sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/docs/reviews/2026-05-30-findings.json
sjat 703f1716e5 review-repo: harden scanner, apply safe fixes, record first review 
First /review-repo run on boma. Hardened repo-scan.py (no TODO.md/prose false
positives). Applied 7 safe fixes (DNS staleness x2, STATUS factual correction,
hosts.yml path generalisation, trunk-based wording x2, scripts/README). Recorded
the run and 17 open findings in docs/reviews/2026-05-30-*.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 19:10:58 +02:00

34 lines
5.2 KiB
JSON
Raw Permalink Blame History

{
"date": "2026-05-30",
"reviewed_commit": "de38d1c",
"mode": "on-demand",
"counts": {"auto_fixed": 7, "open": 17},
"auto_fixed": [
{"id": "F-dns-readme", "dimension": "consistency", "severity": "high", "location": "README.md:74", "description": "terraform/ tree comment claimed 'infra DNS'", "fix": "changed to 'no DNS'"},
{"id": "F-dns-adr003", "dimension": "consistency", "severity": "high", "location": "docs/decisions/003-toolchain.md:137", "description": "closing line claimed Terraform does 'infrastructure DNS'", "fix": "changed to 'only (no DNS)'"},
{"id": "F-status-hosts", "dimension": "drift", "severity": "medium", "location": "STATUS.md:31", "description": "hosts.yml described as 'commented examples'", "fix": "now 'structured stubs with empty host maps'"},
{"id": "F-claude-hosts", "dimension": "consistency", "severity": "medium", "location": "CLAUDE.md:149", "description": "don't-modify bullet named only production", "fix": "generalised to inventories/<env>"},
{"id": "F-newrole-pr", "dimension": "drift", "severity": "low", "location": "docs/runbooks/new-role.md:80", "description": "PR/merge-request comment", "fix": "trunk-based merge note"},
{"id": "F-contrib-mr", "dimension": "drift", "severity": "low", "location": "CONTRIBUTING.md:51", "description": "'before opening a merge request'", "fix": "'before committing or merging to main'"},
{"id": "F-scripts-readme", "dimension": "cruft", "severity": "medium", "location": "scripts/README.md", "description": "3 scripts undocumented", "fix": "added entries for vault-pass-client.sh, check-vault-encrypted.sh, repo-scan.py"}
],
"open": [
{"id": "R1", "dimension": "consistency", "severity": "high", "location": "docs/decisions/005-bootstrapping.md:64-65", "description": "control-node setup still uses cp .vault_pass", "status": "new", "auto_fixable": false},
{"id": "R2", "dimension": "drift", "severity": "high", "location": "docs/runbooks/new-host.md:6", "description": "prerequisite references .vault_pass file", "status": "new", "auto_fixable": false},
{"id": "R3", "dimension": "drift", "severity": "high", "location": "docs/runbooks/new-host.md:129-130", "description": "'place .vault_pass' step", "status": "new", "auto_fixable": false},
{"id": "R4", "dimension": "drift", "severity": "medium", "location": "CONTRIBUTING.md:32-33", "description": "secrets section describes .vault_pass sharing", "status": "new", "auto_fixable": false},
{"id": "R5", "dimension": "drift", "severity": "medium", "location": "AGENTS.md:16", "description": "'never commit .vault_pass' names a removed file", "status": "new", "auto_fixable": false},
{"id": "R6", "dimension": "consistency", "severity": "high", "location": "docs/decisions/003-toolchain.md, docs/decisions/008-testing.md", "description": "CI pipelines assume PR-to-main + approval gates vs trunk-based docs", "status": "new", "auto_fixable": false},
{"id": "R7", "dimension": "consistency", "severity": "medium", "location": "CLAUDE.md:151", "description": "'push to main' forbidden contradicts trunk-based policy above", "status": "new", "auto_fixable": false},
{"id": "R8", "dimension": "conformance", "severity": "high", "location": "roles/", "description": "base/docker_host empty dirs not tracked by git; site.yml would error on a clean clone", "status": "new", "auto_fixable": false},
{"id": "R9", "dimension": "conformance", "severity": "medium", "location": "terraform/environments/*/main.tf", "description": "vlan_tag never passed; VMs land untagged vs ADR-007 srv VLAN", "status": "new", "auto_fixable": false},
{"id": "R10", "dimension": "conformance", "severity": "low", "location": "backend.tf, Makefile, .scaffold/molecule.yml", "description": "<owner>/<repo> placeholders unresolved", "status": "new", "auto_fixable": false},
{"id": "R11", "dimension": "cruft", "severity": "medium", "location": "Makefile new-role + .scaffold/converge.yml", "description": "ROLE_NAME_PLACEHOLDER never substituted", "status": "new", "auto_fixable": false},
{"id": "R12", "dimension": "conformance", "severity": "low", "location": "Makefile:154", "description": "echo \\n not expanded in sh; use printf", "status": "new", "auto_fixable": false},
{"id": "R13", "dimension": "drift", "severity": "low", "location": "CLAUDE.md:93", "description": "group_vars tree lists control/ which does not exist", "status": "new", "auto_fixable": false},
{"id": "R14", "dimension": "consistency", "severity": "low", "location": "docs/decisions/006-terraform.md:40", "description": "'No Galaxy roles' reused in Terraform section", "status": "new", "auto_fixable": false},
{"id": "R15", "dimension": "consistency", "severity": "low", "location": "docs/decisions/001-architecture.md:22", "description": "DNS row reads present-tense though dns role unbuilt", "status": "new", "auto_fixable": false},
{"id": "R16", "dimension": "consistency", "severity": "low", "location": "docs/decisions/001-architecture.md:42", "description": "'monitoring agent' baseline not in ADR-002", "status": "new", "auto_fixable": false},
{"id": "R17", "dimension": "conformance", "severity": "low", "location": "playbooks/bootstrap.yml:12-16", "description": "raw python install hardcodes changed_when: false", "status": "new", "auto_fixable": false}
]
}
Reference in a new issue View git blame Copy permalink