README front door: 20s landing, 3 case studies, FP policy page, C# gallery pairs, CI SHA-pinning#204
Conversation
Documents the P-022 Rust core workspace: crate status, build/test commands, and a real test-case table pulled from the parity fixtures (tests/fixtures/syntax_parity.json, tests/fixtures/ownir/) and the latest passing CI run of the rust-core job.
Every `uses:` in ci.yml, mine.yml, mine-on-push.yml, oracle.yml, and pr-issue-validation.yml now references a commit SHA with a `# vN` comment instead of a mutable tag, resolved via `git ls-remote` against each action's upstream repo. Updates the two "Where it cheats" entries (README.md, README.ru.md) that tracked this as deferred.
…ression page README.md/README.ru.md: replace the "OwnLang — PoC" research-framed opening with a landing (pitch verbatim from ROADMAP.md, slogans from alpha-readiness.md, a 6-line Action quickstart, a local one-liner, one real bad/fixed example from ScreenToGif, and a "why not Sonar/CodeQL" link). The prior opening moves down as the lead-in to the research-depth section instead of being deleted. docs/case-studies/: three pages built from the real-world mining run (docs/notes/real-world-mining.md) and the cross-tool oracle (docs/notes/oracle.md) — the ScreenToGif VideoSource view/view-model leak, the two SystemEvents leaks, and the Dispose-class fixture where Own.NET, CodeQL, and Infer# all agree. docs/suppression-and-fp-policy.md: consolidates the FP policy (honest OWN050 skips, the "no FP from using" precision record) with the [OwnIgnore]/project-config suppression design (P-004/P-015), honestly marking both as designed/drafted rather than implemented.
examples/gallery/cs/ mirrors the .own gallery in real, compilable C#, run through the actual Roslyn extractor -> OwnIR -> core pipeline instead of the toy DSL's own dataflow. Wired into CI as a new step in the "C# leak extractor (Roslyn) -> OwnIR -> core" job, asserting the exact OWN0xx code on each .bad.cs and silence on each .ok.cs. Only 7 of the 12 .own cases have a real C# detector today (01, 02, 03, 07, 10, 11, plus the clean 00). The other 5 (04/05/06/08/09) depend on move/borrow/stack-buffer/unknown-call concepts that only exist in the `.own` DSL's AST -- ownlang/ownir.py never constructs them, so no real C# fact can reach them. Documented honestly in examples/gallery/cs/README.md with citations, rather than shipping .cs files that don't actually trip their claimed code. Also fixes the root README's gallery table, which was missing rows 10/11, and updates alpha-readiness.md's gate E status.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (7)
✅ Files skipped from review due to trivial changes (5)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThe PR pins GitHub Actions and toolchain references to commit SHAs, adds CI validation for C# gallery bad/ok pairs, expands gallery fixtures, and updates Own.NET overview, case studies, suppression guidance, readiness notes, and Rust migration documentation. ChangesCI hardening and gallery validation
Project documentation
Estimated code review effort: 3 (Moderate) | ~25 minutes Possibly related issues
Possibly related PRs
Sequence Diagram(s)sequenceDiagram
participant CI
participant OwnSharpExtractor
participant OwnIRAssertions
CI->>OwnSharpExtractor: Extract examples/gallery/cs with --flow-locals
OwnSharpExtractor->>OwnIRAssertions: Convert extractor output
OwnIRAssertions->>CI: Check bad findings and ok-fixture silence
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bd935b174a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - uses: actions/checkout@v4 | ||
| - uses: dtolnay/rust-toolchain@stable | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| - uses: dtolnay/rust-toolchain@4be7066ada62dd38de10e7b70166bc74ed198c30 # stable, 2026-07-09 |
There was a problem hiding this comment.
Pin rust-toolchain from master
The rust-core job now pins dtolnay/rust-toolchain to a SHA from the generated stable branch (the action.yml at that SHA has default: stable). The upstream README's full-SHA guidance says those pins must be commits in master history because branch-only commits may be garbage-collected; once stable advances this pin can stop resolving and break the Rust CI job. Pin a master commit instead and pass toolchain: stable explicitly alongside components.
Useful? React with 👍 / 👎.
| | Lever | Status | Scope | | ||
| |---|---|---| | ||
| | `--severity warning` | **works today** (P-013) | Global: downgrades every error-tier finding for that run to advisory. Per-run, not per-finding — an escape hatch for "show me everything, but don't fail the build yet," not a way to silence one specific site. | | ||
| | `--fail-on-finding` (off) | **works today** (P-013, the GitHub Action's default input) | Global: findings still print/annotate, but the process/step exit code stays 0. | |
There was a problem hiding this comment.
Correct the action fail-on-finding default
This row says turning --fail-on-finding off is the GitHub Action's default input, but action.yml defines fail-on-finding with default: "true". Users relying on this suppression page will expect annotations without a failing step, while the action actually fails on findings unless they set fail-on-finding: "false"; please separate the CLI default from the action override.
Useful? React with 👍 / 👎.
…ding default dtolnay/rust-toolchain's convenience branches (stable/beta/nightly) get rewritten over time, so a commit pinned there can become unreachable; the upstream guidance is to pin a `master` commit and pass the channel via an explicit `toolchain:` input instead. docs/suppression-and-fp-policy.md had the Action's fail-on-finding default backwards: action.yml sets it to "true" (fails on a finding by default), not "false" -- the CLI (own-check.sh) is the one that defaults to off. Corrected and clarified the CLI-vs-Action distinction.
There was a problem hiding this comment.
Actionable comments posted: 10
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 4-7: Update the introductory comment in the CI workflow to qualify
the pinning claim: state that all third-party `uses:` entries are pinned to
commit SHAs, or explicitly exclude local composite-action references such as
`uses: ./`. Keep the existing version-comment and credential-hardening context
intact.
- Around line 869-894: Update the gallery workflow command around the ownir
invocation to capture its exit status instead of masking all failures with `||
true`; permit only the documented findings status and fail on
analyzer/parser/bridge errors. Strengthen the clean-case validation loop to
reject any output containing each clean fixture filename, including
00_ok_clean.cs and all .ok.cs files, rather than checking only selected variable
names.
In `@docs/case-studies/screentogif-videosource.md`:
- Around line 11-12: Correct the subscription count throughout the case study:
update the prose near the Window_Loaded description and the corresponding
sections to say three subscriptions, matching the three events
shown—ShowErrorRequested, HideErrorRequested, and CloseRequested.
- Around line 52-64: Make the event hookup in Window_Loaded idempotent by
detaching OnShowError, OnHideError, and OnClose before reattaching them, or
otherwise guarding against repeated subscriptions; ensure Window_Closing removes
all handlers so no duplicate subscription remains.
In `@docs/notes/alpha-readiness.md`:
- Line 43: Refresh the adjacent readiness claims in
docs/notes/alpha-readiness.md: update rows F/G and the “front door” section to
acknowledge that the packaged case studies, suppression policy, and landing
README now exist, and remove or revise gaps that are no longer applicable while
preserving any genuinely outstanding work.
In `@docs/suppression-and-fp-policy.md`:
- Around line 64-66: Specify a language for the fenced code block containing the
precedence example, using ```text, or replace the fence with a plain list so the
Markdown passes MD040.
In `@README.md`:
- Around line 14-20: Pin both GitHub Actions in the README quickstart to
immutable commit SHAs, replacing `@v4` and `@main`, and append comments identifying
the corresponding released versions.
- Around line 49-53: Clarify the README’s two SystemEvents examples as distinct
cases: update the OWN001 example to explicitly describe the unsubscribed static
event handler leak, and separate or annotate the OWN014 example so readers do
not interpret it as the same subscription changing diagnostic codes.
In `@README.ru.md`:
- Around line 15-21: Pin both action references in the Russian quickstart YAML
to immutable commit SHAs: replace actions/checkout@v4 and PhysShell/own.net@main
with the exact SHAs used in the README’s hardened workflow examples.
In `@rust/README.md`:
- Around line 66-75: Escape the pipe character in the full_module expected
digest so it remains within the Markdown table cell: update `conds=[n < 10|n]`
to `conds=[n < 10\|n]`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: da31843e-93c6-425d-82e3-c52d6cc754ca
📒 Files selected for processing (27)
.github/workflows/ci.yml.github/workflows/mine-on-push.yml.github/workflows/mine.yml.github/workflows/oracle.yml.github/workflows/pr-issue-validation.ymlREADME.mdREADME.ru.mddocs/case-studies/dispose-agreement-with-codeql.mddocs/case-studies/screentogif-systemevents.mddocs/case-studies/screentogif-videosource.mddocs/notes/alpha-readiness.mddocs/suppression-and-fp-policy.mdexamples/gallery/cs/00_ok_clean.csexamples/gallery/cs/01_leak_on_error_path.bad.csexamples/gallery/cs/01_leak_on_error_path.ok.csexamples/gallery/cs/02_use_after_release.bad.csexamples/gallery/cs/02_use_after_release.ok.csexamples/gallery/cs/03_double_release.bad.csexamples/gallery/cs/03_double_release.ok.csexamples/gallery/cs/07_use_after_handoff.bad.csexamples/gallery/cs/07_use_after_handoff.ok.csexamples/gallery/cs/10_leak_in_loop.bad.csexamples/gallery/cs/10_leak_in_loop.ok.csexamples/gallery/cs/11_overspan_full_view.bad.csexamples/gallery/cs/11_overspan_full_view.ok.csexamples/gallery/cs/README.mdrust/README.md
- ci.yml: qualify the "every uses:" claim (local uses: ./ composite refs aren't pinnable external deps); the new gallery step now captures ownir's real exit code and fails loudly on a hard error (rc>=2) instead of swallowing it with `|| true`, and adds a filename-based silence check on top of the variable-name one so an unanticipated finding in a clean fixture can't slip through. - README.md/README.ru.md: pin actions/checkout in the quickstart snippet (it was the one unpinned reference left after the SHA-pinning pass); the landing's own copy-paste example should match what it preaches. - docs/case-studies/screentogif-videosource.md: the prose said "four" subscriptions but the shown code (matching the pinned corpus/real-world/screentogif-loaded-subscription fixture) has three -- fixed to three throughout; noted that the fix closes the leak but isn't by itself idempotent against Window_Loaded firing twice before one Closing. - docs/notes/alpha-readiness.md: rows F/G and the "front door" section still described the case studies/suppression page/landing README as missing after this PR added them -- updated to reflect what's actually built now. - docs/suppression-and-fp-policy.md: added a language tag to the precedence code fence (markdownlint MD040). - rust/README.md: escaped a bare `|` in a table cell that was being parsed as an extra column (markdownlint MD056).
…isambiguate OWN001 vs OWN014 in README The review fix in 0270e13 resolved the count mismatch by lowering the prose to three, but the ground truth is four subscriptions (real-world-mining.md pins VideoSource.xaml.cs:50/67/75/83; the corpus reduction's notes.md names the omitted event, ShowWarningRequested) — add the fourth event to both examples instead. Also: annotate the quickstart's own.net@main as a deliberate pre-release choice (no tags yet), and state that the OWN001 SystemEvents error and the OWN014 region escape are two pinned modelings of one shape, not one finding changing codes (both corpus-pinned). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LsWw4Ay8KLTHFom1HvRu3U
…bscription original Reconciles the two review resolutions: the study's examples mirror the real file (four subscriptions, 77fd291), while the cited corpus regression is a deliberate three-event reduction — say so instead of letting the two snippet sets silently disagree. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LsWw4Ay8KLTHFom1HvRu3U
|
@coderabbitai review Generated by Claude Code |
|
✅ Action performedReview finished.
|
Что и зачем
Закрывает пункты из
docs/notes/alpha-readiness.md(front door + gates F/G + хвост E) плюс старый issue #7: (1) README.md/README.ru.md — 20-секундный лендинг вместо исследовательского вступления; (2) три кейс-стади вdocs/case-studies/из реальных находок (ScreenToGif, cross-tool oracle); (3) консолидированная страница suppression/FP-policy; (4) C#-нативные bad/ok пары для 7 из 12 кейсов галереи, проверенные реальным Roslyn-экстрактором в CI; (5) SHA-pinning всехuses:в 5 workflow. Плюсrust/README.mdдля P-022 воркспейса.Тип изменения
Как проверено
python tests/run_tests.pyruff check .иmypypython scripts/<...>.py --selftest)Плюс: каждый push прогнан через реальный CI (не только локально) — все 14 джоб зелёные на финальном коммите, включая новый шаг «Gallery C#-native bad/ok pairs» в джобе «C# leak extractor (Roslyn) -> OwnIR -> core», который реально гоняет
examples/gallery/cs/*.csчерез Roslyn-экстрактор и проверяет точный код диагностики.Связанные issue
Closes the "CI actions are not pinned by commit SHA" item from README "Where it cheats" (issue #7). Refs
docs/notes/alpha-readiness.mdgates E (tail)/F/G и "front door".Чеклист
feat:,fix:,docs:…)Детали
README landing — питч дословно из
docs/ROADMAP.md, слоганы изdocs/notes/alpha-readiness.md, 6-строчный quickstart для GitHub Action, локальный однострочник, один реальный bad/fixed пример (ScreenToGifSystemEvents-лик), ссылка «почему не Sonar/CodeQL». Исследовательская глубина не удалена — сдвинута вниз с явным переходом. Нигде не питчится как «static analyzer/SAST».Три кейс-стади (
docs/case-studies/) — построены на реальных file:line находках изdocs/notes/real-world-mining.mdи настоящем cross-tool diff изdocs/notes/oracle.md:screentogif-videosource.md(флагманская находка),screentogif-systemevents.md(два независимых лика),dispose-agreement-with-codeql.md(кейс, где Own.NET/CodeQL/Infer# сходятся). Только честные формулировки, без «мы бы предотвратили X».Suppression/FP policy (
docs/suppression-and-fp-policy.md) — консолидирует[OwnIgnore("reason")](P-004) и project-config (P-015, draft) с явной FP-политикой, честно помечая, что реально работает сегодня (--severity), а что только спроектировано/задрафтено.C#-нативные пары галереи (
examples/gallery/cs/) — 7 из 12 кейсов.own-галереи, прогнанные через настоящий пайплайн Roslyn-экстрактор → OwnIR → ядро (не через dataflow самого DSL), с проверкой в CI. Остальные 5 (04/05/06/08/09) требуют move/borrow/stack-buffer/unknown-call детекторов на C#-стороне, которых пока нет — задокументировано с точными цитатами кода в README той директории, а не подделано.SHA-pinning — все
uses:вci.yml/mine.yml/mine-on-push.yml/oracle.yml/pr-issue-validation.ymlзаменены на commit SHA (резолвнуты черезgit ls-remote) с комментарием# vN.rust/README.md — документирует P-022 Rust-воркспейс: статус крейтов, команды сборки/теста, реальная таблица тест-кейсов из parity-фикстур.
Generated by Claude Code
Summary by CodeRabbit