Skip to content

feat: support QSL live constraints#160

Merged
Pigbibi merged 3 commits into
mainfrom
codex/qsl-live-constraints
Jul 4, 2026
Merged

feat: support QSL live constraints#160
Pigbibi merged 3 commits into
mainfrom
codex/qsl-live-constraints

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add QSL live_constraint_files support for generated live pin files
  • treat documented legacy dependency files as notes instead of permanent warnings
  • sync internal_dependency_matrix.json to the current local Quant workspace baseline

Validation

  • python3 -m unittest discover -s python/tests -v
  • python3 -m ruff check scripts/check_qsl_compat.py python/scripts/qslctl.py python/scripts/check_internal_dependency_matrix.py python/tests/test_qsl_compat_checker.py python/tests/test_qslctl.py python/tests/test_internal_dependency_matrix.py
  • qslctl report: 0 strict / 0 warnings / 25 clean
  • qslctl generate-matrix --check: ok=true

Co-Authored-By: Codex <noreply@openai.com>
@cursor

cursor Bot commented Jul 4, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

🤖 Codex PR Review

⚠️ Review skipped: The Codex review could not be completed.

No Codex service URL or API key configured. Set CODEX_AUDIT_SERVICE_URL, ANTHROPIC_API_KEY, or OPENAI_API_KEY.

Please ensure a human reviewer checks this PR before merging.

Co-Authored-By: Codex <noreply@openai.com>
@cursor

cursor Bot commented Jul 4, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b6d8133bb8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +219 to +220
if legacy_ref.source in live_constraint_files:
_validate_live_ref(legacy_ref, issues, warnings, enforce_bundle)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor configured live constraint paths

When a repo declares live_constraint_files with a generated file name other than exactly requirements.txt or constraints.txt (for example live-constraints.txt), those refs never reach this branch because _gather_legacy_refs still only extracts the two hard-coded legacy files. The checker still notes live_constraint_files=... and returns ok even if the declared live file contains @main or short refs, so live deployments can bypass the compatibility gate; include the configured files in the extraction set and match paths consistently before applying live validation.

Useful? React with 👍 / 👎.

Co-Authored-By: Codex <noreply@openai.com>
@cursor

cursor Bot commented Jul 4, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d285a675c4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +263 to +266
if enforce_bundle:
issues.append(message)
else:
warnings.append(message)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep live constraint refs fatal in transition mode

When a repo declares live_constraint_files but also sets enforce_bundle = false for a transition, a short or otherwise invalid ref in the live constraint file is downgraded to a warning here, so _check returns ok=True because there are no issues. That lets generated live deployment pins use abc123 (or similar non-full-SHA refs) while the compatibility gate still passes; live constraints should only relax bundle-drift checks, not allow non-immutable refs.

Useful? React with 👍 / 👎.

@Pigbibi Pigbibi merged commit 0e86597 into main Jul 4, 2026
10 checks passed
@Pigbibi Pigbibi deleted the codex/qsl-live-constraints branch July 4, 2026 22:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant