Separate PR fetch source from review engine#25
Closed
Iron-Ham wants to merge 1 commit into
Closed
Conversation
|
@Iron-Ham is attempting to deploy a commit to the rs545837's projects Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
inspect review
Triage: 42 entities analyzed | 0 critical, 0 high, 22 medium, 20 low
Verdict: standard_review
Findings (5)
- [low] In
analyze_local_pr, the function usesbase_ref_oidas fallback tobase_ref_name, but then passes these values directly to git commands. Ifbase_ref_oidis a commit SHA, it should be preferred overbase_ref_name(branch name) for accuracy, but the fallback order is reversed - it tries OID first, then falls back to name, then to 'main'. This means if both exist, it uses the OID, but the comment inanalyze_github_prsays 'Use commit SHAs instead of branch names' for reliability. The logic should prefer OIDs consistently. - [low] In
runfunction in pr.rs, whenargs.base.is_some() || args.head.is_some()is true but only one of them is provided, the code callsanalyze_explicit_rangewhich will return an error. However, the error is wrapped inand_then(|result| result.ok_or_else(...))which expectsanalyze_explicit_rangeto returnOk(None)when base/head are missing. Butanalyze_explicit_rangereturnsErrin those cases, notOk(None). This means the error message 'missing --base/--head' will never be shown - instead the actual error fromanalyze_explicit_rangewill be shown. - [low] In
validate_review_mode, whenengine == ReviewEngine::Hostedandfetch != FetchSource::Local, it returns an error saying to 'omit --fetch github'. However, the default value forfetchisFetchSource::Local(from PrArgs and ReviewArgs). This validation will only trigger if the user explicitly passes--fetch githubwith--engine hosted, which is correct. But the error message is confusing because it says 'hosted reviews fetch PR content through the inspect API' which implies fetch is ignored, yet it's checking and rejecting non-Local values. This could be a logic error if the intent was to ignore the fetch parameter rather than reject it. - [low] In
ensure_local_pr_commits, when constructing the error message, ifpr.base_ref_nameis None but the base commit doesn't exist, thecommandsvector will be empty for the base ref, but the error message will still claim 'PR commits are not available locally' without providing a way to fetch the base. This creates an unrecoverable error state. - [low] In the
pr.rsrunfunction, the logic checksif args.base.is_some() || args.head.is_some()and then callsanalyze_explicit_rangewhich can returnOk(None)when base is None. However, the subsequent.and_then(|result| result.ok_or_else(|| "missing --base/--head".to_string()))will convert this to an error. But the outer condition already checked that at least one of base/head is Some, so if only head is provided, it will enter this branch, callanalyze_explicit_range(repo, None, Some(head)), which returnsErr("--head requires --base"), notOk(None). The error message "missing --base/--head" is unreachable.
Reviewed by inspect | Entity-level triage found 0 high-risk changes
eabd7d2 to
70b5be5
Compare
There was a problem hiding this comment.
inspect review
Triage: 38 entities analyzed | 0 critical, 0 high, 19 medium, 19 low
Verdict: standard_review
Findings (6)
- [low] In
analyze_local_pr, the function falls back to branch names when commit OIDs are missing, but then passes these potentially non-existent branch names toensure_local_pr_commitswhich checks if commits exist. If the PR is from a fork and only branch names are available (no OIDs), the branch names won't exist locally, causing the commit existence check to fail even though the function should attempt to fetch them first. - [low] In
ensure_local_pr_commits, when a commit doesn't exist and fetch fails, the function still checkscommit_existsagain at the end. However, if the fetch failed, the commits still won't exist, so the function will always return an error even though it already knows the fetch failed. The logic should short-circuit after attempting fetches rather than re-checking. - [low] In
runfunction in pr.rs, whenargs.base.is_some() || args.head.is_some()is true but only one of them is provided,analyze_explicit_rangewill return an error. However, the error is then passed through.and_then(|result| result.ok_or_else(|| "missing --base/--head".to_string()))which would never trigger becauseanalyze_explicit_rangealready returnsErrfor this case, notOk(None). The error message "missing --base/--head" is unreachable. - [low] In
ensure_local_pr_commits, whenbase_ref_nameis used to fetch but the commit still doesn't exist, the function tries to generate a fetch command usingbase_refwhich may be a commit OID (from the earlier fallback logic), not a branch name. Runninggit fetch origin <commit-oid>will fail. - [low] In
validate_review_mode, whenengine == ReviewEngine::Hostedandfetch != FetchSource::Local, the error message says to 'omit --fetch github', but the actual check isfetch != FetchSource::Localwhich would also trigger for any future fetch sources, making the error message potentially incorrect. - [low] In
analyze_explicit_range, when onlyheadis provided withoutbase, the function returnsErr("--head requires --base"). But when onlybaseis provided withouthead, it returnsErr("--base requires --head"). However, the outer logic inpr.rschecksargs.base.is_some() || args.head.is_some(), so if only base is provided, it enters this branch but then gets an error. TheOk(None)return path is only hit when both are None, but that case is already filtered out by the outer condition.
Reviewed by inspect | Entity-level triage found 0 high-risk changes
70b5be5 to
2a91198
Compare
There was a problem hiding this comment.
inspect review
Triage: 37 entities analyzed | 0 critical, 0 high, 18 medium, 19 low
Verdict: standard_review
Findings (5)
- [low] In
analyze_local_pr, the function falls back to branch names when commit OIDs are missing, but then passes these branch names toensure_local_pr_commitswhich expects commit SHAs. If the branch names don't exist as commits locally,commit_existswill fail even though the commits might exist under different refs. - [low] In
ensure_local_pr_commits, whencommit_exists(repo, base)returns false andbase_ref_nameis Some, the function attempts to fetch but doesn't verify the fetch actually made the base commit available. The function only checkscommit_existsagain after all fetches, so if the base_ref_name doesn't contain the base_ref_oid, the error message will be misleading. - [low] In
runfunction in pr.rs, whenargs.base.is_some() || args.head.is_some()is true but only one of them is provided,analyze_explicit_rangewill return an error. However, the code then calls.and_then(|result| result.ok_or_else(|| "missing --base/--head".to_string()))which would never trigger becauseanalyze_explicit_rangealready returnsErrfor this case, notOk(None). This creates unreachable error handling. - [low] In
analyze_explicit_range, whenbaseis None andheadis Some, the function returns an error. But whenbaseis Some andheadis None, it also returns an error. However, the function signature returnsResult<Option<ReviewResult>, String>and returnsOk(None)when both are None. This asymmetry means the caller's.ok_or_else()in pr.rs will never execute because all error cases already returnErr, notOk(None). - [low] In
ensure_local_pr_commits, when fetching the PR head ref fails, the function still checkscommit_exists(repo, head)whereheadis the original ref (potentially a branch name or OID). However, the fetch creates a new ref atrefs/remotes/inspect/pr-{number}, so the commit check should verify that the fetched ref exists, not the originalheadvalue.
Reviewed by inspect | Entity-level triage found 0 high-risk changes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--fetch local|githubPR content source selection and share GitHub PR analysis betweenprand localreview.--engine local|hostedreview execution selection so hosted review is no longer implied by--remote.inspect pr <n>use PR commit OIDs and a force-safepull/<n>/headfetch fallback.Closes #16
Test plan
rustfmt --edition 2021 --check crates/inspect-cli/src/commands/pr.rs crates/inspect-cli/src/commands/pr_source.rs crates/inspect-cli/src/commands/review.rscargo test --workspacecargo build -p inspect-clitarget/debug/inspect pr --helptarget/debug/inspect review --helptarget/debug/inspect pr 18 --fetch github --remote Ataraxy-Labs/inspect --format jsontarget/debug/inspect pr 18 --format jsontarget/debug/inspect review 18 --fetch github --remote Ataraxy-Labs/inspect --min-risk low --max-entities 0 --format jsontarget/debug/inspect review 18 --remote Ataraxy-Labs/inspect(expected error)target/debug/inspect review 18 --engine hosted --fetch github --remote Ataraxy-Labs/inspect(expected error)