profit/lakehouse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lakehouse/auditor
History
profit 5bbcaf4c33 Fix: layer-2 Langfuse filter used meaningless ternary 
Caught by running a side-test through LLM Team's run_codereview
flow (gpt-oss:120b reviewer) against this fixture, 2026-04-22.

BEFORE:
  const ourStart = Date.parse(
    l1.evidence.match(/tokens=/) ? result.ran_at : result.ran_at
  );
  // Both branches return result.ran_at — the ternary is meaningless.
  // result.ran_at is the fixture start time, NOT the moment we fired
  // /v1/chat. Any trace created between fixture-start and chat-fetch
  // would false-negative.

AFTER:
  const chat_request_sent_ms = Date.now();  // captured before layer 1
  // ...
  const recent = items.filter(t =>
    Date.parse(t.timestamp) >= chat_request_sent_ms
  );

Re-ran the fixture against the live stack — layers 1,2,4 still pass
(no regression); layer 2 trace matched at age=2494ms which is within
the chat-to-trace propagation window. Layers 3,5 still fail for the
original unrelated reasons (UpsertOutcome serde panic + Phase 45
slice 3 endpoint not built).

First concrete act-on-finding from a code-checker run. The process
works.
2026-04-22 03:44:36 -05:00
..
checks
Auditor: static diff check — catches own Phase 45 placeholder
2026-04-22 03:29:31 -05:00
fixtures
Fix: layer-2 Langfuse filter used meaningless ternary
2026-04-22 03:44:36 -05:00
claim_parser.ts
Auditor: claim parser
2026-04-22 03:28:06 -05:00
gitea.ts
Auditor scaffold: types + Gitea client + policy stub + README
2026-04-22 03:26:56 -05:00
policy.ts
Auditor scaffold: types + Gitea client + policy stub + README
2026-04-22 03:26:56 -05:00
README.md
Auditor scaffold: types + Gitea client + policy stub + README
2026-04-22 03:26:56 -05:00
types.ts
Auditor scaffold: types + Gitea client + policy stub + README
2026-04-22 03:26:56 -05:00

README.md

Lakehouse Claim Auditor

A Bun sub-agent that watches open PRs on Gitea, reads the ship-claims in commit messages and PR bodies, and hard-blocks merges when the code doesn't back the claim.

Rationale: when "compiles + one curl works" gets called "phase shipped," placeholder code accumulates. This auditor runs every 90s, fetches each open PR, and subjects it to four checks:

  1. Static diff — grep/parse looking for placeholder patterns
  2. Dynamic — runs the never-before-executed hybrid test fixture
  3. Cloud inference — asks gpt-oss:120b via /v1/chat to identify gaps in the diff
  4. KB query — looks up data/_kb/ + observer for prior failure patterns on similar claims

Verdict is assembled, posted to Gitea as:

  • A failing commit status (hard block — branch protection prevents merge)
  • A review comment explaining every finding

Run manually

cd /home/profit/lakehouse
bun run auditor/index.ts

Defaults: polls every 90s, stops on auditor.paused file present.

State

  • data/_auditor/state.json — last-audited head SHA per PR
  • data/_auditor/verdicts/{pr}-{sha}.json — per-run verdict record

Where YOU edit

auditor/policy.ts — the verdict assembler. Controls which findings block vs warn vs inform. All other code is mechanical: fetching, running checks, posting to Gitea.

Hard-block mechanism

  1. Commit status is posted as failure with context lakehouse/auditor
  2. If main branch protection requires lakehouse/auditor status to pass, Gitea prevents merge
  3. When code is fixed and re-audit passes, status flips to success, merge unblocks

Enable branch protection (one-time, via Gitea UI or API):

  • POST /repos/profit/lakehouse/branch_protections
  • {"branch_name": "main", "required_status_checks": {"contexts": ["lakehouse/auditor"]}}