feat(sight): production hardening — re-baseline to v0.2.0 + OSS hygiene#2
Merged
Conversation
…PR/issue templates)
Re-baselines sight's version to 0.2.0 across the MCP advertisement and
both SARIF driver-version sites, and adds the top-50 OSS standard files
that were missing.
Version 0.2.0 set in:
- mcp/server.go (`mcpserver.NewMCPServer("sight", "0.2.0", ...)`)
- sarif.go (`Driver.Version` and `Driver.SemanticVersion` →
"0.2.0"; the SARIF spec version remains "2.1.0" — that's a
different field that identifies the SARIF format, not the tool)
- internal/output/sarif.go (same fix in the duplicated SARIF code,
which only has `Driver.Version` — no `SemanticVersion` field)
Aligns sight with the rest of the hawk-eco ecosystem (hawk, tok, eyrie,
yaad, trace, inspect).
CHANGELOG.md gains an [Unreleased] section. Existing 0.4.0 / 0.2.0 /
0.1.0 historical entries preserved.
New top-level OSS files:
- CODE_OF_CONDUCT.md — Contributor Covenant 2.1
- .gitattributes — LF normalization, binary detection, GitHub
linguist hint to collapse go.sum in PR diffs
- .editorconfig — UTF-8, LF, final newline, trim trailing whitespace,
tabs for Go + Makefile, 2-space indent for YAML/JSON/TOML, no-trim
for Markdown
- .github/dependabot.yml — weekly gomod + github-actions, gomod
grouped by mark3labs/mcp-go to reduce PR noise
- .github/PULL_REQUEST_TEMPLATE.md — Summary / Changes / Review-
quality impact (eval-set numbers) / SARIF compatibility / Testing
/ Checklist
- .github/ISSUE_TEMPLATE/bug_report.yml — surface dropdown (library
API / MCP / SARIF / static rules / eval) plus a dedicated
'false-positive / false-negative' textarea
- .github/ISSUE_TEMPLATE/feature_request.yml — kind selector covering
8 functional areas (review concerns, static rules, SARIF, MCP,
config, eval, output, tooling) and solo-dev fit checks
- .github/ISSUE_TEMPLATE/config.yml — routes security to advisories,
questions to discussions, blocks blank issues
Cleanup:
- gofmt -w on sarif.go and internal/output/sarif.go to fix
pre-existing struct-tag alignment drift in the files I touched
Verification:
- `go build ./...` clean
- `go vet ./...` clean
- `go test -race -count=1 -timeout=120s -short ./...` passes on every
package: root sight, internal/{comment,context,diff,output,review},
and mcp
- `gofmt -l` clean for all files I touched
- VERSION file as single source of truth - CODEOWNERS for auto-review routing - Canonical Makefile with standard targets - release-please config + workflow - lefthook/pre-commit hooks (conventional commits, fmt, lint, secrets) - Canonical CI + release GitHub Actions workflows - Standardized .editorconfig, .gitattributes, CODE_OF_CONDUCT, SECURITY, CONTRIBUTING - goreleaser config (where applicable) Part of hawk-eco standardization sweep.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Production-hygiene pass for sight that brings the repo to top-50 OSS
repository standards. Single commit targeting
dev.The mandate (per
GOAL.md) is that sight be the reference Go AIcode-review library for the hawk ecosystem, comparable in quality to
CodeRabbit, Sourcery, DeepSource, Qodana, Semgrep, danger-js, and
reviewbot, and built for solo developers running their coding agent
locally.
This PR re-baselines the version and fills the OSS-meta gaps. No code-
behaviour changes other than the version strings reported via MCP and
SARIF.
Changes
Version 0.2.0
mcp/server.gomcpserver.NewMCPServer("sight", "0.2.0", ...)sarif.goDriver.Version+Driver.SemanticVersion→"0.2.0"internal/output/sarif.goDriver.Version→"0.2.0"(noSemanticVersionfield in this struct)The SARIF spec version (
Log.Version: "2.1.0") is intentionallyunchanged — that field identifies the SARIF format, not the tool.
CHANGELOG.md
Added
## [Unreleased]describing the re-baseline + the new files.Historical entries (
0.4.0/0.2.0/0.1.0) preserved.New OSS standard files
CODE_OF_CONDUCT.md.gitattributesgo.sum.editorconfig.github/dependabot.ymlgomod+github-actions, gomod grouped bymark3labs/mcp-go.github/PULL_REQUEST_TEMPLATE.md.github/ISSUE_TEMPLATE/bug_report.yml.github/ISSUE_TEMPLATE/feature_request.ymlkindselector covering 8 functional areas + solo-dev fit checks.github/ISSUE_TEMPLATE/config.ymlThe PR template has two sight-specific sections:
reviewer.go,multi_concern.go,filter.go,static_rules.go,convention_check.go, orinternal/review/can shift thefalse-positive / false-negative balance, so the template asks for
before/after eval-set numbers.
sarif.goorinternal/output/sarif.gomust still validate against the SARIF2.1.0 schema.
Cleanup
gofmt -wonsarif.goandinternal/output/sarif.goto fixpre-existing struct-tag alignment drift in the files I touched.
Verification
go build ./...go vet ./...go test -race -count=1 -timeout=120s -short ./...sight,internal/{comment,context,diff,output,review},mcpgofmt -lfor files I touchedTest plan
make buildmake test-racego vet ./...gofmt -l mcp/server.go sarif.go internal/output/sarif.goemptygovet,ineffassign,nilerr,misspellper.golangci.yml) and tests