Fix dev promotion review findings

[djm81]

Summary

• fix rich-styled Typer validation assertions by stripping ANSI before matching
• preserve shadow-mode ci_exit_code when refreshing cleanup forecasts
• address valid CodeRabbit findings for canonical review JSON paths, schema 1.3 handoff metadata, registry SHA256 sidecars, forecast weights, test/test LOC classification, AST parse caching, and preview-fixes validation
• bump and resync specfact-code-review to 0.47.31 with registry artifact/checksum

Unblocks dev-to-main promotion PR #299.

Validation

• hatch run format
• hatch run type-check
• hatch run lint
• hatch run yaml-lint
• hatch run check-bundle-imports
• hatch run verify-modules-signature --payload-from-filesystem --enforce-version-bump
• openspec validate code-review-13-cleanup-forecast-agent-handoff --strict
• hatch run pytest tests/unit/specfact_code_review/run/test_commands.py tests/unit/specfact_code_review/run/test_cleanup_evidence.py tests/unit/specfact_code_review/run/test_findings.py tests/unit/specfact_code_review/run/test_forecast.py tests/unit/specfact_code_review/review/test_commands.py -q
• hatch run pytest tests/unit/specfact_code_review/run/test_cleanup_evidence.py --cov=specfact_code_review.run.cleanup_evidence --cov-report=term-missing --cov-fail-under=80 -q
• hatch run specfact code review run --bug-hunt --json --out .specfact/code-review.json
• hatch run contract-test

[strix-security]

Strix is installed on this repository, but we could not run this PR security review because this workspace does not have an active plan. If you'd like to continue receiving code reviews, you can add a payment method or manage billing here.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c9185fc4-a189-4a4f-8784-9a5d7072e7ae

📥 Commits

Reviewing files that changed from the base of the PR and between a924aa8 and 9ed57d4.

⛔ Files ignored due to path filters (1)

• registry/modules/specfact-code-review-0.47.32.tar.gz is excluded by !**/*.gz

📒 Files selected for processing (7)

• packages/specfact-code-review/module-package.yaml
• packages/specfact-code-review/src/specfact_code_review/run/forecast.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• registry/index.json
• registry/modules/specfact-code-review-0.47.32.tar.gz.sha256
• tests/unit/specfact_code_review/run/test_forecast.py
• tests/unit/specfact_code_review/run/test_runner.py

---

📝 Walkthrough

Bundle and Module Surface Changes

Commands and AI Instruction Layer

• Review runner instructions: Updated _RUN_INSTRUCTIONS in packages/specfact-code-review/src/specfact_code_review/review/commands.py to reference canonical .specfact/code-review.json output path instead of .specfact/code-review-simplify.json for both "simplify" example and "Apply one file at a time…" workflow step (+4/-2 lines).

Cleanup Forecast and Schema Evolution

• Schema version 1.3 handoff: with_refreshed_cleanup_forecast() in cleanup_evidence.py now explicitly sets schema_version="1.3" when refreshing cleanup forecast via report.model_copy(update=...), aligning with the code-review-13-cleanup-forecast-agent-handoff specification. Removal of legacy ReviewReport(**data) instantiation pattern (+6/-4 lines).

• Guidance forecast weighting: New optional weight: float = Field(default=0.0, ge=0.0) metric field added to GuidanceKindForecast Pydantic model in findings.py (+1/-0 lines). Weighting computation in forecast.py now threads weight values into per-guidance-kind GuidanceKindForecast accumulator entries, enabling fine-grained remediation cost modeling.

Parse Result Caching

• AST parse caching: run/runner.py now imports and applies @lru_cache(maxsize=256) to a new _parse_source(file_path, source) helper. Refactored _preserve_reasons_for_finding() to delegate parse operations to _get_parsed_source(file_path) helper, reducing redundant AST parsing during mutation evidence collection (+21/-6 lines).

Test Classification Logic

• Expanded test directory detection: _reviewed_loc_for_files() in forecast.py now classifies a Python file as test code if any path segment contains "test" or "tests" (previously only checked for "tests" specifically), broadening test LOC identification to cover test/... directory structures alongside tests/....

Manifest and Integrity Updates

Version and Registry Synchronization

• Module version bump: packages/specfact-code-review/module-package.yaml updated from version 0.47.30 to 0.47.32 with refreshed integrity.checksum (SHA256) and integrity.signature metadata (+3/-3 lines).

• Registry index: registry/index.json updated with nold-ai/specfact-code-review latest_version bumped to 0.47.32 and corresponding download_url and checksum_sha256 refreshed (+3/-3 lines).

• SHA256 sidecar artifacts: New registry/modules/specfact-code-review-0.47.32.tar.gz.sha256 and registry/modules/specfact-code-review-0.47.31.tar.gz.sha256 added. Multiple specfact-backlog, specfact-codebase, specfact-govern, specfact-project, and specfact-spec module sidecar checksums updated (40+ .sha256 files modified, +1/-0 lines each), indicating CI signing metadata refresh across module ecosystem.

OpenSpec and Schema Governance

Proposal Specification Update

• OpenSpec change: openspec/changes/code-review-13-cleanup-forecast-agent-handoff/proposal.md Impact section revised to specify affected report is now .specfact/code-review.json (receiving additive optional fields: weight in GuidanceKindForecast while preserving required field compatibility). Custom simplify report paths permitted only if downstream consumers are updated to read schema 1.3 fields (+1/-1 lines).

Documentation and Consumer Contract

Output Path Canonicalization

• Canonical path guidance: docs/bundles/code-review/run.md updated to document .specfact/code-review.json as canonical output path for --focus simplify reports (previously documented as .specfact/code-review-simplify.json). Added consumer guidance that .specfact/code-review.json should be used unless downstream has updated to custom simplify report path handling (+5/-3 lines).

Test Coverage Additions

Test Layer Enhancements

• Shadow mode CI exit code preservation: New test test_with_refreshed_cleanup_forecast_preserves_shadow_ci_exit() and parametrized test_cleanup_evidence_preserves_shadow_mode_ci_exit() verify that ci_exit_code is preserved as 0 in shadow-mode reports despite blocking tool errors.

• Schema 1.3 validation: New test test_review_report_uses_schema_1_3_when_finding_agent_payload_is_present() validates report upgrades to schema 1.3 when signal_trace, preserve_reasons, and remediation_packet metadata are present in findings.

• Mutation evidence handling: Tests test_with_mutation_evidence_keeps_non_safe_findings_without_signal() and test_with_mutation_evidence_records_scaffolding_signal() added to confirm non-safe findings skip signal_trace when mutation evidence unavailable, and that mutation scaffolding-only state records appropriate signal.

• Forecast refresh coverage: New test test_with_previewed_simplification_findings_refreshes_forecast_without_fixable_findings() validates forecast regeneration when preview findings contain no fixable items.

• ANSI stripping for CLI validation: test_commands.py adds ANSI-stripping helpers (_strip_ansi()) to validate rich-styled Typer validation error messages after removing ANSI escape sequences, addressing CodeRabbit findings on colored CLI output assertions.

• Test path classification: New test test_build_cleanup_forecast_counts_test_directory_as_tests() validates that code under test/... directories is counted entirely as test LOC (production LOC = 0, tests LOC = 2).

• Parse reload regression: test_runner.py adds test_preserve_detection_reloads_source_after_file_mutation() verifying preserve reason detection reloads source after file mutation, ensuring protocol-member context detection adapts to file changes.

Total affected files: 58 (primarily registry sidecar updates, with 10 material code/test changes)
Unblocks: Dev-to-main promotion PR #299

Walkthrough

Refactors cleanup-forecast report refresh to use Pydantic model_copy and set schema_version "1.3"; adds per-guidance-kind weight to forecasts; caches AST parsing for preserve-reason detection; broadens test-directory detection; updates simplify workflow docs/CLI to write canonical .specfact/code-review.json; bumps specfact-code-review to 0.47.32 and updates many registry checksums.

Changes

Cleanup Forecast Handoff and Release

Layer / File(s)	Summary
Forecast data model and guidance-kind weighting packages/specfact-code-review/src/specfact_code_review/run/findings.py, packages/specfact-code-review/src/specfact_code_review/run/forecast.py, tests/unit/specfact_code_review/run/test_forecast.py	GuidanceKindForecast adds weight; forecast accumulation seeds/records weight per guidance kind; test-directory detection broadened to any path segment containing "test"/"tests".
Report state management via model_copy and schema version packages/specfact-code-review/src/specfact_code_review/run/cleanup_evidence.py, tests/unit/specfact_code_review/run/test_cleanup_evidence.py	with_refreshed_cleanup_forecast() now uses model_copy(update={...}) and sets schema_version = "1.3"; prior model_dump/rebuild and explicit clearing of simplification_summary were removed; tests added/updated for forecast refresh, ci_exit_code preservation in shadow mode, remediation_packet refs preservation, and mutation/preview signal behavior.
AST parsing cache for review enrichment packages/specfact-code-review/src/specfact_code_review/run/runner.py	Adds _get_parsed_source and cached _parse_source (@lru_cache(maxsize=256)); _preserve_reasons_for_finding() now uses cached parsing and returns early on parse/read failures.
CLI guidance and documentation updates docs/bundles/code-review/run.md, openspec/changes/code-review-13-cleanup-forecast-agent-handoff/proposal.md, packages/specfact-code-review/src/specfact_code_review/review/commands.py, tests/unit/specfact_code_review/run/test_commands.py	Documentation and _RUN_INSTRUCTIONS examples now target canonical .specfact/code-review.json for simplify-focused runs; proposal updated to reference canonical JSON; tests add ANSI-stripping helper and validations for CLI error text and shadow-mode report ci_exit_code preservation.
Schema version and agent-payload test coverage tests/unit/specfact_code_review/run/test_findings.py, tests/unit/specfact_code_review/run/test_runner.py	Adds _agent_payload_finding() helper and tests verifying schema v1.3 is selected when agent-payload fields are present; adds preserve-detection regression test that reloads/parses mutated source to validate preserve reasons update.
Package version, integrity, and registry artifacts packages/specfact-code-review/module-package.yaml, registry/index.json, registry/modules/*.sha256	Bumps specfact-code-review version 0.47.30 → 0.47.32 and refreshes manifest integrity checksum/signature; updates registry/index.json entry for the new release and adds/updates many .sha256 checksum files for registry modules and versions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• [Change] Cleanup forecast and AI IDE handoff for code review #297: Directly related — same cleanup-forecast / remediation-handoff work and canonicalize simplify JSON output path.

Possibly related PRs

• nold-ai/specfact-cli-modules#298: Closely related follow-up touching cleanup-forecast wiring and simplify preview/mutation flows.
• Release dev to main #280: Overlaps on structured forecast/report metadata (weights, schema behavior).
• nold-ai/specfact-cli-modules#294: Related CLI/docs text edits for _RUN_INSTRUCTIONS and simplify examples.

Focus: verify package integrity metadata (signatures/checksums), confirm registry index and .sha256 files match released artifacts, and ensure tests exercise the migration to schema "1.3" and canonical .specfact/code-review.json path; no public API signature changes observed.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title does not follow the specified Conventional Commits style (feat:, fix:, docs:, test:, refactor:, chore:) and uses natural language instead.	Rename the title to follow Conventional Commits format, e.g., 'fix: dev promotion review findings' or 'chore: address code-review 0.47.31 findings and registry updates'.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description provides a clear summary, validation evidence, and rationale, but lacks the structured template sections (Scope, Bundle Impact, CI/Branch Protection, Docs/Pages checklist items).
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/dev-main-rich-cli-error-tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cf6170a7cf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/specfact-code-review/src/specfact_code_review/run/forecast.py`:
- Line 82: The test-path check currently only matches exact directory names
"test"/"tests"; update the conditional that inspects file_path.parts so it flags
any path segment containing "test" (case-insensitive) instead of exact equality.
Locate the expression using file_path.parts (the if any(part in {"test",
"tests"} for part in file_path.parts):) and change the predicate to check for
"test" as a substring on the lowercased segment (e.g., any("test" in
part.lower() for part in file_path.parts)) so segments like "unit_tests" or
"integration-test" are classified as tests.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c0351ccc-82eb-41ba-ac25-db919057f94f

📥 Commits

Reviewing files that changed from the base of the PR and between 17b0e62 and a924aa8.

⛔ Files ignored due to path filters (1)

• registry/modules/specfact-code-review-0.47.31.tar.gz is excluded by !**/*.gz

📒 Files selected for processing (94)

• docs/bundles/code-review/run.md
• openspec/changes/code-review-13-cleanup-forecast-agent-handoff/proposal.md
• packages/specfact-code-review/module-package.yaml
• packages/specfact-code-review/src/specfact_code_review/review/commands.py
• packages/specfact-code-review/src/specfact_code_review/run/cleanup_evidence.py
• packages/specfact-code-review/src/specfact_code_review/run/findings.py
• packages/specfact-code-review/src/specfact_code_review/run/forecast.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• registry/index.json
• registry/modules/specfact-backlog-0.39.0.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.0.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.1.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.10.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.11.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.13.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.14.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.15.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.2.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.3.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.4.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.5.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.6.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.7.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.8.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.9.tar.gz.sha256
• registry/modules/specfact-code-review-0.47.31.tar.gz.sha256
• registry/modules/specfact-codebase-0.39.0.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.0.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.1.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.10.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.11.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.12.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.13.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.14.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.2.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.3.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.4.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.5.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.6.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.7.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.8.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.9.tar.gz.sha256
• registry/modules/specfact-codebase-0.41.0.tar.gz.sha256
• registry/modules/specfact-govern-0.39.0.tar.gz.sha256
• registry/modules/specfact-govern-0.40.0.tar.gz.sha256
• registry/modules/specfact-govern-0.40.1.tar.gz.sha256
• registry/modules/specfact-govern-0.40.10.tar.gz.sha256
• registry/modules/specfact-govern-0.40.11.tar.gz.sha256
• registry/modules/specfact-govern-0.40.12.tar.gz.sha256
• registry/modules/specfact-govern-0.40.13.tar.gz.sha256
• registry/modules/specfact-govern-0.40.2.tar.gz.sha256
• registry/modules/specfact-govern-0.40.3.tar.gz.sha256
• registry/modules/specfact-govern-0.40.4.tar.gz.sha256
• registry/modules/specfact-govern-0.40.5.tar.gz.sha256
• registry/modules/specfact-govern-0.40.6.tar.gz.sha256
• registry/modules/specfact-govern-0.40.7.tar.gz.sha256
• registry/modules/specfact-govern-0.40.8.tar.gz.sha256
• registry/modules/specfact-govern-0.40.9.tar.gz.sha256
• registry/modules/specfact-project-0.39.0.tar.gz.sha256
• registry/modules/specfact-project-0.40.0.tar.gz.sha256
• registry/modules/specfact-project-0.40.1.tar.gz.sha256
• registry/modules/specfact-project-0.40.11.tar.gz.sha256
• registry/modules/specfact-project-0.40.12.tar.gz.sha256
• registry/modules/specfact-project-0.40.13.tar.gz.sha256
• registry/modules/specfact-project-0.40.14.tar.gz.sha256
• registry/modules/specfact-project-0.40.15.tar.gz.sha256
• registry/modules/specfact-project-0.40.2.tar.gz.sha256
• registry/modules/specfact-project-0.40.20.tar.gz.sha256
• registry/modules/specfact-project-0.40.3.tar.gz.sha256
• registry/modules/specfact-project-0.40.4.tar.gz.sha256
• registry/modules/specfact-project-0.40.5.tar.gz.sha256
• registry/modules/specfact-project-0.40.6.tar.gz.sha256
• registry/modules/specfact-project-0.40.7.tar.gz.sha256
• registry/modules/specfact-project-0.40.8.tar.gz.sha256
• registry/modules/specfact-project-0.40.9.tar.gz.sha256
• registry/modules/specfact-spec-0.39.0.tar.gz.sha256
• registry/modules/specfact-spec-0.40.0.tar.gz.sha256
• registry/modules/specfact-spec-0.40.1.tar.gz.sha256
• registry/modules/specfact-spec-0.40.10.tar.gz.sha256
• registry/modules/specfact-spec-0.40.11.tar.gz.sha256
• registry/modules/specfact-spec-0.40.12.tar.gz.sha256
• registry/modules/specfact-spec-0.40.13.tar.gz.sha256
• registry/modules/specfact-spec-0.40.2.tar.gz.sha256
• registry/modules/specfact-spec-0.40.3.tar.gz.sha256
• registry/modules/specfact-spec-0.40.4.tar.gz.sha256
• registry/modules/specfact-spec-0.40.5.tar.gz.sha256
• registry/modules/specfact-spec-0.40.6.tar.gz.sha256
• registry/modules/specfact-spec-0.40.7.tar.gz.sha256
• registry/modules/specfact-spec-0.40.8.tar.gz.sha256
• registry/modules/specfact-spec-0.40.9.tar.gz.sha256
• tests/unit/specfact_code_review/run/test_cleanup_evidence.py
• tests/unit/specfact_code_review/run/test_commands.py
• tests/unit/specfact_code_review/run/test_findings.py
• tests/unit/specfact_code_review/run/test_forecast.py

📜 Review details

🧰 Additional context used

📓 Path-based instructions (7)

registry/**

⚙️ CodeRabbit configuration file

registry/**: Registry and index consistency: bundle listings, version pins, and compatibility with
published module artifacts.

Files:

• registry/modules/specfact-codebase-0.40.1.tar.gz.sha256
• registry/modules/specfact-project-0.40.5.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.12.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.11.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.0.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.6.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.14.tar.gz.sha256
• registry/modules/specfact-project-0.40.20.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.6.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.4.tar.gz.sha256
• registry/modules/specfact-backlog-0.39.0.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.7.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.0.tar.gz.sha256
• registry/modules/specfact-project-0.39.0.tar.gz.sha256
• registry/modules/specfact-govern-0.40.1.tar.gz.sha256
• registry/modules/specfact-project-0.40.15.tar.gz.sha256
• registry/modules/specfact-spec-0.40.13.tar.gz.sha256
• registry/modules/specfact-spec-0.40.4.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.2.tar.gz.sha256
• registry/modules/specfact-spec-0.40.10.tar.gz.sha256
• registry/modules/specfact-project-0.40.12.tar.gz.sha256
• registry/modules/specfact-project-0.40.13.tar.gz.sha256
• registry/modules/specfact-govern-0.40.7.tar.gz.sha256
• registry/modules/specfact-project-0.40.2.tar.gz.sha256
• registry/modules/specfact-spec-0.40.1.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.14.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.5.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.1.tar.gz.sha256
• registry/modules/specfact-code-review-0.47.31.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.9.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.3.tar.gz.sha256
• registry/modules/specfact-codebase-0.39.0.tar.gz.sha256
• registry/modules/specfact-govern-0.40.3.tar.gz.sha256
• registry/modules/specfact-project-0.40.1.tar.gz.sha256
• registry/index.json
• registry/modules/specfact-backlog-0.40.11.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.7.tar.gz.sha256
• registry/modules/specfact-govern-0.40.5.tar.gz.sha256
• registry/modules/specfact-spec-0.40.3.tar.gz.sha256
• registry/modules/specfact-govern-0.40.13.tar.gz.sha256
• registry/modules/specfact-project-0.40.4.tar.gz.sha256
• registry/modules/specfact-govern-0.40.0.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.10.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.10.tar.gz.sha256
• registry/modules/specfact-govern-0.40.9.tar.gz.sha256
• registry/modules/specfact-govern-0.40.6.tar.gz.sha256
• registry/modules/specfact-govern-0.40.4.tar.gz.sha256
• registry/modules/specfact-project-0.40.8.tar.gz.sha256
• registry/modules/specfact-spec-0.40.2.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.13.tar.gz.sha256
• registry/modules/specfact-spec-0.40.5.tar.gz.sha256
• registry/modules/specfact-govern-0.39.0.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.8.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.9.tar.gz.sha256
• registry/modules/specfact-govern-0.40.2.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.2.tar.gz.sha256
• registry/modules/specfact-spec-0.40.9.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.4.tar.gz.sha256
• registry/modules/specfact-govern-0.40.11.tar.gz.sha256
• registry/modules/specfact-project-0.40.0.tar.gz.sha256
• registry/modules/specfact-spec-0.39.0.tar.gz.sha256
• registry/modules/specfact-spec-0.40.6.tar.gz.sha256
• registry/modules/specfact-codebase-0.41.0.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.3.tar.gz.sha256
• registry/modules/specfact-govern-0.40.12.tar.gz.sha256
• registry/modules/specfact-spec-0.40.12.tar.gz.sha256
• registry/modules/specfact-spec-0.40.0.tar.gz.sha256
• registry/modules/specfact-project-0.40.3.tar.gz.sha256
• registry/modules/specfact-project-0.40.9.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.15.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.13.tar.gz.sha256
• registry/modules/specfact-project-0.40.14.tar.gz.sha256
• registry/modules/specfact-govern-0.40.8.tar.gz.sha256
• registry/modules/specfact-spec-0.40.7.tar.gz.sha256
• registry/modules/specfact-govern-0.40.10.tar.gz.sha256
• registry/modules/specfact-project-0.40.11.tar.gz.sha256
• registry/modules/specfact-spec-0.40.11.tar.gz.sha256
• registry/modules/specfact-project-0.40.7.tar.gz.sha256
• registry/modules/specfact-backlog-0.40.5.tar.gz.sha256
• registry/modules/specfact-project-0.40.6.tar.gz.sha256
• registry/modules/specfact-spec-0.40.8.tar.gz.sha256
• registry/modules/specfact-codebase-0.40.8.tar.gz.sha256

packages/**/module-package.yaml

⚙️ CodeRabbit configuration file

packages/**/module-package.yaml: Validate metadata: name, version, commands, dependencies, and parity with packaged src.
Call out semver and signing implications when manifests or payloads change.

Files:

• packages/specfact-code-review/module-package.yaml

**/*.{js,ts,tsx,jsx,py,java,cs,go,rb,php,cpp,c,h}

📄 CodeRabbit inference engine (CLAUDE.md)

Preserve the clean-code compliance gate and its category references (naming, kiss, yagni, dry, and solid)

Files:

• packages/specfact-code-review/src/specfact_code_review/review/commands.py
• packages/specfact-code-review/src/specfact_code_review/run/cleanup_evidence.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• tests/unit/specfact_code_review/run/test_findings.py
• packages/specfact-code-review/src/specfact_code_review/run/findings.py
• tests/unit/specfact_code_review/run/test_commands.py
• packages/specfact-code-review/src/specfact_code_review/run/forecast.py
• tests/unit/specfact_code_review/run/test_forecast.py
• tests/unit/specfact_code_review/run/test_cleanup_evidence.py

packages/**/src/**/*.py

⚙️ CodeRabbit configuration file

packages/**/src/**/*.py: Focus on adapter and bridge patterns: imports from specfact_cli (models, runtime, validators),
Typer/Rich command surfaces, and clear boundaries so core upgrades do not silently break bundles.
Flag breaking assumptions about registry loading, lazy imports, and environment/mode behavior.

Files:

• packages/specfact-code-review/src/specfact_code_review/review/commands.py
• packages/specfact-code-review/src/specfact_code_review/run/cleanup_evidence.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• packages/specfact-code-review/src/specfact_code_review/run/findings.py
• packages/specfact-code-review/src/specfact_code_review/run/forecast.py

docs/**/*.md

⚙️ CodeRabbit configuration file

docs/**/*.md: User-facing and cross-site accuracy: Jekyll front matter, links per documentation-url-contract,
CLI examples matching bundled commands.

Files:

• docs/bundles/code-review/run.md

openspec/**/*.md

⚙️ CodeRabbit configuration file

openspec/**/*.md: Specification truth: proposal/tasks/spec deltas vs. bundle behavior, CHANGE_ORDER, and
drift vs. shipped modules or docs.

Files:

• openspec/changes/code-review-13-cleanup-forecast-agent-handoff/proposal.md

tests/**/*.py

⚙️ CodeRabbit configuration file

tests/**/*.py: Contract-first and integration tests: migration suites, bundle validation, and flakiness.
Ensure changes to adapters or bridges have targeted coverage.

Files:

• tests/unit/specfact_code_review/run/test_findings.py
• tests/unit/specfact_code_review/run/test_commands.py
• tests/unit/specfact_code_review/run/test_forecast.py
• tests/unit/specfact_code_review/run/test_cleanup_evidence.py

🔀 Multi-repo context nold-ai/specfact-cli

Findings (nold-ai/specfact-cli)

• Many consumers expect the canonical review JSON path ".specfact/code-review.json":

  • tests/unit/scripts/test_pre_commit_code_review.py (calls/asser ts expecting ".specfact/code-review.json") [::nold-ai/specfact-cli::tests/unit/scripts/test_pre_commit_code_review.py:86,126,146,197]
  • tests/unit/scripts/test_code_review_module_docs.py (asserts presence of ".specfact/code-review.json") [::nold-ai/specfact-cli::tests/unit/scripts/test_code_review_module_docs.py:15]
  • scripts/pre_commit_code_review.py (REVIEW_JSON_OUT constant) [::nold-ai/specfact-cli::scripts/pre_commit_code_review.py:31]
  • scripts/pre-commit-quality-checks.sh (help text referencing .specfact/code-review.json) [::nold-ai/specfact-cli::scripts/pre-commit-quality-checks.sh:398]
  • Documentation and OpenSpec configs referencing the canonical path in many places (examples: openspec/config.yaml, docs/modules/code-review.md, README.md, docs/getting-started/quickstart.md) [::nold-ai/specfact-cli::openspec/config.yaml:64][::nold-ai/specfact-cli::docs/modules/code-review.md:43][::nold-ai/specfact-cli::README.md:62][::nold-ai/specfact-cli::docs/getting-started/quickstart.md:51]

• schema_version usage and expectations:

  • Numerous places validate/check schema_version (tests and code): e.g. tests/integration/test_specmatic_integration.py, src/specfact_cli/migrations/plan_migrator.py, src/specfact_cli/registry/module_packages.py, model fields for schema_version [::nold-ai/specfact-cli::tests/integration/test_specmatic_integration.py:85][::nold-ai/specfact-cli::src/specfact_cli/migrations/plan_migrator.py:33][::nold-ai/specfact-cli::src/specfact_cli/registry/module_packages.py:389-408][::nold-ai/specfact-cli::src/specfact_cli/models/module_package.py:127]
  • Docs/specs require schema_version on emitted review reports (review-report-model spec and related files) [::nold-ai/specfact-cli::openspec/specs/review-report-model/spec.md:11]

Implication summary

• The PR’s change to produce/document simplify reports under the canonical ".specfact/code-review.json" aligns with numerous consumers in this repository (tests, scripts, docs). Any schema bump to 1.3 or added optional fields in that JSON should be compatible with these consumers or they must be updated to accept the new optional fields/schema.
• Consumers that read the report by that canonical path will see the new fields (e.g., cleanup_forecast additions, guidance kind weight) in the same file; tests or scripts that parse the report may need no path changes but could need schema-aware parsing if new fields are present.

🔇 Additional comments (82)

packages/specfact-code-review/src/specfact_code_review/run/runner.py (1)

15-15: LGTM!

Also applies to: 430-433, 489-496

packages/specfact-code-review/module-package.yaml (1)

2-2: LGTM!

Also applies to: 26-27

registry/index.json (1)

81-83: LGTM!

registry/modules/specfact-backlog-0.39.0.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.0.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.1.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.10.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.11.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.13.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.14.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.15.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.2.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.3.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.4.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.5.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.6.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.7.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.8.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-backlog-0.40.9.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-code-review-0.47.31.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.39.0.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.0.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.1.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.10.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.11.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.12.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.13.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.14.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.2.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.3.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.4.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.5.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.6.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-codebase-0.40.7.tar.gz.sha256 (1)

1-1: Verify release integrity for specfact-codebase-0.40.7 sha256 sidecar

registry/modules/specfact-codebase-0.40.7.tar.gz.sha256 contains a syntactically valid 64-hex SHA-256 digest, but the essential parity check against the corresponding registry/modules/specfact-codebase-0.40.7.tar.gz bytes and the registry/index.json reference for this artifact still need to be run (the current environment lacks sha256sum, so the parity/index spot-check couldn’t complete).

registry/modules/specfact-govern-0.40.11.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.12.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.13.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.2.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.3.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.4.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.5.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.6.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-govern-0.40.7.tar.gz.sha256 (1)

1-1: 🏗️ Heavy lift

No checksum-sidecar replacement in this PR, so the release-integrity concern doesn’t apply.
git diff shows no changes to registry/modules/*.tar.gz.sha256, so there’s no checksum/provenance replacement for specfact-govern-0.40.7 introduced by this PR.

registry/modules/specfact-project-0.40.13.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.14.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.15.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.2.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.20.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.3.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.4.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.5.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.6.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.7.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.8.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-project-0.40.9.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.39.0.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.0.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.1.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.10.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.11.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.12.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.13.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.2.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.3.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.4.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.5.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.6.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.7.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.8.tar.gz.sha256 (1)

1-1: LGTM!

registry/modules/specfact-spec-0.40.9.tar.gz.sha256 (1)

1-1: LGTM!

packages/specfact-code-review/src/specfact_code_review/run/findings.py (1)

190-190: LGTM!

packages/specfact-code-review/src/specfact_code_review/run/forecast.py (1)

107-111: LGTM!

Also applies to: 115-115

tests/unit/specfact_code_review/run/test_forecast.py (1)

47-48: LGTM!

Also applies to: 57-65, 67-75

packages/specfact-code-review/src/specfact_code_review/run/cleanup_evidence.py (1)

54-59: LGTM!

tests/unit/specfact_code_review/run/test_cleanup_evidence.py (1)

7-12: LGTM!

Also applies to: 42-77, 99-136, 150-158

docs/bundles/code-review/run.md (1)

104-105: LGTM!

Also applies to: 108-109, 148-148

openspec/changes/code-review-13-cleanup-forecast-agent-handoff/proposal.md (1)

35-35: LGTM!

packages/specfact-code-review/src/specfact_code_review/review/commands.py (1)

34-37: LGTM!

Also applies to: 56-57

tests/unit/specfact_code_review/run/test_commands.py (3)

3-4: LGTM!

Also applies to: 28-32

---

337-348: LGTM!

Also applies to: 357-357

---

414-466: LGTM!

tests/unit/specfact_code_review/run/test_findings.py (1)

83-119: LGTM!

Also applies to: 526-539