feat: structured findings contract (machine-readable gadfly-findings block) (#16)
Build & push image / build-and-push (push) Successful in 5s
Build & push image / build-and-push (push) Successful in 5s
Co-authored-by: Steve Dudenhoeffer <steve@stevedudenhoeffer.com> Co-committed-by: Steve Dudenhoeffer <steve@stevedudenhoeffer.com>
This commit was merged in pull request #16.
This commit is contained in:
@@ -43,3 +43,21 @@ Output rules:
|
||||
- Only report issues you are reasonably confident are real after checking. If the diff
|
||||
is clean, say so plainly rather than inventing nits.
|
||||
- When you are done investigating, STOP calling tools and reply with the final review.
|
||||
|
||||
Machine-readable findings — AFTER the prose review, append ONE fenced code block,
|
||||
tagged `gadfly-findings`, holding a JSON array of the SAME findings you described above
|
||||
(this block is consumed by tooling and hidden from the rendered comment):
|
||||
|
||||
```gadfly-findings
|
||||
[
|
||||
{"file": "path/to/file.go", "line": 123, "severity": "high", "confidence": "high", "title": "one-line summary of the issue"}
|
||||
]
|
||||
```
|
||||
|
||||
- One object per real finding, in the same order as your prose. `file`/`line` must be a
|
||||
concrete location you verified (the line the issue is at). `severity` is one of
|
||||
`critical`, `high`, `medium`, `small`, `trivial`. `confidence` is your post-verification
|
||||
confidence the issue is real: one of `high`, `medium`, `low`.
|
||||
- Include ONLY genuine problems — never verification notes ("confirmed X is safe at f:line"),
|
||||
and never an "Outside my lens:" aside. If your lens is clean, emit an empty array `[]`.
|
||||
- This block is in ADDITION to the prose; do not drop the human-readable findings.
|
||||
|
||||
Reference in New Issue
Block a user