chore: build with keyring opt-out tags; bump cli-common to v0.3.2#130
Conversation
Adopts the standard keyring opt-out build configuration (cli-common working-with-secrets.md §1.10): GOFLAGS in Makefile and CI, explicit flags in goreleaser builds. Excludes the 1Password backends (onepassword-sdk-go incl. the wazero WASM runtime, connect-sdk-go incl. the archived jaeger-client-go) and passage from cgo builds; the static CGO-off builds already excluded keyring entirely (static-release-guard). cli-common v0.3.2 brings byteness/keyring v1.11.0, which ships the tags. Refs open-cli-collective/cli-common#57
monit-reviewer
left a comment
monit-reviewer
left a comment
There was a problem hiding this comment.
Automated PR Review
Reviewed commit: dc897b0
Approved with 1 non-blocking suggestion below. Address at your discretion.
Summary
| Reviewer | Findings |
|---|---|
| harness-engineering:harness-enforcement-reviewer | 1 |
harness-engineering:harness-enforcement-reviewer (1 findings)
💡 Suggestion - nrq:1
A compiled binary has been committed to the repository. There is no visible pre-commit hook or CI check to prevent accidental binary commits. Consider adding a pre-commit hook or CI step that rejects tracked binary blobs outside of designated directories.
1 info-level observations excluded. Run with --verbose to include.
Completed in 1m 00s | $0.69 | sonnet | daemon 0.2.127 | Glorfindel
| Field | Value |
|---|---|
| Model | sonnet |
| Reviewers | hybrid-synthesis, harness-engineering:harness-architecture-reviewer, harness-engineering:harness-enforcement-reviewer, harness-engineering:harness-knowledge-reviewer |
| Engine | claude · sonnet |
| Reviewed by | pr-review-daemon · monit-pr-reviewer |
| Duration | 1m 00s wall · 57s compute (Reviewers: 35s · Synthesis: 22s) |
| Cost | $0.69 (estimated) |
| Tokens | 156.8k in / 3.9k out |
| Turns | 8 |
Per-workstream usage
| Workstream | Model | In | Out | Cache read | Cache create | Cost |
|---|---|---|---|---|---|---|
| hybrid-synthesis | sonnet | 34.3k | 971 | 13.8k | 20.5k (1h) | $0.14 |
| harness-engineering:harness-architecture-reviewer | sonnet | 40.0k | 286 | 13.8k | 26.2k (1h) | $0.17 |
| harness-engineering:harness-enforcement-reviewer | sonnet | 41.3k | 1.3k | 13.8k | 27.6k (1h) | $0.19 |
| harness-engineering:harness-knowledge-reviewer | sonnet | 41.2k | 1.3k | 13.8k | 27.5k (1h) | $0.19 |
Re-reviews only run when @monit-reviewer is re-requested as a reviewer — push as many commits as you need, then re-request when ready. PRs targeting branches other than main, master are skipped, even when @monit-reviewer is re-requested.
Note: Inline comments could not be attached to the current diff, so 1 finding are shown in the summary instead.
2 participants
Adopts the standard keyring opt-out build configuration
(cli-common working-with-secrets.md §1.10): GOFLAGS in Makefile and CI,
explicit flags in goreleaser builds. Excludes the 1Password backends
(onepassword-sdk-go incl. the wazero WASM runtime, connect-sdk-go incl.
the archived jaeger-client-go) and passage from cgo builds; the static
CGO-off builds already excluded keyring entirely (static-release-guard).
cli-common v0.3.2 brings byteness/keyring v1.11.0, which ships the tags.
Refs open-cli-collective/cli-common#57