passed. The full local Chromium sweep completed 236/237 with one hydration-timing failure: the app-mode test clicked before React attached its handler. The existing handler-readiness pattern was applied; focused rerun attempts were then lock-blocked by another registered worktree, so exact-head hosted Chromium remains the required proof. Initial hosted checks, including Production UI, passed before these final follow-ups. No OpenAI, Supabase, production-data, deployment, or live clinical workflow ran. | | 2026-07-18 | claude/clinical-kb-pwa-review-asi3wb (PR #896, plan Phase 5; content commit + this ledger follow-up) | a6c2b4e92374e9002fb00c547eb5677d01ce538c | Design-polish sweep: audit-then-fix (plan Phase 5, final phase) | Audit on post-#890 main: three strict design guards clean; full re-run of the 07-token-adoption-audit grep method shows all July 3 debt resolved (M1–M3 done, L4 reduced to the deliberate theme-aware `ring-white/N dark:ring-white/10` glass idiom, L5/L7 gone; production hex all legitimate print/brand/console/comment classes); 43-capture live sweep across 15 routes × desktop/phone + 320px spots + dark/reduced-motion/forced-colors spots found 0 overflow and 0 console errors. Three defects found and fixed: (1) forced-colors solid-button labels rendered as blank Canvas-on-Canvas backplate boxes (axe-invisible) — command controls flattened to the native HCM ButtonFace/ButtonText pairing and accent glyph tokens flipped to ButtonText inside the existing forced-colors block, regression-locked by a new ui-accessibility test; (2) tools desktop 6-up quick-action rail truncated card titles at 1440×1000 — card metrics tightened, all six titles verified unclipped; (3) privacy page rendered "systemand" from a JSX newline-adjacent-to-tag drop — explicit space, locked by a privacy-ui assertion. Dated July 18 run appended to docs/redesign/07-token-adoption-audit.md (archived design-qa.md not resurrected). | Guards + focused vitest 14/14; `verify:cheap` chain green to the known container-only pdf-extraction-budget artifact (2806/2809); `verify:ui` 220 passed/2 failed (the two long-baselined container artifacts, hosted-CI-green through #826/#835/#872/#890); `test:e2e:accessibility` 8/8 incl. the new forced-colors token test; production build + client-bundle secret scan passed; `check:bundle-budget` within tolerance vs the Phase 4 ratchet (1290.6 vs 1278.6 KiB baseline); `verify:pr-local` runtime/format/lint/typecheck/build/rag-fixtures green with the same sole unit-suite artifact. `verify:release` not run (provider-backed; awaits explicit confirmation). No provider-backed checks run. | +| 2026-07-19 | all remote feature branches and registered worktrees against `origin/main` through PR #899 | 8242fa63d5f5b79fc770c9ae4f633e3a784b80e1 | branch/worktree cleanup, useful-work recovery, and protected-main merge closure | Deleted 122 stale or closed remote feature refs with exact SHA leases; four additional merged PR branches were removed by the protected-main PR workflow. Removed 32 obsolete, superseded, or merge-proven worktree registrations. Recovered useful dirty RAG work into PR #901 (deterministic and opt-in semantic reranking) and PR #902 (retrieval phase latency telemetry), preserved follow-up decisions in `docs/process-hardening.md`, and recovered four missing historical review rows. PRs #897, #899, #901, and #902 are merged with green exact-head checks and zero unresolved review threads. A detached full-repo-review worktree is deliberately retained because its ownership/activity could not be safely disproved; one unregistered `node_modules` junction residue is also retained because deletion was denied by local safety policy. | Fresh fetch/prune; full GitHub PR/check/thread inventory; `git worktree list --porcelain`; cherry-pick-aware right-only logs; exact leased remote deletes; exact-old-value local ref deletes; clean-worktree, path, and merged-PR proof before every removal. PR #899 local proof: focused Vitest 31/31, changed-file ESLint, `verify:cheap` 317 files / 2,879 tests, and `verify:ui` 239/239; exact-head hosted checks all passed. PR #901 local proof: `verify:cheap` 316 files / 2,870 tests; PR #902 focused Vitest 8/8 plus ESLint and typecheck. No OpenAI, Supabase, live clinical, deployment, or production-data workflow ran; provider-backed semantic canary evaluation remains approval-gated. |