Conversation
- Add contact email for vulnerability reporting - Document disclosure process with timeline - Include supported versions section - Add security best practices for contributors - Reference related security documentation Co-authored-by: openhands <openhands@all-hands.dev>
- Added Priority field (P1-P4) to all issue templates - Added Component field (Backend, Frontend, AI Engine, Database, etc.) to all templates - Updated bug_report.md, feature_request.md, config.md, documentation.md, and question.md This implements issue #704 requirements for structured task submission with custom fields.
Add structlog>=24.0.0 to: - ai-engine/pyproject.toml (dependencies) - ai-engine/setup.py (install_requires) - backend/setup.py (install_requires) This fixes the CI mutation testing failure (issue #738) where structlog was not being installed because it was only listed in requirements.txt but not in the package metadata used during pip install -e operations. Co-authored-by: openhands <openhands@all-hands.dev>
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes CI mutation testing failures caused by structlog not being included in Python package metadata used during CI installs.
Changes:
- Add
structlog>=24.0.0to backend package metadata (backend/setup.py). - Add
structlog>=24.0.0to AI Engine package metadata (ai-engine/setup.py,ai-engine/pyproject.toml). - Add a new
SECURITY.mdand expand GitHub issue templates with Priority/Component sections.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/setup.py | Adds structlog to backend install metadata so CI installs include it. |
| ai-engine/setup.py | Adds structlog to AI Engine setup.py install requirements. |
| ai-engine/pyproject.toml | Adds structlog to AI Engine PEP 621 dependencies. |
| SECURITY.md | Introduces a security policy document (new scope vs PR description). |
| .github/ISSUE_TEMPLATE/question.md | Adds Priority/Component checklists (new scope vs PR description). |
| .github/ISSUE_TEMPLATE/feature_request.md | Adds Priority/Component checklists (new scope vs PR description). |
| .github/ISSUE_TEMPLATE/documentation.md | Adds Priority/Component checklists (new scope vs PR description). |
| .github/ISSUE_TEMPLATE/config.md | Adds Priority checklist (new scope vs PR description). |
| .github/ISSUE_TEMPLATE/bug_report.md | Adds Priority/Component checklists (new scope vs PR description). |
Comment on lines
+1
to
+6
| # Security Policy | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly. | ||
|
|
There was a problem hiding this comment.
This PR introduces additional scope beyond the stated goal of fixing CI mutation testing (adds a new SECURITY.md). Please either update the PR description to cover this change or move the security policy addition into a separate PR to keep review/rollback focused.
Comment on lines
+9
to
+22
| **Priority** | ||
| - [ ] P1 - Critical: System completely broken, data loss | ||
| - [ ] P2 - High: Major functionality broken | ||
| - [ ] P3 - Medium: Minor functionality affected | ||
| - [ ] P4 - Low: Minor issue, cosmetic | ||
|
|
||
| **Component** | ||
| - [ ] Backend | ||
| - [ ] Frontend | ||
| - [ ] AI Engine | ||
| - [ ] Database | ||
| - [ ] Documentation | ||
| - [ ] CI/CD | ||
| - [ ] Other |
There was a problem hiding this comment.
These issue template changes (Priority/Component sections) are unrelated to the PR description about mutation testing/structlog. Please update the PR description to include them or split them into a separate PR to avoid mixing workflow changes with dependency fixes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes GitHub issue #738: 'CI: Mutation Testing failing due to missing structlog module'.
Problem
The mutation testing CI jobs for both backend and ai-engine were failing with:
Root Cause
The structlog module was listed in both and , but it was NOT included in the package metadata ( and ).
When the CI runs mutation testing, it uses for ai-engine which installs from the package metadata, NOT from requirements.txt. Since structlog wasn't in the package metadata, it wasn't being installed.
Fix
Added to:
This ensures structlog is installed regardless of whether the package is installed via or via requirements.txt.
Testing