From b564b1058f0c32ae68d79829a49a0bcf37cd2daf Mon Sep 17 00:00:00 2001 From: Benjamin Borbe Date: Wed, 3 Jun 2026 20:51:15 +0200 Subject: [PATCH 1/2] docs(changelog): consolidate Unreleased entries since v0.14.0 Retroactive Unreleased section covering 49 commits + 9 merged PRs (#27 dispatcher refactor, #28 code-review.md mirror, #29-#34 mechanical YAML batches, #35 go-logging-guide bootstrap, #36 fail-fast preflight, #37-#41 acceptance scenarios + fixes). Per the project's '.maintainer.yaml: release.autoRelease: true' opt-in, this commit deliberately: - adds entries under '## Unreleased' (not '## vX.Y.Z') - does NOT bump version strings in plugin.json / marketplace.json - does NOT create a local v0.15.x tag The github-releaser-agent watcher classifies the semver bump, rewrites the changelog header, bumps plugin manifests, commits 'release vX.Y.Z', and tags. See [[Development Guide]] release section + [[GitHub Auto-Release Guide]] for the autoRelease workflow. --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a76b71..a8b343f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,18 @@ Please choose versions by [Semantic Versioning](http://semver.org/). * MINOR version when you add functionality in a backwards-compatible manner, and * PATCH version when you make backwards-compatible bug fixes. +## Unreleased + +- feat(pipeline): dispatcher refactor for `/coding:pr-review` + `/coding:code-review` — Step 4 replaced with `ast-grep-runner` (mechanical funnel) → per-Owner LLM-tier adjudication → citation validation. Decouples LLM-call count from PR file count; small PR-size now equals small LLM-call count for the same rule coverage. Migrated 13 rule-enforcer agents to the dispatcher contract. +- feat(pipeline): citation validator (`scripts/validate-citations.sh`) — rejects findings whose `rule_id` is not present in `rules/index.json`. Smoke-tested against synthetic hallucination payload. +- feat(pipeline): coverage lint (`scripts/check-coverage.sh`) wired into `make precommit` — fails on dangling enforcement references, orphan YAMLs, and rule-id mismatches between docs and the index. +- feat(dispatcher): fail-fast preflight when `ast-grep` / `sg` binary is missing — both `commands/pr-review.md` Step 4.0 and `agents/ast-grep-runner.md` Step 0 emit a documented error and exit 1 instead of silently looping on `sg --version` (the failure mode observed on coding#34). +- feat(rules): mechanical ast-grep YAML count 20 → 28 across batches 5–6: `go-cli/slog-not-glog-in-new-projects`, `go-glog/use-v-for-debug-not-info`, `go-testing/no-testing-t-direct`, `go-testing/no-stdlib-table-tests`, `go-architecture/constructor-returns-interface`, `go-architecture/no-globals-or-singletons`, `go-architecture/counterfeiter-directive-on-interface`, `go-patterns/bborbe-collection-ptr-not-helpers`, `go-json-error-handler/use-error-code-constants`, `go-k8s-binary/secret-fields-need-display-length`, `go-concurrency/no-raw-go-func`, `go-concurrency/channel-closed-by-sender-only`, `go-cli/cobra-not-stdlib-flag`. +- fix(rules): `nosec-requires-reason.yml` — `pattern-regex` is not a valid ast-grep 0.43 field. Rewritten as `kind: comment` + `all: [regex: '#nosec\b', not.regex: '--']`. The original YAML had been silently parse-failing on every PR review since the rule shipped. +- feat(rules): bootstrap `docs/go-logging-guide.md` with 7 `### RULE` blocks (`no-mixing-slog-and-glog`, `no-log-and-return-error`, `external-call-logs-response`, `no-sensitive-data-in-logs`, `lowercase-log-messages`, `no-tight-loop-without-sampler`, `skip-empty-v2-heartbeats`). Total rules in index: 124 → 131. +- feat(scenarios): new `scenarios/` directory with 4 active E2E acceptance scenarios following the dark-factory scenario writing guide. Each scenario is a manually-walked checklist operators run from any terminal: `001-toolchain-preflight` (dispatcher fail-fasts when ast-grep is absent), `002-clean-pr-zero-findings` (README-only diff emits empty severity sections), `003-scaling-funnel-100-files` (mechanical funnel ≤30s, distinct Owners ≤30), `004-findings-exist-path` (`/coding:pr-review` against the perpetual test PR [bborbe/maintainer#2](https://github.com/bborbe/maintainer/pull/2) surfaces ≥4 findings with valid citations). +- docs: README + `llms.txt` index the 4 active scenarios alongside guides and agents. + ## v0.14.0 - feat(rules): grow `rules/index.json` from 27 to 124 entries (+97 rules across 44 doc families). Most enforceable conventions in `docs/` now carry canonical `### RULE (LEVEL)` blocks consumable by `/coding:pr-review`. From d7dd8ecba2f113ef4a9443c7ce8af19116b15e74 Mon Sep 17 00:00:00 2001 From: Benjamin Borbe Date: Wed, 3 Jun 2026 20:55:09 +0200 Subject: [PATCH 2/2] fix(commit): scenarios/ is release-relevant, not pipeline metadata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /coding:commit's pipeline-only detection lumped scenarios/ with prompts/ and specs/ — meaning a PR adding ONLY scenario files would route to Workflow E (commit + push, no changelog entry). That's wrong for repos where scenarios are shipped acceptance contracts that users invoke via /dark-factory:run-scenario; in that role they're release-relevant artifacts on the same footing as docs/ and rules/. Without this fix, today's PRs #37 (3 scenarios drafted), #40 (scenarios rewritten + promoted to active), and #41 (4th scenario added) would each have shipped with no changelog record. The v0.15.0 release notes that this PR drafts had to retroactively list scenarios as a feature. Updated commands/commit.md:139-153 — drop scenarios/ from the pipeline-only list and the corresponding rationale paragraph. Prompts and specs remain pipeline-only (dark-factory daemon runtime state, not shipped artifacts). --- CHANGELOG.md | 1 + commands/commit.md | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a8b343f..97bfc19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ Please choose versions by [Semantic Versioning](http://semver.org/). - feat(rules): bootstrap `docs/go-logging-guide.md` with 7 `### RULE` blocks (`no-mixing-slog-and-glog`, `no-log-and-return-error`, `external-call-logs-response`, `no-sensitive-data-in-logs`, `lowercase-log-messages`, `no-tight-loop-without-sampler`, `skip-empty-v2-heartbeats`). Total rules in index: 124 → 131. - feat(scenarios): new `scenarios/` directory with 4 active E2E acceptance scenarios following the dark-factory scenario writing guide. Each scenario is a manually-walked checklist operators run from any terminal: `001-toolchain-preflight` (dispatcher fail-fasts when ast-grep is absent), `002-clean-pr-zero-findings` (README-only diff emits empty severity sections), `003-scaling-funnel-100-files` (mechanical funnel ≤30s, distinct Owners ≤30), `004-findings-exist-path` (`/coding:pr-review` against the perpetual test PR [bborbe/maintainer#2](https://github.com/bborbe/maintainer/pull/2) surfaces ≥4 findings with valid citations). - docs: README + `llms.txt` index the 4 active scenarios alongside guides and agents. +- fix(commit): `/coding:commit` no longer classifies `scenarios/` changes as pipeline-only. Scenarios are shipped acceptance contracts (release-relevant, like `docs/` and `rules/`), not dark-factory runtime state — they belong in the changelog. Prompts and specs remain pipeline-only as before. Without this fix, a PR adding only scenario files would route to Workflow E and silently ship without a release-note record (the regression observed retroactively on PR #37 + #40 + #41). ## v0.14.0 diff --git a/commands/commit.md b/commands/commit.md index e446228..52c4159 100644 --- a/commands/commit.md +++ b/commands/commit.md @@ -139,7 +139,6 @@ See [[GitHub Auto-Release Guide]] for the full bot release flow, opt-in config, A change is **pipeline-only** if ALL changed/added/deleted files (committed since last tag + uncommitted) are inside these directories: - `prompts/` (including `prompts/in-progress/`, `prompts/completed/`, `prompts/log/`) - `specs/` (including `specs/in-progress/`, `specs/completed/`, `specs/log/`) -- `scenarios/` ```bash # Check uncommitted changes @@ -148,9 +147,9 @@ git status --porcelain | awk '{print $2}' git diff --name-only $(git describe --tags --abbrev=0 2>/dev/null || echo "HEAD~100")..HEAD ``` -If EVERY file path starts with `prompts/`, `specs/`, or `scenarios/`, this is pipeline-only → route to Workflow E. +If EVERY file path starts with `prompts/` or `specs/`, this is pipeline-only → route to Workflow E. -**Rationale:** Prompts, specs, and scenarios are pipeline metadata, not code. They don't warrant a version bump or changelog entry. +**Rationale:** Prompts and specs are dark-factory runtime state (queued work, daemon inboxes). They don't warrant a version bump or changelog entry. **Scenarios are NOT pipeline metadata** even when they live next to prompts/specs — they're shipped acceptance contracts that users (or operators) invoke via `/dark-factory:run-scenario` to validate behavior. A new scenario adds a new acceptance contract to the project's surface; that IS a versioned change and belongs in the changelog. Treat `scenarios/` the same as `docs/` or `rules/` — release-relevant content, not pipeline state. ### 4. Detect Trivial Changes