Skip to content

fix(proposals): audit before decided-move; close cli parity#475

Merged
plind-junior merged 3 commits into
mainfrom
fix/audit-order-and-cli-parity
Jul 13, 2026
Merged

fix(proposals): audit before decided-move; close cli parity#475
plind-junior merged 3 commits into
mainfrom
fix/audit-order-and-cli-parity

Conversation

@plind-junior

@plind-junior plind-junior commented Jul 13, 2026

Copy link
Copy Markdown
Member

two p0 integrity items from the roadmap (.superpowers/roadmap.md step 2):

  • approve/reject/expire recorded the audit event only after moving the proposal to decided/, so a crash between the two produced a durable decision with no authoritative history. the decision event is now written first; a crash leaves a pending proposal with its event, and the approve retry path is already guarded by the existing-artifact check. covered by crash-simulation tests.
  • the three-surface parity promise was only enforced for jsonl + mcp. test_capabilities now maps every kb.* method to a cli command (default name rule + explicit alias table). five methods had no cli mirror at all — propose-delete, source list, session list, session transcript, session summarize — and gain commands that reuse the same backends as the jsonl handlers, including the degraded-shape behaviour for absent sessions.

full local gate green: pytest (non-embeddings), mypy, ruff.

Summary by CodeRabbit

  • New Features

    • Added a review-gated propose-delete command with optional rationale and dry-run support.
    • Added commands to list registered sources and captured sessions, with JSON output options.
    • Added session transcript and summarization commands for inspecting and preparing session content.
  • Bug Fixes

    • Improved audit reliability by recording proposal decisions before finalizing proposal state.
  • Tests

    • Added coverage for new CLI commands, error handling, command parity, and audit recovery behavior.

approve/reject/expire moved the proposal to decided/ and only then
wrote the audit event, so a crash between the two produced a durable
decision with no authoritative history. the log is authoritative:
audit first, then move. a crash now leaves a pending proposal with its
decision event — recoverable, and the approve retry path is already
guarded by the existing-artifact check.
test_capabilities now asserts every kb.* method has a cli mirror
(default foo-bar rule plus an explicit alias table), completing the
jsonl + mcp checks. five methods had no mirror; they gain commands:
propose-delete, source list, session list, session transcript, and
session summarize. the session read commands mirror the jsonl
surface's degraded-shape behaviour instead of erroring.
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@plind-junior, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 40 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: f5d26822-2b32-40be-af19-edc6b2c5f928

📥 Commits

Reviewing files that changed from the base of the PR and between 03b21c6 and d2a4200.

📒 Files selected for processing (1)
  • src/vouch/cli.py
📝 Walkthrough

Walkthrough

The CLI adds deletion proposal, source listing, and session inspection commands. Proposal approval, rejection, and expiration now audit before moving proposals to the decided state, with regression tests and CLI capability parity coverage.

Changes

CLI proposal and introspection surfaces

Layer / File(s) Summary
CLI proposal and session surfaces
src/vouch/cli.py, tests/test_cli.py, tests/test_capabilities.py
Adds propose-delete, source list, and session commands for listing, transcript retrieval, and summarization, with JSON/text output, error handling, regression tests, and CLI capability parity validation.
Audit-before-decision ordering
src/vouch/proposals.py, tests/test_audit.py
Writes approval, rejection, and expiration audit events before moving proposals to decided/, with crash simulation tests for each path.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant CLI as vouch session summarize
  participant Summarizer as session_split.summarize
  participant Proposals as pending page proposals
  CLI->>Summarizer: session_id and mode
  Summarizer->>Proposals: create pending page proposals
  Proposals-->>CLI: JSON result
Loading

Possibly related PRs

  • vouchdev/vouch#31: Introduces the _cli_errors() mechanism used by the new CLI proposal and session commands.
  • vouchdev/vouch#111: Also modifies approval workflow code in src/vouch/proposals.py.

Suggested reviewers: dripsmvcp, tet-9, jsdevninja, claytonlin1110, galuis116

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is specific and reflects the two main changes: audit ordering in proposals and CLI parity work.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/audit-order-and-cli-parity

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added cli command line interface mcp mcp, jsonl, and http surfaces storage kb storage, migrations, schemas, and proposals tests tests and fixtures size: M 200-499 changed non-doc lines labels Jul 13, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/vouch/cli.py`:
- Around line 2240-2250: Update the --mode option on session_summarize_cmd to
use click.Choice with the allowed values "auto", "split", and "mechanical",
preserving the existing default of "auto" and passing the validated mode to
session_split.summarize.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 919d070a-0039-4668-8961-5cecde95663f

📥 Commits

Reviewing files that changed from the base of the PR and between 5363642 and 03b21c6.

📒 Files selected for processing (5)
  • src/vouch/cli.py
  • src/vouch/proposals.py
  • tests/test_audit.py
  • tests/test_capabilities.py
  • tests/test_cli.py

Comment thread src/vouch/cli.py
a typo like 'mechancial' silently fell through to the auto size gate;
click.Choice rejects it at parse time. (coderabbit review)
@plind-junior plind-junior merged commit 9ac49c5 into main Jul 13, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cli command line interface mcp mcp, jsonl, and http surfaces size: M 200-499 changed non-doc lines storage kb storage, migrations, schemas, and proposals tests tests and fixtures

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant