add License headers rule body (follow-up to #187): defer to header tooling, cover no-tooling and exclusion-masking cases#195
Merged
Conversation
…tooling and exclusion-masking cases PR apache#187 added "License headers" to the canonical category list and a section-anchor URL, but no rule body — making it the only framework-default category with neither an adopter source nor a criteria.md section. This adds the missing `## License headers` section so it matches its siblings (Third-party license compliance, Security model, Quality signals). The section is written as a deference-plus-judgement layer, not a re-implementation of apache-rat / pre-commit: - When a header check is in the status-check rollup, that tool is authoritative for mechanical presence/absence; Golden rule 8 + the CI precheck already block approve on its failure. The skill does not raise a duplicate "missing header" finding, and treats the project's tool config (not the policy page) as the source of truth for scope/exclusions. - Projects with no header tooling: the skill is the safety net and scans added/rewritten source files itself. - Exclusion-masking case: when the same PR both adds a header-tool exclusion entry and a file lacking an Apache header, CI passes green by construction and deference gives no coverage — the skill raises a finding asking the maintainer to confirm the exclusion is appropriate. - Judgement cases the tool cannot decide (mis-applied SPDX, wrong license, third-party header routing) are called out, closing the loop with the existing Third-party-license-compliance cross-ref. Generated-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
73f90fb to
82ac020
Compare
potiuk
approved these changes
May 17, 2026
potiuk
left a comment
Member
There was a problem hiding this comment.
Nice! We seem to get really nice per-project configurability / out-of-the box set of features ...
potiuk
pushed a commit
that referenced
this pull request
May 18, 2026
* Follow-up to #195: fix license-header criteria and add eval suite * example don't need (and in same cases can't) follow projects markdown rules * remove blank line
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #187 — add the missing
## License headersrule body#187 added License headers to the canonical category list in
criteria.mdand a section-anchor URL in the template, and re-synced thereview-flow.mdStep 4 enumeration. It did not add a## License headerssection. That left it the only framework-default category (the others being
Third-party license compliance, Security model, Quality signals — image
IP / compiled artifacts) with neither an adopter source file nor a
criteria.mdrule body — just a name and a link to a policy page. Theexisting Relationship to "License headers" cross-reference in the
Third-party section also pointed at a section that did not exist.
This PR adds that section, written as a deference-plus-judgement layer,
not a re-implementation of
apache-rat/ pre-commit.What it covers
(
apache-rat, pre-commitinsert-license,license-eye, …) is in thePR's status-check rollup, that tool is authoritative for mechanical
presence/absence. The skill does not raise a duplicate "missing
header" finding — Golden rule 8 + the CI precheck already take
APPROVEoff the table on its failure and quote the failing check. The project's
tool config (not the policy page) is treated as the source of truth for
scope and exclusions, so the skill cannot drift from / contradict the
tool's own exclusion list.
checks into required CI. Where none is present, the skill is the safety
net and scans added / materially-rewritten source files itself.
the same PR both (a) adds or modifies a header-tool exclusion entry —
<exclude>inpom.xml/build.gradle, a line in.rat-excludes, anexclude:pattern in.pre-commit-config.yaml, an ignore glob inlicenserc.yaml— and (b) adds a file with no header or a third-partyheader, the check passes green by construction. Deference gives no
coverage here, so the skill raises a finding asking the maintainer to
confirm the new exclusion is appropriate (legitimately exempt vs masking
a missing header).
license on a contributor-authored file (the tool sees a header and
passes), and third-party-header routing — closing the loop with the
existing Third-party license compliance cross-reference, which now
links forward to the new section.
Scope / testing
.claude/skills/pr-management-code-review/criteria.md(new
## License headerssection + a forward link added to the existingcross-reference so the loop resolves).
skill-validate,markdownlint, and the full pre-commit hook set pass.existing compact-table house style.
🤖 Generated with Claude Code