Conversation
* fix: harden module lifecycle bootstrap and signing workflows * fix: stabilize module signature hashing across environments * fix: stabilize bundle module signature verification in CI --------- Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
…ics (#311) * fix(backlog): harden refine writeback, prompts, and daily any filters * fix(github): default story type fallback to feature * Fix format * Fix codex review findings * bump and sign changed modules * chore(hooks): enforce module signature verification in pre-commit * chore(hooks): add markdownlint to pre-commit checks --------- Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Keep dev versions for all conflicted paths (--ours). Retain auto-merged non-conflicting updates from main (notably adapter/analyzer tests). Made-with: Cursor
Use diff-filter ACMRD so deletion-only commits are not treated as empty safe changes. Restrict markdown and code-review paths to existing files. Made-with: Cursor
…503) * feat(ci): sign modules on PR approval and manual dispatch - Add sign-modules-on-approval workflow (approved reviews, dev/main base) - Extend sign-modules.yml with workflow_dispatch inputs and sign-and-push job - Document flows in module-security.md; update CHANGELOG and tests Made-with: Cursor * Fix sign review and process --------- Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
* feat(ci): sign modules on PR approval and manual dispatch - Add sign-modules-on-approval workflow (approved reviews, dev/main base) - Extend sign-modules.yml with workflow_dispatch inputs and sign-and-push job - Document flows in module-security.md; update CHANGELOG and tests Made-with: Cursor * Fix sign review and process * Fix signature flow * Fix review gate findings * Fix review gate findings --------- Signed-off-by: Dom <39115308+djm81@users.noreply.github.com> Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
- Add sign-on-dispatch job with base_branch/version_bump inputs and merge-base signing - Rename approval job to sign-on-approval; fix concurrency for manual runs - Document default-branch vs Run workflow on dev; update tests and CHANGELOG - Refactor workflow tests to satisfy code-review complexity gate Made-with: Cursor Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Align VERIFY_ARGS order; use immutable PR base SHA and branch checkout for approval signing; make PyPI ahead-of-registry check lenient on network failures in PR jobs. Refactor workflow policy tests for radon complexity; add beartype and icontract to the PyPI check script; restore init manifest signature field where applicable. Made-with: Cursor
The prior commit added integrity.signature without incrementing the module version, so sign-modules verify failed (same 0.1.27 vs HEAD~1). Refresh checksum; CI will re-add signatures via Module Signature Hardening workflow_dispatch. Made-with: Cursor
Bump patch version across canonical sources. Tighten pr-orchestrator and sign-modules verify so every PR targeting main uses --require-signature, matching the post-merge main push gate. Made-with: Cursor
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 3 minutes and 46 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (9)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
djm81
added
bug
enforce-version-bump compares changed manifests to origin/main; signing-only changes on 0.1.28 still failed. Re-sign integrity.signature locally after pull. Made-with: Cursor
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1ceddabe18
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
1 participant
Summary
--require-signaturefor all PRs targetingmain(pr-orchestrator,sign-modules) so post-mergemainverify matches PR verify.dev).Checklist
init(and other bundled modules) have validintegrity.signaturebefore merge.Made with Cursor