Harden WATCHLIST skill contracts and validation#27
Conversation
dd3ok
left a comment
There was a problem hiding this comment.
Self-review completed for commit 0541dbcb0f291e0281cbbfecfb793cd0d5170534.
No P0–P2 findings remain.
Reviewed areas:
- validator invariants and backward compatibility for committed fixtures
- prompt-routing polarity, including explicit WATCHLIST negation
- dependency-free limited-YAML parent/container validation
- exact package allowlist, duplicate entries, and bundled license
- lifecycle/enum contracts and vendor-path/runtime-smoke documentation
- README, contributor, release, template/example, and eval-corpus consistency
Validation:
- 119 unit tests passed
- 30 semantic and 24 trigger contracts passed
- policy, package, and release metadata checks passed
- strict example/template validation passed
- official skill validator passed
- GitHub CI passed on Python 3.8 and 3.x
Known non-blocking limits remain explicit in the PR: timezone names are documented as IANA but the validator checks presence only, and real vendor runtime smoke rows remain pending until run in those products.
There was a problem hiding this comment.
Code Review
This pull request updates the WATCHLIST.md AI Agent Skill. Key changes include adding an MIT license to the runtime bundle, updating documentation and metadata to clarify vendor installation paths and runtime smoke verification, and enhancing the maintainer validation tooling. Specifically, the validator now enforces that skeleton fields reside in the preamble, rejects invalid schema versions or automation values, validates that open items contain required semantic fields, and checks for timezone-offset minute overflows. Additionally, test coverage and evaluation cases were expanded to enforce explicit WATCHLIST context for positive trigger routing. I have no feedback to provide as there are no review comments.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Summary
Why
The previous validator and regression corpus could certify malformed WATCHLIST files, blur prompt-only routing boundaries, and overstate what static checks or vendor compatibility had actually verified. Package documentation also described an exact bundle while the checker allowed extra or duplicate files.
Impact
Validation
python -m unittest discover -s evals -p 'test_*.py'— 119 passedgit diff --checkpassed