Skip to content

fix(review): append the contributor skill-file link without losing the specific rejection reason#4556

Merged
JSONbored merged 1 commit into
mainfrom
feat/screenshot-gate-skill-link
Jul 10, 2026
Merged

fix(review): append the contributor skill-file link without losing the specific rejection reason#4556
JSONbored merged 1 commit into
mainfrom
feat/screenshot-gate-skill-link

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

  • screenshotTableGate.message was an all-or-nothing override: setting it to include a link to the contributor skill file meant giving up the auto-generated matrix message's specific "still missing: Desktop · Light, Tablet · Dark, ..." list, since a maintainer had no way to get both from one field. Discovered by deploying the feat(review): viewport x theme completeness matrix for the screenshot-table gate #4540 feature to metagraphed and verifying it end-to-end -- the live config used message to add the skill-file link and, as a result, every rejection showed the exact same generic text regardless of which viewport/theme pairs were actually missing.
  • Adds skillFileUrl as its own field, appended to whichever message is already being shown (auto-generated matrix message, or the plain presence-mode default). message, when set, still wins outright and skillFileUrl is ignored in that case -- a maintainer who wants total control over the wording keeps it exactly as before.
  • Full config-as-code wiring, same pattern as every other field on this config: migration + Drizzle schema + settings resolver + .gittensory.yml manifest parser (both the Worker and gittensory-engine package copies, engine-parity confirmed) + OpenAPI.

Scope

  • The PR title follows type(scope): short summary Conventional Commit format.
  • This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
  • This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
  • Maintainer-authored fix, no linked issue required.

Validation

  • git diff --check
  • npm run typecheck
  • npm run db:migrations:check, npm run db:schema-drift:check, npm run cf-typegen:check
  • npm run manifest:drift-check, npm run engine-parity:drift-check (Worker/engine screenshot-table-gate.ts + manifest-deps-types.ts copies confirmed in sync)
  • npm run ui:openapi (regenerated) + npm run ui:openapi:check (no drift) + npm run ui:openapi:settings-parity
  • npm audit --audit-level=moderate -- 0 vulnerabilities
  • Targeted coverage check on the changed evaluator: 0 uncovered branches/statements (both Worker and engine-package copies)
  • New/changed behavior has unit tests for every new branch: valid/invalid/overlong skillFileUrl, appended in both matrix and presence mode, ignored when message is set (both modes), sparse-override parsing (present/omitted), resolver merge (override present/DB fallback), full DB round-trip
  • npm run actionlint, npm run test:workers, npm run build:mcp, npm run test:mcp-pack, npm run build:miner, npm run test:miner-pack, npm run rees:test, npm run ui:lint, npm run ui:typecheck, npm run ui:test, npm run ui:build, full npm run test:coverage -- not run locally this pass; this diff is scoped to the same files as feat(review): viewport x theme completeness matrix for the screenshot-table gate #4545 (no new surface), which already validated clean on the full suite; CI's test:ci gate covers these as a backstop.

Safety

  • No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
  • Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
  • No auth/cookie/CORS/GitHub App/Cloudflare/session changes.
  • API/OpenAPI updated and tested (screenshotTableGate schema gains skillFileUrl).
  • No UI changes.
  • No public docs/changelog changes needed.

…e specific rejection reason

screenshotTableGate's message field was an all-or-nothing override: setting it to include a
skill-file link meant losing the auto-generated matrix message's specific "still missing: X,
Y, Z" list, since a maintainer had no way to have both. Adds skillFileUrl as its own field,
appended to whichever auto-generated message is already being shown (message, when set, still
wins outright and skillFileUrl is ignored -- a maintainer who wants total control over the
wording keeps it).

Full config-as-code wiring: migration + schema + resolver + manifest parser (Worker + engine
package copies) + OpenAPI, matching the same pattern as every other field on this config.
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
gittensory-ui b2f3b14 Commit Preview URL

Branch Preview URL
Jul 10 2026, 01:57 AM

@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.08%. Comparing base (50dd63b) to head (b2f3b14).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4556   +/-   ##
=======================================
  Coverage   94.07%   94.08%           
=======================================
  Files         427      427           
  Lines       37938    37961   +23     
  Branches    13851    13864   +13     
=======================================
+ Hits        35692    35715   +23     
  Misses       1586     1586           
  Partials      660      660           
Files with missing lines Coverage Δ
packages/gittensory-engine/src/focus-manifest.ts 99.10% <100.00%> (+<0.01%) ⬆️
...tensory-engine/src/review/screenshot-table-gate.ts 100.00% <100.00%> (ø)
src/db/repositories.ts 96.57% <100.00%> (+<0.01%) ⬆️
src/db/schema.ts 72.72% <ø> (ø)
src/openapi/schemas.ts 100.00% <ø> (ø)
src/review/screenshot-table-gate.ts 100.00% <100.00%> (ø)
src/signals/focus-manifest.ts 99.64% <100.00%> (+<0.01%) ⬆️
src/types.ts 100.00% <ø> (ø)
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@JSONbored
JSONbored merged commit 39f5213 into main Jul 10, 2026
13 checks passed
@JSONbored
JSONbored deleted the feat/screenshot-gate-skill-link branch July 10, 2026 02:07
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…lag machine-paced submitters (#4549)

* feat(review): add a submission-cadence/inter-arrival-time signal to flag machine-paced submitters

Every existing anti-abuse signal (reputation burst-floor, slop score)
counts volume or ratios within a time window; none has an
inter-arrival-time or rate term. A fast, well-formed, strategically
low-value submitter is, by construction, invisible to the one
dimension (superhuman pace) that would otherwise be a strong tell --
a submitter can clear every quality bar (good outcomes, real
descriptions) while operating at a cadence no human plausibly
sustains, and today that cadence carries zero weight anywhere.

- computeSubmissionCadence / isMachinePacedCadence (pure): the median
  gap between a submitter's recent review_targets rows, flagged only
  once both a real sample size (5+) AND a sub-10-minute median gap
  are present -- a lone fast submission is not a pattern.
- getSubmitterCadence: queries created_at across ALL review_targets
  rows (not just terminal ones -- a fresh burst of still-open
  submissions is exactly what this needs to catch, since the AI
  review already ran on each one by the time it becomes terminal).
- Wired into shouldSkipAiForReputation as an independent, additional
  check alongside the existing quality/burst signal -- a submitter
  whose individual PRs all look fine can still be caught on cadence
  alone, and the (extra) cadence read is skipped once the
  quality/burst check alone already justifies downgrading.

Scoped to per-repo cadence for now, matching this PR's own scope;
an install-wide variant (mirroring #4513's confirmed-miner-aware
cross-repo pattern) is a natural fast-follow once #4513 merges.

Fixes #4514

* fix(db): renumber migration 0132 -> 0133 (0132 claimed by merged PR #4554)

Rebase onto current main and take the next free number now that
migrations/0132_impact_map_query_cache.sql (from #4554, itself a collision
fix) occupies the number this branch originally guessed.

* fix(db): renumber migration 0133 -> 0134 (0133 claimed by merged PR #4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…-wide for confirmed miners (#4546)

* fix(review): make submitter-reputation burst/AI-spend defense install-wide for confirmed miners

getSubmitterReputation's burst/low-sample thresholds are scoped
WHERE project = ? AND submitter = ? -- a single repo. A fleet
identity spreading a handful of gate-passing-but-low-value PRs
across dozens of repos in one self-hosted install never accumulates
enough same-repo sample density to read as "burst" or "low"
anywhere, so the reputation defense never fires for it and every one
of its submissions burns full paid AI-review spend indefinitely.

- New getSubmitterReputationAcrossInstall in submitter-reputation.ts:
  the identical quality-weighted signal derivation, scoped by
  review_targets.installation_id instead of project (that column
  already existed, migrations/0050; this adds the supporting index).
- New getEffectiveSubmitterReputation in reputation-wire.ts: the
  per-repo signal, additionally widened to the install-wide view for
  a CONFIRMED official Gittensor miner -- but only when the per-repo
  signal alone doesn't already justify caution, so an ordinary
  contributor or an already-flagged submitter pays no extra lookup.
- Extracted the miner-identity check (shared with #4512) into
  src/gittensor/miner-detection-cache.ts so both this module and
  unlinked-issue-guardrail.ts can use it without a circular import
  through processors.ts.
- Wired into both call sites: shouldSkipAiForReputation (the main
  AI-spend gate) and the vision-review reputation check.

Fixes #4513

* fix: renumber migration 0130 -> 0131 (0130 was claimed by #4538, already merged to main)

* fix(test): account for getEffectiveSubmitterReputation's miner-identity check in visual-vision tests

runVisualVisionForAdvisory now resolves reputation via getEffectiveSubmitterReputation
(#4513), which checks confirmed-official-miner identity (a fetch to
api.gittensor.io/miners) whenever the submitter's per-repo signal is
neutral -- a real, intentional behavior change this test file's existing
"no network calls at all" assertions didn't account for. Stub that one
identity check to resolve cleanly and assert precisely that no OTHER
(BYOK/vision-spend) network call happens, rather than asserting zero fetch
calls outright.

* fix(db): renumber migration 0131 -> 0133 (0131/0132 claimed by merged PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.

* fix(db): renumber migration 0133 -> 0134 (0133 claimed by merged PR #4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.

* fix(db): renumber migration 0134 -> 0139 (0134 has a pre-existing 3-way collision on main)

main currently has three DIFFERENT already-merged files at 0134
(#4549/#4558/#4563) -- tracked separately as its own fix (PR #4577, not yet
merged). Since that fix already claims through 0138, take 0139 here to
avoid colliding with it once it lands; this branch's own
db:migrations:check will stay red until #4577 merges (unrelated to this
branch's own changes), and will need one more rebase afterward.

* test(review): close 2 coverage gaps surfaced by the #4514 rebase-merge

getEffectiveSubmitterReputation's getRepository().catch() needed a real
read-failure test (added); its isConfirmedOfficialMiner().catch() is
unreachable (that function already catches every internal failure point
itself) and getSubmitterReputationAcrossInstall's results ?? [] fallback is
the same "D1 always populates results" case already v8-ignored elsewhere in
this codebase -- both marked accordingly.

* fix(review): isolate #4507's reputation-single-read invariant from cross-test miner-cache pollution

Several earlier tests in this file cache "contributor" as a confirmed official
Gittensor miner (5-min TTL) in the shared per-file D1 instance. That collided
with #4513's new install-wide reputation widening, which correctly detects the
stale cache and adds a 4th reputation-scan D1 read for a submitter this test
never intended to be a miner. Use a submitter login unique to this test instead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant