Skip to content

Add externalized, self-verifying audit suppression mechanism#30

Merged
amitray007 merged 1 commit into
masterfrom
feat/audit-ignore-mechanism
Jun 2, 2026
Merged

Add externalized, self-verifying audit suppression mechanism#30
amitray007 merged 1 commit into
masterfrom
feat/audit-ignore-mechanism

Conversation

@amitray007

Copy link
Copy Markdown
Owner

Summary

Recurring audit false positives (deliberate deprecated-alias methods, the intentionally partial holiday enums, the backward-compat State.REMOVED value) reappeared on every audit_sdk.py run. This adds an externalized, self-verifying suppression mechanism so they stop being noise — without hard-coding anything in the script. Accepted exceptions live entirely in specs/audit-ignore.json.

How it works

On every run, audit_sdk.py:

  • builds structured findings with stable (type, key) fingerprints;
  • loads specs/audit-ignore.json (override with --ignore-file; a missing file means "no suppressions");
  • suppresses a finding only while it still occurs — for enums, only the listed values are hidden, so a newly added value still surfaces;
  • lists hidden findings (with reasons) under ## Suppressed (Verified), and surfaces entries that match nothing under ## Stale Ignores so the list can't silently rot;
  • excludes suppressed findings from the active counts, so the report reads clean.

This directly answers the requirement: don't hard-code anything; store what to ignore externally; re-check and verify the ignores on every audit.

Currently suppressed (7 reviewed entries)

Type Entry
extra_method ×4 The deprecated aliases get_listings_by_listings_ids, get_shop_payment_account_ledger_entry_payments, get_shop_receipt_transaction_by_shop, get_shop_shipping_profile_destination_by_shipping_profile (each delegates + warns)
enum_staleness ShopHolidayPreference.holiday_id -> CA_HOLIDAYS [missing: *] — SDK intentionally names US/CA holidays and passes other IDs as integers
enum_staleness ×2 ShopListing.state / ShopListingWithAssociations.state -> State [extra: removed] — backward-compat value, documented inline

Bonus: detector precision fix

scan_string_concat_issues contradicted its own docstring ("in list literals") by flagging all adjacent string literals. It now flags implicit concatenation only inside [ ] list displays — the real missing-comma bug class (e.g. in nullable/mandatory lists) — and ignores parenthesised assignments / call arguments. This removes 8 long-standing false positives at the source (no ignore entries needed) while making the check genuinely useful.

Test plan

  • pytest334 passed (28 new in tests/test_audit_ignore.py)
  • Audit with ignores → Extra: 0, Code issues: 0, Suppressed: 7, "All enum values are in sync", "No stale ignores"
  • Audit without ignores → raw 4 extra methods + 3 enum blocks resurface; 0 code issues (detector fix is independent)
  • format_pr_comment.py still parses the report (headers + Coverage Summary keys preserved; counts now reflect active findings)
  • Stale detection verified: an ignore that matches nothing is reported under "Stale Ignores"

Note on versioning

Tooling/CI only — scripts/, tests/, and specs/ are not part of the published package. To avoid a spurious version bump + identical PyPI republish, add [skip ci] to the squash-merge commit.

🤖 Generated with Claude Code

@amitray007 amitray007 added the enhancement New feature or request label Jun 2, 2026
@amitray007 amitray007 self-assigned this Jun 2, 2026
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Test Coverage Report

Overall: 100% (1672/1672 statements covered)

