Skip to content

feat(audit): attribution on --base added rows#177

Merged
SutuSebastian merged 5 commits into
mainfrom
feat/audit-delta-attribution
Jun 10, 2026
Merged

feat(audit): attribution on --base added rows#177
SutuSebastian merged 5 commits into
mainfrom
feat/audit-delta-attribution

Conversation

@SutuSebastian

@SutuSebastian SutuSebastian commented Jun 10, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

  • On audit --base <ref> (CLI / MCP / HTTP), each added row carries attribution: introduced | inherited — branch-new vs pre-existing at merge base — for all v1 deltas (files, dependencies, deprecated) via stable finding keys in audit-engine.ts.
  • --summary adds added_introduced / added_inherited per delta; baseline-prefix audits unchanged (no attribution field).
  • Retires shipped plans (audit-delta-attribution.md, completed agent-enrichment-wave.md); lifts contract to architecture.md, glossary.md, and roadmap.md; updates agent surfaces (skill, rule, MCP instructions, CLI help, README) and changeset.
  • Sharpens harden-pr skill: mandatory parallel Task subagents, JSON finding schema, prompt template, merge/dedupe rules.

Test plan

  • bun test src/application/audit-engine.test.ts src/application/audit-worktree.test.ts
  • bun run check
  • CI green on PR
  • Spot-check codemap audit --base HEAD~1 --json on a git repo with drift

Summary by CodeRabbit

  • New Features

    • Added attribution tracking to audit --base command, distinguishing whether added items are newly introduced on the branch or inherited from the merge base.
    • Enhanced summary output with added_introduced and added_inherited breakdown counts.

  • Documentation

    • Updated CLI help text and reference guides with new attribution details.

@SutuSebastian
feat(audit): add findingKey helper for delta attribution (Plan 4 slic…
94df490 
…e 4.1)

Project rows to requiredColumns and JSON.stringify for stable keys aligned with computeDelta / diffRows identity; unit tests cover all v1 deltas.
@SutuSebastian
feat(audit): attribution on --base added rows (Plan 4)
e3bfbe9 
Tag ref-sourced audit deltas with introduced/inherited finding keys;
share summary collapse across CLI/MCP/HTTP; retire plan + lift docs.
@SutuSebastian
harden: audit attribution docs parity and anchor fixes
83d1ca5 
Add architecture § heading, MCP instructions row, roadmap cross-refs;
correct wave doc contract paths.
@SutuSebastian
harden: subagent review fixes for audit attribution PR
73d3016 
Tests for inherited/deps attribution and baseline no-attribution;
consumer-surface parity (CLI help, rule, skill, MCP, README, changeset);
delete completed agent-enrichment-wave plan per docs-governance.
@SutuSebastian
docs(skill): sharpen harden-pr Task spawning and finding schema
9156f6d 
Require parallel Task subagents per pass; add prompt template, JSON
finding shape, merge/dedupe rules, and explicit anti-inline-review rule.
@changeset-bot

changeset-bot Bot commented Jun 10, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 9156f6d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@stainless-code/codemap Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 19b99304-6b1d-483b-b4c6-f0123549a189

📥 Commits

Reviewing files that changed from the base of the PR and between 16687a0 and 9156f6d.

📒 Files selected for processing (17)
  • .agents/skills/harden-pr/SKILL.md
  • .changeset/audit-delta-attribution.md
  • README.md
  • docs/architecture.md
  • docs/glossary.md
  • docs/plans/agent-enrichment-wave.md
  • docs/plans/audit-delta-attribution.md
  • docs/roadmap.md
  • src/application/audit-engine.test.ts
  • src/application/audit-engine.ts
  • src/application/audit-worktree.test.ts
  • src/application/mcp-server.ts
  • src/application/tool-handlers.ts
  • src/cli/cmd-audit.ts
  • templates/agent-content/mcp-instructions.md
  • templates/agent-content/rule/00-full.md
  • templates/agent-content/skill/10-recipes-context.md
📝 Walkthrough

Walkthrough

This PR implements audit delta attribution, enabling codemap audit --base <ref> to tag changes as either newly introduced on the branch or inherited from the merge base. Core helpers compute stable finding keys, build baseline key sets, and tag findings with attribution. Integration spans engine, tests, CLI, tools, and MCP with corresponding documentation updates. Additionally, the harden-pr agent skill is restructured to enforce parallel Task-based reviewer execution with JSON-only findings and automated fixing/verification.

Changes

Audit Delta Attribution

Layer / File(s) Summary
Attribution finding keys and tagging helpers
src/application/audit-engine.ts		 Exports findingKey(), AuditAttribution type, buildFindingKeySet(), tagAddedWithAttribution(), summarizeAttributedDelta(), and collapseAuditEnvelopeForSummary() to compute deterministic keys, tag rows with introduced/inherited, and produce summary shapes.
Unit tests for attribution helpers
src/application/audit-engine.test.ts		 Tests findingKey() across file/dependency/deprecated specs with projection/collision validation; tests tagAddedWithAttribution() for correct attribution and column stripping; tests collapseAuditEnvelopeForSummary() for summary shape and attribution breakdown.
Integration into runAuditFromRef and e2e testing
src/application/audit-engine.ts, src/application/audit-worktree.test.ts		 runAuditFromRef() computes baseKeySet and tags added with attribution. E2E tests seed fixture dependencies, assert full envelope attribution, verify baseline override suppresses attribution, and add deprecated attribution test suite covering inheritance and cache stability.
CLI and tool summary output integration
src/application/tool-handlers.ts, src/cli/cmd-audit.ts, src/application/mcp-server.ts		 handleAudit and CLI JSON summary rendering delegate to collapseAuditEnvelopeForSummary() helper. Help text documents added_introduced/added_inherited counts and attribute row semantics for ref-sourced audits. MCP tool description updated.
Feature documentation and roadmap
.changeset/audit-delta-attribution.md, README.md, docs/architecture.md, docs/glossary.md, docs/roadmap.md, templates/agent-content/*		 Changeset entry added. README, architecture, glossary expanded with attribution details. Roadmap marks feature shipped. Agent-facing rule and skill templates document attribution semantics and per-delta base metadata.

Harden-PR Skill Enhancement

Layer / File(s) Summary
Parallel reviewer task execution and JSON protocol
.agents/skills/harden-pr/SKILL.md		 Replaces inline reviewer spawning with explicit Task-based parallelism (readonly mode). Adds Phase behavior table for loop autonomy, post-loop reporting, and automatic commit authorization. Introduces Spawning subagents section with JSON findings schema (severity/file/fixable_in_bounds), parent merge/dedupe rules, and role-specific reviewer prompts. Updates loop step 1 to Task-batch reviewers in parallel and merge findings.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • stainless-code/codemap#33: Introduced the same codemap audit v1 audit-envelope/summary plumbing extended here by the --base ref-based attribution tagging.
  • stainless-code/codemap#52: Introduced the runAuditFromRef/audit --base <ref> worktree+reindex architecture that now integrates attribution tagging.
  • stainless-code/codemap#74: Refactored overall audit output formatting and summary behavior, while this PR changes JSON summary shape to include attribution-driven counts.

Poem

🐰 A rabbit hops through audit trails so bright,
With keys that find what's new and what's old—
"Introduced" or "inherited" shines in sight,
Each change now wears its origin of gold.
Task runners now in parallel take flight!

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/audit-delta-attribution

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@SutuSebastian SutuSebastian merged commit bb8bae9 into main Jun 10, 2026
10 of 11 checks passed
@SutuSebastian SutuSebastian deleted the feat/audit-delta-attribution branch June 10, 2026 10:54
@github-actions github-actions Bot mentioned this pull request Jun 10, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SutuSebastian