Skip to content

chore: repository hygiene, metadata accuracy, and CI least-privilege pass#143

Merged
JohnnyWilson16 merged 1 commit into
mainfrom
chore/repo-polish-jwd
Jul 16, 2026
Merged

chore: repository hygiene, metadata accuracy, and CI least-privilege pass#143
JohnnyWilson16 merged 1 commit into
mainfrom
chore/repo-polish-jwd

Conversation

@JohnnyWilson16

@JohnnyWilson16 JohnnyWilson16 commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Repository hygiene and metadata-accuracy pass. No runtime behavior changes.

What changed

Removed dead / accidental content

  • .superpowers/ task reports and docs/superpowers/ internal planning notes (the latter were being published, unlinked, on the docs site). .superpowers/ is now git-ignored.
  • MANIFEST.in — the hatchling build backend never reads it; the sdist was verified byte-identical with and without it.
  • freshdata-benchmarks/.github/workflows/ — nested workflow directories are never executed by GitHub Actions.

Packaging fix

  • The hatchling sdist include patterns are now anchored to the repo root. Unanchored patterns match at any depth, so bare "examples" / "README.md" were shipping docs/examples/*.html and nested READMEs. The sdist now contains exactly the documented file set (809 → 796 files); the wheel is unchanged.

CI hardening

  • Every workflow now declares least-privilege GITHUB_TOKEN permissions (read-only by default; the nightly-alert and coverage-badge jobs keep their scoped write grants). Verified none of the newly restricted workflows performs writes.

Truthfulness / docs accuracy

  • freshdata-benchmarks/README.md claimed weekly CI execution, gh-pages publishing, and three CI jobs — none of which existed (they lived in the dead nested workflow). It now documents the ASV suite as a locally-run comparative benchmark, separate from the CleanBench CI workflow, and drops the two misleading badges.
  • SECURITY.md supported-versions table updated 1.0.x → 1.1.x.
  • CONTRIBUTING.md, README.md, QUALITY_OPS.md, and docs/contributing.md now quote the exact commands CI runs (pytest -m "not online and not large", ruff check .) instead of bare pytest (needs network) and ruff check src tests.
  • Dropped the pre-commit ruff-format hook: the tree is not format-clean (322/587 files) and CI never enforced formatting, so the hook only injected unrelated hunks into contributor diffs. The config comment now documents this deliberately.
  • CHANGELOG.md: merged the duplicate ### Added headings in Unreleased (merge artifact) and restored keep-a-changelog section order.

Added

  • CITATION.cff (enables GitHub's "Cite this repository"; facts only, no version pin to go stale).
  • A documentation issue template alongside the existing bug/feature templates.

Validation

  • pytest -m "not online and not large": pass, 93.7% coverage (gate 93%), re-run after all edits
  • ruff check ., mypy src/freshdata (with the CI numpy<2.5 pin): clean
  • mkdocs build --strict: pass
  • python -m build + twine check dist/*: PASSED; sdist A/B-diffed against pre-change build
  • Built wheel installed into a clean venv: import, fd.clean(...), freshdata --help, and freshdata clean file.csv all work
  • pre-commit validate-config and YAML parse of all workflows: pass

Notes for review

  • Version stays two-place (pyproject + __version__) on purpose — the release workflow cross-checks both and fails closed; that duality is an enforced gate.
  • No tree-wide ruff format was applied: it would touch 322 files and conflict with every open PR. Adopting formatting is left as a separate decision.

Summary by CodeRabbit

  • Documentation

    • Added a dedicated template for reporting documentation issues.
    • Updated contributor, development, release, security, and project-structure guidance.
    • Clarified benchmark usage and local result publishing.
    • Added software citation metadata.
  • Security

    • Restricted automated workflows to read-only repository access by default.
    • Updated supported security-fix versions to the 1.1.x line.
  • Packaging

    • Improved source distribution file matching for more reliable package contents.
  • Changelog

    • Documented recent additions, changes, fixes, and removals.

- remove committed AI-assistant working artifacts (.superpowers/,
  docs/superpowers/ published to the docs site) and git-ignore them
- remove dead MANIFEST.in (hatchling ignores it; sdist verified
  byte-identical without it)
- remove the never-executed nested freshdata-benchmarks/.github workflow
  and correct that README's CI-execution/published-results claims
- anchor hatchling sdist include patterns to the repo root so the sdist
  ships exactly the documented file set
- declare least-privilege GITHUB_TOKEN permissions in every workflow
- align contributor docs (CONTRIBUTING.md, README.md, QUALITY_OPS.md,
  docs/contributing.md) with the exact commands CI runs; drop the
  unenforced ruff-format pre-commit hook and document why
- update SECURITY.md supported-versions table to 1.1.x
- merge duplicate Unreleased headings in CHANGELOG.md and record this pass
- add CITATION.cff and a documentation issue template
@strix-security

Copy link
Copy Markdown
Contributor

Strix is installed on this repository, but we couldn't run this PR security review because this workspace's trial has ended. Add a card to resume code reviews here.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The PR adds read-only permissions to GitHub Actions workflows, aligns contributor checks with CI, updates packaging and release metadata, adds citation and documentation issue templates, revises benchmark and repository documentation, and removes obsolete planning and report artifacts.

Changes

CI and contributor workflow

Layer / File(s) Summary
Least-privilege workflow permissions
.github/workflows/*.yml
Seven workflows now explicitly grant contents: read permissions.
Contributor check alignment
.pre-commit-config.yaml, CONTRIBUTING.md, QUALITY_OPS.md, docs/contributing.md, README.md
Contributor setup and documentation now use the CI-matching fast test lane, repository-wide Ruff checks, and no Ruff formatter hook.

Release and packaging metadata

Layer / File(s) Summary
Packaging and release records
pyproject.toml, CITATION.cff, RELEASE.md, SECURITY.md, CHANGELOG.md
sdist include patterns are anchored, citation and security metadata are updated, release commands use version placeholders, and the Unreleased changelog is reorganized.

Repository documentation and hygiene

Layer / File(s) Summary
Repository guidance and issue intake
.github/ISSUE_TEMPLATE/*, .gitignore, README.md
A documentation issue template and .superpowers/ ignore rule are added, while repository links and structure documentation are revised.
Benchmark documentation
freshdata-benchmarks/README.md, freshdata-benchmarks/.github/workflows/benchmark.yml
Benchmark documentation now describes local ASV publishing and distinguishes it from CleanBench CI; the benchmark workflow is removed.
Investigation documentation cleanup
docs/performance-investigation.md, docs/superpowers/*, .superpowers/sdd/*
References to removed planning and report artifacts are revised, and obsolete planning/report documents are deleted.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related PRs

Suggested reviewers: johnnywilson-portfolio

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the PR’s main focus on repo hygiene, metadata updates, and CI least-privilege changes.
Description check ✅ Passed The description covers the main changes, validation, and notes, but it does not follow the template headings or include the issue/type/checklist sections.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/repo-polish-jwd

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/performance-investigation.md`:
- Around line 440-444: The documentation summary conflates final-build warnings
with warnings from the earlier pre-cleanup run. Update the passages at
docs/performance-investigation.md lines 440-444 and 462-464 to attribute the
un-navigated planning-page warnings only to the earlier verification run, or
remove that stale attribution from the final-gate summary; preserve the separate
Material-for-MkDocs notice as appropriate.

In `@pyproject.toml`:
- Around line 247-250: Add "/CITATION.cff" to the explicitly anchored include
array in the pyproject.toml build configuration so Hatchling includes the
citation metadata in the source distribution.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 5610039f-883b-4d49-acb8-52e1c99fa4ed

📥 Commits

Reviewing files that changed from the base of the PR and between a21e19c and f10cf74.

📒 Files selected for processing (31)
  • .github/ISSUE_TEMPLATE/documentation.md
  • .github/workflows/ci.yml
  • .github/workflows/fetch-fixtures.yml
  • .github/workflows/nightly-real-model.yml
  • .github/workflows/plugin-contract.yml
  • .github/workflows/reproducibility.yml
  • .github/workflows/wheel-size.yml
  • .gitignore
  • .pre-commit-config.yaml
  • .superpowers/sdd/task-4-report.md
  • .superpowers/sdd/task-5-report.md
  • .superpowers/sdd/task-6-report.md
  • CHANGELOG.md
  • CITATION.cff
  • CONTRIBUTING.md
  • MANIFEST.in
  • QUALITY_OPS.md
  • README.md
  • RELEASE.md
  • SECURITY.md
  • docs/contributing.md
  • docs/performance-investigation.md
  • docs/superpowers/plans/2026-07-11-freshdata-performance-baseline-profiling.md
  • docs/superpowers/plans/2026-07-13-freshdata-semantic-performance-optimization.md
  • docs/superpowers/plans/2026-07-14-freshdata-truthbench.md
  • docs/superpowers/specs/2026-07-11-freshdata-confirmed-performance-bottlenecks-design.md
  • docs/superpowers/specs/2026-07-11-freshdata-performance-scalability-design.md
  • docs/superpowers/specs/2026-07-14-freshdata-truthbench-design.md
  • freshdata-benchmarks/.github/workflows/benchmark.yml
  • freshdata-benchmarks/README.md
  • pyproject.toml
💤 Files with no reviewable changes (11)
  • docs/superpowers/plans/2026-07-11-freshdata-performance-baseline-profiling.md
  • docs/superpowers/specs/2026-07-11-freshdata-performance-scalability-design.md
  • docs/superpowers/specs/2026-07-11-freshdata-confirmed-performance-bottlenecks-design.md
  • MANIFEST.in
  • docs/superpowers/specs/2026-07-14-freshdata-truthbench-design.md
  • .superpowers/sdd/task-4-report.md
  • .superpowers/sdd/task-5-report.md
  • freshdata-benchmarks/.github/workflows/benchmark.yml
  • docs/superpowers/plans/2026-07-13-freshdata-semantic-performance-optimization.md
  • docs/superpowers/plans/2026-07-14-freshdata-truthbench.md
  • .superpowers/sdd/task-6-report.md

Comment thread docs/performance-investigation.md
Comment thread pyproject.toml
@JohnnyWilson16
JohnnyWilson16 merged commit eade3ef into main Jul 16, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant