Tighten OpenCode peer static-analysis review#480
Conversation
4c5a7f6 to
1de379b
Compare
There was a problem hiding this comment.
Pull request overview
OpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed.
Findings
1. HIGH Current-head GitHub Checks - Fix failed required checks before approval
- Problem: Failed same-head checks remain for
30f71d87cae77f3a295cc9429798ba1524a08862. - Root cause: The model-unavailable evidence fallback is allowed only when peer GitHub Checks are complete and clean.
- Fix: Read and fix the failed check logs below, then rerun the current-head checks.
- Regression test: Keep the model-unavailable fallback gated on an empty failed-check rollup.
Failed checks:
- Scorecard PR/Scorecard: CANCELLED (https://github.com/ContextualWisdomLab/.github/actions/runs/29200421920/job/86670725192)
- Secret Scan/gitleaks (secret scan): CANCELLED (https://github.com/ContextualWisdomLab/.github/actions/runs/29200421914/job/86670725157)
- gitleaks (secret scan) check run: cancelled (https://github.com/ContextualWisdomLab/.github/actions/runs/29200421914/job/86670725157)
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Workflow: opencode-review.yml"]
S1 --> I1["GitHub Actions review job"]
I1 --> R1["Review risk: Workflow: opencode-review.yml"]
R1 --> V1["actionlint plus required checks"]
Evidence --> S2["Changed file (2 files)"]
S2 --> I2["repository behavior"]
I2 --> R2["Review risk: Changed file (2 files)"]
R2 --> V2["required checks"]
Evidence --> S3["CI script: run_opencode_review_model_pool.sh"]
S3 --> I3["review and security gate shell path"]
I3 --> R3["Review risk: CI script: run_opencode_review_model_pool.sh"]
R3 --> V3["bash -n plus Strix self-test"]
Evidence --> S4["Test (2 files)"]
S4 --> I4["regression suite"]
I4 --> R4["Review risk: Test (2 files)"]
R4 --> V4["targeted test run"]
OpenCode Review Overview
Pull request overviewOpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed. Findings1. HIGH Current-head GitHub Checks - Fix failed required checks before approval
Failed checks:
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Workflow: opencode-review.yml"]
S1 --> I1["GitHub Actions review job"]
I1 --> R1["Review risk: Workflow: opencode-review.yml"]
R1 --> V1["actionlint plus required checks"]
Evidence --> S2["Changed file (2 files)"]
S2 --> I2["repository behavior"]
I2 --> R2["Review risk: Changed file (2 files)"]
R2 --> V2["required checks"]
Evidence --> S3["CI script: run_opencode_review_model_pool.sh"]
S3 --> I3["review and security gate shell path"]
I3 --> R3["Review risk: CI script: run_opencode_review_model_pool.sh"]
R3 --> V3["bash -n plus Strix self-test"]
Evidence --> S4["Test (2 files)"]
S4 --> I4["regression suite"]
I4 --> R4["Review risk: Test (2 files)"]
R4 --> V4["targeted test run"]
|
ed6ea4d to
c1d9ec2
Compare
There was a problem hiding this comment.
Pull request overview
OpenCode model providers were unavailable for this same-head run, but deterministic current-head evidence is clean: coverage evidence passed, peer GitHub Checks are complete, medium-or-higher code-scanning alerts are clear, mergeability is clean, and reviewer threads are resolved or outdated.
Findings
No blocking findings.
Evidence
- Result: APPROVE
- Reason: current-head model-unavailable evidence fallback; coverage, docstring, peer GitHub Checks, code-scanning alerts, mergeability, and review threads were clear for current head.
- Scope:
central OpenCode/Strix review-process - Changed files:
4 - Model-pool outcome:
exhausted - Head SHA:
c1d9ec20f23b3ff07d924da85e6df7575276536b - Workflow run: 29201334729
- Workflow attempt: 2
This fallback does not suppress failed checks, medium-or-higher code-scanning alerts, merge conflicts, unresolved reviewer threads, or failed coverage evidence; any of those conditions still publish REQUEST_CHANGES or leave the approval state unchanged.
Summary
Context
In ContextualWisdomLab/pg-erd-cloud#514, another review bot flagged a duplicate aria-label / overwritten property issue while OpenCode approved without an independent finding. This narrows the central review prompt so the same class of issue is reviewed directly by OpenCode.
Tests
Not run; prompt-only change.