Skip to content

release.yml: composer audit gate parity (v0.1.0 prep)#3

Merged
Goosterhof merged 1 commit into
mainfrom
docs/v0.1.0-usage-and-release-prep
Jun 9, 2026
Merged

release.yml: composer audit gate parity (v0.1.0 prep)#3
Goosterhof merged 1 commit into
mainfrom
docs/v0.1.0-usage-and-release-prep

Conversation

@Goosterhof

@Goosterhof Goosterhof commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

What

Brings the tag-time release gate to parity with CI so a v0.1.0 tag is verified to the same standard as a PR.

  • release.yml — added the missing Audit dependencies / composer audit step to the verify job, between Install and Format check, matching ci.yml. Tag-time gate set now matches CI: install → audit → format:check → phpstan → test.

No src/ changes.

Scope note (rebased 2026-06-09)

This PR originally also reworked the README Usage section and cut the ## [0.1.0] CHANGELOG heading. PR #2 landed equivalent (richer) README + CHANGELOG content into main first, so on rebase those edits were superseded and dropped — main already documents the built submit() surface and the 0.1.0 release. The branch now carries only the composer audit release-gate step, which main still lacked.

Why

Adjutant M1 first-contact finding F-ADJ-02 (release.yml audit-gap). The docs finding F-ADJ-01 is already closed on main via PR #2.

Follow-up

Merge → tag v0.1.0 is the Commander's follow-up — that is what makes the package stably installable via composer require under minimum-stability: stable. This PR cannot self-merge (protected main, code-owner review required).

🤖 Generated with Claude Code

@Goosterhof Goosterhof requested a review from jasperboerhof as a code owner June 8, 2026 14:24
@Goosterhof Goosterhof added the Agent Review Requested Requesting review of specialized AI review agents. label Jun 8, 2026
@jasperboerhof

Copy link
Copy Markdown
Contributor

PR Reviewer · claimed

@jasperboerhof

Copy link
Copy Markdown
Contributor

PR Reviewer · 9/10 · PASS — 🟡 1

kendo-report-tool #3 · AC anchor: none
Scores: acceptance SKIP · simplicity 9 · surface 9 · silent-failure – · efficiency –

🟡 MINOR

README.md:78 — Usage example uses RedirectResponse return type but omits its import

why + fix

Plan-less mode, universal heuristics. The FeedbackController example declares public function store(...): RedirectResponse and imports Illuminate\Http\Request plus the KendoReports client, but never imports Illuminate\Http\RedirectResponse. A reader copy-pasting the snippet hits an undefined-class error. Purely a documentation completeness nit — illustrative code, not shipped code — hence MINOR.

Fix: Add use Illuminate\Http\RedirectResponse; to the example's use block (alongside Request and KendoReports).

Action

merge-ready

jasperboerhof
jasperboerhof previously approved these changes Jun 8, 2026

@jasperboerhof jasperboerhof left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved — review verdict is PASS, CI is green, and no human blocker is outstanding. See the verdict comment for the breakdown.

@Goosterhof Goosterhof left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Approve-worthy

0 blockers · 0 concerns · 2 nits · 2 praise

Three-file docs + release-prep PR: replaces the stale "lands in the first client release" Usage blockquote (and its broken Agent-OS PLAN.md link) with a real submit() Usage section, cuts a ## [0.1.0] CHANGELOG heading, and backfills the missing composer audit step in release.yml. No src/ changes. Every doc claim I spot-checked matches source — this is mergeable.

Verification

  • Signature — README's documented submit(string $title, string $description, ?string $authorName = null, array $files = []): ?array matches src/KendoReports.php:51 character-for-character.
  • Contract — the 201 → decoded body, non-201/transport-failure → ReportSubmissionException, REPORT_TOOL_SWALLOW=true → log + null claims all match KendoReports.php:59-64 and :132-137; config/report-tool.php:80 confirms the REPORT_TOOL_SWALLOW env key.
  • Gate parityrelease.yml verify now reads install → audit → format:check → phpstan → test, exactly mirroring ci.yml:27-39. The asymmetry the PR body claims to close is real and now closed.
  • Release-notes extractionrelease.yml's awk keys on /^## \[/ matching the tag version, printing until the next ## [ boundary. The new heading ## [0.1.0] - 2026-06-08 satisfies the \[0.1.0\] match, and the ### Added body sits between it and EOF, so v0.1.0 tag-time extraction will capture the right block.

Nits

  • README.md — the FeedbackController snippet declares public function store(...): RedirectResponse but its use block imports only Illuminate\Http\Request and KendoReports, not Illuminate\Http\RedirectResponse. Illustrative-only, won't bite a reader, but a complete copy-paste snippet would import every referenced type.

  • CHANGELOG.md### Added now lives under ## [0.1.0], leaving ## [Unreleased] with no body. That's correct Keep-a-Changelog form for a cut release, but the next contributor will need to re-add a ### Added (or similar) stub under [Unreleased]; harmless, just flagging the empty section is intentional.

Praise

  • The CHANGELOG heading text was deliberately kept as exactly ## [0.1.0] to satisfy the release.yml awk extractor — that coupling between heading format and the tag-time notes generator is load-bearing and the PR body called it out explicitly rather than leaving it implicit.
  • Killing the broken github.com/script-development/ PLAN.md link (an Agent-OS internal reference that would 404 for any consumer) rather than just patching it — the right call for a public packagist package's front door.

Automated war-room agent review — posted because this PR carries the Agent Review Requested label.

@jasperboerhof

Copy link
Copy Markdown
Contributor

PR Merger · claimed

@jasperboerhof

Copy link
Copy Markdown
Contributor

PR Merger · needs-human

  • Target: kendo-report-tool
  • PR: release.yml: composer audit gate parity (v0.1.0 prep) #3 — Document built submit() surface + prep v0.1.0 release
  • Branch: docs/v0.1.0-usage-and-release-prep
  • Base: main
  • Worktree: removed (was ~/Code/agent-worktrees/kendo-report-tool/merge-3)
  • Reason: git merge origin/main produced conflicts the additive-list tier cannot resolve — both conflicted files are prose/docs with overlapping edits, which always bail to human.
  • Bailed files (with reason):
    • CHANGELOG.md — overlapping edit on the ## [0.1.0] heading line (HEAD uses -, base uses and adds an "Inaugural public release" intro line). Not pure addition + prose context.
    • README.md — 3 hunks, overlapping rewrites of the same Usage/Signature/example sections (HEAD documents a FeedbackController example + different prose; base documents an inline store() + restructured failure-semantics prose). Materially different docs for the same sections — editorial judgment.
  • Auto-resolvable files (not applied): none.
  • Suggested next step: resolve by hand in a ~/Code/kendo-report-tool-wt* slot (or a fresh clone). For each section pick the intended final wording — base/main appears to carry the newer release-prep prose; reconcile the submit() example you want to ship. No structured-data files involved, so no RETRO-005 hazard here.

README Usage: replace the unbuilt-scaffold blockquote (and its broken
Agent-OS PLAN.md link) with a real Usage section for the shipped
KendoReports::submit() transport — signature, return/throw contract,
swallow mode, and a backend-relay controller snippet.

CHANGELOG: cut a [0.1.0] - 2026-06-08 heading (empty [Unreleased] kept
above it) with the shipped submit() transport under Added; release.yml
awk keys on the exact "## [0.1.0]" heading.

release.yml: add the missing "Audit dependencies" / composer audit step
to the verify job so the tag-time gate set matches ci.yml
(install → audit → format:check → phpstan → test).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
@Goosterhof Goosterhof force-pushed the docs/v0.1.0-usage-and-release-prep branch from 249f1e0 to 4e4808a Compare June 9, 2026 08:59
@Goosterhof Goosterhof changed the title Document built submit() surface + prep v0.1.0 release release.yml: composer audit gate parity (v0.1.0 prep) Jun 9, 2026

@Goosterhof Goosterhof left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Approve-worthy

0 blockers · 0 concerns · 0 nits · 1 praise

A 3-line CI-parity chore: inserts the missing composer audit step into release.yml's verify job so a v0.1.0 tag is gated to the same standard as a PR. The diff is minimal, correctly placed, and every claim in the PR body checks out against main.

Verification

  • Parity target is realci.yml:29 runs an Audit dependencies / composer audit step; release.yml on main skipped straight from Install dependencies to Format check (release.yml:36→40). The audit gap was genuine.
  • Exact placement match — the new step lands between Install and Format check with the identical step name and run: command as CI. Tag-time gate set now reads install → audit → format:check → phpstan → test, mirroring CI's name: sequence (ci.yml:26,29,32,35,38).
  • Scope-note claim holdsmain already carries ## [0.1.0] — 2026-06-08 and the submit() surface in CHANGELOG.md:9,17 (PR #2). The README/CHANGELOG edits this branch originally carried were correctly superseded on rebase; the diff is now src/-free and touches only the workflow.

Praise

  • Right instinct to gate the tag at PR-equivalent rigor — an audit step that only fires on PRs but not at release lets a vulnerable transitive slip into a published v0.1.0. Closing that asymmetry before the first tag is the correct sequencing.

Automated war-room agent review — posted because this PR carries the Agent Review Requested label.

@jasperboerhof

Copy link
Copy Markdown
Contributor

PR Reviewer · claimed

@jasperboerhof

Copy link
Copy Markdown
Contributor

PR Reviewer · 9/10 · PASS

kendo-report-tool #3 · AC anchor: none
Scores: acceptance SKIP · simplicity 10 · surface 9 · silent-failure – · efficiency –

No findings — all reviewers clean.

Action

merge-ready

@jasperboerhof jasperboerhof left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved — review verdict is PASS, CI is green, and no human blocker is outstanding. See the verdict comment for the breakdown.

@Goosterhof Goosterhof merged commit aaf69e7 into main Jun 9, 2026
4 checks passed
@Goosterhof Goosterhof deleted the docs/v0.1.0-usage-and-release-prep branch June 9, 2026 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Agent Review Requested Requesting review of specialized AI review agents.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants