docs(release): add 0.4.0-rc.1 readiness proof#255
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Droid finished @EffortlessSteven's task —— View job Droid review complete for PR #255. Validation result: 3 findings posted — 1 P1, 2 P2.
No security issues found. |
| @@ -0,0 +1,111 @@ | |||
| # Shipper 0.4.0-rc.1 Readiness | |||
|
|
|||
| Version: 0.4.0-rc.1 | |||
There was a problem hiding this comment.
[P1] Evidence base commit does not match PR head
Line 3 states Evidence base commit: d72f58b251b12d93ba3e3b8e7bd0d636d7c8264d, but the PR head SHA is 28800bb48e8bd65cfd48bbe403769a291003d1a8. There is exactly one commit between them (the PR's own commit), and the spec (SHIPPER-SPEC-0002) requires the proof to "identify the commit SHA under review." Using the parent commit creates confusion about what is actually being proven — the evidence run was performed before the PR was finalized. The Evidence base commit field should reflect the commit on which the gates were actually run, which in this case should be the PR head commit or the merge-base if running against a different base.
| |---|---:|---| | ||
| | Version check | pass | Root workspace and publishable workspace dependency pins read `0.4.0-rc.1`; changelog has `## [0.4.0-rc.1] - 2026-05-12`. | | ||
| | `cargo run -p shipper -- plan` | pass | Plan ID `5d63c5b0725a59a01c1fa1406220808f5a7b1a166c0ddf76d3ba97d13e6feeb5`; 13 publishable crates; `xtask@0.0.0` skipped as `publish = false`. | | ||
| | `shipper preflight --preflight-only --format json --state-dir target/release-proof-state-copied` | pass | `finishability = "proven"`; token detected; all 13 packages `dry_run_passed = true`; sidecar under `target/release-proof-state-copied/preflight_workspace_verify.txt`. | |
There was a problem hiding this comment.
[P2] Sidecar file referenced in preflight gate evidence not committed
Line 29 references target/release-proof-state-copied/preflight_workspace_verify.txt as a sidecar file for the preflight gate. This path is a runtime artifact from the evidence run and was not committed alongside the document. Reviewers cannot verify this evidence independently. Consider either committing the sidecar file as part of the evidence packet or rephrasing the evidence to note it was observed locally but not persisted.
| | `cargo xtask check-file-policy --mode blocking-allowlist` | pass | 204 tracked files, 41 entries, 0 unreceipted, 0 missing fields, 0 expired. | | ||
| | `cargo xtask no-panic check` | pass | 25 baseline entries, 25 current entries, no new/resolved/count drift. | | ||
| | `cargo xtask check-lint-policy` | pass | MSRV aligned across Rust policy surfaces at 1.95. | | ||
| | `cargo xtask ripr-pr` | advisory | Completed. Top recommendation: add boundary discriminator coverage for `crates/shipper-cli/src/lib.rs::run`; details in `target/ripr/pilot/pilot-summary.md`. | |
There was a problem hiding this comment.
[P2] ripr-pr advisory summary not committed
Line 43 references target/ripr/pilot/pilot-summary.md for details of the ripr advisory. This is a runtime artifact and was not committed. The summary states a top recommendation about boundary discriminator coverage for crates/shipper-cli/src/lib.rs::run, but reviewers cannot verify this claim independently. Consider including the key recommendation inline in the document or committing the summary as part of the advisory evidence.
Summary:
Evidence:
Notes:
Closes #195