fix(review): keep recap cohorts private#5204
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
c4cb091 to
0a15958
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5204 +/- ##
==========================================
- Coverage 94.35% 94.34% -0.01%
==========================================
Files 473 473
Lines 39977 39968 -9
Branches 14574 14570 -4
==========================================
- Hits 37719 37708 -11
Misses 1585 1585
- Partials 673 675 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
|
Caution 🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥 🛑 Gittensory review result - fixes requiredReview updated: 2026-07-12 09:54:57 UTC
🛑 Suggested Action - Manual Review
Review summary Nits — 5 non-blocking
Why this is blocked
CI checks failing
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Removes includeCohorts: true from the scheduled maintainer-recap's call to loadGatePrecisionReport -- cohort splits (miner-vs-human gate false-positive rates) are maintainer-authenticated diagnostics via the gate-precision API route, not content for the unauthenticated Discord/ Slack recap webhook. Extends PUBLIC_UNSAFE_TERMS with cohort/miner- originated/human-originated as defense-in-depth. Also syncs packages/gittensory-engine/src/prompt-packet.ts's hand- duplicated mirror of PUBLIC_UNSAFE_TERMS (kept separate so the engine package stays standalone) with the three new terms, and adds the two new [-_\s]?-shaped terms to prompt-packet-redaction.test.ts's explicit per-branch sample table -- both fell through to the test's generic fallback (which uses the raw regex source itself as the sample text), so neither the mirror drift nor the missing sample surfaced until the adversarial redaction test's dynamically-generated cases failed in CI.
0a15958 to
7d14161
Compare
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 7d14161 | Commit Preview URL Branch Preview URL |
Jul 12 2026, 09:57 AM |
Motivation
loadGatePrecisionReport(..., { includeCohorts: true })and rendering miner-vs-human cohort diagnostics into external Discord/Slack digests, which exposes sensitive maintainer-review/identity signals on public surfaces.Description
includeCohorts: trueat the scheduled loader call insrc/review/maintainer-recap-wire.tsso periodic recap deliveries remain aggregate-only.totals.cohortsshape available to callers that inject cohort-bearing reports, but remove cohort-derived lines from the publicsummaryand omit the## Cohortssection from the formatted public body insrc/services/maintainer-recap.tsandformatMaintainerRecap.PUBLIC_UNSAFE_TERMSinsrc/signals/redaction.tsto include cohort diagnostic vocabulary (cohort,miner-originated,human-originated) as defense-in-depth against accidental public leakage.test/unit/maintainer-recap.test.ts,test/unit/maintainer-recap-format.test.ts,test/unit/maintainer-recap-wire.test.ts).worker-configuration.d.tsto keep the type-check/generation gate current.Testing
npx vitest run test/unit/maintainer-recap.test.ts test/unit/maintainer-recap-format.test.ts test/unit/maintainer-recap-wire.test.ts --reporter=dotand all targeted tests passed (44 tests across 3 files).npm run typechecksucceeded with no reported errors.npm run cf-typegenexecuted and updatedworker-configuration.d.tsto match the environment.npm run test:ciwas attempted but failed in unrelated, existing queue/sweep integration tests (timing/remote setup) in this environment; the maintainer-recap-specific tests used for this fix passed.npm audit --audit-level=moderatecould not complete in this environment (registry returned 403), so audit was not verified here.Codex Task