boma/docs/reviews
sjat 703f1716e5 review-repo: harden scanner, apply safe fixes, record first review
First /review-repo run on boma. Hardened repo-scan.py (no TODO.md/prose false
positives). Applied 7 safe fixes (DNS staleness x2, STATUS factual correction,
hosts.yml path generalisation, trunk-based wording x2, scripts/README). Recorded
the run and 17 open findings in docs/reviews/2026-05-30-*.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 19:10:58 +02:00
..
2026-05-30-findings.json review-repo: harden scanner, apply safe fixes, record first review 2026-05-30 19:10:58 +02:00
2026-05-30-review.md review-repo: harden scanner, apply safe fixes, record first review 2026-05-30 19:10:58 +02:00
latest.md review-repo: harden scanner, apply safe fixes, record first review 2026-05-30 19:10:58 +02:00
README.md Add /review-repo command with deterministic pre-scan and reviews store 2026-05-30 18:56:01 +02:00

docs/reviews/

Tracked output of the /review-repo command (one set of files per run). This is an audit trail — committed, not hand-edited. The command writes these files; don't edit them yourself.

Files per run

File Purpose
<YYYY-MM-DD>-review.md Human-readable report
<YYYY-MM-DD>-findings.json Machine-readable findings — used to diff new/recurring/resolved on the next run, and as the cron email payload
latest.md A copy of the most recent report (stable path for quick reference / email)

What a report contains

  • Run metadata — date and the commit SHA reviewed.
  • Summary — finding counts by dimension and severity.
  • Auto-fixes applied — what the run fixed (safe/obvious only), with a file list.
  • Open findings — prioritised, grouped by dimension; each with a location, a suggested fix, and a new / recurring / resolved tag (vs the previous run).
  • Follow-up prompt — a copy-pasteable prompt to act on the open findings.

The four review dimensions and the auto-fix safety rules live in .claude/commands/review-repo.md.