Skip to content

varlock: adopt selective shared imports#340

Merged
WalksWithASwagger merged 1 commit into
mainfrom
codex/issue-339-selective-shared-imports
Jul 19, 2026
Merged

varlock: adopt selective shared imports#340
WalksWithASwagger merged 1 commit into
mainfrom
codex/issue-339-selective-shared-imports

Conversation

@WalksWithASwagger

@WalksWithASwagger WalksWithASwagger commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Closes #339

Summary

  • selectively import existing reusable provider credentials from the optional shared and Rafiki-local value files with pick and allowMissing=true
  • keep Rafiki's app-specific schema declarations authoritative and avoid declarations derived from generated one-off artifacts
  • scope Varlock audit guidance away from generated output, dependencies, caches, and generated routes while keeping scans staged-only
  • add sanitized present, missing, override, redacted load/run, and scan coverage
  • align agent and security guidance with Varlock 1.10 on Node 22.3+ or the standalone CLI without changing Rafiki's Node runtime

Verification

  • python3 -m pytest -q tests/test_varlock_contract.py - 4 passed
  • npm test - 518 passed, 1 skipped, 1 upstream dependency warning
  • npm run pack:check - passed, 147 package files
  • npm run doctor - passed with 0 critical issues and expected missing-provider/MCP warnings
  • npm run env:audit - passed, schema and code references in sync across 153 scoped files
  • npm run env:scan - passed against staged changes
  • varlock load --agent --show-all with a sanitized HOME and the optional shared source absent - passed
  • no-op varlock run --inject vars -- ... for present and missing sanitized fixtures - passed
  • focused varlock scan for present and missing sanitized fixtures - passed
  • git diff --check - passed

Validated with standalone Varlock 1.10.0. No live value files, process values, credential stores, user-level launchers, cloud configuration, or production surfaces were read or changed.

Acceptance Self-Check

  • Imports use explicit pick lists and allowMissing=true.
  • Rafiki's app-local schema remains authoritative.
  • Generated output, dependencies, and caches are excluded from audit guidance.
  • No provider declaration was added from generated one-off output.
  • Agent and security guidance routes secret-dependent commands through Varlock.
  • Sanitized load, run, scan, missing-source, and override tests pass.
  • No live value, launcher, cloud setting, or production surface was changed.

Import only reusable provider credentials from optional shared and Rafiki-local sources while retaining the app schema as the contract. Scope audit and scan guidance to source-controlled inputs and add sanitized present/missing fixture coverage.
@github-actions

Copy link
Copy Markdown

Agentic PR Review

Verdict: needs-human

Checks:

  • Linked issue via Closes #... or Refs #...: yes
  • Issue acceptance criteria found: 6
  • PR verification section present: yes
  • PR acceptance self-check present: no
  • Diff within v1 limits: yes

This PR is not blocked from human review, but the agentic gate is not satisfied.

@github-actions github-actions Bot added the needs-human Agentic automation stopped for human judgment. label Jul 18, 2026
@github-actions

Copy link
Copy Markdown

Agentic PR Review

Verdict: review-ready

Checks:

  • Linked issue via Closes #... or Refs #...: yes
  • Issue acceptance criteria found: 6
  • PR verification section present: yes
  • PR acceptance self-check present: yes
  • Diff within v1 limits: yes

@github-actions github-actions Bot added review-ready Agent-created PR is ready for human review. and removed needs-human Agentic automation stopped for human judgment. labels Jul 18, 2026
@github-actions

Copy link
Copy Markdown

Agentic PR Review

Verdict: review-ready

Checks:

  • Linked issue via Closes #... or Refs #...: yes
  • Issue acceptance criteria found: 6
  • PR verification section present: yes
  • PR acceptance self-check present: yes
  • Diff within v1 limits: yes

@WalksWithASwagger
WalksWithASwagger merged commit 792d982 into main Jul 19, 2026
9 of 11 checks passed
@WalksWithASwagger
WalksWithASwagger deleted the codex/issue-339-selective-shared-imports branch July 19, 2026 00:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

review-ready Agent-created PR is ready for human review.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

varlock: adopt shared local imports and ignore generated audit noise

1 participant