Add CI actions, spec/docs, CLI features (scoped generation/verify, discover, explain), and tests#9
Conversation
yzm1
deleted the
codex/consolidate-review-feedback-into-implementation-list
branch
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a085ea7a4f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| selected = set(components_filter or []) | ||
| use_filter = len(selected) > 0 |
There was a problem hiding this comment.
When --changed-from resolves to no components, components_filter becomes an empty list but verify_lockfile treats that as “no filter” and verifies every component. This breaks the advertised scoped behavior (verify only changed components) and can fail CI on unrelated pre-existing lock drift even when no components changed since the base ref. Preserve the distinction between None (no filter) and an explicit empty selection ([]) so a no-change scope verifies nothing.
Useful? React with 👍 / 👎.
| if out_path.exists(): | ||
| merged = json.loads(out_path.read_text()) | ||
| else: | ||
| merged = { | ||
| "schema": "boundary-lock/v1", | ||
| "project": config.get("project", "unknown"), | ||
| "components": {}, | ||
| "slices": {}, | ||
| } |
There was a problem hiding this comment.
generate_lockfile_for_components initializes merged with empty components/slices when out_path does not exist, then recomputes affected slices against this incomplete map. For mixed slices, unselected components become None in component_digests, producing an incomplete lockfile instead of a valid full baseline. This is a data-integrity footgun for first-time or clean-environment runs of generate --components ...; the command should require an existing lockfile or fall back to full generation.
Useful? React with 👍 / 👎.
1 participant
Motivation
boundver verifyand a tag-triggered PyPI publish workflow to simplify CI adoption and distribution.Description
.github/actions/boundver/action.ymlthat sets up Python, installs the package, runsboundver verifyand optionally prints a diff on failure..github/workflows/publish.ymland updatedREADME.mdwith release/CI guidance and new examples/usability notes.spec/includingboundary.lock.schema.json,HASHING.md, andspec.md, and added docs (docs/WHY_BOUNDVER.md,docs/LOCKFILE_MERGE.md,docs/IMPL_LIST.md,docs/IMPLEMENTATION_PLAN.md) and removed the staleboundary-lockfile.md.src/boundver/core.py: unified source-mode file enumeration,--componentsscopedgenerateandverify,generate_lockfile_for_components, deduplication of overlapping boundary paths, symlink hashing policy,discoverandexplaincommands,changed_components_since_ref, and helper parsing utilities.scripts/boundver-merge-driver.shandscripts/boundver-verify.shfor merge-driver regeneration and a portable shell verifier.tests/test_boundary_lock.pycovering deterministic generation, boundary deduplication, scoped generation/verify, discovery, explain output, symlink parity betweenheadandworking-tree, and other edge cases.Testing
python -m pytest -q, which executed the updatedtests/test_boundary_lock.py(new tests forexplain,discover, scoped generate/verify, symlink handling, deduplication, and deterministic output) and passed.python -m pip install --upgrade pip && pip install .andpython -m build) to validate the GitHub Action commands, which completed successfully.--deterministic/idempotency tests in the unit suite, which succeeded.Codex Task