Skip to content

docs: audit registry label vocabulary#1912

Merged
ascorbic merged 2 commits into
feat/plugin-registry-labelling-servicefrom
feat/labeller-02-vocabulary-audit
Jul 10, 2026
Merged

docs: audit registry label vocabulary#1912
ascorbic merged 2 commits into
feat/plugin-registry-labelling-servicefrom
feat/labeller-02-vocabulary-audit

Conversation

@ascorbic

@ascorbic ascorbic commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

Completes the Gate 0 audit for the registry label-vocabulary cutover.

  • Inventories current security:yanked, !takedown, raw verified, hydration, install/update, admin, and CLI behavior.
  • Defines a read-only production preflight and conditional Branch A/Branch B rollout.
  • Preserves signed history, requires collision-safe label-event identity, and handles batched label frames.
  • Makes SQL classification candidate-only; strict application parsing controls DID, AT URI, rkey, and RFC3339 decisions.
  • Defines fail-closed quarantine, old-consumer compatibility, rollback, patch inventory, and security tests.

Implements W0.3 from #1909. Branch A remains conditional on an authorized production preflight returning zero legacy rows.

Related to #1909 and #694.

Type of change

  • Bug fix
  • Feature (requires maintainer-approved Discussion)
  • Refactor (no behavior change)
  • Translation
  • Documentation
  • Performance improvement
  • Tests
  • Chore (dependencies, CI, tooling)

Checklist

  • I have read CONTRIBUTING.md
  • pnpm typecheck passes
  • pnpm lint passes
  • pnpm test passes (or targeted tests for my change)
  • pnpm format has been run
  • I have added/updated tests for my changes (if applicable)
  • User-visible strings in the admin UI are wrapped for translation (if applicable). Do not include messages.po changes except in translation PRs — a workflow extracts catalogs on merge to main.
  • I have added a changeset (if this PR changes a published package)
  • New features link to an approved Discussion: https://github.com/emdash-cms/emdash/discussions/...

Typecheck, repository tests, test changes, admin i18n, a changeset, and an approved Discussion are not applicable to this read-only audit PR.

AI-generated code disclosure

  • This PR includes AI-generated code — model/tool: OpenCode with GPT-5.6-sol and independent review subagents

Screenshots / test output

  • pnpm build passes with existing warnings
  • pnpm lint: 0 warnings and 0 errors
  • oxfmt check passes with the tracked .opencode ignore override
  • SQL structural screen: 19/19 cases pass
  • Expiry/quarantine policy: 10/10 cases pass
  • git diff --check passes
  • Final independent review reports no unresolved high/medium findings

Try this PR

Open a fresh playground →

A full working EmDash site, deployed from this branch. Each visit gets its own session-scoped sandbox: no login needed and no shared state. Try the admin, edit content, hit the public site.

Tracks feat/labeller-02-vocabulary-audit. Updated automatically when the playground redeploys.

@changeset-bot

changeset-bot Bot commented Jul 10, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 2da6d78

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

Copy link
Copy Markdown
Contributor

Scope check

This PR changes 508 lines across 1 files. Large PRs are harder to review and more likely to be closed without review.

If this scope is intentional, no action needed. A maintainer will review it. If not, please consider splitting this into smaller PRs.

See CONTRIBUTING.md for contribution guidelines.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
emdash-demo-do 2da6d78 Jul 10 2026, 12:24 PM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
emdash-playground 2da6d78 Jul 10 2026, 12:24 PM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
emdash-demo-cache 2da6d78 Jul 10 2026, 12:24 PM

@ascorbic ascorbic marked this pull request as ready for review July 10, 2026 12:09
@github-actions github-actions Bot added the review/needs-review No maintainer or bot review yet label Jul 10, 2026

@emdashbot emdashbot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the full diff: a single new planning/audit document at .opencode/plans/plugin-registry-labelling-service/gate-0/vocabulary-audit.md. This PR completes the Gate 0 audit for the registry label-vocabulary cutover (security:yankedsecurity-yanked).

Approach: This is the right artifact at the right time. A vocabulary cutover that touches signed history, multiple published packages, aggregator endpoints, the core install/update path, admin UI, and CLI requires an explicit inventory and preflight policy before any code changes land. The document fits cleanly into the existing .opencode/plans/plugin-registry-labelling-service/ tree alongside spec.md and implementation-plan.md, and it correctly represents the work as read-only documentation and a production-readiness gate, not an implementation PR.

What I checked:

  • Sampled the audit's line-anchored code references against the working tree: apps/aggregator/migrations/0001_init.sql, searchPackages.ts, views.ts, router.ts, listReleases.ts, getLatestRelease.ts, packages/core/src/api/handlers/registry.ts, packages/admin/src/components/RegistryPluginDetail.tsx, RegistryBrowse.tsx, packages/plugin-cli/src/commands/search.ts/info.ts, packages/registry-client/src/discovery/index.ts, packages/registry-lexicons, docs, and core tests.
  • All sampled references match the claimed lines/behavior (legacy security:yanked in SQL filter and core/admin checks, empty labels: [] views, CORS exposing atproto-accept-labelers instead of atproto-content-labelers, raw verified checks, missing acceptLabelers in React Query keys, etc.).
  • Verified the claim that canonical security-yanked does not appear outside the planning/spec files by searching the tree.
  • Walked the read-only preflight SQL mentally against the documented fixture cases. The conservative structural screen behaves as described; the text repeatedly requires strict application parsing before any migration action, which is the correct separation of concerns.
  • The file is in a tracked plans directory (.gitignore re-includes .opencode/plans/plugin-registry-labelling-service/**), consistent with the rest of the planning package.

Conclusion: No code is changed, no AGENTS.md conventions are violated by a documentation-only planning file, and the audit's claims about current code are accurate. No findings.

@github-actions github-actions Bot added review/approved Approved; no new commits since and removed review/needs-review No maintainer or bot review yet labels Jul 10, 2026
@github-actions github-actions Bot added review/needs-rereview Author pushed changes since the last review and removed review/approved Approved; no new commits since labels Jul 10, 2026
@ascorbic ascorbic merged commit 035889b into feat/plugin-registry-labelling-service Jul 10, 2026
8 checks passed
@ascorbic ascorbic deleted the feat/labeller-02-vocabulary-audit branch July 10, 2026 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cla: signed review/needs-rereview Author pushed changes since the last review size/XL

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant