Skip to content

chore(tier-0): complete hygiene files for HeliosLab #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
KooshaPari merged 1 commit into from
Jun 20, 2026
Merged

chore(tier-0): complete hygiene files for HeliosLab #131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/workflows/cargo-audit.yml → .github/workflows/audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ name: cargo-audit
permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

'on':
workflow_dispatch: null
push:
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/cargo-deny.yml → .github/workflows/deny.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: cargo-deny
name: cargo-deny
on:
workflow_dispatch:
pull_request:
Expand All @@ -15,4 +15,3 @@ permissions:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

16 changes: 16 additions & 0 deletions crates/pheno-ffi-go/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#![expect(clippy::missing_safety_doc)]

use chrono::Utc;
Expand Down
16 changes: 16 additions & 0 deletions crates/pheno-ffi-python/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use chrono::Utc;
use pheno_core::*;
use pheno_db::Database;
Expand Down
28 changes: 23 additions & 5 deletions justfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,34 @@
# HeliosLab Justfile
#
# After 2026-06-11, this justfile is a thin shell that re-exports the shared
# `phenotype.just` library (defined in just/phenotype.just). The 9 most
# common recipes (default, build, test, lint, fmt, audit, unused, ci, docs)
# are now defined once in the library and parameterized over the build
# system.
# `phenotype.just` library (defined in just/phenotype.just). The most common
# recipes (default, build, test, lint, fmt, audit, unused, ci, docs) are
# defined once in the library and parameterized over the build system.
#
# Stack-specific recipes (e.g. `clean`, `dev`) stay in this file.
# Stack-specific recipes (`deny`, `grade`) stay in this file so the library
# stays polyglot-neutral.
#
# To upgrade: pull the latest phenotype.just from the central repo, or
# vendor it as a git submodule.

import "just/phenotype.just"

# Run cargo-deny against the checked-in deny.toml policy.
# Stack: cargo. Hard-fails if cargo-deny is not installed (mirrors CI).
deny:
@if [ -f Cargo.toml ]; then \
command -v cargo-deny >/dev/null || { echo "cargo-deny not installed; install with: cargo install cargo-deny"; exit 1; }; \
cargo deny check; \
else echo "no Cargo.toml at repo root; nothing to deny-check"; fi

# Generate the tier-0 hygiene grade report (audit_scorecard.json).
# Stack-agnostic: prints the committed scorecard summary if present,
# otherwise reminds the operator to run the upstream grader.
grade:
@if [ -f audit_scorecard.json ]; then \
echo "Tier-0 grade summary ($(basename "$PWD")):"; \
jq -r '" overall: \(.overall)\n grade: \(.grade)\n top wins:\n\(.scores | to_entries | sort_by(-.value) | .[0:5] | map(" - \(.key): \(.value)") | join("\n"))"' audit_scorecard.json; \

@codeant-ai codeant-ai Bot Jun 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: The grade recipe invokes jq unconditionally when audit_scorecard.json exists, so on environments without jq the recipe fails at runtime instead of printing the intended summary/fallback guidance. Add a command -v jq check (like the deny recipe does for cargo-deny) and provide a clear fallback message. [incomplete implementation]

Severity Level: Major ⚠️ 
-`just grade` fails on machines without jq installed.
- ⚠️ Tier-0 hygiene scoring unusable in minimal environments.
- ⚠️ Inconsistent behavior compared with guarded `deny` recipe.
Steps of Reproduction ✅ 
1. From the repo root `/workspace/HeliosLab`, note that `audit_scorecard.json` exists
(confirmed by `LS` at `/workspace/HeliosLab/audit_scorecard.json`) so the `grade` recipe's
`if [ -f audit_scorecard.json ]` condition at `justfile:28` will be true.

2. Use a development or CI environment where the `jq` binary is not installed or not on
`PATH` (no safeguards for `jq` are present in `justfile`, unlike the `deny` recipe's
`command -v cargo-deny` check at lines `18-21`).

3. Run `just grade`, which executes the `grade` recipe defined at `justfile:24-34`;
because `audit_scorecard.json` exists, the shell executes the `jq -r ...
audit_scorecard.json` command at `justfile:30`.

4. Observe the shell error `jq: command not found` (or a non-zero exit from the recipe)
and that the intended summary output and fallback guidance are not printed, causing `just
grade` to hard-fail on systems without `jq`.

Fix in Cursor Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is a comment left during a code review.

**Path:** justfile
**Line:** 30:30
**Comment:**
	*Incomplete Implementation: The `grade` recipe invokes `jq` unconditionally when `audit_scorecard.json` exists, so on environments without `jq` the recipe fails at runtime instead of printing the intended summary/fallback guidance. Add a `command -v jq` check (like the `deny` recipe does for `cargo-deny`) and provide a clear fallback message.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
👍 | 👎

else \
echo "audit_scorecard.json not found in repo root."; \
echo "Run the upstream Phenotype grader, or: just audit && just deny && just lint && just test"; \
fi
16 changes: 16 additions & 0 deletions pheno-cli/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

mod tui;

use chrono::Utc;
Expand Down
16 changes: 16 additions & 0 deletions pheno-cli/src/tui.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use crossterm::{
event::{self, Event, KeyCode, KeyEventKind},
terminal::{disable_raw_mode, enable_raw_mode, EnterAlternateScreen, LeaveAlternateScreen},
Expand Down
16 changes: 16 additions & 0 deletions pheno-core/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::fmt;
Expand Down
16 changes: 16 additions & 0 deletions pheno-crypto/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use aes_gcm::aead::{Aead, KeyInit, OsRng};
use aes_gcm::{Aes256Gcm, AeadCore, Key, Nonce};
use pheno_core::{Error, Result};
Expand Down
16 changes: 16 additions & 0 deletions pheno-db/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
//
// Copyright (c) 2026 Koosha Pari
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use chrono::{DateTime, Utc};
use pheno_core::*;
use rusqlite::{params, Connection};
Expand Down
Loading