Coverage by file
File Statements Missing Coverage
etsy_python/__init__.py 2 0 100%
etsy_python/_version.py 1 0 100%
etsy_python/v3/auth/OAuth.py 33 0 100%
etsy_python/v3/auth/__init__.py 1 0 100%
etsy_python/v3/common/Env.py 10 0 100%
etsy_python/v3/common/Request.py 3 0 100%
etsy_python/v3/common/Utils.py 31 0 100%
etsy_python/v3/enums/HolidayPreferences.py 29 0 100%
etsy_python/v3/enums/Language.py 12 0 100%
etsy_python/v3/enums/Listing.py 78 0 100%
etsy_python/v3/enums/ListingInventory.py 6 0 100%
etsy_python/v3/enums/ProcessingProfile.py 7 0 100%
etsy_python/v3/enums/ShippingProfile.py 261 0 100%
etsy_python/v3/enums/ShopReceipt.py 12 0 100%
etsy_python/v3/exceptions/BaseAPIException.py 10 0 100%
etsy_python/v3/exceptions/RequestException.py 8 0 100%
etsy_python/v3/exceptions/__init__.py 2 0 100%
etsy_python/v3/models/FileRequest.py 7 0 100%
etsy_python/v3/models/HolidayPreferences.py 8 0 100%
etsy_python/v3/models/Listing.py 150 0 100%
etsy_python/v3/models/Miscellaneous.py 8 0 100%
etsy_python/v3/models/ProcessingProfile.py 21 0 100%
etsy_python/v3/models/Product.py 7 0 100%
etsy_python/v3/models/Receipt.py 39 0 100%
etsy_python/v3/models/Request.py 22 0 100%
etsy_python/v3/models/ShippingProfile.py 85 0 100%
etsy_python/v3/models/Shop.py 24 0 100%
etsy_python/v3/models/ShopReturnPolicy.py 25 0 100%
etsy_python/v3/models/Utils.py 19 0 100%
etsy_python/v3/models/__init__.py 10 0 100%
etsy_python/v3/resources/HolidayPreferences.py 19 0 100%
etsy_python/v3/resources/Listing.py 81 0 100%
etsy_python/v3/resources/ListingFile.py 22 0 100%
etsy_python/v3/resources/ListingImage.py 22 0 100%
etsy_python/v3/resources/ListingInventory.py 20 0 100%
etsy_python/v3/resources/ListingOffering.py 12 0 100%
etsy_python/v3/resources/ListingProduct.py 12 0 100%
etsy_python/v3/resources/ListingTranslation.py 19 0 100%
etsy_python/v3/resources/ListingVariationImages.py 16 0 100%
etsy_python/v3/resources/ListingVideo.py 22 0 100%
etsy_python/v3/resources/Miscellaneous.py 16 0 100%
etsy_python/v3/resources/Payment.py 23 0 100%
etsy_python/v3/resources/PaymentLedgerEntry.py 15 0 100%
etsy_python/v3/resources/ProcessingProfile.py 26 0 100%
etsy_python/v3/resources/Receipt.py 25 0 100%
etsy_python/v3/resources/ReceiptTransactions.py 27 0 100%
etsy_python/v3/resources/Response.py 9 0 100%
etsy_python/v3/resources/Review.py 16 0 100%
etsy_python/v3/resources/Session.py 94 0 100%
etsy_python/v3/resources/ShippingProfile.py 58 0 100%
etsy_python/v3/resources/Shop.py 23 0 100%
etsy_python/v3/resources/ShopProductionPartner.py 11 0 100%
etsy_python/v3/resources/ShopReturnPolicy.py 28 0 100%
etsy_python/v3/resources/ShopSection.py 25 0 100%
etsy_python/v3/resources/Taxonomy.py 23 0 100%
etsy_python/v3/resources/User.py 14 0 100%
etsy_python/v3/resources/UserAddress.py 19 0 100%
etsy_python/v3/resources/__init__.py 29 0 100%
etsy_python/v3/resources/enums/RateLimit.py 8 0 100%
etsy_python/v3/resources/enums/Request.py 7 0 100%

Updated by PR Tests

…skip ci]

Recurring audit false positives (deliberate deprecated-alias methods,
intentionally partial holiday enums, the backward-compat State.REMOVED
value) previously reappeared on every run. They are now declared in a data
file, specs/audit-ignore.json — nothing to ignore is hard-coded in the
audit script.

scripts/audit_sdk.py now:
- builds structured findings with stable (type, key) fingerprints
- loads specs/audit-ignore.json (override: --ignore-file; absent = none)
- suppresses a finding ONLY while it still occurs; for enums only the
  listed values are hidden, so newly added values still surface
- reports hidden findings under "Suppressed (Verified)" with reasons and
  surfaces entries that match nothing under "Stale Ignores"
- excludes suppressed findings from the active counts (clean report)

Also fixes scan_string_concat_issues to match its documented intent: flag
implicit string concatenation only inside [ ] list displays (a real
missing-comma bug, e.g. in nullable/mandatory lists), not in parenthesised
assignments or call arguments. This removes 8 long-standing false positives
at the source without needing ignore entries, while the check now actually
catches missing commas in list literals.

The maintain-audit skill (Phase 2) now re-verifies suppressions on every
run: it re-confirms each ignore's reason against the current code/spec,
recommends removing stale or no-longer-valid entries (resurfacing the real
finding), and flags newly surfaced enum values not covered by an ignore — so
the agent, not just the script, keeps the ignore list honest each audit.

Report section headers and Coverage Summary keys are preserved so
format_pr_comment.py keeps working; counts now reflect active findings.

Adds tests/test_audit_ignore.py (28 tests) covering ignore loading,
suppression, enum value-subset verification, stale detection, enum finding
computation, and the list-context detector fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@amitray007 amitray007 force-pushed the feat/audit-ignore-mechanism branch from 8792807 to 1d56c23 Compare June 2, 2026 09:58
@amitray007 amitray007 merged commit 5ab516b into master Jun 2, 2026
3 checks passed
@amitray007 amitray007 deleted the feat/audit-ignore-mechanism branch June 2, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant