Skip to content

fix(review): preserve fallback classification for invalid/absent inline finding categories#4385

Merged
JSONbored merged 1 commit into
mainfrom
codex/fix-invalid-ai-finding-categories
Jul 9, 2026
Merged

fix(review): preserve fallback classification for invalid/absent inline finding categories#4385
JSONbored merged 1 commit into
mainfrom
codex/fix-invalid-ai-finding-categories

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Motivation

  • A recent parser change forced every model-emitted inline finding to carry a concrete category (defaulting to maintainability), which prevented deterministic path/body fallback from classifying security-like findings as security when the model omitted or mis-emitted the field.

Description

  • Stop injecting a parser default category: parseInlineFindingCategory now returns FindingCategory | undefined and returns undefined when the model value is absent or invalid so downstream fallback can run. (src/review/inline-finding-category-parse.ts)
  • Only attach category into parsed inline findings when the model value is a valid enum; use conditional spreading to omit the field when absent. (src/services/ai-review.ts)
  • Update unit tests to reflect the new behavior and add a regression test that verifies a security-like finding with an invalid model category falls back to security. (test/unit/inline-finding-category-parse.test.ts, test/unit/ai-review.test.ts)
  • Files changed: src/review/inline-finding-category-parse.ts, src/services/ai-review.ts, test/unit/inline-finding-category-parse.test.ts, test/unit/ai-review.test.ts.

Testing

  • Typecheck: ran npm run typecheck and it succeeded.
  • Unit tests: ran npx vitest run test/unit/inline-finding-category-parse.test.ts test/unit/ai-review.test.ts test/unit/inline-comments-select.test.ts --pool=forks and all tests passed (suite completed successfully).
  • Security audit: ran npm audit --audit-level=moderate but the registry audit endpoint returned 403 Forbidden in this environment, so the audit could not be completed here.

Codex Task

@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 9, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.95%. Comparing base (c823f9c) to head (2a178d3).
⚠️ Report is 12 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4385   +/-   ##
=======================================
  Coverage   93.95%   93.95%           
=======================================
  Files         400      400           
  Lines       36817    36817           
  Branches    13451    13452    +1     
=======================================
  Hits        34592    34592           
  Misses       1569     1569           
  Partials      656      656           
Files with missing lines Coverage Δ
src/review/inline-finding-category-parse.ts 100.00% <100.00%> (ø)
src/services/ai-review.ts 96.59% <100.00%> (+<0.01%) ⬆️
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@JSONbored JSONbored self-assigned this Jul 9, 2026
@JSONbored JSONbored added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 9, 2026
@JSONbored
JSONbored merged commit d74d743 into main Jul 9, 2026
10 checks passed
@JSONbored
JSONbored deleted the codex/fix-invalid-ai-finding-categories branch July 9, 2026 06:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier.

Development

Successfully merging this pull request may close these issues.

1 participant