feat(cli): add bundle product receipts#836
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (19)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Follow-up pushed after hosted targeted mutation found missed mutants in the new negative-coverage mapping. Added focused unit tests for the scanner-safe token guard and TLS taxonomy classes. Local proof now includes: cargo +nightly xtask mutants-pr --changed (27 mutants: 24 caught, 3 unviable). |
Summary
bundle-verification,scanner-safety, andnegative-coverageverify-bundle,audit-bundle, external-adoption smoke, and scanner-safe reference checksUser path
A downstream user who generates a scanner-safe, TLS, OIDC, or webhook bundle now gets receipts that explain local verification, scanner-safety classification, and negative fixture coverage without copying generated payloads.
Boundary
This proves local bundle consistency and metadata classification only. It does not prove repo public claims, release readiness, provider compatibility, production security, scanner evasion, or downstream verifier correctness. It does not add profiles, contract packs, badges, release prep, tags, or publishing.
Proof
cargo +nightly fmt --all -- --checkcargo +nightly test -p uselesskey-cli --all-features bundlecargo +nightly test -p uselesskey-cli --all-features verify_bundlecargo +nightly test -p uselesskey-cli --all-features audit_bundlecargo +nightly test -p xtask external_adoption_smokecargo +nightly clippy -p uselesskey-cli --all-targets --all-features -- -D warningscargo +nightly xtask spec-check --strictcargo +nightly xtask docs-sync --checkcargo +nightly xtask typoscargo +nightly xtask external-adoption-smoke --path .cargo +nightly xtask scanner-safe-reference --checkcargo +nightly xtask no-blobcargo +nightly xtask adoption-regression --externalcargo +nightly xtask pr-litecargo +nightly xtask prgit diff --checkRisk / rollback
The diff changes generated bundle metadata and committed reference receipts, not fixture payload identity. It should be revertable as one bundle-receipt slice before later task-first docs or public-surface work depends on the new receipt contract.