v3.25.0 — Configurable MMR fix_threshold
Highlights
- Configurable
fix_thresholdacross the review stack.scaffold run review-pr,review-code, andpost-implementation-reviewnow accept--fix-threshold P0|P1|P2|P3and forward tommr review. Default behavior unchanged when the flag is omitted. - Self-documenting
mmr config init. New.mmr.yamlfiles include an explanatory comment block abovefix_thresholddescribing each severity tier, withP2written explicitly so future MMR default shifts won't silently change behavior for existing projects. advisory_countin MMR verdicts. Findings strictly below the configured threshold are now counted inresults.advisory_countand rendered asAdvisory: N(text) or**Advisory:** N(markdown) in the verdict copy when non-zero. The gate is unchanged — these findings stay inreconciled_findingsbut don't causeblocked.- Agent-facing docs read
fix_thresholdfrom the verdict JSON instead of hardcodingP0/P1/P2. Per-channel review prompts now request all P0–P3 findings (was P0/P1/P2 only) so projects running at threshold P3 actually surface P3 findings.
Bundled
@zigrivers/mmr@1.3.0
Why this matters
The appropriate fix threshold varies by project — a prototype or doc-only PR may only warrant blocking on P0/P1, while a security-sensitive change may warrant blocking on P0–P3. Before this release, the threshold was hardcoded to P2 in agent-facing docs even though the MMR CLI had supported --fix-threshold for a while. This release makes the threshold configurable per-project (via .mmr.yaml) and per-invocation (via the wrapper passthrough), and makes the doc layer threshold-aware.
Migration
No migration needed. Behavior is unchanged at the default threshold (P2), which is what every project gets unless they explicitly opt in to a different value.
To pin a different threshold:
mmr config init # creates .mmr.yaml with P2 + comment block
# Edit .mmr.yaml: change `fix_threshold: P2` to P0/P1/P3 as appropriateTo override per-invocation:
scaffold run review-pr -- --fix-threshold P1