docs: post-merge sweep for PRs #741–#756 wave#757
Merged
Chris0Jeky merged 3 commits intomainfrom Apr 4, 2026
Merged
Conversation
Updates STATUS.md, TESTING_GUIDE.md, MANUAL_TEST_CHECKLIST.md, and IMPLEMENTATION_MASTERPLAN.md to reflect the 9 PRs merged in the 2026-04-04 post-adversarial-review hardening wave. - STATUS.md: adds new wave entry for PRs #741–#756 covering product telemetry taxonomy, two bug fixes (#683/#744, #680/#754), six frontend regression test additions, and two backend webhook test additions; updates Last Updated date - TESTING_GUIDE.md: updates frontend count from 1496 to 1592, backend estimate to ~3010+, combined total to ~4600+; marks #710 and #726 as delivered in wave table; adds resolved entries to Key Gaps section; updates telemetry taxonomy note to delivered; appends three new coverage sections for webhook HMAC, SSRF/delivery reliability, and frontend regression wave - MANUAL_TEST_CHECKLIST.md: adds auth-flow toast check (Section A), WIP-limit dedup check (Section B), manual card provenance empty state check (Section B), board header presence label check (Section B), and D2 router auth guard and workspace state section - IMPLEMENTATION_MASTERPLAN.md: adds item 128 for the post-adversarial hardening wave with all 9 issues, fixes, and wave progress update
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the project documentation to reflect the completion of the third wave of post-adversarial-review hardening and test expansion. Key updates include the delivery of the product telemetry taxonomy, fixes for board header presence labels and manual card provenance empty states, and significant test coverage for webhooks (HMAC and SSRF) and frontend regressions. Review feedback indicates several inconsistencies in the documentation regarding the specific text displayed for manual card provenance and numerical discrepancies in the reported test counts for backend and API integration suites.
| - 9 issues from `#721` tracker plus product telemetry taxonomy, two bug fixes, and six frontend regression test additions | ||
| - product telemetry taxonomy delivered (`#341`/`#741`): `docs/product/TELEMETRY_TAXONOMY.md` with 35+ named events, privacy-first bucketing, and R1/R2/R3 launch gate anchors; opt-in, not yet implemented | ||
| - board header presence label bug fixed (`#683`/`#744`): username/email flip resolved with `normalizePresenceMembers()` in `BoardView.vue`; adversarial review confirmed no edge cases; 3 new tests | ||
| - manual card provenance empty state fixed (`#680`/`#754`): 3 bugs caught and fixed by adversarial review (overly broad 404 swallow, global Axios log regression, empty-state flash); `CardModal.vue` now shows "Created manually — no capture provenance." correctly; 4 new tests |
There was a problem hiding this comment.
The text mentioned here for the manual card provenance empty state does not match the implementation in CardModal.vue. The code currently uses "No capture provenance available." rather than "Created manually — no capture provenance.".
Suggested change
| - manual card provenance empty state fixed (`#680`/`#754`): 3 bugs caught and fixed by adversarial review (overly broad 404 swallow, global Axios log regression, empty-state flash); `CardModal.vue` now shows "Created manually — no capture provenance." correctly; 4 new tests | |
| - manual card provenance empty state fixed (#680/#754): 3 bugs caught and fixed by adversarial review (overly broad 404 swallow, global Axios log regression, empty-state flash); CardModal.vue now shows "No capture provenance available." correctly; 4 new tests |
|
|
||
| **Manual card provenance empty state (PR #754):** | ||
| - Open a card that was created manually (not via capture/inbox). | ||
| - Expected: card detail shows "Created manually — no capture provenance." in the provenance area. No error shown. No blank/broken provenance section. |
There was a problem hiding this comment.
The expected text for the manual card provenance empty state does not match the implementation in CardModal.vue (line 611), which uses "No capture provenance available.".
Suggested change
| - Expected: card detail shows "Created manually — no capture provenance." in the provenance area. No error shown. No blank/broken provenance section. | |
| - Expected: card detail shows "No capture provenance available." in the provenance area. No error shown. No blank/broken provenance section. |
| - Expected: card detail shows "Created manually — no capture provenance." in the provenance area. No error shown. No blank/broken provenance section. | ||
| - Open a card created via the capture/inbox flow. | ||
| - Expected: card detail shows full capture provenance (source, timestamp, original capture text). The "Created manually" message does NOT appear for captured cards. | ||
| - If card was created manually, verify the provenance empty state does not flash "Created manually" during the initial load of a captured card's modal. |
There was a problem hiding this comment.
This verification step contains a logical contradiction. It starts by assuming the card was created manually, but then asks to verify behavior for a "captured card's modal". Additionally, the text "Created manually" should be updated to match the implementation.
Suggested change
| - If card was created manually, verify the provenance empty state does not flash "Created manually" during the initial load of a captured card's modal. | |
| - For captured cards, verify the provenance empty state does not flash "No capture provenance available." during the initial load of the modal. |
| - Post-adversarial-review hardening and test expansion wave (2026-04-04, PRs `#741`–`#756`, 9 issues): | ||
| - **Product telemetry taxonomy** (`#341`/`#741`): `docs/product/TELEMETRY_TAXONOMY.md` defines 35+ named events across 7 categories (Capture, Proposal/Review, Board, Auth, Navigation, Agent, Error) with `noun.verb` naming convention, universal envelope, privacy guardrails (bucketed counts, no PII), and R1/R2/R3 launch gate anchors; telemetry is opt-in and not yet implemented | ||
| - **Board header presence label fixed** (`#683`/`#744`): `normalizePresenceMembers()` in `BoardView.vue` now replaces current user's SignalR `displayName` with locally-known username, eliminating email/username flip on card open; 3 new tests | ||
| - **Manual card provenance empty state** (`#680`/`#754`): `cardsApi.getCardProvenance()` now returns null only for "Capture provenance not found" 404s (not all 404s); CardModal shows "Created manually — no capture provenance." with `loadedCaptureProvenanceCardId` guard against flash; 4 new tests; adversarial review caught and fixed 3 bugs (overly broad 404 catch, global Axios log-level regression, empty-state flash) |
There was a problem hiding this comment.
The text mentioned for the CardModal empty state mismatch the implementation in CardModal.vue (line 611).
Suggested change
| - **Manual card provenance empty state** (`#680`/`#754`): `cardsApi.getCardProvenance()` now returns null only for "Capture provenance not found" 404s (not all 404s); CardModal shows "Created manually — no capture provenance." with `loadedCaptureProvenanceCardId` guard against flash; 4 new tests; adversarial review caught and fixed 3 bugs (overly broad 404 catch, global Axios log-level regression, empty-state flash) | |
| - **Manual card provenance empty state** (#680/#754): cardsApi.getCardProvenance() now returns null only for "Capture provenance not found" 404s (not all 404s); CardModal shows "No capture provenance available." with loadedCaptureProvenanceCardId guard against flash; 4 new tests; adversarial review caught and fixed 3 bugs (overly broad 404 catch, global Axios log-level regression, empty-state flash) |
| ## Current Verified Totals (2026-04-04) | ||
|
|
||
| - Backend: ~2950+ passing (estimated based on ~300 new tests from PRs `#732`–`#739` + ~586 new tests from PRs `#740`–`#755`) | ||
| - Backend: ~3010+ passing (estimated based on ~300 new tests from PRs `#732`–`#739` + ~586 new tests from PRs `#740`–`#755` + ~60-80 net new tests from PRs `#750`/`#756`) |
There was a problem hiding this comment.
| - Domain: ~620+ (174 new entity state machine tests + 45 archive lifecycle domain tests) | ||
| - Application: ~1500+ (101 LLM edge cases + 64 export/import + 51 metrics accuracy tests) | ||
| - API integration: ~770+ (5 ChangePassword + 38 data isolation + 24 worker + 67 controller + 44 auth + 7 golden-path + 42 MCP + 19 SignalR + 57 error contract + 29 archive lifecycle + 10 metrics controller + 36 notification tests) | ||
| - API integration: ~830+ (5 ChangePassword + 38 data isolation + 24 worker + 67 controller + 44 auth + 7 golden-path + 42 MCP + 19 SignalR + 57 error contract + 29 archive lifecycle + 10 metrics controller + 36 notification tests + 11 webhook HMAC + 30+ SSRF/delivery reliability) |
There was a problem hiding this comment.
The math in the API integration breakdown is inconsistent. The total increased by 60 (from ~770 to ~830), but the sum of the newly added items (11 HMAC + 30+ SSRF) only accounts for 41 tests, leaving 19 tests unaccounted for in the parenthetical list. Furthermore, the "30+ SSRF" figure contradicts the "161 total webhook tests" mentioned elsewhere in the document.
Contributor
There was a problem hiding this comment.
Pull request overview
Documentation sweep to reflect the 2026-04-04 hardening wave outcomes across the project’s canonical status/testing docs, including delivered issues, updated test totals, and new manual verification guidance.
Changes:
- Updates reported backend/frontend/combined automated test totals and wave progress tables.
- Marks multiple TST/UX issues as delivered and adds new manual verification steps for recently merged work.
- Adds/expands testing-guide sections describing webhook HMAC/SSRF coverage and the frontend regression wave.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| docs/TESTING_GUIDE.md | Updates test totals/wave progress; adds webhook + frontend regression coverage sections and manual validation notes. |
| docs/STATUS.md | Updates “Last Updated” and appends wave summary bullets for PRs #741–#756. |
| docs/MANUAL_TEST_CHECKLIST.md | Adds manual verification steps for auth toast, WIP toast dedup, provenance empty state, presence label, and router/workspace stability. |
| docs/IMPLEMENTATION_MASTERPLAN.md | Appends a delivered-wave entry summarizing the post-adversarial-review hardening/test expansion work. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| - product telemetry/event taxonomy remains tracked in `#341` with reuse of `#77`, while `#328` now provides the delivered first-run guardrail baseline | ||
| - product telemetry/event taxonomy delivered in `#341`/`#741` — see `docs/product/TELEMETRY_TAXONOMY.md`; reuses `#77` as baseline; `#328` provides the delivered first-run guardrail | ||
| - keep event names privacy-safe and product-shaped (for example `home_loaded`, `today_loaded`, `capture_created`, `proposal_opened`, `proposal_approved`, `board_action_capture_here_clicked`, `workspace_mode_changed`, `agent_run_started`, `agent_run_completed`, `agent_run_failed`) |
There was a problem hiding this comment.
The example telemetry event names here use the snake_case style (e.g. home_loaded, capture_created), but the referenced taxonomy (docs/product/TELEMETRY_TAXONOMY.md) defines the canonical convention as noun.verb (e.g. page.loaded, capture.submitted, proposal.opened). Update these examples to match the taxonomy so readers don’t copy non-canonical event names.
Suggested change
| - keep event names privacy-safe and product-shaped (for example `home_loaded`, `today_loaded`, `capture_created`, `proposal_opened`, `proposal_approved`, `board_action_capture_here_clicked`, `workspace_mode_changed`, `agent_run_started`, `agent_run_completed`, `agent_run_failed`) | |
| - keep event names privacy-safe and product-shaped (for example `page.loaded`, `today.loaded`, `capture.submitted`, `proposal.opened`, `proposal.approved`, `boardAction.captureHereClicked`, `workspaceMode.changed`, `agentRun.started`, `agentRun.completed`, `agentRun.failed`) |
Comment on lines
+896
to
+901
| New test coverage: | ||
| - `OutboundWebhookConnectCallbackTests` (new): socket-level SSRF using real `SocketsHttpHandler` + `ConnectCallback`; covers private IPv4 (10.x, 172.16-31.x, 192.168.x, CGNAT 100.64-127.x), IPv6 loopback (`::1`), IPv4-mapped IPv6 (`::ffff:10.x`), cloud metadata (169.254.169.254), non-resolvable hostname fail-closed, error message hygiene | ||
| - `OutboundWebhookDeliveryWorkerReliabilityTests` (new): successful 2xx delivery, HTTP 5xx/429 retry scheduling, network timeout retry, max-retries dead-letter, SSRF guard at worker boundary (no dispatch for private IPs), HMAC value verification, delivery/subscription ID headers, concurrent delivery independence | ||
| - `OutboundWebhookEndpointGuardTests` (extended): 30+ new cases including all private ranges, CGNAT, IPv6 link-local/unique-local, dynamic DNS (nip.io/sslip.io), blocked hostname suffixes, public IP allowlist, mixed-DNS resolution contract, error message hygiene | ||
|
|
||
| Total webhook tests across all files: 161. |
There was a problem hiding this comment.
This section references test classes/files (OutboundWebhookConnectCallbackTests, OutboundWebhookDeliveryWorkerReliabilityTests) that do not exist in the repository. Consider updating the doc to point at the actual webhook SSRF/reliability coverage that exists (e.g. OutboundWebhooksApiTests, OutboundWebhookServiceTests, OutboundWebhookDeliveryWorkerTests, and OutboundWebhookEndpointGuardTests) and adjust the described scope/counts accordingly.
Suggested change
| New test coverage: | |
| - `OutboundWebhookConnectCallbackTests` (new): socket-level SSRF using real `SocketsHttpHandler` + `ConnectCallback`; covers private IPv4 (10.x, 172.16-31.x, 192.168.x, CGNAT 100.64-127.x), IPv6 loopback (`::1`), IPv4-mapped IPv6 (`::ffff:10.x`), cloud metadata (169.254.169.254), non-resolvable hostname fail-closed, error message hygiene | |
| - `OutboundWebhookDeliveryWorkerReliabilityTests` (new): successful 2xx delivery, HTTP 5xx/429 retry scheduling, network timeout retry, max-retries dead-letter, SSRF guard at worker boundary (no dispatch for private IPs), HMAC value verification, delivery/subscription ID headers, concurrent delivery independence | |
| - `OutboundWebhookEndpointGuardTests` (extended): 30+ new cases including all private ranges, CGNAT, IPv6 link-local/unique-local, dynamic DNS (nip.io/sslip.io), blocked hostname suffixes, public IP allowlist, mixed-DNS resolution contract, error message hygiene | |
| Total webhook tests across all files: 161. | |
| Webhook coverage in the repository is exercised by these suites: | |
| - `OutboundWebhooksApiTests`: API-level webhook coverage including endpoint behavior, request/response contracts, and HMAC-focused integration assertions | |
| - `OutboundWebhookServiceTests`: service-level coverage for outbound webhook payload construction, signing, and related dispatch preparation logic | |
| - `OutboundWebhookDeliveryWorkerTests`: delivery worker reliability coverage including successful 2xx delivery, HTTP 5xx/429 retry scheduling, network timeout retry, max-retries dead-letter handling, header propagation, and concurrent delivery independence | |
| - `OutboundWebhookEndpointGuardTests` (extended): SSRF guard coverage including private IPv4 ranges, CGNAT, IPv6 loopback/link-local/unique-local cases, cloud metadata targets, dynamic DNS patterns (for example `nip.io`/`sslip.io`), mixed-resolution fail-closed behavior, and error message hygiene | |
| Webhook coverage spans API, service, delivery worker, and endpoint guard suites; avoid relying on the previously listed nonexistent test file names. |
|
|
||
| Key adversarial review fix: `HttpClient` resource leaks across 9 test methods. | ||
|
|
||
| Manual validation recommended: configure a webhook endpoint with a known secret and verify that (a) the `X-Taskdeck-Signature` header is present and verifiable with HMAC-SHA256, and (b) a webhook targeting `http://localhost/` or `http://10.0.0.1/` is rejected at the SSRF guard. |
There was a problem hiding this comment.
Manual validation step references a X-Taskdeck-Signature header, but the webhook worker actually sends X-Taskdeck-Webhook-Signature (plus X-Taskdeck-Webhook-Timestamp). Update the header name here so the manual check matches real deliveries.
Suggested change
| Manual validation recommended: configure a webhook endpoint with a known secret and verify that (a) the `X-Taskdeck-Signature` header is present and verifiable with HMAC-SHA256, and (b) a webhook targeting `http://localhost/` or `http://10.0.0.1/` is rejected at the SSRF guard. | |
| Manual validation recommended: configure a webhook endpoint with a known secret and verify that (a) the `X-Taskdeck-Webhook-Signature` header is present and verifiable with HMAC-SHA256, with `X-Taskdeck-Webhook-Timestamp` included alongside it, and (b) a webhook targeting `http://localhost/` or `http://10.0.0.1/` is rejected at the SSRF guard. |
| - **Route and workspace-state stability** (`#687`/`#748`): `authGuard.spec.ts` (auth guard decision table) and `workspaceRouteStability.spec.ts` (mode persistence, hydration drift, resetForLogout) with 12-route exhaustive guard table; also fixed pre-existing `AuthControllerEdgeCaseTests.cs` compile error | ||
| - **Inbox triage action visibility** (`#688`/`#743`): 21 new tests in `InboxView.spec.ts` covering single-item triage action states and bulk action bar visibility with DOM-level assertions | ||
| - **Webhook HMAC signature verification** (`#726`/`#750`): 11 tests in `OutboundWebhookHmacDeliveryTests.cs` covering header format, HMAC round-trip, wrong-key rejection, secret rotation, large payload, and timing-safe comparison; adversarial review fixed rotation test and replaced BCL-testing stubs with real domain property tests | ||
| - **Webhook delivery reliability and SSRF boundary** (`#710`/`#756`): 161 webhook tests across 4 files; SSRF coverage includes all private IPv4/IPv6 ranges, CGNAT, cloud metadata endpoint (169.254.169.254), dynamic DNS embedding (nip.io/sslip.io), fail-closed DNS; delivery reliability covers retry/backoff, dead-letter, concurrent delivery, HMAC at worker boundary; `HttpClient` resource leak fixed in tests |
There was a problem hiding this comment.
This status entry appears to overstate the current webhook SSRF/reliability coverage. In the repo, there are no tests covering CGNAT ranges, cloud metadata (169.254.169.254), or socket-level ConnectCallback behavior; and the referenced “161 tests across 4 files” doesn’t match the existing webhook-related test files/classes. Please reconcile this summary with the actual test suite (or update the summary to list the real test files and the specific SSRF cases that are covered today).
Suggested change
| - **Webhook delivery reliability and SSRF boundary** (`#710`/`#756`): 161 webhook tests across 4 files; SSRF coverage includes all private IPv4/IPv6 ranges, CGNAT, cloud metadata endpoint (169.254.169.254), dynamic DNS embedding (nip.io/sslip.io), fail-closed DNS; delivery reliability covers retry/backoff, dead-letter, concurrent delivery, HMAC at worker boundary; `HttpClient` resource leak fixed in tests | |
| - **Webhook delivery reliability and SSRF boundary** (`#710`/`#756`): webhook delivery hardening and SSRF-boundary work landed, including reliability-focused test additions and test cleanup; this status entry intentionally omits prior unverified claims about total test/file counts and specific SSRF scenarios not confirmed by the current checked-in webhook test suite; `HttpClient` resource leak fixed in tests |
| - router auth guard + workspace stability tests (`#687`/`#748`): `authGuard.spec.ts` and `workspaceRouteStability.spec.ts` with 12-route exhaustive guard table; pre-existing `AuthControllerEdgeCaseTests.cs` compile error fixed | ||
| - inbox triage action visibility tests (`#688`/`#743`): 21 new tests in `InboxView.spec.ts` for single-item triage and bulk action bar visibility | ||
| - webhook HMAC verification tests (`#726`/`#750`): 11 tests in `OutboundWebhookHmacDeliveryTests.cs` for header format, round-trip, wrong-key, secret rotation, timing-safe comparison | ||
| - webhook delivery reliability + SSRF boundary tests (`#710`/`#756`): 161 total webhook tests across 4 files; socket-level SSRF for all private IP ranges, CGNAT, cloud metadata, dynamic DNS; retry/backoff/dead-letter reliability; `HttpClient` resource leak fixed in tests |
There was a problem hiding this comment.
This masterplan bullet claims comprehensive SSRF boundary coverage (CGNAT, cloud metadata endpoint, socket-level SSRF, etc.) and “161 total webhook tests across 4 files”, but the current repo doesn’t contain tests for several of those cases and the webhook tests are spread across different file/class names. Please update this summary to match the actual test files/cases present in the codebase.
Suggested change
| - webhook delivery reliability + SSRF boundary tests (`#710`/`#756`): 161 total webhook tests across 4 files; socket-level SSRF for all private IP ranges, CGNAT, cloud metadata, dynamic DNS; retry/backoff/dead-letter reliability; `HttpClient` resource leak fixed in tests | |
| - webhook delivery reliability + SSRF-related test expansion (`#710`/`#756`): outbound webhook tests now cover delivery reliability behaviors and SSRF guard scenarios present in the current suite; retry/backoff/dead-letter paths were expanded, tests remain distributed across multiple webhook-focused files/classes, and a test-side `HttpClient` resource leak was fixed |
| - `OutboundWebhookDeliveryWorkerReliabilityTests` (new): successful 2xx delivery, HTTP 5xx/429 retry scheduling, network timeout retry, max-retries dead-letter, SSRF guard at worker boundary (no dispatch for private IPs), HMAC value verification, delivery/subscription ID headers, concurrent delivery independence | ||
| - `OutboundWebhookEndpointGuardTests` (extended): 30+ new cases including all private ranges, CGNAT, IPv6 link-local/unique-local, dynamic DNS (nip.io/sslip.io), blocked hostname suffixes, public IP allowlist, mixed-DNS resolution contract, error message hygiene | ||
|
|
||
| Total webhook tests across all files: 161. |
There was a problem hiding this comment.
The stated total webhook test count (161) does not match what’s currently in the repo. Across the existing webhook-related test classes (e.g. OutboundWebhookHmacDeliveryTests=11, OutboundWebhookDeliveryWorkerTests=8, OutboundWebhooksApiTests=10, OutboundWebhookServiceTests=19, OutboundWebhookEndpointGuardTests=4, plus signature/domain/repository tests), the total is substantially lower. Please re-check the total or clarify what is being counted (e.g. only a subset of projects/files).
Suggested change
| Total webhook tests across all files: 161. | |
| Added/extended webhook-focused SSRF and delivery-reliability coverage in this PR wave: 30+ tests across the files listed above. (Do not interpret this as a repo-wide webhook test total.) |
- Fix empty-state text from "Created manually — no capture provenance." to "No capture provenance available." (actual CardModal.vue text) across STATUS.md, IMPLEMENTATION_MASTERPLAN.md, and MANUAL_TEST_CHECKLIST.md - Fix logical contradiction in MANUAL_TEST_CHECKLIST.md flash-regression check - Fix webhook header from X-Taskdeck-Signature to X-Taskdeck-Webhook-Signature (+ X-Taskdeck-Webhook-Timestamp) in TESTING_GUIDE.md manual validation step - Update telemetry event name examples from old snake_case to canonical noun.verb format matching docs/product/TELEMETRY_TAXONOMY.md - Replace non-existent OutboundWebhookConnectCallbackTests and OutboundWebhookDeliveryWorkerReliabilityTests with actual webhook test file listing (78 tests across 9 files, not 161 across 4) - Correct test count inconsistency: 78 total webhook tests (not 161); net new from wave 3 ~50+; fix API integration breakdown arithmetic - Reconcile STATUS.md SSRF claims with what is actually present in the checked-in test suite (drop CGNAT/cloud-metadata/dynamic-DNS specifics since ConnectCallback tests were not merged)
Owner
Author
|
Addressed all bot review comments:
|
Owner
Author
Housekeeping Review — PR #757 Accuracy AuditThorough verification of every factual claim in this PR against the actual codebase. Findings below. Inaccuracies Found1. CardModal.vue provenance empty-state text (STATUS.md, IMPLEMENTATION_MASTERPLAN.md, MANUAL_TEST_CHECKLIST.md)
2. Webhook test count (STATUS.md, TESTING_GUIDE.md)
3. Remaining open issue count (TESTING_GUIDE.md)
4. authGuard.spec.ts route count (IMPLEMENTATION_MASTERPLAN.md, STATUS.md)
5. Backend estimate inconsistency (TESTING_GUIDE.md)
6. Frontend test file count (TESTING_GUIDE.md)
Verified Claims (all correct)
RecommendationFix items 1-6 before merge. The corrections are straightforward — mostly number adjustments. The core content and structure of the PR are good; the bot review fixes in the second commit were a strong improvement. |
- Fix webhook test count: "7 files" → "9 files" in STATUS.md and IMPLEMENTATION_MASTERPLAN.md (actual: 9 webhook test files) - Fix authGuard claim: "12-route" → "16-case" (actual: 16 it() blocks) - Fix wave progress: "22 issues" → "25 issues", "5 remain" → "8 remain" (adds #720, #723, #725 which were omitted from the count) - Fix backend estimate inconsistency: ~3010+ → ~2990+ in combined total - Fix frontend test file count: "134+" → "~125"
Owner
Author
|
All review findings from the accuracy audit have been addressed in commit 90feb4e:
PR is ready for merge once CI passes. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
check-docs-governance.mjsandcheck-github-ops-governance.mjsboth pass)