HYPERFLEET-1105: align plugins to use ticket-hygiene.md as source of truth#42
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
rafabene
force-pushed
the
HYPERFLEET-1105-align-plugins-ticket-hygiene
branch
from
63ee64b to
b4b5374
Compare
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR systematizes how plugin documentation references ticket field requirements by establishing ticket-hygiene.md (from the architecture repo) as the single authoritative source. Instead of maintaining hardcoded component lists and validation rules across multiple skill documents, instructions now fetch the document at runtime via curl and validate against the fetched content. The PR also adds comprehensive documentation for JIRA issue link "Blocks" relationship semantics, clarifying argument order to prevent link direction inversions. Plugin versions are bumped across three plugins to reflect these documentation updates. Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@hyperfleet-jira/commands/triage.md`:
- Around line 50-56: The JQL construction that injects component names into the
clause (the step that builds `component not in (...)` from ticket-hygiene.md) is
vulnerable to injection; validate and sanitize each component name (the values
you insert into the JQL list) by enforcing a strict whitelist regex such as
`^[A-Za-z0-9_ -]+$` and reject or escape any value that fails validation, ensure
multi-word names are single-quoted after validation, or preferably avoid
string-built JQL entirely by using the JIRA API's structured query/parameterized
endpoints to pass components as parameters instead of interpolating them into
JQL.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 4d3b7957-0419-45ac-9bcf-a50a5c8c9846
📒 Files selected for processing (13)
hyperfleet-devtools/.claude-plugin/plugin.jsonhyperfleet-devtools/skills/architecture-impact/SKILL.mdhyperfleet-jira/.claude-plugin/plugin.jsonhyperfleet-jira/commands/triage.mdhyperfleet-jira/skills/jira-story-pointer/SKILL.mdhyperfleet-jira/skills/jira-ticket-creator/SKILL.mdhyperfleet-jira/skills/jira-ticket-creator/references/activity-types.mdhyperfleet-jira/skills/jira-ticket-creator/references/cli-examples.mdhyperfleet-jira/skills/jira-ticket-creator/references/pitfalls.mdhyperfleet-jira/skills/jira-triage/SKILL.mdhyperfleet-work-triage/.claude-plugin/plugin.jsonhyperfleet-work-triage/skills/bugs-triage/SKILL.mdhyperfleet-work-triage/skills/open-prs/SKILL.md
There was a problem hiding this comment.
The "Valid Components" line in the output template was updated to reference ticket-hygiene.md, but the "Valid Activity Types" line just below it is still hardcoded. Same treatment needed:
Valid Activity Types: [list from ticket-hygiene.md fetched in step 0]
…truth Replace hardcoded component lists, activity types, and story point scales across all JIRA-related skills with dynamic fetches from the architecture repo's ticket-hygiene.md standard. Also document correct argument order for jira issue link (Blocks relationship).
rafabene
force-pushed
the
HYPERFLEET-1105-align-plugins-ticket-hygiene
branch
from
b4b5374 to
223893e
Compare
| ```bash | ||
| curl -sL https://raw.githubusercontent.com/openshift-hyperfleet/architecture/main/hyperfleet/standards/ticket-hygiene.md 2>/dev/null | ||
| ``` | ||
|
|
There was a problem hiding this comment.
This section says not to rely on hardcoded values, but the story point scale (0, 1, 3, 5, 8, 13) shows up in two places below (section 4 and Step 4) without referencing ticket-hygiene.md. jira-story-pointer handles this well by keeping the inline values but adding "The scale below should match. If in doubt, fetch the latest." Same treatment here would keep things consistent.
There was a problem hiding this comment.
Fixed — the hardcoded Activity Types list in the triage output template now references ticket-hygiene.md, same as Components. See 223893e.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@hyperfleet-jira/skills/jira-triage/SKILL.md`:
- Around line 30-37: Replace the current silent curl fetch with a failing,
explicit fetch: introduce a HYGIENE_URL variable (use a pinned ref/tag/commit
instead of main), fetch into a ticket_hygiene variable using a curl invocation
that fails on HTTP errors, check the command exit status and that ticket_hygiene
is non-empty, and if either check fails emit a clear stderr error and exit
non-zero so triage does not proceed without the authoritative ticket-hygiene.md.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 497a0062-2f09-4892-aa13-b8194e0b0f9a
📒 Files selected for processing (13)
hyperfleet-devtools/.claude-plugin/plugin.jsonhyperfleet-devtools/skills/architecture-impact/SKILL.mdhyperfleet-jira/.claude-plugin/plugin.jsonhyperfleet-jira/commands/triage.mdhyperfleet-jira/skills/jira-story-pointer/SKILL.mdhyperfleet-jira/skills/jira-ticket-creator/SKILL.mdhyperfleet-jira/skills/jira-ticket-creator/references/activity-types.mdhyperfleet-jira/skills/jira-ticket-creator/references/cli-examples.mdhyperfleet-jira/skills/jira-ticket-creator/references/pitfalls.mdhyperfleet-jira/skills/jira-triage/SKILL.mdhyperfleet-work-triage/.claude-plugin/plugin.jsonhyperfleet-work-triage/skills/bugs-triage/SKILL.mdhyperfleet-work-triage/skills/open-prs/SKILL.md
✅ Files skipped from review due to trivial changes (7)
- hyperfleet-jira/.claude-plugin/plugin.json
- hyperfleet-devtools/skills/architecture-impact/SKILL.md
- hyperfleet-jira/skills/jira-story-pointer/SKILL.md
- hyperfleet-devtools/.claude-plugin/plugin.json
- hyperfleet-jira/skills/jira-ticket-creator/references/cli-examples.md
- hyperfleet-jira/skills/jira-ticket-creator/references/activity-types.md
- hyperfleet-work-triage/.claude-plugin/plugin.json
🚧 Files skipped from review as they are similar to previous changes (4)
- hyperfleet-work-triage/skills/bugs-triage/SKILL.md
- hyperfleet-jira/skills/jira-ticket-creator/SKILL.md
- hyperfleet-work-triage/skills/open-prs/SKILL.md
- hyperfleet-jira/commands/triage.md
| Field requirements, valid components, activity types, and story point scales are defined in **ticket-hygiene.md** in the architecture repo. Before triaging, fetch the current standard: | ||
|
|
||
| ```bash | ||
| curl -sL https://raw.githubusercontent.com/openshift-hyperfleet/architecture/main/hyperfleet/standards/ticket-hygiene.md 2>/dev/null | ||
| ``` | ||
|
|
||
| Use the fetched document as the source of truth for all validation in this skill. Do NOT rely on hardcoded values. | ||
|
|
There was a problem hiding this comment.
Fail fast on standards fetch; don’t silently continue with unknown validation source.
The current curl ... 2>/dev/null flow can fail silently and still allow triage logic to continue without authoritative rules. Make this step explicit and blocking (check exit code/content), and prefer a pinned ref (tag/commit SHA) to avoid non-deterministic behavior from main.
Suggested doc update
-```bash
-curl -sL https://raw.githubusercontent.com/openshift-hyperfleet/architecture/main/hyperfleet/standards/ticket-hygiene.md 2>/dev/null
-```
+```bash
+HYGIENE_URL="https://raw.githubusercontent.com/openshift-hyperfleet/architecture/<PINNED_REF>/hyperfleet/standards/ticket-hygiene.md"
+ticket_hygiene="$(curl -fsSL "$HYGIENE_URL")" || {
+ echo "Failed to fetch ticket-hygiene.md from architecture repo" >&2
+ exit 1
+}
+[ -n "$ticket_hygiene" ] || { echo "ticket-hygiene.md is empty" >&2; exit 1; }
+```As per coding guidelines, "Apply these language-agnostic code review checks from HyperFleet standards ... Security (SEC-01 to SEC-03) ... Validate input at system boundaries."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@hyperfleet-jira/skills/jira-triage/SKILL.md` around lines 30 - 37, Replace
the current silent curl fetch with a failing, explicit fetch: introduce a
HYGIENE_URL variable (use a pinned ref/tag/commit instead of main), fetch into a
ticket_hygiene variable using a curl invocation that fails on HTTP errors, check
the command exit status and that ticket_hygiene is non-empty, and if either
check fails emit a clear stderr error and exit non-zero so triage does not
proceed without the authoritative ticket-hygiene.md.
| 3. If `--component` is provided, fetch the valid component list from ticket-hygiene.md and validate the value against it: | ||
| ```bash | ||
| curl -sL https://raw.githubusercontent.com/openshift-hyperfleet/architecture/main/hyperfleet/standards/ticket-hygiene.md 2>/dev/null | ||
| ``` |
There was a problem hiding this comment.
curl is listed as a forbidden command in this skill's Security section ("NEVER execute..."). This new curl in Step 1 conflicts with that rule. An LLM might refuse to run it. Either add curl to the approved commands list with a note that it's only for fetching ticket-hygiene.md, or move the component validation to use a pre-loaded reference instead.
pnguyen44
left a comment
pnguyen44
left a comment
There was a problem hiding this comment.
Nit: repeated curl URL across 7 files
This PR introduces the same curl -sL https://raw.githubusercontent.com/...ticket-hygiene.md in 7 places. Within hyperfleet-jira, you could create a single references/ticket-hygiene-fetch.md with the URL and fetch instructions, then have each skill load it. Same pattern already used for references/activity-types.md and references/pitfalls.md. That would bring it down from 7 copies to 2 (one per plugin).
| --- | ||
| name: architecture-impact | ||
| description: Analyzes code changes in HyperFleet component repositories (API, Sentinel, Adapter, Broker) to determine if architecture documentation needs updates using directory-based scope and complete document reading with single comprehensive LLM analysis. Activates when users ask "analyze architecture impact", "check if docs need update", or use /architecture-impact. | ||
| description: Analyzes code changes in HyperFleet component repositories (API, Sentinel, Adapter, Broker) to determine if architecture documentation needs updates using directory-based scope and complete document reading with single comprehensive LLM analysis. Activates when users ask "analyze architecture impact", "check if docs need update", or use /architecture-impact. Note - this skill operates on code repositories, not JIRA components. For the full list of valid JIRA components, see ticket-hygiene.md in the architecture repo. |
There was a problem hiding this comment.
The description field drives skill triggering. Adding "JIRA components" and "ticket-hygiene.md" here could cause false triggers when users talk about JIRA. This clarification would be better placed in the skill body instead of the frontmatter description.
2 participants
Summary
ticket-hygiene.mdstandardjira issue link(Blocks relationship) injira-ticket-creatorskill and referencesarchitecture-impactskill that it operates on code repos, not JIRA componentsAffected plugins
hyperfleet-jira(skills:jira-ticket-creator,jira-triage,jira-story-pointer; command:triage)hyperfleet-work-triage(skills:bugs-triage,open-prs)hyperfleet-devtools(skill:architecture-impact)Test plan
jira-ticket-creatorskill fetches valid components fromticket-hygiene.mdbefore creating ticketsjira-triageskill validates components against fetched standard instead of hardcoded listtriagecommand builds JQL dynamically from fetched component listopen-prsskill validates--componentflag against fetched standardbugs-triageskill uses fetched standard for component validationjira issue linkargument order documentation is correct