Skip to content

add License headers rule body (follow-up to #187): defer to header tooling, cover no-tooling and exclusion-masking cases#195

Merged
potiuk merged 1 commit into
apache:mainfrom
paulk-asert:licensingRefinement
May 17, 2026
Merged

add License headers rule body (follow-up to #187): defer to header tooling, cover no-tooling and exclusion-masking cases#195
potiuk merged 1 commit into
apache:mainfrom
paulk-asert:licensingRefinement

Conversation

@paulk-asert

Copy link
Copy Markdown
Collaborator

Follow-up to #187 — add the missing ## License headers rule body

#187 added License headers to the canonical category list in
criteria.md and a section-anchor URL in the template, and re-synced the
review-flow.md Step 4 enumeration. It did not add a ## License headers
section. That left it the only framework-default category (the others being
Third-party license compliance, Security model, Quality signals — image
IP / compiled artifacts
) with neither an adopter source file nor a
criteria.md rule body
— just a name and a link to a policy page. The
existing Relationship to "License headers" cross-reference in the
Third-party section also pointed at a section that did not exist.

This PR adds that section, written as a deference-plus-judgement layer,
not a re-implementation of apache-rat / pre-commit
.

What it covers

  • Defer to header tooling when it exists. If a license-header check
    (apache-rat, pre-commit insert-license, license-eye, …) is in the
    PR's status-check rollup, that tool is authoritative for mechanical
    presence/absence. The skill does not raise a duplicate "missing
    header" finding — Golden rule 8 + the CI precheck already take APPROVE
    off the table on its failure and quote the failing check. The project's
    tool config (not the policy page) is treated as the source of truth for
    scope and exclusions, so the skill cannot drift from / contradict the
    tool's own exclusion list.
  • No-tooling fallback retained. Not every ASF project wires header
    checks into required CI. Where none is present, the skill is the safety
    net and scans added / materially-rewritten source files itself.
  • Exclusion-masking case (the gap CI deference does not close). When
    the same PR both (a) adds or modifies a header-tool exclusion entry —
    <exclude> in pom.xml/build.gradle, a line in .rat-excludes, an
    exclude: pattern in .pre-commit-config.yaml, an ignore glob in
    licenserc.yaml — and (b) adds a file with no header or a third-party
    header, the check passes green by construction. Deference gives no
    coverage here, so the skill raises a finding asking the maintainer to
    confirm the new exclusion is appropriate (legitimately exempt vs masking
    a missing header).
  • Judgement cases the tool cannot decide: mis-applied SPDX / wrong
    license on a contributor-authored file (the tool sees a header and
    passes), and third-party-header routing — closing the loop with the
    existing Third-party license compliance cross-reference, which now
    links forward to the new section.

Scope / testing

  • Single file changed: .claude/skills/pr-management-code-review/criteria.md
    (new ## License headers section + a forward link added to the existing
    cross-reference so the loop resolves).
  • skill-validate, markdownlint, and the full pre-commit hook set pass.
  • Severity calibration is summarised in a table matching the file's
    existing compact-table house style.

🤖 Generated with Claude Code

…tooling and exclusion-masking cases

PR apache#187 added "License headers" to the canonical category list and
a section-anchor URL, but no rule body — making it the only
framework-default category with neither an adopter source nor a
criteria.md section. This adds the missing `## License headers`
section so it matches its siblings (Third-party license compliance,
Security model, Quality signals).

The section is written as a deference-plus-judgement layer, not a
re-implementation of apache-rat / pre-commit:

- When a header check is in the status-check rollup, that tool is
  authoritative for mechanical presence/absence; Golden rule 8 +
  the CI precheck already block approve on its failure. The skill
  does not raise a duplicate "missing header" finding, and treats
  the project's tool config (not the policy page) as the source of
  truth for scope/exclusions.
- Projects with no header tooling: the skill is the safety net and
  scans added/rewritten source files itself.
- Exclusion-masking case: when the same PR both adds a header-tool
  exclusion entry and a file lacking an Apache header, CI passes
  green by construction and deference gives no coverage — the skill
  raises a finding asking the maintainer to confirm the exclusion
  is appropriate.
- Judgement cases the tool cannot decide (mis-applied SPDX, wrong
  license, third-party header routing) are called out, closing the
  loop with the existing Third-party-license-compliance cross-ref.

Generated-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@paulk-asert paulk-asert force-pushed the licensingRefinement branch from 73f90fb to 82ac020 Compare May 17, 2026 13:13
@paulk-asert paulk-asert requested a review from justinmclean May 17, 2026 13:16

@potiuk potiuk left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! We seem to get really nice per-project configurability / out-of-the box set of features ...

@potiuk potiuk merged commit ba104c4 into apache:main May 17, 2026
12 checks passed
@paulk-asert paulk-asert deleted the licensingRefinement branch May 17, 2026 21:18
potiuk pushed a commit that referenced this pull request May 18, 2026
* Follow-up to #195: fix license-header criteria and add eval suite

* example don't need (and in same cases can't) follow projects markdown rules

* remove blank line
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants