feat: support QSL live constraints#160
Conversation
Co-Authored-By: Codex <noreply@openai.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
🤖 Codex PR ReviewPlease ensure a human reviewer checks this PR before merging. |
Co-Authored-By: Codex <noreply@openai.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b6d8133bb8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if legacy_ref.source in live_constraint_files: | ||
| _validate_live_ref(legacy_ref, issues, warnings, enforce_bundle) |
There was a problem hiding this comment.
Honor configured live constraint paths
When a repo declares live_constraint_files with a generated file name other than exactly requirements.txt or constraints.txt (for example live-constraints.txt), those refs never reach this branch because _gather_legacy_refs still only extracts the two hard-coded legacy files. The checker still notes live_constraint_files=... and returns ok even if the declared live file contains @main or short refs, so live deployments can bypass the compatibility gate; include the configured files in the extraction set and match paths consistently before applying live validation.
Useful? React with 👍 / 👎.
Co-Authored-By: Codex <noreply@openai.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d285a675c4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if enforce_bundle: | ||
| issues.append(message) | ||
| else: | ||
| warnings.append(message) |
There was a problem hiding this comment.
Keep live constraint refs fatal in transition mode
When a repo declares live_constraint_files but also sets enforce_bundle = false for a transition, a short or otherwise invalid ref in the live constraint file is downgraded to a warning here, so _check returns ok=True because there are no issues. That lets generated live deployment pins use abc123 (or similar non-full-SHA refs) while the compatibility gate still passes; live constraints should only relax bundle-drift checks, not allow non-immutable refs.
Useful? React with 👍 / 👎.
Summary
Validation