Skip to content

docs(future-improvements): refresh status (4 of 10 items shipped)#42

Merged
hyperpolymath merged 1 commit into
mainfrom
docs/future-improvements-status-refresh
May 26, 2026
Merged

docs(future-improvements): refresh status (4 of 10 items shipped)#42
hyperpolymath merged 1 commit into
mainfrom
docs/future-improvements-status-refresh

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 26, 2026

Summary

`FUTURE-IMPROVEMENTS.md` was written on 2026-02-08 when panic-attack was at v1.0.0, surveying ten Eclexia-scan-driven improvement ideas. We're now at v2.5.0; four of the ten items have shipped but the doc still presents them as future work.

This PR adds a status block at the top of the file and inline Status: SHIPPED markers on the four landed sections, with file/line evidence so a reader can verify the claims at a glance.

Shipped (4)

# Improvement Code reference
1 Test Code Exclusion `Analyzer::strip_cfg_test_modules_rs` — `src/assail/analyzer.rs:923-934`
2 Framework Detection Accuracy `Analyzer::detect_frameworks` — `src/assail/analyzer.rs:4993`
3 Safe Unwrap Variant Distinction `safe_unwrap_calls` field on `ProgramStatistics` / `FileStatistics` — `src/types.rs:451,518`
6 Differential Scanning `Commands::Diff` — `src/main.rs:483`; logic in `src/report/diff.rs`

Outstanding (6)

Preservation

  • The historical header (`Date: 2026-02-08`, `Tool version: panic-attack v1.0.0`) is preserved as a historical record of what was true at scan time.
  • A new `Audit refreshed: 2026-05-26` line records when this status update was performed.
  • Body text of each improvement section is unchanged — only the priority line on shipped items gets a "Status: SHIPPED" suffix.

Test plan

  • Markdown renders correctly (status table, inline markers)
  • All cited file:line locations grep clean against current main
  • Signed commit

Not in this PR

Acting on the now-unblocked items (#4, #10) is separate work. Filing this hygiene update first so future planning has accurate ground truth.

🤖 Generated with Claude Code

@hyperpolymath @claude
docs(future-improvements): refresh status (4 of 10 items shipped)
601fab3 
Add a status block at the top of FUTURE-IMPROVEMENTS.md showing which
of the ten Eclexia-scan improvements have shipped since the
2026-02-08 audit, with file/line evidence:

* #1 Test Code Exclusion — shipped via
  `Analyzer::strip_cfg_test_modules_rs` (`src/assail/analyzer.rs:923`)
* #2 Framework Detection Accuracy — shipped via
  `Analyzer::detect_frameworks` (`src/assail/analyzer.rs:4993`)
* #3 Safe Unwrap Variant Distinction — shipped via `safe_unwrap_calls`
  field on `ProgramStatistics`/`FileStatistics` (`src/types.rs:451,518`)
* #6 Differential Scanning — shipped via `Commands::Diff`
  (`src/main.rs:483`, `src/report/diff.rs`); also tracked in
  ROADMAP.adoc v2.2.0

Items #4 and #10 are noted as now-unblocked (their stated
dependencies on #1/#3 have landed). Items #5, #7, #8, #9 remain as
written.

Each shipped section gets an inline **Status: SHIPPED** marker so
section-first readers see the state without scrolling.

The historical header (Date: 2026-02-08, Tool version: v1.0.0) is
preserved; a "Audit refreshed: 2026-05-26" line is added.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath mentioned this pull request May 26, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026

🔍 Hypatia Security Scan

Findings: 50 issues detected

Severity Count
🔴 Critical 4
🟠 High 16
🟡 Medium 30

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Nickel file missing SPDX-License-Identifier header (1 occurrences, CWE-1104)",
    "type": "ncl_missing_spdx",
    "file": "/home/runner/work/panic-attack/panic-attack/reports/panic-attack-20260211180017.ncl",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (2 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/panic-attack/panic-attack/src/attestation/chain.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "unwrap_or(0) with dangerous default (1 occurrences, CWE-754)",
    "type": "unwrap_dangerous_default",
    "file": "/home/runner/work/panic-attack/panic-attack/src/attestation/evidence.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "unwrap_or(0) with dangerous default (1 occurrences, CWE-754)",
    "type": "unwrap_dangerous_default",
    "file": "/home/runner/work/panic-attack/panic-attack/src/ambush/mod.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "unwrap_or(0) with dangerous default (3 occurrences, CWE-754)",
    "type": "unwrap_dangerous_default",
    "file": "/home/runner/work/panic-attack/panic-attack/src/kanren/strategy.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "unwrap_or(0) with dangerous default (3 occurrences, CWE-754)",
    "type": "unwrap_dangerous_default",
    "file": "/home/runner/work/panic-attack/panic-attack/src/axial/mod.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "expect() in hot path (4 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/panic-attack/panic-attack/src/assail/analyzer.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (4 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/panic-attack/panic-attack/benches/scan_bench.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "expect() in hot path (2 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/panic-attack/panic-attack/benches/scan_bench.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath enabled auto-merge (squash) May 26, 2026 08:58
@hyperpolymath hyperpolymath merged commit 600f6fc into main May 26, 2026
23 of 24 checks passed
@hyperpolymath hyperpolymath deleted the docs/future-improvements-status-refresh branch May 26, 2026 09:00
hyperpolymath added a commit that referenced this pull request May 27, 2026
@hyperpolymath @claude
feat(sweep-tracker): hierarchical estate-sweep Markdown report (#62)
09b80f4 
## Summary

Adds `panic-attack sweep-tracker` subcommand — an issue-#32-shaped sweep
tracker derived from the per-finding (issue #33 S1) and campaign-state
(issue #33 S2) hexad stores. Complements (does not replace) the existing
per-finding `campaign status` table.

Distinct from `campaign status`:
- **Hierarchical**, not flat — grouped by repo and/or by category.
- **Estate summary** header: total findings, repos, criticals, highs,
  PR-filed, dismissed, open-no-PR.
- **Always sourced from the finding store**: a finding with no campaign
  hexad still appears (state `open`); `campaign status` shows only
  rows with a campaign event.

### CLI

```
panic-attack sweep-tracker [--verisimdb-dir DIR] [--output FILE]
                          [--by-repo | --by-category]
```

No flag = both sections. `--by-repo` / `--by-category` select one
section only (mutually exclusive via clap arg group).

### Output shape

```
# Estate sweep tracker

_Generated <ISO>_

**Estate summary**: N findings across R repos (C critical, H high).
M PR-filed, D dismissed, U open (no PR).

## By repo

### alpha (2 findings, 1 critical)
- [x] PA001 src/lib.rs:23 — pr-merged ([#42](https://github.com/...))
- [ ] PA004 src/ffi.rs:7  — open
...
```

### Determinism

- Repos sorted alphabetically.
- Findings within each repo sorted by `(rule_id, file, line,
finding_id)`.
- Categories sorted by `rule_id`.

## Implementation

- New module `src/sweep_tracker/` with public `render_report(base_dir,
shape)` and `ReportShape::{ByRepo, ByCategory, Both}` (default `Both`).
- Reuses `storage::load_finding_hexads` /
`storage::load_campaign_hexads`
  — no new I/O paths.
- New CLI variant `Commands::SweepTracker` wired in `src/main.rs`.
- 7 unit tests (1 extra above the spec floor of 5):
  empty-store, by-repo grouping, by-category grouping, campaign-state
  join (open / pr-merged / dismissed), deterministic ordering,
  both-shape ordering, PR-number label parser.

## Notes on base

This PR depends on issue-#33 S1 (`feat/issue-33-s1-finding-hexads`,
PR #55) and S2 (`feat/issue-33-s2-campaign-state`, PR #56) for the
loaders and `CampaignSemantic` type. Branched off the S2 tip so the
diff is minimal; base is `main` as standing policy. Once #55 and #56
land this PR's diff will narrow to just `src/sweep_tracker/` plus the
small wiring delta in `src/lib.rs` + `src/main.rs`.

## Test plan

- [x] `cargo test --lib` — 227 tests pass, including 7 new sweep_tracker
tests
- [x] `cargo clippy --all-targets -- -D warnings` clean
- [x] `cargo fmt --all -- --check` clean
- [ ] Smoke-test against a real `verisimdb-data/` produced by an
  assemblyline run with `PANIC_ATTACK_STORE_FINDING_HEXADS=1`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath