Skip to content

Harden WATCHLIST skill contracts and validation#27

Merged
dd3ok merged 1 commit into
mainfrom
codex/watchlist-audit-fixes
Jul 16, 2026
Merged

Harden WATCHLIST skill contracts and validation#27
dd3ok merged 1 commit into
mainfrom
codex/watchlist-audit-fixes

Conversation

@dd3ok

@dd3ok dd3ok commented Jul 16, 2026

Copy link
Copy Markdown
Owner

Summary

  • harden WATCHLIST validation for skeleton values, open-item semantics, timestamp offsets, and package shape
  • align trigger contracts so generic requests stay out of scope while explicit WATCHLIST negation remains a valid no-trigger intent
  • clarify lifecycle, enum, vendor installation, runtime-smoke, and LLM-free contract-lint documentation
  • add standalone license packaging and guard the canonical template/example mirror

Why

The previous validator and regression corpus could certify malformed WATCHLIST files, blur prompt-only routing boundaries, and overstate what static checks or vendor compatibility had actually verified. Package documentation also described an exact bundle while the checker allowed extra or duplicate files.

Impact

  • invalid maintainer fixtures fail earlier with actionable errors
  • runtime skill remains Python-free and instruction-only
  • semantic checks are explicitly static contract linting, not LLM or runtime execution
  • vendor runtime smoke status remains pending until tested in the actual products

Validation

  • python -m unittest discover -s evals -p 'test_*.py' — 119 passed
  • policy, semantic, package, and release metadata checks passed
  • strict example and bundled-template validation passed
  • official skill validator passed
  • git diff --check passed

@dd3ok dd3ok left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review completed for commit 0541dbcb0f291e0281cbbfecfb793cd0d5170534.

No P0–P2 findings remain.

Reviewed areas:

  • validator invariants and backward compatibility for committed fixtures
  • prompt-routing polarity, including explicit WATCHLIST negation
  • dependency-free limited-YAML parent/container validation
  • exact package allowlist, duplicate entries, and bundled license
  • lifecycle/enum contracts and vendor-path/runtime-smoke documentation
  • README, contributor, release, template/example, and eval-corpus consistency

Validation:

  • 119 unit tests passed
  • 30 semantic and 24 trigger contracts passed
  • policy, package, and release metadata checks passed
  • strict example/template validation passed
  • official skill validator passed
  • GitHub CI passed on Python 3.8 and 3.x

Known non-blocking limits remain explicit in the PR: timezone names are documented as IANA but the validator checks presence only, and real vendor runtime smoke rows remain pending until run in those products.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the WATCHLIST.md AI Agent Skill. Key changes include adding an MIT license to the runtime bundle, updating documentation and metadata to clarify vendor installation paths and runtime smoke verification, and enhancing the maintainer validation tooling. Specifically, the validator now enforces that skeleton fields reside in the preamble, rejects invalid schema versions or automation values, validates that open items contain required semantic fields, and checks for timezone-offset minute overflows. Additionally, test coverage and evaluation cases were expanded to enforce explicit WATCHLIST context for positive trigger routing. I have no feedback to provide as there are no review comments.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@dd3ok
dd3ok marked this pull request as ready for review July 16, 2026 12:58
@dd3ok
dd3ok merged commit f4a6503 into main Jul 16, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant