diff --git a/.github/MUW_REVIEW_REPLY.md b/.github/MUW_REVIEW_REPLY.md new file mode 100644 index 00000000..fd7af4d0 --- /dev/null +++ b/.github/MUW_REVIEW_REPLY.md @@ -0,0 +1,24 @@ +VERDICT: FLAG +VERDICT_SUMMARY: The PR adds a comprehensive MUW review lane, tracker templates, and automation wiring, but one default target points to the wrong repository and makes the core script unsafe by default. Workflow-level verification evidence is not attached in this branch, so rollout should be held until that default is corrected and one end-to-end dry run is captured. +EVIDENCE: + +1) Severity: High +- File/path: `.github/scripts/muw-review-lane.mjs` +- Evidence: `DEFAULT_REPO` is set to `Fearvox/EverOS` even though this repository remote is `EverMind-AI/EverOS`. +- Why it matters: Running the script without `--repo` can collect/post to the wrong project, creating data leakage risk and invalid review artifacts. +- Fix guidance: Change default to `EverMind-AI/EverOS` (or require explicit `--repo`) and add a guard that confirms current git remote matches the target repo before posting. + +2) Severity: Medium +- File/path: `.github/workflows/overnight-watch.yml`, `.github/workflows/linear-sync.yml`, `.github/workflows/sync-upstream.yml` +- Evidence: New automation workflows are introduced, but this branch does not provide a successful run artifact, dry-run log, or fixture-based script test proving safe behavior. +- Why it matters: These workflows can post comments/sync state automatically; missing proof increases risk of noisy or incorrect cross-system updates. +- Fix guidance: Attach one successful dry run per workflow (or script-level unit test evidence) in PR checks/comments before merge. + +3) Severity: Low +- File/path: `.github/ISSUE_TEMPLATE/pr_tracker.yml`, `.github/ISSUE_TEMPLATE/security_tracker.yml` +- Evidence: Templates are detailed and useful, but they introduce mandatory operational fields without a short onboarding note in CONTRIBUTING/docs. +- Why it matters: Contributors may submit incomplete triage data, reducing template effectiveness. +- Fix guidance: Add a short “how to use tracker templates” section in contributor docs with one minimal example. + +Residual verification gap: +- Confirm no credentials appear in generated context bundles after redaction by running the script against a test PR and scanning artifacts. diff --git a/AGENTS.md b/AGENTS.md index 9e5620c6..eb2f9c6f 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -152,3 +152,23 @@ Agents must not remove labels applied by humans or CI. Manual label changes can create Linear mirror noise. - `.github/workflows/overnight-watch.yml` powers the sleep-lane patrol. Do not edit it during an active sleep run unless the owner assigns that work. + +## Development Notes + +- All I/O is async; use `await`. +- EverCore is multi-tenant; data must remain tenant-scoped. +- Prompts live in `methods/EverCore/src/memory_layer/prompts/` with EN/ZH + variants. +- Prefer existing repo patterns and component boundaries before adding new + abstractions. + +## GitHub Agent Review Contract + +- GitHub Copilot, Codex, and other review agents should follow + `.github/copilot-instructions.md`. +- Start PR reviews with the MUW block: + `VERDICT: PASS / FLAG / BLOCK`, `VERDICT_SUMMARY:`, and `EVIDENCE:`. +- Do not mark a PR `PASS` from author summary alone; inspect the actual diff, + linked issue, and available checks first. +- Report actionable findings first, ordered by severity, with file/path, + evidence, impact, and fix guidance.