Skip to content

Fix #505: include rename previous paths in PR trust classification#510

Open
marktech0813 wants to merge 1 commit into
vouchdev:mainfrom
marktech0813:fix/505-gittensor
Open

Fix #505: include rename previous paths in PR trust classification#510
marktech0813 wants to merge 1 commit into
vouchdev:mainfrom
marktech0813:fix/505-gittensor

Conversation

@marktech0813

@marktech0813 marktech0813 commented Jul 16, 2026

Copy link
Copy Markdown

Summary

Fixes #505 — trust-gate / auto-merge / related workflows now list changed files via REST pulls/{n}/files, which includes previous_filename on renames, and pass both paths into pr_bot classification.

This closes the git mv bypass of CORE_GLOBS detection.

Test plan

  • pytest tests/test_pr_bot.py -k rename
  • Untrusted PR that only renames src/vouch/http_server.py fails trust-gate as core

Summary by CodeRabbit

  • Bug Fixes
    • Improved changed-file detection used by automated checks by switching to GitHub’s pull request files listing with pagination.
    • Renamed files now account for both the original and new paths, preventing core rename paths from being missed.
    • Enhances trust/merge and UI screenshot gating accuracy based on the updated file set.
  • Documentation
    • Clarified classification precedence (core > UI > code) and the expected rename-history inputs.
  • Tests
    • Added unit tests covering renamed core classification, including cases where rename history is absent.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review Change Stack

Important

Review skipped

No new commits to review since the last review.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 406bce39-f275-44ce-9f59-ab2b0328ea93

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The workflows now collect paginated pull-request file data through the REST API, including rename source paths. Classification documentation and tests cover core-path rename handling.

Changes

Rename-aware classification

Layer / File(s) Summary
Classification contract and rename coverage
src/vouch/pr_bot.py, tests/test_pr_bot.py
The classify documentation defines precedence and rename-source requirements; tests cover renamed core paths with and without previous filenames.
Workflow changed-file collection
.github/workflows/auto-merge.yml, .github/workflows/comment-command.yml, .github/workflows/trust-gate.yml, .github/workflows/ui-screenshot-gate.yml
Workflows use the paginated pull-request files REST endpoint and write current plus non-empty previous filenames to changed.txt.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • vouchdev/vouch#487: Updates changed-file collection in auto-merge classification.
  • vouchdev/vouch#506: Uses REST pull-request files and previous filenames for core-path classification.

Suggested reviewers: plind-junior

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The workflows now use the REST files endpoint and pass rename previous paths, matching the issue’s core requirements.
Out of Scope Changes check ✅ Passed The docstring update and added tests are directly related to the rename-classification fix, with no unrelated changes evident.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: including rename previous paths in PR trust classification.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added ci github actions and automation tests tests and fixtures size: XS less than 50 changed non-doc lines labels Jul 16, 2026
@marktech0813
marktech0813 force-pushed the fix/505-gittensor branch 2 times, most recently from e7a1aa4 to 4713af1 Compare July 16, 2026 16:04
…ation

gh pr view --json files omits previous_filename, so git mv of a CORE_GLOBS
path could classify as code and bypass trust-gate/auto-merge blocks.

Switch workflows to REST pulls/files (which includes previous_filename)
and feed both current and previous paths into classify/core-touched.
@plind-junior

Copy link
Copy Markdown
Member

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci github actions and automation size: XS less than 50 changed non-doc lines tests tests and fixtures

Projects

None yet

Development

Successfully merging this pull request may close these issues.

security: pr_bot core-path classification is blind to file renames — trust-gate and auto-merge gating can be bypassed with git mv

2 participants