diff --git a/scripts/coderabbit-triage/metrics/v0.2.8.json b/scripts/coderabbit-triage/metrics/v0.2.8.json new file mode 100644 index 000000000..9765ae6f0 --- /dev/null +++ b/scripts/coderabbit-triage/metrics/v0.2.8.json @@ -0,0 +1,755 @@ +{ + "release": "v0.2.8", + "date": "2026-05-21", + "prs_analyzed": 13, + "total_comments": 38, + "critical": 3, + "major": 35, + "by_component": { + "api-server": { + "critical": 0, + "major": 4, + "total": 4 + }, + "cli": { + "critical": 0, + "major": 4, + "total": 4 + }, + "other": { + "critical": 1, + "major": 12, + "total": 13 + }, + "runner": { + "critical": 0, + "major": 6, + "total": 6 + }, + "sdk": { + "critical": 0, + "major": 4, + "total": 4 + }, + "frontend": { + "critical": 2, + "major": 1, + "total": 3 + }, + "operator": { + "critical": 0, + "major": 1, + "total": 1 + }, + "manifests": { + "critical": 0, + "major": 3, + "total": 3 + } + }, + "top_patterns": [ + { + "name": "Credential sidecar authentication mechanism is undefined.", + "count": 3, + "critical": 0, + "major": 3, + "impact_score": 9, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3277736061, + "title": "Credential sidecar authentication mechanism is undefined.", + "path": "specs/integrations/mcp-server.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277736061", + "ai_prompt": "" + }, + { + "id": 3277823980, + "title": "Credential sidecar auth contract is incomplete for RSA-OAEP flow", + "path": "specs/integrations/mcp-server.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277823980", + "ai_prompt": "" + }, + { + "id": 3278291811, + "title": "Gate credential sidecar injection on token-exchange prerequisites.", + "path": "components/ambient-control-plane/internal/reconciler/kube_reconciler.go", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291811", + "ai_prompt": "" + } + ] + }, + { + "name": "Fix TypeScript compilation error in mock typing.", + "count": 2, + "critical": 2, + "major": 0, + "impact_score": 8, + "components": [ + "frontend" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3217749388, + "title": "Fix TypeScript compilation error in mock typing.", + "path": "components/frontend/src/components/__tests__/session-details-modal.test.tsx", + "html_url": "https://github.com/ambient-code/platform/pull/1544#discussion_r3217749388", + "ai_prompt": "" + }, + { + "id": 3217749414, + "title": "Fix TypeScript mock typing (same issue as other test file).", + "path": "components/frontend/src/components/workspace-sections/__tests__/sessions-section.test.tsx", + "html_url": "https://github.com/ambient-code/platform/pull/1544#discussion_r3217749414", + "ai_prompt": "" + } + ] + }, + { + "name": "Do not silently drop server-version failure states", + "count": 2, + "critical": 0, + "major": 2, + "impact_score": 6, + "components": [ + "api-server", + "cli" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278497334, + "title": "Do not silently drop server-version failure states", + "path": "components/ambient-cli/cmd/acpctl/version/cmd.go", + "html_url": "https://github.com/ambient-code/platform/pull/1602#discussion_r3278497334", + "ai_prompt": "" + }, + { + "id": 3237872122, + "title": "Rollback path silently discards failures.", + "path": "components/ambient-api-server/plugins/roleBindings/migration.go", + "html_url": "https://github.com/ambient-code/platform/pull/1581#discussion_r3237872122", + "ai_prompt": "" + } + ] + }, + { + "name": "Prefer the current user's credential file before scanning the directory.", + "count": 2, + "critical": 0, + "major": 2, + "impact_score": 6, + "components": [ + "runner" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3221945965, + "title": "Prefer the current user's credential file before scanning the directory.", + "path": "components/runners/ambient-runner/ambient_runner/bridges/claude/mcp.py", + "html_url": "https://github.com/ambient-code/platform/pull/1557#discussion_r3221945965", + "ai_prompt": "" + }, + { + "id": 3221945982, + "title": "Write the Google credential file atomically.", + "path": "components/runners/ambient-runner/ambient_runner/platform/auth.py", + "html_url": "https://github.com/ambient-code/platform/pull/1557#discussion_r3221945982", + "ai_prompt": "" + } + ] + }, + { + "name": "Credential bootstrap wrapper is missing for this sidecar flow (also applies to `google/Dockerfile`).", + "count": 1, + "critical": 1, + "major": 0, + "impact_score": 4, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278291833, + "title": "Credential bootstrap wrapper is missing for this sidecar flow (also applies to `google/Dockerfile`).", + "path": "components/credential-sidecars/k8s/Dockerfile", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291833", + "ai_prompt": "" + } + ] + }, + { + "name": "Handle the marshal/write error paths instead of discarding them.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "api-server" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278497329, + "title": "Handle the marshal/write error paths instead of discarding them.", + "path": "components/ambient-api-server/plugins/version/plugin.go", + "html_url": "https://github.com/ambient-code/platform/pull/1602#discussion_r3278497329", + "ai_prompt": "" + } + ] + }, + { + "name": "Avoid printing raw errors in user-facing version output", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "cli" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278497338, + "title": "Avoid printing raw errors in user-facing version output", + "path": "components/ambient-cli/cmd/acpctl/version/cmd.go", + "html_url": "https://github.com/ambient-code/platform/pull/1602#discussion_r3278497338", + "ai_prompt": "" + } + ] + }, + { + "name": "Stop enforcing plaintext token output in CLI tests.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "cli" + ], + "covered_by_guardrail": "No tokens in logs", + "example_comments": [ + { + "id": 3277711134, + "title": "Stop enforcing plaintext token output in CLI tests.", + "path": "components/ambient-cli/cmd/acpctl/credential/cmd_test.go", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277711134", + "ai_prompt": "" + } + ] + }, + { + "name": "Document git credential HTTP endpoint in MCP server spec or clarify relation to MCP transport.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3277736057, + "title": "Document git credential HTTP endpoint in MCP server spec or clarify relation to MCP transport.", + "path": "specs/agents/runner.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277736057", + "ai_prompt": "" + } + ] + }, + { + "name": "Add gitlab-mcp to the MCP Servers table.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3277816091, + "title": "Add gitlab-mcp to the MCP Servers table.", + "path": "specs/agents/runner.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277816091", + "ai_prompt": "" + } + ] + }, + { + "name": "Update legacy runner credential flow references to match sidecar isolation", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3277823972, + "title": "Update legacy runner credential flow references to match sidecar isolation", + "path": "specs/agents/runner.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277823972", + "ai_prompt": "" + } + ] + }, + { + "name": "Sidecar transport mode conflicts with earlier MCP transport definition", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3277823975, + "title": "Sidecar transport mode conflicts with earlier MCP transport definition", + "path": "specs/integrations/mcp-server.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3277823975", + "ai_prompt": "" + } + ] + }, + { + "name": "Do not fail open when required bootstrap env vars are missing.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278291817, + "title": "Do not fail open when required bootstrap env vars are missing.", + "path": "components/credential-sidecars/entrypoint/main.go", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291817", + "ai_prompt": "" + } + ] + }, + { + "name": "Avoid including raw credential API response bodies in errors.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278291828, + "title": "Avoid including raw credential API response bodies in errors.", + "path": "components/credential-sidecars/entrypoint/main.go", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291828", + "ai_prompt": "" + } + ] + }, + { + "name": "Harden sidecar URL parsing to avoid runtime crashes on malformed config.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "runner" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278291834, + "title": "Harden sidecar URL parsing to avoid runtime crashes on malformed config.", + "path": "components/runners/ambient-runner/ambient_runner/bridges/claude/mcp.py", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291834", + "ai_prompt": "" + } + ] + }, + { + "name": "Don\u2019t activate sidecar mode from a non-empty string alone.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "runner" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278291837, + "title": "Don\u2019t activate sidecar mode from a non-empty string alone.", + "path": "components/runners/ambient-runner/ambient_runner/platform/auth.py", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291837", + "ai_prompt": "" + } + ] + }, + { + "name": "Gate GitHub MCP push instructions on a valid GitHub sidecar entry.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "runner" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3278291839, + "title": "Gate GitHub MCP push instructions on a valid GitHub sidecar entry.", + "path": "components/runners/ambient-runner/ambient_runner/platform/prompts.py", + "html_url": "https://github.com/ambient-code/platform/pull/1599#discussion_r3278291839", + "ai_prompt": "" + } + ] + }, + { + "name": "Installer failure masked by pipeline exit code semantics.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "runner" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3268850558, + "title": "Installer failure masked by pipeline exit code semantics.", + "path": "components/runners/ambient-runner/Dockerfile", + "html_url": "https://github.com/ambient-code/platform/pull/1593#discussion_r3268850558", + "ai_prompt": "" + } + ] + }, + { + "name": "Migration removes uniqueness/invariant enforcement without replacement.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "api-server" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237872116, + "title": "Migration removes uniqueness/invariant enforcement without replacement.", + "path": "components/ambient-api-server/plugins/roleBindings/migration.go", + "html_url": "https://github.com/ambient-code/platform/pull/1581#discussion_r3237872116", + "ai_prompt": "" + } + ] + }, + { + "name": "Credential lookup can misbind due to unescaped search input and first-result selection.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "cli" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237872132, + "title": "Credential lookup can misbind due to unescaped search input and first-result selection.", + "path": "components/ambient-cli/cmd/acpctl/credential/cmd.go", + "html_url": "https://github.com/ambient-code/platform/pull/1581#discussion_r3237872132", + "ai_prompt": "" + } + ] + }, + { + "name": "Generated SDK file was manually edited and is now drifting from source OpenAPI.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "sdk" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237872134, + "title": "Generated SDK file was manually edited and is now drifting from source OpenAPI.", + "path": "components/ambient-sdk/go-sdk/types/role_binding.go", + "html_url": "https://github.com/ambient-code/platform/pull/1581#discussion_r3237872134", + "ai_prompt": "" + } + ] + }, + { + "name": "SDK drift blocks CI \u2014 regenerate or update generator.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "sdk" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237872138, + "title": "SDK drift blocks CI \u2014 regenerate or update generator.", + "path": "components/ambient-sdk/python-sdk/ambient_platform/role_binding.py", + "html_url": "https://github.com/ambient-code/platform/pull/1581#discussion_r3237872138", + "ai_prompt": "" + } + ] + }, + { + "name": "Builder setters remove explicit `null` support for nullable pointer fields.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "sdk" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237968752, + "title": "Builder setters remove explicit `null` support for nullable pointer fields.", + "path": "components/ambient-sdk/generator/templates/go/types.go.tmpl", + "html_url": "https://github.com/ambient-code/platform/pull/1581#discussion_r3237968752", + "ai_prompt": "" + } + ] + }, + { + "name": "Resolve conflicting RoleBinding FK cardinality rules", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237676330, + "title": "Resolve conflicting RoleBinding FK cardinality rules", + "path": "specs/api/ambient-model.spec.md", + "html_url": "https://github.com/ambient-code/platform/pull/1580#discussion_r3237676330", + "ai_prompt": "" + } + ] + }, + { + "name": "Add explicit OpenAPI \u2194 model field parity to Step 3", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3237676333, + "title": "Add explicit OpenAPI \u2194 model field parity to Step 3", + "path": "workflows/sessions/ambient-model.workflow.md", + "html_url": "https://github.com/ambient-code/platform/pull/1580#discussion_r3237676333", + "ai_prompt": "" + } + ] + }, + { + "name": "Remove or sanitize this security issue dataset before merge.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "other" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3236177276, + "title": "Remove or sanitize this security issue dataset before merge.", + "path": ".beads/issues.jsonl", + "html_url": "https://github.com/ambient-code/platform/pull/1574#discussion_r3236177276", + "ai_prompt": "" + } + ] + }, + { + "name": "URL-encode `resource_id` before inserting it into credential API paths.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "sdk" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3228644841, + "title": "URL-encode `resource_id` before inserting it into credential API paths.", + "path": "components/ambient-sdk/python-sdk/ambient_platform/_credential_api.py", + "html_url": "https://github.com/ambient-code/platform/pull/1570#discussion_r3228644841", + "ai_prompt": "" + } + ] + }, + { + "name": "Sub-daily detection is time-dependent and can misclassify schedules.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "frontend" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3226972495, + "title": "Sub-daily detection is time-dependent and can misclassify schedules.", + "path": "components/frontend/src/lib/cron.ts", + "html_url": "https://github.com/ambient-code/platform/pull/1564#discussion_r3226972495", + "ai_prompt": "" + } + ] + }, + { + "name": "Silently returning `\"\"` on transient errors recreates the 401 this PR is fixing.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "operator" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3221684883, + "title": "Silently returning `\"\"` on transient errors recreates the 401 this PR is fixing.", + "path": "components/operator/internal/handlers/helpers.go", + "html_url": "https://github.com/ambient-code/platform/pull/1556#discussion_r3221684883", + "ai_prompt": "" + } + ] + }, + { + "name": "Add explicit namespace scoping for this policy", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "manifests" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3221419792, + "title": "Add explicit namespace scoping for this policy", + "path": "components/manifests/base/runner-networkpolicy.yaml", + "html_url": "https://github.com/ambient-code/platform/pull/1553#discussion_r3221419792", + "ai_prompt": "" + } + ] + }, + { + "name": "Scope ingress to backend pods, not all pods", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "manifests" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3221419803, + "title": "Scope ingress to backend pods, not all pods", + "path": "components/manifests/base/runner-networkpolicy.yaml", + "html_url": "https://github.com/ambient-code/platform/pull/1553#discussion_r3221419803", + "ai_prompt": "" + } + ] + }, + { + "name": "Add backend credential handler for `vertex` provider.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "api-server" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3222063971, + "title": "Add backend credential handler for `vertex` provider.", + "path": "components/ambient-api-server/openapi/openapi.credentials.yaml", + "html_url": "https://github.com/ambient-code/platform/pull/1548#discussion_r3222063971", + "ai_prompt": "" + } + ] + }, + { + "name": "Remove overly permissive ingress rule on lines 10\u201311.", + "count": 1, + "critical": 0, + "major": 1, + "impact_score": 3, + "components": [ + "manifests" + ], + "covered_by_guardrail": null, + "example_comments": [ + { + "id": 3227316114, + "title": "Remove overly permissive ingress rule on lines 10\u201311.", + "path": "components/manifests/base/runner-networkpolicy.yaml", + "html_url": "https://github.com/ambient-code/platform/pull/1548#discussion_r3227316114", + "ai_prompt": "" + } + ] + } + ], + "coverage_gaps": 32, + "pattern_categories": { + "security": 26, + "error_handling": 7, + "k8s_resources": 3, + "validation": 2 + } +}