fix(audit): scan roots 覆盖 share/fkst package root(cluster-001)#422
fix(audit): scan roots 覆盖 share/fkst package root(cluster-001)#422loning wants to merge 4 commits into
Conversation
触发来源: audit-iter-20260602 cluster-001-audit-package-root-scan-drift 行为类型: detector lane — host-owned audit tunables 修正(scan roots + 6 analyzer 命令) 等价语义: dogfood audit 此前硬编码 top-level departments/raisers,漏掉 share/fkst 下生产 package Lua 后续复用: 后续 audit 覆盖真实 package root,不再 silent under-cover 失败痕迹归属: PR review-gate 三 reviewer + 本地 analyzer pack 命令零 missing-path 验证 ⟦AI:FKST⟧
🤖 Architect review: approveTL;DR:架构角度 approve。 详细说明:这次变更符合 Raw architect artifact---
pr: 422
role: architect
verdict: approve
---
## Verdict
approve: no architectural concerns; the PR corrects audit coverage to the current package-root surface without adding new substrate surface or moving host facts into skill-private state.
## Evidence
- `tunables/audit_scan_roots.txt:2-9` now targets `share/fkst/departments`, `share/fkst/raisers`, `share/fkst/fkst`, `scripts`, `crates`, `docs`, `tunables`, and `conformance`; this matches `CLAUDE.md:116` package-root ownership for `departments`, `raisers`, `fkst`, `scripts`, and `tunables`, and keeps the change in host-owned tunables.
- `tunables/audit_analyzer_pack.txt:2-7` applies the same real source roots to every fixed analyzer command, removing the missing top-level `departments`/`raisers` roots called out by cluster-001 while preserving detector-only behavior.
- Scope is honest: `git diff --name-only origin/auto-refact-dev...origin/dev-rc-20260602-audit-pkgroot-scan-drift_from_auto-refact-dev` shows only `tunables/audit_analyzer_pack.txt` and `tunables/audit_scan_roots.txt`, matching `.refactor-loop/prompts/implement-cluster001.md:25-26` and `.refactor-loop/runs/implement-cluster-001-audit-package-root-scan-drift.md`.
- Host production SSOT boundary is preserved: the diff does not move configuration or ledger authority into `.refactor-loop/`; this aligns with `CLAUDE.md:540` that skill-private runtime directories must not become host production configuration or ledger SSOT.
- No new actor/entity split, schema/protocol surface, external repository reference, refactor-history source comment, compat shim, or parallel pathway appears in the actual diff.
⟦AI:AUTO-LOOP⟧
REVIEW_DONE:422:architect:approve⟦AI:AUTO-LOOP⟧ |
触发来源: PR #422 review-gate r1 tests reviewer reject(缺防回归 test) 行为类型: 回归 test — 读真实 tunables/audit_scan_roots.txt 断言 share/fkst/{departments,raisers,fkst} 在 host audit scan root policy 等价语义: 防 scan root 漂移回 top-level-only departments/raisers 失败痕迹归属: re-review r2 + Lua suite ⟦AI:FKST⟧
🤖 质量评审通过TL;DR
详细说明这次改动只触达 、、。新增的 是测试内局部 helper,被 scan roots 和 analyzer pack 两组断言复用,没有变成新的 production surface。 配置层面,scan roots 与 analyzer pack 都同步改到 、、 这一组 package-root 路径,并保留 、、、、。从质量角度看,这是聚焦修正,没有夹带无关 tidy 或重命名。 📎 完整 codex 原始输出(存档备查)pr: 422
|
🤖 Architect review:通过TL;DR:架构角度 approve。 详细说明我按三点 diff 审阅了
结论:这些改动落在 cluster-001 的声明范围内,用 host-owned raw artifact---
pr: 422
role: architect
verdict: approve
---
## Verdict
approve - architect angle has no blocking concerns; the PR only corrects host-owned audit scan/analyzer coverage for the fkst package root.
## Evidence
- `tunables/audit_scan_roots.txt:2`-`tunables/audit_scan_roots.txt:4` now lists `share/fkst/departments`, `share/fkst/raisers`, and `share/fkst/fkst`, matching `CLAUDE.md` L0 universal-host rule: "任何路径、sentinel、integration branch、branch prefix、部门拓扑、cron/timeout/permit tunable 都必须可由 host project 配置注入,不能硬编码成 fkst-only 事实。"
- `tunables/audit_analyzer_pack.txt:2`-`tunables/audit_analyzer_pack.txt:7` applies every required analyzer command to the same package-root surface plus host-owned `scripts`, `crates`, `docs`, `tunables`, and `conformance`; this stays within cluster-001's declared fix boundary and does not introduce new SDK, source kind, schema, or protocol surface.
- `share/fkst/departments/audit/main_test.lua:64`-`share/fkst/departments/audit/main_test.lua:89` adds a regression probe that the audit scan roots and analyzer commands include package-root paths and omit stale top-level-only `departments`/`raisers`; comments and assertion text are English, so the source-language clause is not regressed.
- The three-dot PR diff changes only `tunables/audit_scan_roots.txt`, `tunables/audit_analyzer_pack.txt`, and `share/fkst/departments/audit/main_test.lua`; no production SSOT is moved into `.refactor-loop/` or `.refactor-loop/host.env`, and no compat shim, wrapper pathway, actor split, or external repo reference is introduced.
⟦AI:AUTO-LOOP⟧
REVIEW_DONE:422:architect:approve⟦AI:AUTO-LOOP⟧ |
🤖 质量评审通过(更正版)TL;DR
详细说明这次改动只触达 配置层面,scan roots 与 analyzer pack 都同步改到 备注:上一条评论的 raw artifact 完整,但正文里的反引号内容被 shell 展开误处理,这条为可读正文更正版。 📎 完整 codex 原始输出(存档备查)pr: 422
|
🤖 Tests review: approveTL;DR
详细说明这次生产面只改 我也检查了三点 diff,未发现新增 📎 完整 codex 原始输出(存档备查)---
pr: 422
role: tests
verdict: approve
---
## Verdict
approve: 本 PR 的测试覆盖足够,新增断言直接锁定 audit scan roots 与 analyzer pack 对 `share/fkst` package root 的覆盖结果。
## Evidence
- `share/fkst/departments/audit/main_test.lua:64` 读取真实 host `tunables/audit_scan_roots.txt`,不是 mock 文件;`share/fkst/departments/audit/main_test.lua:70-77` 断言必须包含 `share/fkst/departments`、`share/fkst/raisers`、`share/fkst/fkst`,并拒绝旧的顶层 `departments` / `raisers` 根,覆盖了本 cluster 的 no-regression 行为。
- `share/fkst/departments/audit/main_test.lua:79-88` 读取真实 `tunables/audit_analyzer_pack.txt`,逐条 analyzer command 断言包含三个 package roots,并拒绝旧的 ` departments raisers ` root 组合;这不是 bump-only 测试,而是在验证审计命令实际扫描面。
- `tunables/audit_scan_roots.txt:2-9` 与 `tunables/audit_analyzer_pack.txt:2-7` 是本 PR 的生产面变更;没有新增 public method、event type 或 Lua/Rust 业务分支需要额外单元测试。
- 三点 diff 未新增 `sleep` / `delay` / skip/manual 标记,也没有发现断言弱化或 mock-only pseudo-coverage。
- 在 PR head 临时 worktree 上已运行 `lua share/fkst/departments/audit/main_test.lua`,通过并输出 `audit helper tests pass`;`bash scripts/run_department_lua_tests.sh` 跑到 `TOTAL: FOUND=43 PASS=42 FAIL=1`,唯一失败是 `share/fkst/departments/github_publisher/main_test.lua` 缺少 `.claude/skills/codex-refactor-loop/SKILL.md` fixture,和本 PR 的 audit tunables/test diff 无关。
## What would change your verdict (only if comment or reject)
不适用。
⟦AI:AUTO-LOOP⟧
REVIEW_DONE:422:tests:approve⟦AI:AUTO-LOOP⟧ |
…s(修 pre-existing CI 失败) 触发来源: PR #422 CI conformance 红 → remote-ci-fix 诊断 行为类型: 修 pre-existing hermetic Lua test bug — 原测试硬编码读不存在的 .claude/skills/codex-refactor-loop/... 文件,断言前失败 等价语义: 与 cluster-001 audit-root 改动无关的既有 CI 失败,riding #422 解锁 merge 后续复用: 该 test 改扫当前 tracked .claude/skills,保留 prompt 不得要求 marker-shaped source comments 断言 失败痕迹归属: 远端 conformance re-run ⟦AI:FKST⟧
🤖 架构审查:reject,源注释带修复历史TL;DR
详细说明阻断点在 这撞上 我没有发现 📎 完整 codex 原始输出(存档备查)---
pr: 422
role: architect
verdict: reject
---
## Verdict
reject: the scan-root fix is architecturally aligned, but the PR introduces a refactor-history source comment in a department Lua test.
## Evidence
- `share/fkst/departments/github_publisher/main_test.lua:105` adds `-- Fix (remote-ci/conformance): hermetic CI checkouts only expose the skills that are tracked in this repo.` This is a fix-history/rationale comment in source, not current-state behavior documentation. CLAUDE.md clause: `**不写历史叙述,只写当前态**:SPEC / prompt / 部门代码 / 项目文档**不写**"Per X YYYY-MM-DD" / "曾经是 X 现改为 Y" / "## History" —— 这些都在 commit message 里。**但保留反面示例**(\`❌ 会发生什么坏事\`),反面是防护不是叙述。` The reviewer prompt also sets Old/New pattern comment policy to `none`, so refactor-history source comments should be rejected rather than preserved in code.
## What would change your verdict
Remove the added `-- Fix (remote-ci/conformance): ...` comment, or replace it with a source comment that describes only the current invariant without fix/refactor/history framing. No other architect-angle change is required.
⟦AI:AUTO-LOOP⟧
REVIEW_DONE:422:architect:reject⟦AI:AUTO-LOOP⟧ |
🤖 质量审查结论: commentTL;DR
详细说明
唯一质量侧提示是 📎 完整 codex 原始输出(存档备查)---
pr: 422
role: quality
verdict: comment
---
## Verdict
comment: The audit scan-root change is readable and scoped, but the PR includes a small cross-department hermetic test cleanup that should be called out as a drive-by change.
## Evidence
- `tunables/audit_scan_roots.txt:2` keeps the scan-root intent explicit by naming `share/fkst/departments`, `share/fkst/raisers`, and `share/fkst/fkst` directly; no new abstraction or confusing naming was introduced.
- `share/fkst/departments/audit/main_test.lua:53` adds `non_comment_lines`, a small reachable helper used by the new assertions at lines 74 and 80; no dead private helper is introduced.
- `share/fkst/departments/audit/main_test.lua:64` adds focused regression assertions for the host-owned audit tunables, and the added block stays simple enough to review inline.
- `share/fkst/departments/github_publisher/main_test.lua:105` changes a github_publisher hermetic source scan from `.claude/skills/codex-refactor-loop` to all tracked `.claude/skills`. That may be a valid CI fix, but it is outside the audit scan-root drift described by this PR and should be split or explicitly justified as a required pre-existing test repair.
## What would change your verdict
Move the `share/fkst/departments/github_publisher/main_test.lua` hermetic scan fix to its own PR/commit, or add a clear PR rationale that this test change is required for the audit scan-root PR to be reviewable in CI.
⟦AI:AUTO-LOOP⟧
REVIEW_DONE:422:quality:comment⟦AI:AUTO-LOOP⟧ |
🤖 tests reviewer r3:通过TL;DR
详细说明测试不是 bump-only。 我也检查了新增 diff:没有新增 📎 完整 codex 原始输出(存档备查)---
pr: 422
role: tests
verdict: approve
---
## Verdict
approve: 本次 diff 的测试覆盖和测试质量足够,新增配置回归面有直接断言保护。
## Evidence
- `share/fkst/departments/audit/main_test.lua:64`: 测试直接读取 host `tunables/audit_scan_roots.txt`,不是只验证 helper 不报错。
- `share/fkst/departments/audit/main_test.lua:65`: `required_audit_package_roots` 明确要求 `share/fkst/departments`, `share/fkst/raisers`, `share/fkst/fkst` 三个 package root,覆盖 cluster-001 的核心回归面。
- `share/fkst/departments/audit/main_test.lua:74`: 测试逐行拒绝旧的裸 `departments` / `raisers` scan roots,能防止配置退回旧 top-level root。
- `share/fkst/departments/audit/main_test.lua:79`: 测试逐条检查 `audit_analyzer_pack.txt` 命令,要求每条 analyzer command 都覆盖三个 package root,不是只检查文件里出现过一次 token。
- `share/fkst/departments/audit/main_test.lua:87`: 测试拒绝 analyzer command 回到 `" departments raisers "` 旧组合,给本次 scan drift 留下 source-regression 断言。
- `share/fkst/departments/github_publisher/main_test.lua:275`: 相关变更只是让 prompt contract scan 遍历 tracked `.claude/skills` 文件,后续 `assert_lacks` 仍然验证 forbidden prompt contract 文案,没有把断言放松成非空检查。
- 稳定性检查: diff 未新增 `sleep` / `delay` pacing,未新增 skip/manual category,未看到断言弱化。
- 验证命令: 在 PR head 临时 worktree 运行 `FKST_TEST_ISOLATED=1 bash scripts/run_department_lua_tests.sh`,结果 `TOTAL: FOUND=43 PASS=43 FAIL=0`。
⟦AI:AUTO-LOOP⟧
REVIEW_DONE:422:tests:approve
⟦AI:AUTO-LOOP⟧ |
…itect reject) 触发来源: PR #422 review-gate r3 architect reject 行为类型: 删 share/fkst/departments/github_publisher/main_test.lua:105 的 refactor-history 源码注释(违反 CLAUDE.md 不写历史叙述 + HOST_REFACTOR_COMMENT_POLICY=none) 等价语义: 保留测试逻辑(扫 tracked .claude/skills),仅删历史注释 后续复用: 注释纪律 失败痕迹归属: re-review r4 注: controller 已 revert fix codex 越界的 Tier II root_cleanliness_guard.sh 改动(对真实 CI 失败不必要,且 Tier II 需深度共识) ⟦AI:FKST⟧
1 participant
摘要
audit-iter-20260602 cluster-001(detector lane,severity high)。
departments/raisers,但生产 package Lua 在share/fkst/下 → marker-only audit silent under-cover。share/fkst/{departments,raisers,fkst}+ host-ownedscripts/crates/docs/tunables/conformance。范围
2 files:
tunables/audit_scan_roots.txt、tunables/audit_analyzer_pack.txt。纯 host detector 配置,不碰业务 .lua/.rs。违反:fkst「演化白名单/detector 独立通路」+ audit 覆盖完整性。
🤖 Auto-loop / codex-refactor-loop
⟦AI:AUTO-LOOP⟧