Skip to content

fix(integrations): strict milestone IDs and blank Linear PR URLs#3433

Closed
jony376 wants to merge 1 commit into
JSONbored:mainfrom
jony376:fix/integrations-strict-tracker-id-validation
Closed

fix(integrations): strict milestone IDs and blank Linear PR URLs#3433
jony376 wants to merge 1 commit into
JSONbored:mainfrom
jony376:fix/integrations-strict-tracker-id-validation

Conversation

@jony376

@jony376 jony376 commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary

  • GitHubMilestonesAdapter.attachToMilestone now uses strict digit-only parsePositiveInt parsing instead of Number(), so whitespace-padded or scientific-notation milestone IDs (e.g. " 14", "1e2") cannot attach the wrong GitHub milestone.
  • findLinearNativeLink returns early when prUrl is empty or whitespace-only, avoiding a wasted Linear GraphQL round-trip.

Scope

  • The PR title follows type(scope): short summary Conventional Commit format, for example fix(api): restore profile access checks.
  • This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
  • This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
  • I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Validation

  • git diff --check
  • npm run actionlint — no workflow changes
  • npm run typecheck
  • npm run test:coverage locally; codecov/patch requires ≥99% coverage of the lines AND branches you changed (aim for 100% on your diff so CI variance does not fail near the threshold). Global coverage is a non-blocking trend with a loose 90% backstop, not the gate.
  • npm run test:workers — no worker/runtime changes
  • npm run build:mcp — no MCP changes
  • npm run test:mcp-pack — no MCP changes
  • npm run ui:openapi:check — no UI/API changes
  • npm run ui:lint — no UI changes
  • npm run ui:typecheck — no UI changes
  • npm run ui:build — no UI changes
  • npm audit --audit-level=moderate
  • New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

  • Skipped UI/MCP/worker/actionlint checks: integrations-only validation hardening with no surface-area changes outside src/integrations and unit tests.

Safety

  • No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
  • Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
  • Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests.
  • API/OpenAPI/MCP behavior is updated and tested where needed.
  • UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks.
  • Visible UI changes include a UI Evidence section below with JPG/JPEG or PNG screenshots arranged as organized, captioned, clickable thumbnails. SVG screenshots are not used as review evidence. Review-only screenshots or recordings are not committed to the repository.
  • Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

UI Evidence

N/A — no UI changes.

Notes

  • Touches src/integrations/** only (not a guarded path).

Made with Cursor

Use parsePositiveInt for milestone attach so whitespace-padded or
scientific-notation strings cannot coerce to the wrong GitHub milestone
number. findLinearNativeLink now skips Linear when prUrl is blank.

Co-authored-by: Cursor <cursoragent@cursor.com>
@jony376 jony376 requested a review from JSONbored as a code owner July 5, 2026 06:55
@superagent-security superagent-security Bot added the contributor:flagged Contributor flagged for review by trust analysis. label Jul 5, 2026
@superagent-security

Copy link
Copy Markdown

🚨 Contributor flagged. Click here for more info: Superagent Dashboard

@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier. label Jul 5, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 5, 2026

Copy link
Copy Markdown

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review result - reject/close recommended

Review updated: 2026-07-05 08:09:42 UTC

4 files · 1 AI reviewer · 3 blockers · readiness 73/100 · CI green · clean

🛑 Suggested Action - Reject/Close

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
  • AI reviewers agree on a likely critical defect: PR description: you have not closed or clearly linked an eligible open issue
  • change the description to include the maintainer-authorized issue reference, for example `Closes feat(orb): add POST /v1/orb/ingest central collector endpoint #1234`, or explain the maintainer authorization for proceeding without one. — Resolve the flagged defect, or override if the AI reviewers are mistaken, then re-run the gate.

Review summary
The implementation itself is narrow and correctly moves GitHub milestone attachment from permissive Number() coercion to the shared strict positive-int parser, while the Linear path now avoids a pointless lookup for blank PR URLs. The added tests exercise the two changed branches on the real public functions, and I do not see a reachable code-path regression in the diff. I cannot mark this clear under the repo rules because the PR description does not close or clearly link an eligible open issue.

Blockers

Nits — 4 non-blocking
  • nit: src/integrations/linear-adapter.ts:115 checks `typeof prUrl !== "string"` even though the function signature already requires `prUrl: string`; keep it only if you intentionally want runtime hardening for untyped callers.
  • src/integrations/linear-adapter.ts:115: either simplify the guard to `if (prUrl.trim().length === 0) return none;` or leave a short comment explaining that this is protecting a runtime boundary despite the TypeScript signature.
  • PR description: replace the current checkbox-only issue note with a concrete issue link such as `Closes feat(orb): add POST /v1/orb/ingest central collector endpoint #1234` so the scope is auditable under the repo convention.
  • Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.

Why this is blocked

  • PR description: you have not closed or clearly linked an eligible open issue; change the description to include the maintainer-authorized issue reference, for example `Closes feat(orb): add POST /v1/orb/ingest central collector endpoint #1234`, or explain the maintainer authorization for proceeding without one.
  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
Signal Result Evidence
Code review ❌ 3 blockers 1 reviewer
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ❌ 5/25 Preflight is holding this PR: the review lane is unavailable, so it is not ready for automated review.
Contributor workload ✅ 10/10 Author activity: 1013 registered-repo PR(s), 707 merged, 41 issue(s).
Contributor context ✅ Confirmed Gittensor contributor jony376; Gittensor profile; 1013 PR(s), 41 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Review context
  • Author: jony376
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository registration is not available in the local Gittensory cache.
  • Public profile languages: not available
  • Official Gittensor activity: 1013 PR(s), 41 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Explain no-issue PR.
  • Await review-lane availability.
  • Refresh registry data or choose a registered active repo.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@codecov

codecov Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.46%. Comparing base (5279b37) to head (e3f7136).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3433      +/-   ##
==========================================
- Coverage   93.46%   93.46%   -0.01%     
==========================================
  Files         291      291              
  Lines       30792    30791       -1     
  Branches    11223    11223              
==========================================
- Hits        28781    28780       -1     
  Misses       1355     1355              
  Partials      656      656              
Files with missing lines Coverage Δ
src/integrations/linear-adapter.ts 100.00% <100.00%> (ø)
src/integrations/project-tracker-adapter.ts 100.00% <100.00%> (ø)
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gittensory-orb

gittensory-orb Bot commented Jul 5, 2026

Copy link
Copy Markdown

Gittensory is closing this pull request on the maintainer's behalf (No linked issue detected; Maintainer requires a linked issue; AI reviewers agree on a likely critical defect: PR description: you have not closed or clearly linked an eligible open issue; change the description to include the maintainer-authorized issue reference, for example `Closes #1234`, or explain the maintainer authorization for proceeding without one.). This is an automated maintenance action — to pursue this change, please open a new pull request with the issues resolved. Closed PRs may be analyzed later to improve review accuracy, but they are not automatically reopened or re-reviewed.

@gittensory-orb gittensory-orb Bot closed this Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

contributor:flagged Contributor flagged for review by trust analysis. gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant