🐰 Full CodeRabbit Review - Codebase Audit#4
Conversation
Summary of ChangesHello @marcusquinn, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request serves as a mechanism to initiate a full, AI-assisted code review of the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
Warning Rate limit exceeded@marcusquinn has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 15 minutes and 39 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (13)
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. Note
|
| Cohort / File(s) | Change Summary |
|---|---|
Configuration comment \.coderabbit\.yaml |
Added a single comment line under path_filters.exclude: "# Trigger for comprehensive codebase review". No functional changes. |
Lint configuration .markdownlint.json |
Added MD032 and MD060 as disabled/no-op rules and adjusted JSON structure to include the new entry. No behavioral code changes. |
Memory template README .agent/memory/README.md |
Major rewrite and expansion: renamed heading, added "Developer Preferences Memory" and detailed preference categories, usage examples, expanded directory structure and environment-issues templates, and adjusted metadata/footer text. Documentation only. |
Workflows README .agent/workflows/README.md |
New comprehensive "Development Workflows" guide describing purpose, workflow categories, naming conventions, templates, usage, and contributing guidelines for .agent workflow files. |
Workflow guides (new) .agent/workflows/bug-fixing.md, .agent/workflows/code-review.md, .agent/workflows/error-checking-feedback-loops.md, .agent/workflows/feature-development.md, .agent/workflows/git-workflow.md, .agent/workflows/multi-repo-workspace.md, .agent/workflows/release-process.md, .agent/workflows/wordpress-local-testing.md |
Added multiple detailed workflow documents covering bug-fixing, code review, CI/CD error handling and feedback loops, feature development, Git workflow, multi-repo workspaces, release processes, and WordPress local testing. All are prose guides with examples, checklists, commands, and templates; no executable code or public API changes. |
Estimated code review effort
🎯 3 (Moderate) | ⏱️ ~25 minutes
- Focus review on:
.agent/memory/README.mdfor consistency of examples and metadata edits.agent/workflows/*files for consistent recommendations, command accuracy, and overlapping guidance between documents
Poem
🐇 I hopped through readmes, nibbling lines with care,
Notes and workflows scattered everywhere.
A single comment tucked where paths reside,
Preferences and guides laid out wide.
Hop, review, repeat — I left a carrot there. 🥕
Pre-merge checks and finishing touches
❌ Failed checks (1 inconclusive)
| Check name | Status | Explanation | Resolution |
|---|---|---|---|
| Title check | ❓ Inconclusive | The title uses an emoji and generic phrasing that doesn't clearly describe the actual changes—comprehensive documentation additions, workflow guides, and configuration updates. | Replace with a specific, descriptive title like 'Add comprehensive workflow documentation and AI assistant guides' that clearly conveys the main change without emojis or vague terms. |
✅ Passed checks (2 passed)
| Check name | Status | Explanation |
|---|---|---|
| Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled. |
| Docstring Coverage | ✅ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. |
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.
|
@coderabbitai full review |
✅ Actions performedFull review triggered. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a comment to the .coderabbit.yaml file to trigger a full codebase review. The change is minor and serves its intended purpose. I have provided one suggestion to improve the conciseness and long-term maintainability of the added comments.
.coderabbit.yaml
Outdated
| # Full review trigger - updated 2024-11-29 | ||
| # This comment triggers a comprehensive codebase review |
There was a problem hiding this comment.
These two lines of comments can be condensed into a single, more concise line. Additionally, including a date in a trigger comment can become a maintenance issue as it will quickly go stale. A single, timeless comment would be more maintainable.
# Trigger for comprehensive codebase review
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Sat Nov 29 03:49:16 UTC 2025 Generated by AI DevOps Framework Code Review Monitoring |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Introduces .agent/workflows/ directory with universal development workflows: - Git branching and collaboration practices - Feature development and bug fixing processes - Code review checklists - CI/CD error monitoring and feedback loops - Multi-repository workspace safety guidelines - Release process with semantic versioning - WordPress local testing environments Also enhances memory/README.md with developer preferences tracking guidance.
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Sat Nov 29 04:11:07 UTC 2025 Generated by AI DevOps Framework Code Review Monitoring |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (9)
.agent/workflows/git-workflow.md (2)
75-81: Add blank lines around fenced code blocks for markdown compliance.Lines 75-81 and 84-88 need blank lines before and after code blocks per Codacy's MD031 rule to maintain consistent markdown formatting.
Apply these diffs:
-**Local Testing (Default):** +**Local Testing (Default):** + ```bash # Test without updating version numbers # Run tests, linters, quality checks @@ -80,6 +82,7 @@ npm test composer test bash ~/git/aidevops/.agent/scripts/quality-check.sh
Remote Testing (When Requested):
+git add . git commit -m "WIP: Description for remote testing"Also applies to: 84-88
167-175: Specify language for code block and add blank lines.Line 167 shows a code block without a language specification, and lacks surrounding blank lines per Codacy MD040 and MD031 rules.
Apply this diff:
### Format -``` +```bash Type: Brief description (under 50 chars) Detailed explanation if needed. - Bullet points for multiple changes - Reference issues: Fixes #123 Co-authored-by: Name <email></blockquote></details> <details> <summary>.agent/workflows/code-review.md (1)</summary><blockquote> `113-135`: **Fix markdown formatting: language specification and blank lines around code blocks.** Multiple markdown formatting issues need correction: 1. Line 127: Ordered list item numbering is incorrect (expected 1, actual 2) 2. Lines 128, 134-135: Code blocks need blank lines before and after (MD031) 3. Line 135: Code block needs language specification (MD040) - should be ` ```javascript ` Apply these diffs: ```diff #### Be Specific and Clear + ```markdown # Good feedback example In function `processUserData()` at line 45: -1. The input validation is missing for the `email` parameter. +- The input validation is missing for the `email` parameter. Consider adding: - ```javascript + ```javascript if (!isValidEmail(email)) { throw new ValidationError('Invalid email format'); } - ``` + ``` -2. The error message should be more descriptive: - ```javascript +- The error message should be more descriptive: + + ```javascript // Instead of: throw new Error('Failed'); // Use: throw new Error(`Failed to process data for user ${userId}: ${reason}`); - ``` + ```
</blockquote></details> <details> <summary>.agent/workflows/error-checking-feedback-loops.md (2)</summary><blockquote> `64-96`: **Add blank lines around fenced code blocks throughout document.** Multiple instances of code blocks lack surrounding blank lines per Codacy MD031 rule. This appears at lines 64, 96, 179, and other locations. Systematically add blank lines before and after all fenced code blocks. Example pattern: ```diff -### Checking Workflow Status via GitHub CLI +### Checking Workflow Status via GitHub CLI + ```bash # Get recent workflow runs gh run list --limit 10 @@ -33,6 +35,7 @@ gh run list --status failure --limit 5 # Watch a running workflow gh run watch {run_id}
Checking via GitHub API
--- `199-211`: **Specify language or text identifier for ASCII diagram and add blank lines.** Line 199 shows a diagram block without language specification. While ASCII diagrams don't require a language, they should still be surrounded by blank lines. Line 356 has a similar issue. Add blank lines and consider using `text` or markdown backticks directly: ```diff ### Error Resolution Workflow + ```text 1. Identify Error ↓ @@ -209,6 +212,7 @@ git push origin {branch} ↓ 6. Document Solution
Processing Workflow Failures
</blockquote></details> <details> <summary>.agent/workflows/wordpress-local-testing.md (2)</summary><blockquote> `115-135`: **Add blank lines around code blocks and fix ordered list numbering.** Markdown formatting issues at lines 127-135 need correction. The ordered list has incorrect numbering, and code blocks lack surrounding blank lines. Apply this diff: ```diff Add to `package.json`: + ```json { "scripts": { @@ -124,6 +127,7 @@ Add to `package.json`: } }
LocalWP Integration
--- `356-406`: **Add blank lines around code blocks in testing workflows and debugging sections.** Lines 377, 400-406 have code blocks that need blank lines before and after for consistency with Codacy MD031 rule. Example fix pattern: ```diff ## Debugging Tools ### Query Monitor Plugin Automatically installed in blueprints above. Access via admin bar to view: + - Database queries - PHP errors - HTTP requests - Hooks and actions.agent/workflows/feature-development.md (1)
91-111: Add blank lines around lists and code blocks for markdown consistency.Codacy flags at lines 96, 103, 108 indicate lists need surrounding blank lines. Additionally, code blocks on lines 96-110 need blank lines before and after.
Apply this diff:
### 5. Update Documentation Update all relevant documentation: + **CHANGELOG.md:** + ```markdown ## [Unreleased] ### Added - New feature: Description of what was added (#123)
README.md / readme.txt:
+
- Update feature list
- Add usage instructions
- Update screenshots if UI changed
Code Comments:
+
- Add docblocks to new functions/methods
- Document complex logic
- Add usage examples
</blockquote></details> <details> <summary>.agent/workflows/multi-repo-workspace.md (1)</summary><blockquote> `46-54`: **Refine wording to reduce repetition of "Making".** Line 50 uses "Making code suggestions" in a list context where alternatives improve clarity: ```diff - - Making code suggestions + - Providing code suggestionsThis minor style improvement (flagged by LanguageTool) reduces overuse of the verb "make" and strengthens action-verb variety.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (10)
.agent/memory/README.md(3 hunks).agent/workflows/README.md(1 hunks).agent/workflows/bug-fixing.md(1 hunks).agent/workflows/code-review.md(1 hunks).agent/workflows/error-checking-feedback-loops.md(1 hunks).agent/workflows/feature-development.md(1 hunks).agent/workflows/git-workflow.md(1 hunks).agent/workflows/multi-repo-workspace.md(1 hunks).agent/workflows/release-process.md(1 hunks).agent/workflows/wordpress-local-testing.md(1 hunks)
🧰 Additional context used
🪛 GitHub Check: Codacy Static Code Analysis
.agent/workflows/feature-development.md
[notice] 96-96: .agent/workflows/feature-development.md#L96
Fenced code blocks should be surrounded by blank lines
[notice] 103-103: .agent/workflows/feature-development.md#L103
Lists should be surrounded by blank lines
[notice] 108-108: .agent/workflows/feature-development.md#L108
Lists should be surrounded by blank lines
.agent/workflows/code-review.md
[notice] 127-127: .agent/workflows/code-review.md#L127
Expected: 1; Actual: 2; Style: 1/2/3
[notice] 134-134: .agent/workflows/code-review.md#L134
Fenced code blocks should be surrounded by blank lines
[notice] 134-134: .agent/workflows/code-review.md#L134
Lists should be surrounded by blank lines
[notice] 135-135: .agent/workflows/code-review.md#L135
Fenced code blocks should have a language specified
.agent/workflows/error-checking-feedback-loops.md
[notice] 64-64: .agent/workflows/error-checking-feedback-loops.md#L64
Fenced code blocks should be surrounded by blank lines
[notice] 179-179: .agent/workflows/error-checking-feedback-loops.md#L179
Fenced code blocks should be surrounded by blank lines
[notice] 199-199: .agent/workflows/error-checking-feedback-loops.md#L199
Fenced code blocks should have a language specified
[notice] 356-356: .agent/workflows/error-checking-feedback-loops.md#L356
Fenced code blocks should be surrounded by blank lines
.agent/workflows/multi-repo-workspace.md
[notice] 28-28: .agent/workflows/multi-repo-workspace.md#L28
Lists should be surrounded by blank lines
[notice] 178-178: .agent/workflows/multi-repo-workspace.md#L178
Fenced code blocks should have a language specified
[notice] 191-191: .agent/workflows/multi-repo-workspace.md#L191
Lists should be surrounded by blank lines
[notice] 206-206: .agent/workflows/multi-repo-workspace.md#L206
Lists should be surrounded by blank lines
[notice] 228-228: .agent/workflows/multi-repo-workspace.md#L228
Lists should be surrounded by blank lines
.agent/workflows/wordpress-local-testing.md
[notice] 377-377: .agent/workflows/wordpress-local-testing.md#L377
Lists should be surrounded by blank lines
[notice] 400-400: .agent/workflows/wordpress-local-testing.md#L400
Fenced code blocks should be surrounded by blank lines
.agent/workflows/git-workflow.md
[notice] 75-75: .agent/workflows/git-workflow.md#L75
Fenced code blocks should be surrounded by blank lines
[notice] 115-115: .agent/workflows/git-workflow.md#L115
Lists should be surrounded by blank lines
[notice] 167-167: .agent/workflows/git-workflow.md#L167
Fenced code blocks should have a language specified
.agent/workflows/release-process.md
[notice] 65-65: .agent/workflows/release-process.md#L65
Fenced code blocks should be surrounded by blank lines
[notice] 75-75: .agent/workflows/release-process.md#L75
Fenced code blocks should be surrounded by blank lines
[notice] 84-84: .agent/workflows/release-process.md#L84
Fenced code blocks should be surrounded by blank lines
[notice] 90-90: .agent/workflows/release-process.md#L90
Fenced code blocks should be surrounded by blank lines
🪛 LanguageTool
.agent/workflows/README.md
[grammar] ~9-~9: Ensure spelling is correct
Context: ...ces** that apply to: - Working on this aidevops repository - Working on any other codeb...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
.agent/workflows/code-review.md
[style] ~102-~102: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...o solve? - What are the requirements? - What are the constraints? - Is there related...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
.agent/workflows/error-checking-feedback-loops.md
[style] ~5-~5: Consider using a different verb for a more formal wording.
Context: ...I assistants to identify, diagnose, and fix issues with minimal human intervention....
(FIX_RESOLVE)
.agent/workflows/multi-repo-workspace.md
[style] ~50-~50: “Make” is an overused word. Consider a different verb to strengthen your wording.
Context: ... you're currently working in before: - Making code suggestions - Creating or updating...
(MAKE_A_SUGGESTION)
.agent/workflows/wordpress-local-testing.md
[grammar] ~23-~23: Use a hyphen to join words.
Context: ...ifying admin UI changes - Testing single site vs multisite behavior - Demos and s...
(QB_NEW_EN_HYPHEN)
.agent/workflows/bug-fixing.md
[grammar] ~3-~3: Use a hyphen to join words.
Context: ...dance for AI assistants to help with bug fixing workflows. ## Bug Fixing Workflo...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.18.1)
.agent/workflows/code-review.md
127-127: Ordered list item prefix
Expected: 1; Actual: 2; Style: 1/2/3
(MD029, ol-prefix)
128-128: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
134-134: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
135-135: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
135-135: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agent/workflows/error-checking-feedback-loops.md
96-96: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
.agent/workflows/multi-repo-workspace.md
178-178: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
197-197: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agent/workflows/wordpress-local-testing.md
127-127: Ordered list item prefix
Expected: 1; Actual: 2; Style: 1/2/3
(MD029, ol-prefix)
128-128: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
134-134: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
135-135: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
135-135: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agent/workflows/git-workflow.md
75-75: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
84-84: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
167-167: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agent/workflows/release-process.md
127-127: Ordered list item prefix
Expected: 1; Actual: 2; Style: 1/2/3
(MD029, ol-prefix)
128-128: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
134-134: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
135-135: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
135-135: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Codacy Static Code Analysis
🔇 Additional comments (8)
.agent/workflows/README.md (1)
1-149: Excellent organizational hub for the workflow suite.This README effectively serves as an index and guide for the comprehensive workflow documentation suite. The structure with categorized tables, quick-reference sections, and clear relationship mappings makes it easy for developers to find relevant guidance. The contributing guidelines and workflow template support future documentation expansion.
.agent/workflows/wordpress-local-testing.md (1)
447-462: Testing checklist is comprehensive and well-designed.The pre-release testing checklist (lines 447-462) covers all essential areas: single/multisite, version compatibility, tests, debugging, and release processes. This provides good guidance for developers.
.agent/memory/README.md (1)
1-80: Excellent expansion of preferences documentation with security-first design.The significant enhancement to
.agent/memory/README.mdprovides clear guidance on structuring persistent preferences while maintaining security. The new Developer Preferences Memory section (lines 63-206) effectively documents how to organize preferences across coding style, documentation, workflow, tools, and project-specific areas. The practical example (lines 20-36) with directory structure and file population makes it immediately actionable.The security guidelines (lines 207-213) remain appropriately strict, emphasizing that credentials must never be stored in memory files.
.agent/workflows/feature-development.md (1)
173-201: Code standards and best practices sections are well-designed.The code standards reminders (lines 173-201) provide excellent guidance with JavaScript examples that demonstrate descriptive naming, error handling, and documentation. The security best practices section appropriately emphasizes input validation, output escaping, and least privilege. Performance considerations list common pitfalls effectively.
.agent/workflows/bug-fixing.md (2)
1-92: Strong bug-fixing workflow with emphasis on minimal changes and backward compatibility.This guide effectively emphasizes the most critical principles for bug-fixing: understanding the root cause before fixing, making minimal changes, maintaining backward compatibility, and not introducing new features during bug fixes. The structured workflow from reproduction through release preparation is clear and actionable.
122-172: Hotfix procedure is comprehensive and production-safe.The hotfix process (lines 122-172) provides critical guidance for rapid response to production issues. It correctly emphasizes creating hotfix branches from stable tags, incrementing only the PATCH version, and maintaining a clear merge path back to main. This follows semantic versioning best practices and prevents accidental version confusion.
.agent/workflows/release-process.md (1)
1-436: Comprehensive release workflow guide is well-structured and technically sound.The document provides clear, actionable guidance across all release phases with appropriate multi-language examples, semantic versioning correctness, CI/CD integration samples (GitHub Actions and GitLab CI), and robust rollback/troubleshooting procedures. The structure scales well for diverse project types (Node.js, Python, Go, PHP).
Once markdown formatting issues are resolved, this will serve as a solid operational reference for the team.
.agent/workflows/multi-repo-workspace.md (1)
1-251: Multi-repo workspace guidelines are well-reasoned and operationally valuable.This document addresses a critical risk—AI context confusion across multiple repositories—with clear, structured guidance. The distinction between feature hallucination, cross-repo references, documentation confusion, and dependency issues is well-articulated. The verification checklist, warning signs, and recovery procedures provide practical guardrails for team operations. Example workflows using git tools (git grep, git rev-parse, git remote -v) are appropriate and actionable.
Once markdown formatting and optional style refinements are applied, this will serve as an essential operational reference for maintaining consistency across multi-repo workspaces.
- Consolidate .coderabbit.yaml trigger comments per Gemini feedback - Fix ShellCheck SC2148/SC2155 violations in error-checking-feedback-loops.md - Add language identifiers to all fenced code blocks (MD040) - Add blank lines around fenced code blocks (MD031) - Update .markdownlint.json to disable overly strict MD060/MD032 rules - Fix nested code block issues in code-review.md - Standardize markdown formatting across all workflow files
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Sat Nov 29 04:21:28 UTC 2025 Generated by AI DevOps Framework Code Review Monitoring |
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (5)
.agent/workflows/release-process.md (2)
64-74: Markdown formatting compliance: Verify blank lines around code blocks (MD031).Past review flagged missing blank lines before/after code blocks at multiple locations. Lines 65-73 show a bash code block for JavaScript/Node.js versioning. Verify there are blank lines immediately before line 66 (opening
```) and after line 73 (closing```). Similar checks needed at lines 75, 84, 90, 102, 127-128, 134-135 per prior feedback.Verify the file has been updated per the previous CodeRabbit review comments addressing MD031 (blank lines around code blocks) across the entire document.
75-83: Code block language identifiers (MD040) should be specified.Line 75+ (Python section) and related code blocks need explicit language identifiers for syntax highlighting and linting compliance. Previously flagged at line 135 and lines 178-188. Ensure all fenced code blocks specify their language (e.g.,
```python,```bash,```yaml).Verify the file has been updated per prior CodeRabbit review addressing MD040 (fenced code language identifiers) throughout the document.
.agent/workflows/multi-repo-workspace.md (2)
10-16: Markdown formatting: List spacing (MD028) requires blank lines before and after lists.Lines 11-15 comprise a numbered list that should be surrounded by blank lines per MD028. This was previously flagged at lines 28-30, 191, 206, and 228. Ensure each list block has:
- One blank line immediately above the first list item
- One blank line immediately below the last list item
Verify the file has been updated per prior CodeRabbit review addressing MD028 (list spacing) at the indicated locations.
175-210: Code block language identifiers (MD040): Specify language for bash examples.Lines 178 and 197 contain bash code block examples (directory trees/structures) that should have language identifiers (
```bashor```text). This was previously flagged. Ensure all fenced code blocks specify their language explicitly per MD040.Verify the file has been updated per prior CodeRabbit review addressing MD040 (fenced code language identifiers) at lines 178 and 197.
.agent/workflows/error-checking-feedback-loops.md (1)
302-338: Bash script has ShellCheck corrections applied but verify shebang placement.The script implementing the feedback loop pattern shows improvements from prior review:
- Separate
localdeclaration and assignment (addressing SC2155) at lines 307-309, 313-316- Comment at line 303 acknowledges this pattern
However, per ShellCheck SC2148, the script requires an explicit
#!/bin/bashshebang as the first line. The comment on line 303 documents the pattern but is not a shebang. Apply this fix:#!/bin/bash # Continuous monitoring script pattern check_and_fix() { # Check for failures - declare and assign separately per SC2155 local failures failures=$(gh run list --status failure --limit 1 --json conclusion -q '.[].conclusion') ...ShellCheck validation was previously flagged (SC2148, SC2155). Verify the corrected script now passes
shellcheckvalidation with no errors.
🧹 Nitpick comments (2)
.agent/workflows/wordpress-local-testing.md (1)
1-464: Comprehensive WordPress testing guide with excellent coverage of three approaches.The document effectively covers WordPress Playground, LocalWP, and wp-env with clear use cases, setup steps, and practical examples. JSON and bash blocks are properly identified. The testing checklist (lines 448-462) and environment comparison table provide valuable quick references. Content is technically sound and well-organized.
Consider: The line "Testing single site vs multisite behavior" (line 23) could use a hyphen for better style ("vs. multisite" or "vs multi-site"), though this is minor. Static analysis flagged a hyphenation suggestion here — you may optionally apply if your style guide prefers it.
.agent/workflows/code-review.md (1)
1-301: Comprehensive and well-structured code review guide.The document provides excellent coverage of review categories, common issues organized by language, and a practical response template. The feedback examples (lines 115-155) effectively demonstrate constructive communication. Checklists are thorough and actionable. Minor style note: Lines 100-103 repeat "What" to start successive items — this is stylistically acceptable in a Q&A format but could be varied for readability if preferred (e.g., "What problem...," "Required scope:," "Key constraints:," etc.).
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
.agent/workflows/code-review.md(1 hunks).agent/workflows/error-checking-feedback-loops.md(1 hunks).agent/workflows/feature-development.md(1 hunks).agent/workflows/git-workflow.md(1 hunks).agent/workflows/multi-repo-workspace.md(1 hunks).agent/workflows/release-process.md(1 hunks).agent/workflows/wordpress-local-testing.md(1 hunks).coderabbit.yaml(1 hunks).markdownlint.json(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
- .coderabbit.yaml
- .agent/workflows/feature-development.md
🧰 Additional context used
🪛 LanguageTool
.agent/workflows/error-checking-feedback-loops.md
[style] ~5-~5: Consider using a different verb for a more formal wording.
Context: ...I assistants to identify, diagnose, and fix issues with minimal human intervention....
(FIX_RESOLVE)
.agent/workflows/code-review.md
[style] ~102-~102: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...o solve? - What are the requirements? - What are the constraints? - Is there related...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
.agent/workflows/multi-repo-workspace.md
[style] ~50-~50: “Make” is an overused word. Consider a different verb to strengthen your wording.
Context: ... you're currently working in before: - Making code suggestions - Creating or updating...
(MAKE_A_SUGGESTION)
.agent/workflows/wordpress-local-testing.md
[grammar] ~23-~23: Use a hyphen to join words.
Context: ...ifying admin UI changes - Testing single site vs multisite behavior - Demos and s...
(QB_NEW_EN_HYPHEN)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Codacy Static Code Analysis
🔇 Additional comments (2)
.markdownlint.json (1)
19-38: Configuration changes align with documentation additions.Disabling MD032 (blank lines around code blocks) and MD060 (fenced code language identifiers) is appropriate for documentation-heavy PRs with many code examples. However, MD060 typically enforces language identifiers for syntax highlighting and accessibility — ensure code blocks throughout the new workflow guides explicitly specify language identifiers where applicable.
.agent/workflows/git-workflow.md (1)
1-285: Well-structured comprehensive Git workflow guide.The document provides clear guidance on branch management, commit standards, and PR workflows. Code examples are practical and bash blocks properly identified. One minor observation: Line 23-28 table could benefit from consistent formatting, though current state is acceptable. The multi-repo contribution workflow (lines 232-258) is particularly valuable.
- Add quality-feedback-helper.sh for retrieving code quality tool feedback - Commands: status, failed, annotations, codacy, coderabbit, sonar, watch - Update error-checking-feedback-loops.md with GitHub API documentation - Supports PR and commit-specific queries via gh CLI
|
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Sat Nov 29 04:29:11 UTC 2025 Generated by AI DevOps Framework Code Review Monitoring |
|
@CodeRabbit full review |
✅ Actions performedFull review triggered. |
…t1258) Three bugs causing 100% of tasks to route through Phase 0.7 stale recovery instead of completing normally: 1. Check ordering bug: worker_failed_before_eval fired BEFORE the heartbeat check in _diagnose_stale_root_cause(). Tasks actively evaluating (heartbeat fresh) were incorrectly recovered if their log contained WORKER_FAILED from a previous retry's REPROMPT METADATA header. Fix: move heartbeat check first. 2. Wrong log file for ai_eval_timeout: the check searched the worker log for 'evaluate_with_ai' — a supervisor function that never appears in worker logs. This check never matched, masking ai_eval_timeout diagnoses. Fix: search the supervisor log (SUPERVISOR_LOG) instead, scoped to the task ID. 3. Log tail scope for worker_failed_before_eval: full-log grep caused false positives from REPROMPT METADATA headers embedding previous failure content. Fix: only check last 20 lines (actual execution status, not embedded history). 4. Phase 0.7 recovery routing: running tasks with a PR URL were re-queued unnecessarily (e.g., worker_oom_killed after creating PR). Fix: extend the evaluating+PR fast-path to all states — any stale task with a PR routes to pr_review regardless of whether it was in running or evaluating state. Root cause data (last 2 days, 124 events): worker_rate_limited: 38 (30.6%) — rate limit cooldown already handles eval_process_died: 30 (24.2%) — fix #1 prevents false recoveries worker_failed_before_eval: 30 (24.2%) — fix #1+#3 prevent false positives worker_oom_killed: 13 (10.5%) — fix #4 routes to pr_review when PR exists pulse_killed_after_pr_persist: 8 (6.5%) — already handled by fast-path ai_eval_timeout: 3 (2.4%) — fix #2 enables correct diagnosis
…t1258) (#1966) Three bugs causing 100% of tasks to route through Phase 0.7 stale recovery instead of completing normally: 1. Check ordering bug: worker_failed_before_eval fired BEFORE the heartbeat check in _diagnose_stale_root_cause(). Tasks actively evaluating (heartbeat fresh) were incorrectly recovered if their log contained WORKER_FAILED from a previous retry's REPROMPT METADATA header. Fix: move heartbeat check first. 2. Wrong log file for ai_eval_timeout: the check searched the worker log for 'evaluate_with_ai' — a supervisor function that never appears in worker logs. This check never matched, masking ai_eval_timeout diagnoses. Fix: search the supervisor log (SUPERVISOR_LOG) instead, scoped to the task ID. 3. Log tail scope for worker_failed_before_eval: full-log grep caused false positives from REPROMPT METADATA headers embedding previous failure content. Fix: only check last 20 lines (actual execution status, not embedded history). 4. Phase 0.7 recovery routing: running tasks with a PR URL were re-queued unnecessarily (e.g., worker_oom_killed after creating PR). Fix: extend the evaluating+PR fast-path to all states — any stale task with a PR routes to pr_review regardless of whether it was in running or evaluating state. Root cause data (last 2 days, 124 events): worker_rate_limited: 38 (30.6%) — rate limit cooldown already handles eval_process_died: 30 (24.2%) — fix #1 prevents false recoveries worker_failed_before_eval: 30 (24.2%) — fix #1+#3 prevent false positives worker_oom_killed: 13 (10.5%) — fix #4 routes to pr_review when PR exists pulse_killed_after_pr_persist: 8 (6.5%) — already handled by fast-path ai_eval_timeout: 3 (2.4%) — fix #2 enables correct diagnosis
- config-helper.sh: detect malformed user config instead of silently
falling back to {} — emit error to stderr in _merge_configs, cmd_list,
cmd_set, and cmd_reset (missing file is still OK, parse failure is not)
- config-helper.sh cmd_validate: add JSON Schema validation using
ajv-cli or python3 jsonschema when available, with safe argv passing
- shared-constants.sh _load_config: guard JSONC mode on config_get and
config_enabled function availability, not just jq + defaults file
Issues #1 (eval→printf -v), #3 (jq --arg for strings), #4 (sourced vs
executed detection), and #7 (deterministic exit 1) were already fixed
in the prior commit.
* feat: replace feature-toggles.conf with namespaced JSONC config system Replace the flat key=value feature-toggles.conf with a fully comprehensive namespaced JSONC configuration file (aidevops.defaults.jsonc). Every configurable opinion in the codebase is now properly namespaced under semantic categories: updates, integrations, orchestration, safety, ui, models, quality, verification, and paths. New files: - .agents/configs/aidevops.defaults.jsonc — all defaults with comments - .agents/configs/aidevops-config.schema.json — JSON Schema for validation - .agents/scripts/config-helper.sh — JSONC reader/writer (jq-based) Key design decisions: - JSONC format supports comments, schema refs, and object values - User config at ~/.config/aidevops/config.jsonc overrides defaults - Automatic migration from legacy feature-toggles.conf on first use - Full backward compatibility: get_feature_toggle/is_feature_enabled still work with flat keys, mapped to new dotpaths internally - Falls back to legacy .conf parsing when jq is not available - Environment variables still take highest priority Updated scripts: - shared-constants.sh: loads JSONC config, backward-compatible API - feature-toggle-helper.sh: delegates to config-helper.sh - aidevops.sh: config command prefers config-helper.sh - setup.sh, setup-modules/config.sh, auto-update-helper.sh: updated comments to reference new namespaced dotpaths Closes #2730 * fix: address CodeRabbit security and robustness review on JSONC config - Replace eval with printf -v in _load_feature_toggles_legacy (shared-constants.sh) - Guard set -euo pipefail to only apply when executed directly, not sourced (config-helper.sh) - Propagate _strip_jsonc failures instead of silently returning {} (config-helper.sh) - Fix gsub for multiple /* */ block comments on same line via while loop (config-helper.sh) - Use jq --arg/--argjson for all dotpath and value passing to prevent shell injection (config-helper.sh) - Add _validate_dotpath to reject dotpaths with unsafe characters (config-helper.sh) - Remove misleading legacy fallback in feature-toggle-helper.sh, fail deterministically - Read numeric interval values via get_feature_toggle instead of raw env vars (auto-update-helper.sh) * fix: address remaining CodeRabbit/Gemini review issues on JSONC config - config-helper.sh: detect malformed user config instead of silently falling back to {} — emit error to stderr in _merge_configs, cmd_list, cmd_set, and cmd_reset (missing file is still OK, parse failure is not) - config-helper.sh cmd_validate: add JSON Schema validation using ajv-cli or python3 jsonschema when available, with safe argv passing - shared-constants.sh _load_config: guard JSONC mode on config_get and config_enabled function availability, not just jq + defaults file Issues #1 (eval→printf -v), #3 (jq --arg for strings), #4 (sourced vs executed detection), and #7 (deterministic exit 1) were already fixed in the prior commit. * fix(config-helper): propagate malformed user config error in _merge_configs * fix(config-helper): check _strip_jsonc exit status in cmd_validate * fix: surface auto-migration failures instead of swallowing errors Replace '|| true' with explicit error handling that warns users when auto-migration from legacy config fails. Both config-helper.sh main() and shared-constants.sh _load_config() now emit a stderr warning with actionable guidance ('aidevops config migrate') instead of silently continuing with no user config applied. Addresses CodeRabbit CHANGES_REQUESTED review on PR #2731. * fix(config-helper): address final CodeRabbit review issues Log jq deep-merge failures in _merge_configs instead of silently falling back to defaults. Addresses CodeRabbit nitpick from the post-fix review (2026-03-02T21:24:32Z). Previous commits already addressed the two CHANGES_REQUESTED issues: - f4cfcba: propagate malformed user config error (return 1) - d093867: check _strip_jsonc exit status in cmd_validate - 4e6e046: surface auto-migration failures * fix(config-helper): capture stderr and exit code from auto-migration The _migrate_conf_to_jsonc call in main() swallowed both stderr and the exit status (2>/dev/null). Now captures stderr separately for diagnostic logging, preserves the exit code, and touches ~/.aidevops/migrate_failed on failure so the CLI can surface 'auto-migration failed' to the user. On success, removes the flag file. Closes #2730 * fix: surface remaining silent failures flagged by CodeRabbit review - config-helper.sh _merge_configs(): capture jq stderr and include it in the error log when deep merge fails, instead of suppressing with 2>/dev/null - shared-constants.sh _load_config(): stop suppressing migration stderr so users see the actual error from _migrate_conf_to_jsonc - auto-update-helper.sh cmd_enable(): use get_feature_toggle for update_interval instead of direct env var access, matching the pattern used by all other numeric config values - auto-update-helper.sh cmd_status(): use get_feature_toggle for tool_idle_hours instead of direct env var access
…w-bot-gate-helper Address PR #3006 review feedback (GH#3025): - Remove 2>/dev/null from gh pr view, gh api statuses, and gh api check-runs calls in any_bot_has_success_status() — the || echo "" fallback handles failures gracefully while letting auth/network errors remain visible for debugging - Remove 2>&1 from any_bot_has_success_status call in do_list() to prevent mixing diagnostic stderr with formatted report output - Finding #4 (echo|grep -> bash built-in) was already addressed in the merged PR via bidirectional [[ ]] matching
…w-bot-gate-helper (#3039) Address PR #3006 review feedback (GH#3025): - Remove 2>/dev/null from gh pr view, gh api statuses, and gh api check-runs calls in any_bot_has_success_status() — the || echo "" fallback handles failures gracefully while letting auth/network errors remain visible for debugging - Remove 2>&1 from any_bot_has_success_status call in do_list() to prevent mixing diagnostic stderr with formatted report output - Finding #4 (echo|grep -> bash built-in) was already addressed in the merged PR via bidirectional [[ ]] matching
- Consolidate 4 separate jq calls for user profile into single pass with tab-delimited output, remove stderr suppression (Gemini #6) - Consolidate own repos loop into single jq pass, eliminating per-row jq invocations (Gemini #2) - Replace sequential N+1 gh api calls for fork parent URLs with parallel xargs -P 6 batch fetch (Gemini #1) - Add _sanitize_md() and _sanitize_url() helpers to sanitize user-controlled fields (display_name, bio, blog, twitter) before embedding in markdown, preventing markdown injection and javascript: URI attacks (Gemini #4, #5) Ref: PR #3962 review comments from gemini-code-assist
