Surface GTM handoff trace#3
Merged
Merged
Conversation
Polish for the GTM-handoff trace surfacing before merge: - Extract isSafeHttpUrl + parseOperatorLinks to lib/gtm-handoff/trace.ts — one owner of "what is a safe operator link", used by both the importer's Zod refine (write boundary) and the account page (render sink). The page re-checks because an <a href> is an XSS sink and payloadJson is opaque stored text; we dedupe the rule, not the two enforcement points. - Drop the account page's local GtmTracePayload type, which declared trace.sourceSystem/evidenceBoundary fields the renderer never read. The "not verified evidence" warning is unconditional, which is correct: the importer enforces the evidenceBoundary literal, so every stored handoff is a research seed by contract. - Add tests/unit/gtm-handoff-trace.test.ts covering protocol rejection, malformed JSON, and the per-link degrade path. Verified: pnpm typecheck clean; vitest 88/88; codex review -> none. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The claim-audit span filter matched validation issues to spans via `issue.detail.includes(span.evidence_id)` against a free-text detail string. Two spine-level bugs: (a) substring cross-match (ev_1 matched a detail mentioning ev_12); (b) one not-in-snippet span for an id dropped EVERY span citing that id, including valid ones — silently discarding verifiable claims on a tool whose whole value is "every claim traces to verified evidence." ValidationIssue now carries structured evidenceId/span (detail unchanged); a pure selectValidSpans() matches by exact (evidenceId, span) identity; claim-audit delegates to it. Two new tests cover the cross-match and span-identity cases (both fail under the old filter). Verified: pnpm typecheck clean; vitest 91/91; codex review -> none. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The importer required a `trace` block in v1 payloads, which breaks older or minimal v1 exports generated before the trace block existed (e.g. the original committed sample). Make `trace` optional — still enforcing the exact sourceSystem/evidenceBoundary literals when present. Absence is safe: the research-seed boundary is enforced structurally by the evidence layer (only `verified` rows are citable; the importer never writes evidence) and the account page shows the "not verified evidence" notice regardless — not by this metadata label. Adds a test that a trace-less v1 payload imports. Verified: pnpm typecheck clean; vitest 92/92; codex review -> none. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification