feat: V1.37.0 — Phase 2 charter closure (3 items) + HIGH/MEDIUM audit fixes (6)#143
Open
Wool-xing wants to merge 19 commits into
Open
feat: V1.37.0 — Phase 2 charter closure (3 items) + HIGH/MEDIUM audit fixes (6)#143Wool-xing wants to merge 19 commits into
Wool-xing wants to merge 19 commits into
Conversation
added 15 commits
May 18, 2026 22:01
… fixes (6 items) Added (13 new files): - Bug tracker 5 adapters: jira/github/linear/webhook bug managers - Quality gate engine: quality_gate_engine.py + quality_gates.yaml - Layered requirements: 6 tiered requirement files (base/mobile/desktop/visual/system/ai/perf) - CI runtime compileall check Fixed HIGH (2): - H16: Expert count clarified (9含test-lead vs 8被协调) - H18: Skills README completed (13→32 business + 3 meta skills) Fixed MEDIUM (4): - M12: run_file BackgroundTasks unified - M14: RACI matrix 18 columns (pentest+automotive) - M15: requires_layer documented in CONTRIBUTING.md - M19: automotive-test checker reference fixed Changed: - Utils count: 67 → 73 (6 new .py files) - Version: 1.36.0 → 1.37.0 across VERSION/__init__/pyproject/package.json - Charter: Bug多适配 ✅ / 按需安装 ✅ / 门禁YAML ✅
Added: - ci_contract_gate.py: L7 Shift-Left contract pipeline (detect→generate→verify) - CI contract-gate job: OpenAPI spec change → contract → PR block - 28 utils unit tests: quality_gate.py (17) + bug_tracker_base.py (11) Changed: - Utils count: 73 → 74 - Charter: L7 契约链路 ✅ - 06-test-architecture.md: L1-L7 all wired Tests: 183 passed, 2 skipped
Added: - fairness_auditor.py: comprehensive fairness auditor (360 lines) - dataset bias: representation parity + label balance - model fairness: DI/SPD/EO/equalized_odds/calibration/predictive_parity - intersectional fairness (multi-sensitive-attribute) - decision fairness (policy-level outcomes) - export_bias_report() + summary() for CI integration - ai_validator.run_bias_audit(): pipeline calling fairness_auditor - 20 unit tests (runtime/tests/test_utils_fairness.py) Changed: - Utils: 74 → 75 - pre-commit hook: expected utils count 74 → 75 - coverage matrix: 伦理/偏见审计 ✅ (was Phase 3) - vision-dimensions: 公平性审计器 ✅ - 14-AI模型测试.md: expanded fairness section with 6-metric examples - ROADMAP: V1.37.0 + V1.38.0 entries - All docs: 74→75 utils Tests: 203 passed, 2 skipped
…tector) Added: - silent_failure_detector.py: threshold drift + Mann-Kendall trend + OLS slope (310 lines) - detect_threshold_drift(): per-metric drift analysis - batch_detect(): multi-metric unified report - Source collectors: tracing/web_vitals/prometheus_counter/prometheus_gauge - SlidingWindowStore: rolling window for trend analysis - export_report() + ci_summary() for CI integration - ai_validator.run_silent_failure_audit(): integrated pipeline - 21 unit tests (runtime/tests/test_utils_silent_failure.py) Changed: - Utils: 75 → 76 - pre-commit hook: expected utils 75 → 76 - coverage matrix: 沉默故障检测 ✅ (was Phase 3) - vision-dimensions: 沉默故障探测器 ✅ - ROADMAP: V1.38.0 + V1.39.0 entries - All docs: 75→76 utils Tests: 224 passed, 2 skipped
Phase 3 — 质量增强三连: - 3.1 fairness_auditor.py: 伦理/偏见审计 (6 metrics + intersectional + decision audit) - 3.2 silent_failure_detector.py: 沉默故障检测 (Mann-Kendall + OLS + sliding window) - 3.3 absentee_scenario_injector.py: 缺席者场景注入 (9 groups × 21 scenarios) Utils: 73 → 77 (fairness + silent_failure + absentee + __init__) Tests: 244 passed, 2 skipped
Added: - absentee_scenario_injector.py: edge-case scenario library (360 lines) - 9 absentee groups (visual/motor/hearing/cognitive/elderly/minor/offline/crisis/non-native) - 21 canonical scenarios with WCAG 2.1 refs, i18n tags, test steps - Scenario query/injection API + SBTM charter generation - Coverage reporting + export - 20 unit tests (runtime/tests/test_utils_absentee.py) Changed: - Utils: 76 → 77 - pre-commit hook: expected utils 76 → 77 - coverage matrix: all 3 Phase 3 items ✅ — PHASE 3 COMPLETE - vision-dimensions: 缺席者场景注入器 ✅ + 缺席者画像生成器 ✅ - ai_validator.py: auto-patched by linter (silent_failure integration) - All docs: 76→77 utils Phase 3 summary: ✅ 3.1 伦理/偏见审计 — fairness_auditor.py (20 tests) ✅ 3.2 沉默故障检测 — silent_failure_detector.py (21 tests) ✅ 3.3 缺席者场景注入 — absentee_scenario_injector.py (20 tests) Tests: 244 passed, 2 skipped
evidence_chain.py: SHA-256 hash chain + multi-source collection (decisions/DORA/tracing/baselines/history) + ISO 27001/SOC2/NIST 800-53/GDPR compliance mapping + JSON/Markdown export + integrity verification. 39 tests. ai_validator integration. Phase 4 complete.
- taboo_matrix.py: 135 entries across 16 locales in 5 dimensions (words/colors/numbers/holidays/sacred) - i18n_checker.py: Phase 5 extensions — audit_taboo_words/colors/numbers/holidays/sacred_contexts + run_taboo_audit() - 84 unit tests: test_utils_taboo_matrix (30) + test_utils_i18n_taboo (54) - Util count: 78→79 (taboo_matrix), pre-commit + 项目导航 + 使用手册 synced - Charter docs: 01-vision-dimensions + 02-coverage-matrix updated
- ai_validator: refactor run_silent_failure_audit (file→data), _calc_psi drop pandas dep - db_test_helper_v2: uuid import top-level, remove fragile dir() check - state_machine_tester_v2: eval/exec security hardening (empty builtins → whitelist) - Version sync: desktop/mobile package.json + pyproject.toml 1.40.0→1.42.0 - CI: utils count 67→79 - essence_watcher: hardcoded path→placeholder
Structure: agents/ skills/ utils/ ci/ config/ (from 02-06 numbered dirs). Utils: 78 .py files → 12 functional subdirectories. Paths: 130+ files updated across .md/.py/.yml/.sh. CI/Hooks: pre-commit + ci.yml + selftest-weekly + install.sh all updated. Removed: darwin-skill duplicates, root egg-info, runtime/workspace, discussions logs, examples/.venv, archive snapshots (28MB).
- conftest.py: inject all 12 utils subdirectories + project root into sys.path - runtime/tests/conftest.py: same sys.path injection for test environment - utils internal imports: same-dir use bare imports, cross-subdir use utils.X.Y - Fixes 123 broken import lines across 22 files - 367/367 tests passing (0 failures)
…lim Test-Agent.md - Remove dead 04-配置文件/ (only contained __pycache__) - Clean workspace: remove __pycache__, move generated .docx/.xlsx to _outputs/ - Delete docs V1 auto-check mechanism (superseded by V7) - Replace 1509-line Test-Agent.md with 90-line index; extract runtime architecture to runtime/ARCHITECTURE.md - Fix stale path in tagent.yml.example: 04-配置文件/ → config/templates/ - Add workspace/_outputs/ to .gitignore
…ocs fixes
CRITICAL fixes:
- runtime/api/main.py: fix NameError json.JSONDecodeError → _json.JSONDecodeError
- desktop/pyinstaller: fix 4 dead datas paths (old Chinese dirs → agents/skills/config/utils)
- desktop/electron: fix preload version 1.33/1.34 → 1.42.0
- config/.env.example: add LLM provider env vars (8+ keys) + Slack/Teams webhooks
- config/quality_gates.yaml: add P0/P1 breakdown (single source of truth)
- config/templates/base.env.tpl: replace hardcoded credentials with {{PLACEHOLDER}} vars
- config/.env.example + utils/reporting: standardize webhook naming to _URL suffix
HIGH fixes:
- CI ci.yml: fix markdown dead-link checker (pipe subshell → process substitution)
- CI ci.yml: remove continue-on-error silencing CVE scanners
- install.sh: replace hardcoded 49-util list with find glob (now auto-discovers all 78)
- install.sh: fix version V1.36.0 → V1.42.0, branch v1.32.5 → v1.42.0
- runtime/direct.py: fix on_failure=abort silently ignored; extract _run_node_with_retry()
- runtime/test_lead.py: fix output file collision (st_mtime → uuid)
- runtime/flows.py: cancel in-flight Prefect tasks on circuit breaker
- runtime/experts.py: add _upstream_lock for concurrent task safety
- desktop/main.ts: validate protocol before shell.openExternal (https/http only)
- utils/trackers: fix bare imports → fully-qualified (bug_tracker_base + ai_validator)
Additional:
- utils/quality_gate_engine.py: make defusedxml required (no insecure stdlib fallback)
- runtime/docker-compose.app.yml: use ${VAR:-default} for credentials
- install.sh: fix mktemp portability + add TEST_AGENT_NO_CN_MIRROR opt-out
- CONTRIBUTING.md: fix agent count 18 → 16
- README.zh-CN.md: fix utils count 67 → 78
- .gitignore: remove duplicate .DS_Store + redundant negation
- .pre-commit-config.yaml: remove no-op groovy exclude from check-yaml
…I alignment - runtime/api/main.py: fix CORS allow_origins wildcard → allow_origin_regex - runtime/api/main.py: fix import ordering + remove unused register_run/unregister_run - runtime/config/settings.py: add model_post_init to auto-resolve relative Path fields - .pre-commit-config.yaml: add ruff scanning for runtime/ (previously only utils/) - .github/workflows/codeql.yml: add javascript-typescript language scan - .github/dependabot.yml: fix npm directories (root → runtime/web + desktop) - .github/workflows/desktop-release.yml: align actions versions → v6 - .github/workflows/synthetic-monitor.yml: align actions versions → v6
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
added 4 commits
May 20, 2026 02:00
- .pre-commit-config.yaml: re-enable 7 markdownlint rules (MD004/005/009/010/012/030/037) - CHANGELOG.md: fix MD037 false positives (wrap Python identifiers in backticks) - docs/INDEX.md: fix stale version V1.10.0 → V1.42.0 - examples/INDEX.md: fix stale version V1.10.0 → V1.42.0 - docs/getting-started/使用手册.md: fix self-check counts (agents 9→16, skills 8→32, utils 12→78) - CHANGELOG.md: fix initial version [1.0.0] → [v1.0.0] for consistency - SECURITY.md: add best-effort qualifier to response time SLA
- desktop/electron/main.ts: remove dead cmd/args assignments (overwritten by devArgs) - desktop/scripts/build-python.sh: remove -q flag, show PyInstaller install errors - desktop/scripts/build-all.sh: check runtime/web exists before building UI - agents/09-报告生成.md: fix dead reference daily-report.yml → selftest-weekly.yml - utils/security/security_scanner.py: add encoding="utf-8" to bandit/safety subprocess calls - archive/wechat-early-docs/README.zh-CN.md: add deprecation banner (not tracked, gitignored)
- F821: OrderedDict undefined name in test_orchestrator/server.py (add import, remove lazy import) - Auto-fix 256 ruff violations: F401 unused-import, I001 unsorted-imports, UP006/UP035/UP045 modern annotations, UP037 quoted-annotation, F541 f-string, B009 get-attr, SIM117 multi-with, E402 import-at-top - Manual fix 13: B904 exception-chaining, E741 ambiguous-var-names, SIM105 contextlib.suppress, SIM102 collapsible-if, SIM108 ternary, UP038 isinstance-tuple - Inline #noqa for 15 intentional patterns: B008 typer.Option defaults, E402 CLI reg + test sys.path imports - runtime/pyproject.toml: per-file-ignores for structural E402 exceptions - 97 files, 357 tests pass (10 pre-existing failures unchanged)
- Prefect 3.7 removed .done() and .cancel() from PrefectConcurrentFuture - Replace f.done() with f.state.is_final() (direct.py, flows.py) - Replace fut.cancel() with hasattr guard (flows.py, circuit breaker) - Add defusedxml to runtime/pyproject.toml dependencies (quality_gate_engine) - 367 tests pass, 0 failures (was 357/10F/2S)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Files changed
Test plan
python -m compileall runtime/ -q)