…#3963) * fix: address Gemini code review feedback on profile README generation - Consolidate 4 separate jq calls for user profile into single pass with tab-delimited output, remove stderr suppression (Gemini #6) - Consolidate own repos loop into single jq pass, eliminating per-row jq invocations (Gemini #2) - Replace sequential N+1 gh api calls for fork parent URLs with parallel xargs -P 6 batch fetch (Gemini #1) - Add _sanitize_md() and _sanitize_url() helpers to sanitize user-controlled fields (display_name, bio, blog, twitter) before embedding in markdown, preventing markdown injection and javascript: URI attacks (Gemini #4, #5) Ref: PR #3962 review comments from gemini-code-assist * fix: address second round of Gemini review feedback - Remove 2>/dev/null from xargs fork fetch (|| true suffices) - Tighten _sanitize_url to reject markdown-breaking chars in URLs using glob patterns (bash regex [^...] with escaped parens is unreliable across bash versions) - Strip tabs/newlines from jq user profile output to prevent tab-delimiter injection in bio/description fields - Sanitize repo names and descriptions in both own repos (jq gsub) and fork repos (_sanitize_md) before markdown embedding - Keep printf '%s\n' for own_repos (bash $() strips trailing newlines, so the explicit \n is needed for section spacing) Ref: PR #3963 review comments from gemini-code-assist
* feat: add unified post-session security summary (t1428.5) Add --security mode to session-review-helper.sh that aggregates: - Cost breakdown by model from observability data (SQLite DB + JSONL) - Audit event type breakdown with chain integrity check - Network access summary (logged/flagged/denied domains) - Prompt injection defense stats (blocked/warned/sanitized) - Session security context placeholder (t1428.3 pending) - Quarantine queue placeholder (t1428.4 pending) Computes overall security posture (CLEAN/LOW/MEDIUM/HIGH/CRITICAL) based on denied access, blocked injections, and audit chain integrity. Supports: security command, --security flag with gather, --json output, --session filter for session-scoped data. Closes #4029 * fix: harden session_filter against SQL, jq, and JSON injection Address CHANGES_REQUESTED review feedback from CodeRabbit and Gemini Code Assist on PR #4036: - Add _sanitize_session_filter() to strip non-alphanumeric chars from --session input (defense-in-depth at entry point and per-function) - SQL injection: sanitize session_filter before WHERE clause interpolation - jq injection: use jq --arg for safe variable binding instead of string interpolation in JSONL fallback path - JSON injection: replace heredoc with jq -n construction for safe JSON output in _security_summary_json() - Merge nested conditionals in _security_posture() for clarity - Extract repeated printf format string to FMT_COST_ROW constant * fix: harden awk/arithmetic injection and add defense-in-depth sanitization Address remaining CodeRabbit and Gemini review findings on PR #4036: - Replace awk shell interpolation with -v flag to prevent command injection via malicious model_id content in SQLite output - Replace bash arithmetic expansion with awk -v for reqs accumulation - Add _sanitize_session_filter() at every function boundary (_security_cost_summary, output_security_summary, _security_summary_json) for defense-in-depth, not just at CLI parse time * fix: address CodeRabbit/Gemini review comments on security summary - Add SQL-level single-quote escaping as belt-and-suspenders defense alongside _sanitize_session_filter (prevents SQL injection) - Add clarifying comment on jq --arg usage (already parameterized) - Extract repeated printf data-row format to FMT_COST_DATA constant - Simplify _security_posture nested conditionals into single if/elif * fix: use positive posture match in prompt-guard escalation logic Address PR #4036 review feedback item #4: replace negative match ($posture != HIGH && != CRITICAL) with explicit positive match ($posture == CLEAN || $posture == LOW) for clearer intent. Items #1-3 were already addressed in prior commits (9b92562, 61ed0f7). * fix: address Gemini/CodeRabbit review round 2 — injection hardening and performance - Replace awk-in-loop with post-loop totalling (single awk call per total) - Add numeric field validation for SQLite pipe-parsed data (defense-in-depth) - Consolidate JSONL fallback to single jq pass (was 3 separate jq calls) - Refactor _security_posture() to accept pre-computed counts as args, eliminating redundant file reads when called from _security_summary_json() - Backward compatible: _security_posture() still computes from logs when called without arguments (text mode path) * fix: address CodeRabbit review round 3 — is_protected_branch bug and format constants Critical fix: - Remove unconditional 'return 0' from is_protected_branch() that made the function always return success regardless of actual branch. The [[ test ]] exit status now correctly propagates as the function's return value. Nitpick fixes: - Extract repeated '%-25s %6s' format string to FMT_AUDIT_ROW constant - Extract repeated '%-20s %6s' format string to FMT_SUMMARY_ROW constant - Color-wrapped printf calls intentionally keep inline format strings (ANSI codes cannot be embedded in readonly constants cleanly) * fix: address CodeRabbit review round 4 — --session arg guard and jq null safety - Validate --session has a value before shifting (prevents silent exit under set -e when --session is last arg) - Use '.domain // empty' in jq domain extraction to handle malformed JSON entries without polluting stderr * fix: jq null safety for domain extraction in network summary Add select(. != "") filter to jq domain extraction pipeline to prevent empty strings from malformed JSON entries polluting the top-flagged-domains output. Addresses CodeRabbit nitpick from review round 4. * fix: address remaining review feedback — session filter propagation, --focus guard, doc clarity - Propagate session_filter to all security functions (audit, network, prompt-guard, session-context, quarantine) for API consistency. Functions whose underlying logs lack session_id fields now display a '(global)' note when a filter is active, preventing misleading filtered-looking output from unfiltered data. - Add --focus arg validation mirroring --session guard: clear error and exit 1 when --focus is the last arg or followed by another flag. - Fix session-review.md command doc: distinguish 'security' subcommand (standalone) from '--security' flag (additive to gather flow). * perf: pre-compute security counts for text mode posture calculation Mirrors the JSON path optimization — collects denied/flagged/blocks/warns/chain counts once in output_security_summary() and passes them to _security_posture(), avoiding redundant file reads when section functions also read the same logs. Addresses CodeRabbit nitpick from review round 2 (line 451-453). * fix: address final CodeRabbit review — fail-closed session validation, JSON cost data, SQL column name - --session now rejects altered/empty input instead of silently falling back to global scope (fail-closed validation per CodeRabbit review #3920297733) - JSON output now includes cost.total and cost.breakdown with per-model data, matching the text summary's cost table - session_context now includes score field, quarantine includes pending_items count (not just availability flags) - Fix SQL column name: cost_total -> cost (matches actual DB schema)
- Fix data corruption in cmd_archive/cmd_remove: collect all section headers into an immutable snapshot before any deletions, then delete in reverse order so earlier line offsets remain valid (fixes #1) - Fix sed error suppression: remove '|| true', capture exit status, only increment archived/removed counters on success (fixes #2) - Fix check_todo_completed: remove '|| echo 0' fallback that caused duplicate zero output; grep -c already returns 0 on no match (fixes #3) - Fix agent-deploy.sh: remove 2>/dev/null suppression on plans_cleanup invocation, log failures via print_warn instead of silencing (fixes #4) - Fix agent-deploy.sh: pass explicit PLANS_FILE/ARCHIVE_FILE/TODO_FILE env vars so plans_cleanup targets the repo dir, not cwd; use deployed copy of script from target_dir (fixes #5) - Fix setup.sh: gate standalone archive confirm_step to only run when deploy_aidevops_agents was skipped; deploy already runs cleanup internally, so running it again would be a double-run (fixes #6) - Fix PLANS.md: change 'MERGED' to 'CLOSED' for issue references in Issues summary line (fixes #7)
…5355) * chore: archive completed plans from PLANS.md and add cleanup helper All 16 plans in PLANS.md had Status: Planning but all their tasks were completed and issues closed upstream. Updated status to Completed. Added plans-cleanup-helper.sh to automate detection and archiving of completed plans. Wired into setup.sh and agent-deploy.sh so new installs get a clean PLANS.md with only active work. Commands: - check: show completion status of all plans - archive: move completed plans to PLANS-ARCHIVE.md - remove: delete completed plans entirely - status: JSON summary Fixes stale 'Planning' status for: - Restore OpenAI Codex (t1483, GH#4656) - Agent Runtime Sync (t1453, GH#4205) - gh Mutation Fix (t1434, GH#4122) - Grith Security (t1428, GH#4025) - Convos Agent (t1414, GH#3126) - URL Skill Updates (t1415, GH#3131) - Recursive Decomposition (t1408, GH#2983) - LLM Evaluation Suite (t1393-1396) - Runaway Memory Fix (t1398, GH#2854) - Prompt Injection Scanner (t1375) - Vector Search Agent (t1370) - UI/UX Inspiration (t1371-1374) - PaddleOCR (t1369) - Multi-Model Orchestration (t1364) - Mission System (t1357) - Conversational Memory (t1363) * fix: address CodeRabbit review findings on plans-cleanup PR #5355 - Fix data corruption in cmd_archive/cmd_remove: collect all section headers into an immutable snapshot before any deletions, then delete in reverse order so earlier line offsets remain valid (fixes #1) - Fix sed error suppression: remove '|| true', capture exit status, only increment archived/removed counters on success (fixes #2) - Fix check_todo_completed: remove '|| echo 0' fallback that caused duplicate zero output; grep -c already returns 0 on no match (fixes #3) - Fix agent-deploy.sh: remove 2>/dev/null suppression on plans_cleanup invocation, log failures via print_warn instead of silencing (fixes #4) - Fix agent-deploy.sh: pass explicit PLANS_FILE/ARCHIVE_FILE/TODO_FILE env vars so plans_cleanup targets the repo dir, not cwd; use deployed copy of script from target_dir (fixes #5) - Fix setup.sh: gate standalone archive confirm_step to only run when deploy_aidevops_agents was skipped; deploy already runs cleanup internally, so running it again would be a double-run (fixes #6) - Fix PLANS.md: change 'MERGED' to 'CLOSED' for issue references in Issues summary line (fixes #7) --------- Co-authored-by: Rob M <robi@MacBookPro.attlocal.net> Co-authored-by: marcusquinn <6428977+marcusquinn@users.noreply.github.com>
Replace confusing multi-line string literal in advisory output with explicit printf-based concatenation. The original code was functionally correct (} was at column 1), but the pattern was misleading enough to trigger a false positive from Augment Code review (item #3). Items #1, #2, #4 were already fixed in 59a22dd.
…ns, watchdog, timeout, stdout) Bug #1: Fix step-start vs step_start event type mismatch in output_has_activity() and watchdog grep — mismatched event names caused false negatives in activity detection during slow MCP startup. Bug #2: Use pkill -P for process tree kill in watchdog — previously only killed the subshell PID, leaving opencode and tee as orphans consuming CPU+memory. Bug #3: Add timeout wrapper to non-sandbox execution path — the non-sandbox path had no overall timeout, risking indefinite hangs if the worker produced initial activity but then stalled. Bug #4 (critical): Add --stream-stdout to sandbox-exec-helper.sh — the sandbox's store-and-replay pattern captured child stdout to a temp file, so the activity watchdog (reading tee output) saw nothing and killed every sandboxed worker at ~93s. Now child stdout flows through the pipe to tee in real-time when called from headless dispatch. Bug #5: Redirect subshell stdout/stderr to /dev/null — the backgrounded subshell inherited parent FDs, blocking Claude Code's bash tool (which waits for all FDs to close) on /runners dispatches. Closes #15180
…ns, watchdog, timeout, stdout) (#15188) Bug #1: Fix step-start vs step_start event type mismatch in output_has_activity() and watchdog grep — mismatched event names caused false negatives in activity detection during slow MCP startup. Bug #2: Use pkill -P for process tree kill in watchdog — previously only killed the subshell PID, leaving opencode and tee as orphans consuming CPU+memory. Bug #3: Add timeout wrapper to non-sandbox execution path — the non-sandbox path had no overall timeout, risking indefinite hangs if the worker produced initial activity but then stalled. Bug #4 (critical): Add --stream-stdout to sandbox-exec-helper.sh — the sandbox's store-and-replay pattern captured child stdout to a temp file, so the activity watchdog (reading tee output) saw nothing and killed every sandboxed worker at ~93s. Now child stdout flows through the pipe to tee in real-time when called from headless dispatch. Bug #5: Redirect subshell stdout/stderr to /dev/null — the backgrounded subshell inherited parent FDs, blocking Claude Code's bash tool (which waits for all FDs to close) on /runners dispatches. Closes #15180
…ub (GH#18509) When a source agent file sets bash:false in its YAML frontmatter, the generate-runtime-config.sh/_write_subagent_stub function was still writing a permissive pointer-stub with bash:true and external_directory:allow. This contradicted the source's explicit security restrictions and was an attack surface for prompt-injected content handled by sandboxed agents (e.g. triage-review). Fix: detect bash:false in source frontmatter using awk; if present, copy source verbatim (with model-name normalisation) instead of generating a stub. Same fix applied to the deprecated generate-opencode-agents.sh fallback. Also adds audit-agent-deployment.sh to verify deployed agent frontmatter matches source restrictions, covering acceptance criterion #4. Fixes #18509
…ub (GH#18509) (#18528) When a source agent file sets bash:false in its YAML frontmatter, the generate-runtime-config.sh/_write_subagent_stub function was still writing a permissive pointer-stub with bash:true and external_directory:allow. This contradicted the source's explicit security restrictions and was an attack surface for prompt-injected content handled by sandboxed agents (e.g. triage-review). Fix: detect bash:false in source frontmatter using awk; if present, copy source verbatim (with model-name normalisation) instead of generating a stub. Same fix applied to the deprecated generate-opencode-agents.sh fallback. Also adds audit-agent-deployment.sh to verify deployed agent frontmatter matches source restrictions, covering acceptance criterion #4. Fixes #18509
1 participant
Purpose
Trigger a comprehensive CodeRabbit review of the entire aidevops codebase.
Context
Review Focus
As configured in
.coderabbit.yaml:@coderabbitai full review
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.