Skip to content

fix(FocalPoint): add serde_json::json import, align clippy MSRV #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
KooshaPari wants to merge 35 commits into
base: main
Choose a base branch
from
Open

fix(FocalPoint): add serde_json::json import, align clippy MSRV #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
1fbd0d5
fix(FocalPoint): clean up garbage content in STATUS.md
KooshaPari May 6, 2026
adea91b
fix(FocalPoint): add serde_json::json import, align clippy MSRV to 1.82
KooshaPari May 6, 2026
9a774fa
fix: resolve lint/audit warnings in FocalPoint
KooshaPari May 6, 2026
2e22061
chore(hygiene): fix CI action SHAs, update crate count, remove stale …
KooshaPari May 6, 2026
99e0daa
chore(FocalPoint): add .dockerignore
KooshaPari May 6, 2026
a212e23
feat(FocalPoint): mock connectors + rule suggester + benchmark hygiene
KooshaPari May 6, 2026
d80636c
chore(FocalPoint): ignore scaffold FPL example scripts
KooshaPari May 7, 2026
1d28c48
docs(FocalPoint): expand spec.md to full specification
KooshaPari May 7, 2026
3cdc998
fix(FocalPoint): repair connector-gcal env-lock and connector-notion …
KooshaPari May 7, 2026
ca06f9b
chore(FocalPoint): remove duplicate spec.md
KooshaPari May 7, 2026
5cc0a41
ci: retrigger CI
KooshaPari May 7, 2026
1c74117
ci: retrigger CI
KooshaPari May 7, 2026
bfe430e
refactor(FocalPoint): normalize phenotype-observably-macros workspace…
KooshaPari May 7, 2026
0def71c
chore(FocalPoint): update Cargo.lock after workspace dep normalization
KooshaPari May 7, 2026
89e9b85
fix(FocalPoint): normalize cross-repo path dependencies
KooshaPari May 7, 2026
7ca2080
fix(FocalPoint): use local path for phenotyp-observably-macros dep
KooshaPari May 7, 2026
f3d983e
fix(FocalPoint): restore focus-always-on workspace member, regenerate…
KooshaPari May 7, 2026
7e71fe5
fix(ci): audit workflow — add permissions, timeout-minutes, pin SHA
KooshaPari May 7, 2026
4ff8826
fix(ci): deny workflow — add permissions, timeout-minutes, pin dtolna…
KooshaPari May 7, 2026
edcbc73
fix(ci): CI workflow — add permissions, timeouts, pin SHAs, remove ||…
KooshaPari May 7, 2026
4f3a0a5
fix(ci): journey-gate workflow — add permissions, remove || true swal…
KooshaPari May 7, 2026
3ff56e8
fix(ci): scorecard workflow — narrow permissions, add timeout, pin SHAs
KooshaPari May 7, 2026
6f9fb4d
fix(ci): trufflehog workflow — add permissions, pin SHA, fix broken s…
KooshaPari May 7, 2026
a71c2ce
fix(repo): update Rust edition 2024
KooshaPari May 7, 2026
52a492c
fix(ci): correct cargo-deny action version label and add missing vers…
KooshaPari May 7, 2026
3172d6c
fix(ci): pin all actions to latest SHA-verified versions
KooshaPari May 7, 2026
64db6c7
fix(ci): resolve annotated tag SHAs to actual commit SHAs
KooshaPari May 7, 2026
d6cce19
fix(connector-notion): fix vacuous test assertions for parse_task_wit…
KooshaPari May 7, 2026
1670420
fix(ci): pin Rust toolchain to 1.85 to match workspace MSRV
KooshaPari May 7, 2026
38bab10
chore(FocalPoint): exclude focus-ffi (UniFFI/Rust2024 incompatibility…
KooshaPari May 7, 2026
72df252
fix(ci): pin cargo-deny workflow toolchain to 1.85
KooshaPari May 7, 2026
f24239e
chore(FocalPoint): update Cargo.lock (remove focus-ffi) + continue ge…
KooshaPari May 7, 2026
5d4f1ee
fix(focus-mcp-server): update Message::text API for edition 2024
KooshaPari May 7, 2026
ca4087f
fix(FocalPoint): comprehensive lint/CI fixes — json macros, MSRV alig…
KooshaPari May 7, 2026
ba7c78a
chore: add missing governance files
KooshaPari May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
.git
.gitignore
*.md
.env*
!.env.example
# Build artifacts
target/
dist/
build/
Comment on lines +7 to +9
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial | 💤 Low value

Duplicate exclusion rules for target/ and build/.

target/ (Line 7) and build/ (Line 9) are already covered at the root level. **/build/ (Line 50) and **/target/ (Line 51) are redundant.

🔧 Proposed cleanup 
 # Java
 *.class
 **/.gradle
-**/build/
-**/target/
 **/.maven/

Also applies to: 50-51

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dockerignore around lines 7 - 9, The .dockerignore has duplicate exclusion
rules: the recursive globs '**/build/' and '**/target/' are redundant because
'build/' and 'target/' are already present; remove the redundant '**/build/' and
'**/target/' entries (the patterns named "**/build/" and "**/target/") so each
directory exclusion appears only once and avoid duplicate rules.

*.o
*.a
*.so
# IDE
.vscode/
.idea/
*.swp
.DS_Store
# Test/nested
**/node_modules
**/target
**/.pytest_cache
**/__pycache__
**/*.test
**/tests/
Comment thread
cursor[bot] marked this conversation as resolved.
Comment on lines +18 to +24
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

**/tests/ exclusion may break crates that use tests/ for shared fixtures.

Rust integration tests in a tests/ directory are compiled as separate binaries but may include fixture data or helper modules referenced from build.rs or example code. Excluding **/tests/ globally is broad; consider being explicit about what you want to exclude (e.g., coverage report outputs) rather than excluding entire test directories.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dockerignore around lines 18 - 24, The dockerignore currently excludes
"**/tests/" which is too broad and can break Rust crates or other projects that
rely on a tests/ tree for integration tests or shared fixtures; update the
.dockerignore to stop excluding the entire "**/tests/" directory and instead
exclude only the specific unwanted artifacts (e.g., coverage outputs, generated
test artifacts, or temporary files) so that real test sources and fixtures are
preserved while unwanted build/coverage files remain ignored.

# Logs
*.log
**/*.log
# Coverage reports
coverage/
.coverage
*.coverage
# Python virtual environments
venv/
env/
virtualenv/
# npm/yarn
package-lock.json
yarn.lock
pnpm-lock.yaml
# Rust
**/.cargo
**/Cargo.lock
Copy link
Copy Markdown

@cursor cursor Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dockerignore excludes Cargo.lock preventing reproducible builds

Medium Severity

The **/Cargo.lock pattern excludes the workspace Cargo.lock from the Docker build context. For a workspace containing binary targets (CLI tools, servers), this file is essential for deterministic, reproducible builds. Without it, cargo build inside Docker will resolve dependencies to whatever latest-compatible versions are available at build time, which may differ from what was tested locally or in CI.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 1d28c48. Configure here.

Comment on lines +41 to +42
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

**/Cargo.lock must not be excluded from the Docker build context.

Cargo.lock is what makes Rust builds reproducible. Excluding it means cargo build inside the container resolves dependencies from crates.io at build time, potentially pulling different patch versions than what passed CI. This silently breaks build reproducibility and can introduce regressions or security differences between local/CI builds and the resulting Docker image.

🐛 Proposed fix 
 # Rust
 **/.cargo
-**/Cargo.lock
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
**/.cargo
**/Cargo.lock
**/.cargo
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dockerignore around lines 41 - 42, The .dockerignore currently excludes the
Cargo.lock file via the pattern "**/Cargo.lock"; remove or comment out that
pattern so Cargo.lock is included in the Docker build context (leave other
ignores like "**/.cargo" intact). Ensure the entry "**/Cargo.lock" is deleted or
disabled in .dockerignore so cargo builds inside the image use the committed
Cargo.lock for reproducible dependency resolution.

# Go
go.sum
vendor/
go-build/
# Java
*.class
**/.gradle
**/build/
**/target/
**/.maven/
# Node.js
.next/
.nuxt/
/.output/
.dist/
# TypeScript
**/tsconfig.tsbuildinfo
# Docker compose
docker-compose.override.yml
# Local dev files
local.env
.env.local
# Temp files
*.tmp
*.temp
**/temp/
**/tmp/
5 changes: 5 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
blank_issues_enabled: true
contact_links:
- name: Phenotype org
url: https://github.com/KooshaPari
about: Other Phenotype-ecosystem repos and discussions
10 changes: 8 additions & 2 deletions .github/workflows/cargo-audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,17 @@ on:
schedule:
- cron: '37 5 * * 3'
workflow_dispatch:

permissions:
contents: read
actions: read

jobs:
audit:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.1.1
- uses: rustsec/audit-check@v2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
13 changes: 10 additions & 3 deletions .github/workflows/cargo-deny.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,24 @@ on:
schedule:
- cron: '0 9 * * 1'

permissions:
contents: read
actions: read

jobs:
cargo-deny:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
toolchain: 1.85

- name: Run cargo-deny
uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v6
uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17
with:
rust-version: stable
16 changes: 12 additions & 4 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,19 @@
name: CI
on: [push, pull_request]

permissions:
contents: read
actions: read

jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
toolchain: 1.85
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- run: cargo test --all-features --workspace
- run: cargo clippy --all-features -- -D warnings 2>/dev/null || cargo check
- run: cargo clippy --all-features -- -D warnings
11 changes: 8 additions & 3 deletions .github/workflows/journey-gate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@
default: 'false'
type: boolean

permissions:
contents: read

Check warning on line 48 in .github/workflows/journey-gate.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Move this read permission from workflow level to job level. 


See more on https://sonarcloud.io/project/issues?id=KooshaPari_FocalPoint&issues=AZ4BJjd2FregC6Rj-TR1&open=AZ4BJjd2FregC6Rj-TR1&pullRequest=61
actions: read

Check warning on line 49 in .github/workflows/journey-gate.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Move this read permission from workflow level to job level. 


See more on https://sonarcloud.io/project/issues?id=KooshaPari_FocalPoint&issues=AZ4BJjd2FregC6Rj-TR2&open=AZ4BJjd2FregC6Rj-TR2&pullRequest=61

env:
PHENOTYPE_JOURNEY_STRICT: ${{ inputs.strict_mode || 'true' }}

Expand All @@ -55,7 +59,7 @@

steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

# ---------------------------------------------------------------------
# 1. Install runtime dependencies
Expand Down Expand Up @@ -126,7 +130,7 @@
exit 1
fi

COUNT=$(echo "$MANIFESTS" | grep -c . || true)
COUNT=$(echo "$MANIFESTS" | grep -c .)
echo "MANIFEST_COUNT=$COUNT" >> $GITHUB_OUTPUT
echo "MANIFEST_LIST<<EOF" >> $GITHUB_OUTPUT
echo "$MANIFESTS" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -177,7 +181,7 @@
exit 1
fi
else
phenotype-journey assert "$manifest" || true
phenotype-journey assert "$manifest"
Copy link
Copy Markdown

@cursor cursor Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-strict journey assertions now fail the build

Medium Severity

Removing || true from phenotype-journey assert "$manifest" in the non-strict branch causes assertion violations to fail the workflow step. GitHub Actions uses set -e by default, so any non-zero exit code terminates the step. This contradicts the comment on the next line: "non-strict run — violations do not fail the build." Non-strict mode now behaves identically to strict mode.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 6f9fb4d. Configure here.

echo "(non-strict run — violations do not fail the build)"
fi
Comment on lines 183 to 186
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Stale comment now contradicts behavior — remove or update it.

The || true guard was intentionally removed so that phenotype-journey assert failures propagate in non-strict mode too (confirmed by the AI summary). However, the comment on the very next line still reads:

echo "(non-strict run — violations do not fail the build)"

GitHub Actions shells run with -eo pipefail by default, so a non-zero exit from phenotype-journey assert "$manifest" will fail the step in this branch. The stale comment actively misleads anyone reading or debugging this workflow.

🛠️ Proposed fix 
-              phenotype-journey assert "$manifest"
-              echo "(non-strict run — violations do not fail the build)"
+              phenotype-journey assert "$manifest"
+              echo "(non-strict run — assertion failures still fail the step)"

Or, if the intent is truly to keep non-strict mode advisory-only, restore the guard:

-              phenotype-journey assert "$manifest"
-              echo "(non-strict run — violations do not fail the build)"
+              phenotype-journey assert "$manifest" || true
+              echo "(non-strict run — violations do not fail the build)"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
else
phenotype-journey assert "$manifest" || true
phenotype-journey assert "$manifest"
echo "(non-strict run — violations do not fail the build)"
fi
else
phenotype-journey assert "$manifest"
echo "(non-strict run — assertion failures still fail the step)"
fi
Suggested change
else
phenotype-journey assert "$manifest" || true
phenotype-journey assert "$manifest"
echo "(non-strict run — violations do not fail the build)"
fi
else
phenotype-journey assert "$manifest" || true
echo "(non-strict run — violations do not fail the build)"
fi
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/journey-gate.yml around lines 183 - 186, The comment echo
"(non-strict run — violations do not fail the build)" is now stale because the
removed "|| true" makes phenotype-journey assert "$manifest" failures propagate;
update the workflow so the comment matches behavior by either restoring the "||
true" guard after the phenotype-journey assert "$manifest" command to make
violations advisory, or change/remove the echo line to reflect that
phenotype-journey assert failures will fail the step; locate the
phenotype-journey assert "$manifest" invocation and the following echo and apply
the chosen fix.

done
Expand Down Expand Up @@ -234,6 +238,7 @@
stub-mode:
name: Journey Gate — No Manifests Found
runs-on: ubuntu-latest
timeout-minutes: 10
needs: journey-gate
if: needs.journey-gate.result == 'failure' && needs.journey-gate.outputs.MANIFEST_COUNT == '0'
steps:
Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/scorecard.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,32 @@ on:
schedule:
- cron: "0 0 * * 0"

permissions: read-all
permissions:
contents: read
actions: read

jobs:
scorecard:
name: Scorecard analysis
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
security-events: write
id-token: write
contents: read
actions: read
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Run Scorecard
uses: ossf/scorecard-action@v2.4.4
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@0daab03d71ff584ef619d027a3fd9146679c5d84 # v3
with:
sarif_file: results.sarif
14 changes: 9 additions & 5 deletions .github/workflows/trufflehog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,18 @@ on:
branches: [main]
pull_request:

permissions:
contents: read
actions: read

jobs:
trufflehog:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- uses: trufflehog/actions/setup@main
- run: trufflehog github --only-verified --no-update
env:
#
- uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2
with:
extra_args: --only-verified --no-update
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,6 @@ pr_details.jsonl

# Rust build artifacts
/target

# Example FPL scripts (scaffold output)
/examples/fpl
4 changes: 2 additions & 2 deletions CLAUDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Connector-first screen-time management platform. Native iOS enforcement built on
## Stack
| Layer | Technology |
|-------|------------|
| Core | Rust (cargo workspace, 54+ crates) |
| Core | Rust (cargo workspace, 56 crates) |
| Mobile | Swift/SwiftUI (iOS native app) |
| Backend | Go (services/) |
| DB | SQLite, PostgreSQL, SurrealDB |
Expand Down Expand Up @@ -34,7 +34,7 @@ xcrun simctl list devices
```

## Key Files
- `crates/` — 54 Rust workspace crates
- `crates/` — 56 Rust workspace crates
- `apps/` — Application entry points (iOS, CLI, etc.)
- `services/` — Go backend services
- `tooling/` — Build and developer tooling
Expand Down
Loading
Loading