Version Packages#230
Merged
Merged
Conversation
a4279ec to
2487296
Compare
2487296 to
7ca6fec
Compare
This was referenced Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
review@1.4.0
Minor Changes
4a57d01: Failure scenario required on every finding. Each finding (not just blocking ones) now carries a concrete
failure_scenario: the specific inputs or state and the wrong outcome they produce. The field is required in the structured finding schema (FINDING_SCHEMA_VERSION2), emitted by every producer (label-shape reviewers and all 11 specialist lenses), and carried verbatim intoclaims.json; theclaim-validatorattacks exactly that stated scenario, and a scenario too vague to check caps atplausible. Every corpus fixture is migrated with a hand-written failure scenario.11666ee: Reviewer prompt disciplines plus measured cost fixes.
0892c8d: Change-provenance gate, enforced in code, plus generated-stripped whole-change diffs. New
lib/diff.ts(unified-diff parsing) andlib/provenance.ts(gate + CLI) compute a per-file changed-line map (provenance.json); a finding whose anchor is not an added or modified line of the diff cannot carry a blocking label and does not post to the PR at all; the set-aside pre-existing observations are recorded in the run artifact (out/pre-existing.json) only. Deletion findings pass viaremovedAdjacentlines. The gate fails open (gates nothing, with a review-body note) whenever the parsed map cannot be trusted: an unparseable diff, hunks not attributable to a file section, or a changed file whose patch is missing from the parse (files.jsonnow carrieshasPatchfor this cross-check). The provenance CLI also stagesfull-stripped.diff(the full diff minus files the router classifieslinguist-generated;routing.jsonnow exposesgeneratedFiles), and every whole-change reviewer and specialist lens reads it instead of the full diff;pattern-triagekeeps the full diff since classification is its job. Wired through the no-post eval runner and covered by unit tests plus a smoke corpus case.2cdee74: Thumbs-sweep: opt-in reaction seeding and self-reaction filtering. With
seedReactions: truein the sweep config, each sweep seeds one thumbs-up and one thumbs-down (from the bot) on any reviewer comment lacking them, so readers see the feedback affordance without opening the reaction picker. Feedback counts now exclude the bot's own reactions everywhere, so seeded nudges never trigger follow-ups or count as signal; a reaction with no attributed login still counts as a real user's. The port gains an optionaladdReactionsmethod, required only when seeding is enabled (enabling it without an implementation fails loudly).Patch Changes
allowed-domainsallowlist for the review workflow's safe outputs so links we routinely use in PRs survive gh-aw's text-sanitization. Chosen from the domains that actually appear in our PR bodies and comments (surveyed across recent Khan/frontend PRs): GitHub, khanacademy.org (incl. per-PR deploy previews), khanacademy.dev, Jira/Confluence, Slack, Claude (claude.ai + claude.com), Figma, Google Docs, and Cursor. Entries are bare hosts, which match the host and all of its subdomains.check-for-changeset@2.0.1
Patch Changes
gerald-pr@6.1.1
Patch Changes
get-changed-files@3.0.1
Patch Changes
core.warn is not a function) on push events when the pushed commit is associated with more than one open PR, as happens with stacked PRs. The github-scriptcoreAPI method iscore.warning, notcore.warn.