Skip to content

feat(integrations): Clearfolio reference-document viewer connector (core)#499

Merged
seonghobae merged 7 commits into
mainfrom
feat/clearfolio-connector
Jul 12, 2026
Merged

feat(integrations): Clearfolio reference-document viewer connector (core)#499
seonghobae merged 7 commits into
mainfrom
feat/clearfolio-connector

Conversation

@seonghobae

Copy link
Copy Markdown
Collaborator

Independent PR against main. Links clearfolio as a per-project reference-document viewer. pg-erd-cloud is the buyer gateway: authenticates its user → maps to Clearfolio tenant claims → HMAC-signs them per Clearfolio's contract (base64url(HMAC-SHA256(secret, tenant\\nsubject\\nperms\\nissuedAt)), no padding) → proxies submit/status/viewer/artifact-link with an SSRF-validated gateway host.

Opt-in via config (CLEARFOLIO_GATEWAY_URL, …_HMAC_SECRET, tenant, permissions); ClearfolioNotConfigured when unset so the rest of the app is unaffected. Contract-mocked per the buyer-connector OpenAPI (no live instance): +6 tests incl. a golden HMAC vector and a self-verifying header set. See docs/clearfolio-integration.md.

Follow-ups: project-scoped /reference-docs endpoints + reference_document persistence (IDOR per project), frontend attach panel + embedded viewer.

🤖 Generated with Claude Code

seonghobae and others added 4 commits July 7, 2026 09:33
…ore)

Links ContextualWisdomLab/clearfolio as a per-project reference-document viewer. pg-erd-cloud acts as the buyer gateway: authenticates its user, maps to Clearfolio tenant claims, HMAC-signs them per Clearfolio's contract (base64url HMAC-SHA256 of tenant\nsubject\nperms\nissuedAt, no padding), and proxies submit/status/viewer/artifact-link with an SSRF-validated gateway host. Opt-in via config; ClearfolioNotConfigured when unset. Contract-mocked (no live instance): +6 tests incl. a golden HMAC vector and self-verifying header set. Follow-ups: project-scoped endpoints + reference_document persistence, frontend viewer embed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AxU2xaupAjp912oDNFuWyd
Read clearfolio's TenantAccessService.signClaims + TenantContext.canonicalPermissions: the verifier signs the header split-on-comma, sanitized (NUL-stripped, edge-trimmed), de-duplicated preserving order, re-joined — plus sanitized tenant/subject. My connector signed the RAW config string, so any permissions config with spaces or duplicates would 401 (the default happens to be clean). Now sign+send the exact canonical form. +1 test with messy input. Golden vector unchanged (clean input).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AxU2xaupAjp912oDNFuWyd
@opencode-agent

opencode-agent Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

OpenCode Review Overview

  • Head SHA: 4ba09ed368b838b56d850b05bd48761b1335ee1d
  • Workflow run: 29173863670
  • Workflow attempt: 1
  • Gate result: APPROVE (approval step)

Pull request overview

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

Findings

No blocking findings.

Summary

Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including backend/app/integrations/init.py, backend/app/integrations/clearfolio.py, backend/app/settings.py, backend/tests/test_clearfolio.py, docs/clearfolio-integration.md.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects backend/app/integrations/init.py to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.

  • Result: APPROVE
  • Reason: No blocking issues found in current-head evidence.
  • Head SHA: 4ba09ed368b838b56d850b05bd48761b1335ee1d
  • Workflow run: 29173863670
  • Workflow attempt: 1

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Backend (4 files)"]
  S1 --> I1["API and service runtime"]
  I1 --> R1["Review risk: Backend (4 files)"]
  R1 --> V1["backend tests"]
  Evidence --> S2["Docs: clearfolio-integration.md"]
  S2 --> I2["operator or user guidance"]
  I2 --> R2["Review risk: Docs: clearfolio-integration.md"]
  R2 --> V2["docs review"]
Loading

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

Findings

No blocking findings.

Summary

Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including backend/app/integrations/init.py, backend/app/integrations/clearfolio.py, backend/app/settings.py, backend/tests/test_clearfolio.py, docs/clearfolio-integration.md.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects backend/app/integrations/init.py to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.

  • Result: APPROVE
  • Reason: Clearfolio integration passes all tests and coverage requirements
  • Head SHA: ad7e27ed39f04932ff44157d4a388dde47275a4c
  • Workflow run: 29128201249
  • Workflow attempt: 1

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Backend (4 files)"]
  S1 --> I1["API and service runtime"]
  I1 --> R1["Review risk: Backend (4 files)"]
  R1 --> V1["backend tests"]
  Evidence --> S2["Docs: clearfolio-integration.md"]
  S2 --> I2["operator or user guidance"]
  I2 --> R2["Review risk: Docs: clearfolio-integration.md"]
  R2 --> V2["docs review"]
Loading

@seonghobae seonghobae enabled auto-merge July 10, 2026 23:07

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

Findings

No blocking findings.

Summary

Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including backend/app/integrations/init.py, backend/app/integrations/clearfolio.py, backend/app/settings.py, backend/tests/test_clearfolio.py, docs/clearfolio-integration.md.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects backend/app/integrations/init.py to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.

  • Result: APPROVE
  • Reason: Clearfolio integration passes all tests with comprehensive coverage
  • Head SHA: 76165b8f1180ac98498a056a80b5d42ac8b1801f
  • Workflow run: 29135674507
  • Workflow attempt: 1

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Backend (4 files)"]
  S1 --> I1["API and service runtime"]
  I1 --> R1["Review risk: Backend (4 files)"]
  R1 --> V1["backend tests"]
  Evidence --> S2["Docs: clearfolio-integration.md"]
  S2 --> I2["operator or user guidance"]
  I2 --> R2["Review risk: Docs: clearfolio-integration.md"]
  R2 --> V2["docs review"]
Loading

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head bounded evidence and found source-backed failed-check findings that must be addressed before merge.

  • Result: REQUEST_CHANGES
  • Reason: failed current-head checks were mapped to line-specific findings below for b328845993b79fe7ca84dcc1db7022b7b5d0169b.
  • Head SHA: b328845993b79fe7ca84dcc1db7022b7b5d0169b
  • Workflow run: 29161403583
  • Workflow attempt: 1
Failed checks

Findings

1. HIGH tests/test_main_rate_limit_wiring.py:23 - Failed GitHub Check needs a source-backed pytest fix for test_logout_route_uses_tighter_revocation_rate_limit

  • Problem: GitHub Check failed in test step; pytest reported tests/test_main_rate_limit_wiring.py::test_logout_route_uses_tighter_revocation_rate_limit, so the review must explain the failing assertion instead of linking only to the Actions URL.
  • Root cause: The failed log maps the pytest failure to tests/test_main_rate_limit_wiring.py:23; OpenCode must inspect that source line and explain the assertion-level cause before approval.
  • Fix: Patch tests/test_main_rate_limit_wiring.py:23 to satisfy test_logout_route_uses_tighter_revocation_rate_limit, then rerun the focused pytest target.
  • Regression test: Run cd backend && python -m pytest tests/test_main_rate_limit_wiring.py::test_logout_route_uses_tighter_revocation_rate_limit -q when the repository has a backend test layout, then rerun the failed check.
  • Suggested edit: update tests/test_main_rate_limit_wiring.py:23 for test_logout_route_uses_tighter_revocation_rate_limit; do not approve or post a URL-only review until the exact failing assertion is explained with this file, line, command, and fix direction.
Failed check evidence for line-specific fixes

Failed GitHub Check Evidence

  • PR: #499
  • Head SHA: b328845993b79fe7ca84dcc1db7022b7b5d0169b
  • Repository: ContextualWisdomLab/pg-erd-cloud

Line-specific repair contract

  • Treat the check logs and annotations below as diagnostic evidence, not as a complete review.

  • For each actionable failed check, inspect the local source or diff and identify the exact file line that must change.

  • OpenCode REQUEST_CHANGES findings must include path, line, root_cause, fix_direction, regression_test_direction, and suggested_diff.

  • Do not request changes with only a GitHub Actions URL or a generic check name.

  • When Strix logs contain multiple Vulnerability Report or Model ... Vulnerabilities ... sections, include every model-reported vulnerability in the review evidence and findings, including model name, title, severity, endpoint, and Code Locations/path:line evidence when present.

  • Create one OpenCode finding per Strix model vulnerability report; do not satisfy two model reports with one combined finding, even when titles or locations match.

Failed check: ci/backend

Failed job steps

  • step 8: Tests (pytest) (failure)

Check annotations

  • .github:61-61 [failure] Process completed with exit code 1.

Failed log signal summary

backend	Tests (pytest)	2026-07-11T17:20:29.1621812Z =============================== warnings summary ===============================
backend	Tests (pytest)	2026-07-11T17:20:29.1623650Z   /opt/hostedtoolcache/Python/3.10.20/x64/lib/python3.10/site-packages/fastapi/testclient.py:1: StarletteDeprecationWarning: Using `httpx` with `starlette.testclient` is deprecated; install `httpx2` instead.
backend	Tests (pytest)	2026-07-11T17:20:29.1625051Z -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
backend	Tests (pytest)	2026-07-11T17:20:29.1627106Z 1 failed, 334 passed, 1 warning in 3.34s
backend	Tests (pytest)	2026-07-11T17:20:29.3818866Z ##[error]Process completed with exit code 1.

Failed log excerpt

backend	Tests (pytest)	2026-07-11T17:20:25.0599451Z ##[group]Run pytest -q
backend	Tests (pytest)	2026-07-11T17:20:25.0599733Z ^[[36;1mpytest -q^[[0m
backend	Tests (pytest)	2026-07-11T17:20:25.0636278Z shell: /usr/bin/bash -e {0}
backend	Tests (pytest)	2026-07-11T17:20:25.0636548Z env:
backend	Tests (pytest)	2026-07-11T17:20:25.0636818Z   pythonLocation: /opt/hostedtoolcache/Python/3.10.20/x64
backend	Tests (pytest)	2026-07-11T17:20:25.0637249Z   PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.10.20/x64/lib/pkgconfig
backend	Tests (pytest)	2026-07-11T17:20:25.0637665Z   Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.10.20/x64
backend	Tests (pytest)	2026-07-11T17:20:25.0638036Z   Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.10.20/x64
backend	Tests (pytest)	2026-07-11T17:20:25.0638393Z   Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.10.20/x64
backend	Tests (pytest)	2026-07-11T17:20:25.0638754Z   LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.10.20/x64/lib
backend	Tests (pytest)	2026-07-11T17:20:25.0639087Z   PYTHONPATH: .
backend	Tests (pytest)	2026-07-11T17:20:25.0639291Z ##[endgroup]
backend	Tests (pytest)	2026-07-11T17:20:28.2659793Z ........................................................................ [ 21%]
backend	Tests (pytest)	2026-07-11T17:20:28.5069610Z ........................................................................ [ 42%]
backend	Tests (pytest)	2026-07-11T17:20:28.8382699Z ........................F............................................... [ 64%]
backend	Tests (pytest)	2026-07-11T17:20:29.0017139Z ........................................................................ [ 85%]
backend	Tests (pytest)	2026-07-11T17:20:29.1594411Z ...............................................                          [100%]
backend	Tests (pytest)	2026-07-11T17:20:29.1595092Z =================================== FAILURES ===================================
backend	Tests (pytest)	2026-07-11T17:20:29.1596067Z _____________ test_logout_route_uses_tighter_revocation_rate_limit _____________
backend	Tests (pytest)	2026-07-11T17:20:29.1596506Z 
backend	Tests (pytest)	2026-07-11T17:20:29.1596813Z     def test_logout_route_uses_tighter_revocation_rate_limit() -> None:
backend	Tests (pytest)	2026-07-11T17:20:29.1597925Z         main_app._rate_limiter._buckets.clear()
backend	Tests (pytest)	2026-07-11T17:20:29.1598449Z         main_app._share_link_rate_limiter._buckets.clear()
backend	Tests (pytest)	2026-07-11T17:20:29.1598978Z         main_app._revoke_rate_limiter._buckets.clear()
backend	Tests (pytest)	2026-07-11T17:20:29.1599415Z     
backend	Tests (pytest)	2026-07-11T17:20:29.1599719Z         client = TestClient(main_app.app)
backend	Tests (pytest)	2026-07-11T17:20:29.1600315Z         headers = {CSRF_HEADER_NAME: generate_csrf_token(settings.app_secret)}
backend	Tests (pytest)	2026-07-11T17:20:29.1600870Z     
backend	Tests (pytest)	2026-07-11T17:20:29.1601145Z         for _ in range(10):
backend	Tests (pytest)	2026-07-11T17:20:29.1601675Z             assert client.post("/api/auth/logout", headers=headers).status_code != 429
backend	Tests (pytest)	2026-07-11T17:20:29.1602115Z     
backend	Tests (pytest)	2026-07-11T17:20:29.1602386Z         response = client.post("/api/auth/logout", headers=headers)
backend	Tests (pytest)	2026-07-11T17:20:29.1602722Z     
backend	Tests (pytest)	2026-07-11T17:20:29.1603223Z >       assert response.status_code == 429
backend	Tests (pytest)	2026-07-11T17:20:29.1603507Z E       assert 500 == 429
backend	Tests (pytest)	2026-07-11T17:20:29.1603817Z E        +  where 500 = <Response [500 Internal Server Error]>.status_code
backend	Tests (pytest)	2026-07-11T17:20:29.1604114Z 
backend	Tests (pytest)	2026-07-11T17:20:29.1604272Z tests/test_main_rate_limit_wiring.py:23: AssertionError
backend	Tests (pytest)	2026-07-11T17:20:29.1604716Z ------------------------------ Captured log call -------------------------------
backend	Tests (pytest)	2026-07-11T17:20:29.1605758Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.600818+00:00","event":"http_request","request_id":"19c08c2c-c812-43c7-9b9b-0a4bbc7ce927","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":50.279,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1607286Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.605494+00:00","event":"http_request","request_id":"b566b0b0-1b83-4438-b752-da5d0c7148a1","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.686,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1608726Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.609139+00:00","event":"http_request","request_id":"1aab429b-cf41-4272-82af-a64806804489","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.137,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1610158Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.613296+00:00","event":"http_request","request_id":"354b899c-0252-4421-9fe3-c6080628ca39","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":2.011,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1611893Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.671370+00:00","event":"http_request","request_id":"42bddd0a-0da6-446d-a426-8ef7d179a967","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":55.954,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1613573Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.675777+00:00","event":"http_request","request_id":"3e3a97ab-7ac7-44da-a58c-4a713783e3f4","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.531,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1615033Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.679437+00:00","event":"http_request","request_id":"1ea6614e-325d-476a-baff-c79b96cb5a8a","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.259,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1616459Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.682878+00:00","event":"http_request","request_id":"4608a740-79f9-4039-ad6a-2e5bf7cd7245","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.177,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1617889Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.686365+00:00","event":"http_request","request_id":"08db8fe8-d11d-4595-91cf-bc7711f16d55","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.221,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1619315Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.689769+00:00","event":"http_request","request_id":"c582a9d9-3dd1-4572-9176-30bec13a93dd","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.187,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1620902Z ERROR    app.observability:observability.py:69 {"ts":"2026-07-11T17:20:28.693082+00:00","event":"http_request","request_id":"bacc18b6-8755-4963-983a-099fc1913db2","method":"POST","route":"/api/auth/logout","status":500,"duration_ms":1.2,"client_ip":"testclient"}
backend	Tests (pytest)	2026-07-11T17:20:29.1621812Z =============================== warnings summary ===============================
backend	Tests (pytest)	2026-07-11T17:20:29.1622353Z ../../../../../../opt/hostedtoolcache/Python/3.10.20/x64/lib/python3.10/site-packages/fastapi/testclient.py:1
backend	Tests (pytest)	2026-07-11T17:20:29.1623650Z   /opt/hostedtoolcache/Python/3.10.20/x64/lib/python3.10/site-packages/fastapi/testclient.py:1: StarletteDeprecationWarning: Using `httpx` with `starlette.testclient` is deprecated; install `httpx2` instead.
backend	Tests (pytest)	2026-07-11T17:20:29.1624554Z     from starlette.testclient import TestClient as TestClient  # noqa
backend	Tests (pytest)	2026-07-11T17:20:29.1624832Z 
backend	Tests (pytest)	2026-07-11T17:20:29.1625051Z -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
backend	Tests (pytest)	2026-07-11T17:20:29.1625477Z =========================== short test summary info ============================
backend	Tests (pytest)	2026-07-11T17:20:29.1626167Z FAILED tests/test_main_rate_limit_wiring.py::test_logout_route_uses_tighter_revocation_rate_limit - assert 500 == 429
backend	Tests (pytest)	2026-07-11T17:20:29.1626755Z  +  where 500 = <Response [500 Internal Server Error]>.status_code
backend	Tests (pytest)	2026-07-11T17:20:29.1627106Z 1 failed, 334 passed, 1 warning in 3.34s
backend	Tests (pytest)	2026-07-11T17:20:29.3818866Z ##[error]Process completed with exit code 1.

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Backend (4 files)"]
  S1 --> I1["API and service runtime"]
  I1 --> R1["Review risk: Backend (4 files)"]
  R1 --> V1["backend tests"]
  Evidence --> S2["Docs: clearfolio-integration.md"]
  S2 --> I2["operator or user guidance"]
  I2 --> R2["Review risk: Docs: clearfolio-integration.md"]
  R2 --> V2["docs review"]
Loading

@opencode-agent opencode-agent Bot disabled auto-merge July 11, 2026 19:36

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

Findings

No blocking findings.

Summary

Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including backend/app/integrations/init.py, backend/app/integrations/clearfolio.py, backend/app/settings.py, backend/tests/test_clearfolio.py, docs/clearfolio-integration.md.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects backend/app/integrations/init.py to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.

  • Result: APPROVE
  • Reason: No blocking issues found in current-head evidence.
  • Head SHA: 4ba09ed368b838b56d850b05bd48761b1335ee1d
  • Workflow run: 29173863670
  • Workflow attempt: 1

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Backend (4 files)"]
  S1 --> I1["API and service runtime"]
  I1 --> R1["Review risk: Backend (4 files)"]
  R1 --> V1["backend tests"]
  Evidence --> S2["Docs: clearfolio-integration.md"]
  S2 --> I2["operator or user guidance"]
  I2 --> R2["Review risk: Docs: clearfolio-integration.md"]
  R2 --> V2["docs review"]
Loading

@seonghobae seonghobae merged commit 7820f9b into main Jul 12, 2026
28 checks passed
@seonghobae seonghobae deleted the feat/clearfolio-connector branch July 12, 2026 00:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant