Conversation
- Introduce comprehensive documentation covering roadmap overview, architecture layers, phase priorities, and task indices. - Detail task documentation for improving architecture Q&A retrieval, adding risk radar rule engine, backlog analyzer, and other related tasks. - Include governance notes and visual roadmap graph for better project guidance.
…ency and organization.
- Delete `check-task-format.ps1`, `clean_double_frontmatter.py`, `ingest_to_postgres.py`, `new-junie-task.ps1`, and `normalize_tasks.py` as they are no longer in use. - These scripts were part of the legacy task format management system which has been replaced. - Cleanup helps maintain codebase relevancy and reduces
- Introduce templates for task execution rules and sprint prompt guidance. - Include disciplined approach to task implementation to ensure adherence to project constraints and objectives. - Document clear guidelines for maintaining focus and minimizing scope creep.
…t manual configurations and tests to support provider switching and enhance affordability. Update documentation and verify successful integration.
- Add `RetrievalTrace` class for structured logging of document selection. - Include feature name parameter in retrieval process to facilitate trace logging. - Update tests to accommodate trace feature and validation. - Modify architecture explain use case to include feature context. - Mark AI-EVAL-01 task as completed in documentation.
- Introduce `PromptAssemblyService` for assembling context from document chunks with tracing and character limit handling. - Add corresponding tests in `PromptAssemblyServiceTest` for validation of context assembly and truncation. - Integrate service into use cases including `ArchitectureExplainUseCase`, `AdrDriftUseCaseImpl`, `RetrospectiveUseCaseImpl`, and `RiskRadarUseCaseImpl`. - Implement and log `PromptAssemblyTrace` for detailed trace logging. - Update documentation for AI-EVAL-02 task completion.
- Implement tests for verifying deterministic retrieval logic without real LLM calls. - Update AI-EVAL-03 task documentation to reflect completion and results. - Ensure retrieval correctness for architecture IDs, ADRs, security topics, and hybrid ranking.
- Mark AI sprint tasks as completed with status updates in 'sprint-1.3-plan.md'. - Extend `AiProviderService` to include `getEvaluationChatModel`. - Update configurations in `application.properties` and respective YAML files to support evaluation with Ollama and OpenAI. - Modify task and sprint documentation files to include acceptance confirmation by author entries. - Enhance task governance templates with additional acceptance criteria. - Expand `AiProviderOllamaIntegrationTest` and `AiProviderServiceTest` for new evaluation model checks.
- Mark AI sprint tasks as completed with status updates in 'sprint-1.3-plan.md'. - Extend `AiProviderService` to include `getEvaluationChatModel`. - Update configurations in `application.properties` and respective YAML files to support evaluation with Ollama and OpenAI. - Modify task and sprint documentation files to include acceptance confirmation by author entries. - Enhance task governance templates with additional acceptance criteria. - Expand `AiProviderOllamaIntegrationTest` and `AiProviderServiceTest` for new evaluation model checks.
- Adjust `expected_excludes` lists across multiple benchmark YAML files for better task exclusion management. - Revise index file to optimize benchmark categorization structure. - Remove redundant benchmarks and obsolete task references to enhance clarity and maintain relevance.
- Set the `status`, `reviewer`, and `last_reviewed` fields to `draft`, `null`, and `null` respectively, across various benchmark YAML files. - Modify `expected_excludes` lists to adjust task references in benchmark files. - Introduce `REVIEW_WORKFLOW.md` to define the lifecycle and review process for benchmark tests.
- Implement 2s debounce and immediate parsing on Enter to improve typing experience. - Stabilize tests by replacing `fakeAsync` with async/await. - Update documentation and confirm task completion in sprint-1.3-plan.md.
- Implement route separation for `/architecture` and `/architecture-demo` to distinct internal and demo pages. - Use `PageHeaderComponent` to standardize architecture page layout. - Update Playwright e2e tests to reflect layout changes. - Confirm task completion with updates to documentation and sprint plan.
- Refactor `ai-architecture.spec.ts` to improve navigation by checking visibility before toggling the hamburger menu. - Update `sidenav.component.ts` to properly handle Sidenav interactions on mobile devices. - Add AI response mock in
- Change `ArchitectureDemoPageComponent` and `ArchitectureLandingPageComponent` to conditionally display the docs link based on admin access. - Refactor `authService` visibility to public for both components. - Add e2e tests in `architecture-rbac.spec.ts` to verify proper link visibility across different user roles. - Update documentation to reflect changes and testing instructions.
- Added `AI Task Contract Standard`, `Junie Execution Prompt Template`, `Task Template v2`, sprint execution orders, and task contract linter README for improved reliability in AI task execution. - Updated sprint plans and task governance docs to integrate the new Task Contract standard.
- Restore and integrate multiple task contract markdown files for various AI tasks. - Introduce `lint_task_contracts.py` script to ensure compliance with task standard structure. - Implement `lint_task_contracts_autofix.py` for automatic repair of missing sections in task markdown files. - Refactor task files to improve organization and adhere to the latest task contract and governance standards.
- Add a workflow to validate Junie task files against Task Contract standards on pull requests. - Correct script paths in governance documentation. - Ensure automatic failure on contract violations and provide local run documentation.
- Rearrange and document Sprint 1.4 tasks for improved clarity. - Introduce new task prompt file for AI-EVAL-05 and guidelines for execution. - Correct script paths in lint and autofix task contract scripts. - Update linter rules for stricter contract compliance, including newly required sections. - Establish GitHub workflow for task contract validation. - Include missing metadata in AI-GOV-03 task.
…nd intelligence dashboards with new components and features.
…s and components. Implement NotFound component and streamline reCAPTCHA handling.
- Add tests for specific Ollama errors and enhance error messages with hints for resolution. - Modify exception handling in `OllamaManualConfig` and `EmbeddingService` to provide more informative error feedback. - Update connectivity checks to differentiate between providers and offer actionable solutions.
…ctural cleanup and orchestration improvements - Create detailed markdown files for each task within Sprint 1.6A, focusing on architecture stability, copilot orchestration, routing contracts, and intelligence systems. - Outline goals, scope, acceptance criteria, and technical review guidance for all tasks to support clear implementation and verification processes. - Ensure consistent task formatting and inclusion of critical metadata to maintain high governance standards.
- Create documentation for splitting Epic and Intelligence dashboards, defining tasks and acceptance criteria. - Develop Copilot workspace with mode-based UI and messaging in the frontend. - Introduce ConfidenceBand and CopilotContextMode enums in backend to handle capabilities. - Add services for context orchestration in the backend, including routing for AI-driven interactions.
…rvice, and adjust timeouts for improved performance.
…ties, and refine issue details for improved code maintainability.
…details, ensuring accurate records.
…Sonar issue records with new export data and integrate refined critical and major code smells.
- Use AiCallParams for improved method calls. - Add path validation for task resolution. - Update tests for precision and coverage improvements. - Improve CSS for risk card titles with line clamping.
…credit message field, add logging enhancements, and update language translations. - Boost RiskRuleEngine unit tests: Exclude management files and improve task-based risk analysis. - Enhance loading state for AI dashboard health indicator: Grayout health indicator during loading, utilize "Calculating..." text, and update translations.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| }; | ||
|
|
||
| results.push(formattedRecord); | ||
| fs.writeFileSync(filePath, JSON.stringify(results, null, 2), 'utf8'); |
Check failure
Code scanning / CodeQL
Potential file system race condition High
| (globalThis as any)._recaptchaCspViolationDetected = true; | ||
| globalThis.addEventListener('securitypolicyviolation', (e: Event) => { | ||
| const violationEvent = e as unknown as { blockedURI?: string, violatedDirective?: string, originalPolicy?: string }; | ||
| if (violationEvent.blockedURI && (violationEvent.blockedURI.includes('recaptcha') || violationEvent.blockedURI.includes('gstatic.com'))) { |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
In general, the fix is to stop using substring checks on the full URL and instead parse the URL and inspect its host (and, if needed, path) against an explicit allowlist. This ensures that the matched string actually refers to the domain you expect, not an arbitrary location inside the URL.
For this specific case in frontend/src/app/services/google-recaptcha.service.ts, we should:
- Parse
violationEvent.blockedURIwith the standardURLconstructor in atry/catch. - Extract the
hostnamefrom that parsed URL. - Check the hostname against a small allowlist of known reCAPTCHA-related domains (e.g.
www.google.com,www.gstatic.com,www.recaptcha.net,www.googlerecaptcha.net, andwww.gstatic.cncommonly used by reCAPTCHA), and/or check for a suffix.google.com,.gstatic.com,.recaptcha.net, etc. - Only set
_recaptchaCspViolationDetectedand log the special[RECAPTCHA_CSP_VIOLATION]marker when the hostname belongs to that allowlist. If parsing fails, we can conservatively fall back to the existing substring behavior or simply skip marking it as a reCAPTCHA violation; here, using a safe suffix-based host check is preferable.
Concretely, we will replace the if (violationEvent.blockedURI && (violationEvent.blockedURI.includes('recaptcha') || violationEvent.blockedURI.includes('gstatic.com'))) condition with a small block that parses the URL, extracts hostname, and then uses a helper function inside the same method to determine whether the hostname belongs to reCAPTCHA/Google static domains using exact matches and safe suffix checks (e.g. hostname === 'www.gstatic.com' or hostname.endsWith('.gstatic.com')). No additional imports are needed because URL is available in the browser/global environment where this Angular service runs.
| @@ -59,7 +59,38 @@ | ||
| if (globalThis.addEventListener) { | ||
| globalThis.addEventListener('securitypolicyviolation', (e: Event) => { | ||
| const violationEvent = e as unknown as { blockedURI?: string, violatedDirective?: string, originalPolicy?: string }; | ||
| if (violationEvent.blockedURI && (violationEvent.blockedURI.includes('recaptcha') || violationEvent.blockedURI.includes('gstatic.com'))) { | ||
| const blockedUri = violationEvent.blockedURI; | ||
| let isRecaptchaResource = false; | ||
|
|
||
| if (blockedUri) { | ||
| try { | ||
| const url = new URL(blockedUri); | ||
| const hostname = url.hostname.toLowerCase(); | ||
|
|
||
| const recaptchaHosts = [ | ||
| 'www.google.com', | ||
| 'www.gstatic.com', | ||
| 'www.recaptcha.net', | ||
| 'www.googlecnapps.cn', | ||
| 'www.gstatic.cn', | ||
| 'www.google.com.hk' | ||
| ]; | ||
|
|
||
| if (recaptchaHosts.includes(hostname) || | ||
| hostname.endsWith('.google.com') || | ||
| hostname.endsWith('.gstatic.com') || | ||
| hostname.endsWith('.recaptcha.net') || | ||
| hostname.endsWith('.googlecnapps.cn') || | ||
| hostname.endsWith('.gstatic.cn')) { | ||
| isRecaptchaResource = true; | ||
| } | ||
| } catch { | ||
| // Fallback: if blockedUri is not a valid URL, avoid unsafe substring checks | ||
| isRecaptchaResource = false; | ||
| } | ||
| } | ||
|
|
||
| if (isRecaptchaResource) { | ||
| (globalThis as unknown as { _recaptchaCspViolationDetected: boolean })._recaptchaCspViolationDetected = true; | ||
| console.error('[RECAPTCHA_CSP_VIOLATION] CSP blocked a reCAPTCHA resource:', { | ||
| blockedURI: violationEvent.blockedURI, |
|
|
||
| // Wait for AI response | ||
| const resultRoot = page.locator('app-ai-result'); | ||
| await waitForAiSettled(page, resultRoot, 60000); |
Check warning
Code scanning / CodeQL
Superfluous trailing arguments Warning test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
In general, to fix a “superfluous trailing arguments” issue, remove any extra arguments at the call site that are not accepted or used by the callee function. This keeps the call signature aligned with the function definition and eliminates misleading, no-op values.
For this specific case, waitForAiSettled is being called with three arguments on line 21: page, resultRoot, and 60000. CodeQL indicates that the third argument is not used by waitForAiSettled. To fix this without changing existing functionality, we should delete the 60000 argument and leave the first two arguments intact. No other logic in the test depends on this value; timeouts elsewhere are handled explicitly via Playwright’s own APIs. The only required edit is in frontend/e2e/deterministic-ai.spec.ts, replacing the line that calls waitForAiSettled so that it only passes page and resultRoot. No new imports, methods, or definitions are needed.
| @@ -18,7 +18,7 @@ | ||
|
|
||
| // Wait for AI response | ||
| const resultRoot = page.locator('app-ai-result'); | ||
| await waitForAiSettled(page, resultRoot, 60000); | ||
| await waitForAiSettled(page, resultRoot); | ||
|
|
||
| // Check for structure (Principles and Drifts panels) | ||
| await expect(page.locator('mat-expansion-panel').first()).toBeVisible(); |
| import crypto from 'crypto'; | ||
| import fs from 'fs'; | ||
| import path from 'path'; | ||
| import os from 'os'; |
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
To fix an unused import, you remove the import statement (or the specific unused specifier) so that only actually used modules remain. This improves readability and avoids misleading future maintainers into thinking there’s OS-dependent logic here.
In this file, the best, non-invasive fix is to delete the line import os from 'os'; at the top of frontend/e2e/helpers/ai-regression.ts. No other code changes are needed, since nothing in the shown snippet refers to os. We do not add any new methods or imports; we only remove the unused one.
| @@ -1,7 +1,6 @@ | ||
| import crypto from 'crypto'; | ||
| import fs from 'fs'; | ||
| import path from 'path'; | ||
| import os from 'os'; | ||
| import type { Locator, Page, TestInfo } from '@playwright/test'; | ||
| import { expect } from '@playwright/test'; | ||
| import { ERROR_PATTERNS, MIN_VISIBLE_RESPONSE_LENGTH } from '../data/ai-regression.config'; |
|
|
||
| export async function selectProvider(page: Page, provider: string): Promise<void> { | ||
| // Use lower case for URL if needed, but the UI expects specific strings | ||
| const targetProvider = provider.toLowerCase(); |
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
In general, unused variables should either be removed or actually used. Here, computing targetProvider is not used anywhere, and the code already uses provider directly to perform a case-insensitive match with a regular expression, so there is no missing behavior that needs to be wired in.
The best minimal fix is to remove the declaration of targetProvider on line 398 and its associated comment, leaving the rest of the function unchanged. No new imports, methods, or definitions are needed. Edit frontend/e2e/helpers/ai-regression.ts in the selectProvider function, deleting the comment on line 397 and the const targetProvider = provider.toLowerCase(); line on 398. All other lines remain as they are.
| @@ -394,9 +394,8 @@ | ||
| } | ||
|
|
||
| export async function selectProvider(page: Page, provider: string): Promise<void> { | ||
| // Use lower case for URL if needed, but the UI expects specific strings | ||
| const targetProvider = provider.toLowerCase(); | ||
|
|
||
|
|
||
| await page.goto('/admin/ai-settings'); | ||
| // Diagnostic: if it fails, let's see why | ||
| const selector = page.getByTestId('provider-selector'); |
| import { provideNoopAnimations } from '@angular/platform-browser/animations'; | ||
| import { TranslateModule } from '@ngx-translate/core'; | ||
| import { describe, it, expect, beforeEach, vi } from 'vitest'; | ||
| import { TranslateModule, TranslateService } from '@ngx-translate/core'; |
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
To fix the problem, remove the unused TranslateService symbol from the import while keeping the used TranslateModule. This eliminates the unused import without changing any test behavior.
Concretely, in frontend/src/app/components/admin-docs/admin-docs.component.spec.ts, update line 6 to import only TranslateModule from @ngx-translate/core. No other code changes are needed, and no additional methods or imports are required.
| @@ -3,7 +3,7 @@ | ||
| import { AuthService } from '../../services/auth.service'; | ||
| import { AdminService, IndexingStatus } from '../../services/admin.service'; | ||
| import { provideNoopAnimations } from '@angular/platform-browser/animations'; | ||
| import { TranslateModule, TranslateService } from '@ngx-translate/core'; | ||
| import { TranslateModule } from '@ngx-translate/core'; | ||
| import { provideRouter } from '@angular/router'; | ||
| import { signal } from '@angular/core'; | ||
| import { of, throwError, Subject } from 'rxjs'; |
frontend/src/app/components/ai-trace-viewer/ai-trace-viewer.component.ts
Fixed
Show fixed
Hide fixed
| import { AiIntelligenceService } from '../../services/ai-intelligence.service'; | ||
| import { AiSuggestionsService } from '../../services/ai-suggestions.service'; | ||
| import { AuthService } from '../../services/auth.service'; | ||
| import { OutlookStatus, EngineeringSignalSeverity, Role } from '../../models/taxonomy.model'; |
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
To fix the problem, the unused symbol should be removed from the import statement while leaving the used imports (OutlookStatus and Role) intact. This eliminates the unused import without affecting any existing functionality.
Concretely, in frontend/src/app/features/intelligence/engineering-intelligence-dashboard.component.spec.ts, edit the import on line 13 so that it only imports OutlookStatus and Role, dropping EngineeringSignalSeverity. No other code changes or additional imports are needed, since nothing in this spec file uses EngineeringSignalSeverity.
| @@ -10,7 +10,7 @@ | ||
| import { AiIntelligenceService } from '../../services/ai-intelligence.service'; | ||
| import { AiSuggestionsService } from '../../services/ai-suggestions.service'; | ||
| import { AuthService } from '../../services/auth.service'; | ||
| import { OutlookStatus, EngineeringSignalSeverity, Role } from '../../models/taxonomy.model'; | ||
| import { OutlookStatus, Role } from '../../models/taxonomy.model'; | ||
| import { describe, it, expect, beforeEach, vi } from 'vitest'; | ||
|
|
||
| import '../../../test'; |
frontend/src/app/features/intelligence/engineering-intelligence-dashboard.component.ts
Fixed
Show fixed
Hide fixed
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
Qodana Community for JVM27 new problems were found
💡 Qodana analysis was run in the pull request mode: only the changed files were checked View the detailed Qodana reportTo be able to view the detailed Qodana report, you can either:
To get - name: 'Qodana Scan'
uses: JetBrains/qodana-action@v2024.3.4
with:
upload-result: trueContact Qodana teamContact us at qodana-support@jetbrains.com
|
… to streamline dependency management and improve maintainability.
…e project details, and enrich export data for better maintainability tracking.
…for enhanced error handling and retry logic.
…ility, optimize database type detection, and streamline conversion to `toList` for collections.
…tend and backend code: replace RuntimeException with AiException, introduce utility functions in copilot-component, enhance test coverage, and improve CSS for better accessibility.
…ment; optimize regex parsing; implement `toList` conversion in DTOs.
…lity, introduce utility functions for task filtering in delivery forecaster, simplify SprintRiskPredictor logic, and streamline RiskRadar enhancements.
…ception` with specific exceptions, remove `GuardrailExceptionRepository`, optimize ADR content retrieval, and improve test consistency.
…tingIntegrationTest`, replace `EnumMap` with `HashMap` for `CopilotUseCaseRegistry`, introduce additional debug logging in `DataInitializerService`, update `DocStartupTask` logs, and optimize password encoder for tests in `SecurityConfig`.
…in tests, update constructor injection, use `CompletableFuture` for async operations, refactor switch statements, and improve code readability across multiple modules.
…ext()` in JSON nodes, reorganize animation transitions, adjust async animation provision, improve parameter
…place `asText()` with `asString()`, consolidate animation states, switch to async animations, and improve type casting in metadata handling.
…, improve form control handling with optional chaining, and update `.gitignore`.
| @@ -0,0 +1,65 @@ | |||
| import { ComponentFixture, TestBed } from '@angular/core/testing'; | |||
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 days ago
In general, unused imports should be removed from the import list, leaving only the symbols that are actually used. This improves readability and avoids static analysis warnings.
The best minimal fix here is to adjust the import on line 1 of frontend/src/app/components/tasks/task-action-bottom-sheet.component.spec.ts so that it only imports TestBed from @angular/core/testing. No other changes are needed because the code never references ComponentFixture.
Concretely:
- In
frontend/src/app/components/tasks/task-action-bottom-sheet.component.spec.ts, update the first import line to removeComponentFixturefrom the destructuring import. - Keep
TestBedas-is since it is used increateComponent.
No additional methods, imports, or definitions are required.
| @@ -1,4 +1,4 @@ | ||
| import { ComponentFixture, TestBed } from '@angular/core/testing'; | ||
| import { TestBed } from '@angular/core/testing'; | ||
| import { TaskActionBottomSheetComponent } from './task-action-bottom-sheet.component'; | ||
| import { MatBottomSheetRef, MAT_BOTTOM_SHEET_DATA } from '@angular/material/bottom-sheet'; | ||
| import { TranslateModule } from '@ngx-translate/core'; |
…th `deleteAllInBatch()` in repositories, introduce exception handling for bean resolution, configure custom HTTP client for OpenAI integration, update Fargate task definitions with PostgreSQL setup, and standardize logging levels.
… variable handling in deployment scripts and tests, introduce .env file loading in PowerShell script, adjust E2E test setup for missing environment variables, and increase batch size for embedding service.
… parallelism, adjust Fargate memory allocation, refine AI path rate limiting, and update task definitions.
…I tasks, update ALB timeout, and clarify Nginx usage in guidelines to resolve AI performance issues and 504 errors.
… Enhanced `QuickAddParseUseCase` to include `{currentDate}` variable for better date resolution in prompts. Modified `quick
2 participants
UX / UI Change PR
Scope
Acceptance criteria (must be explicit)
What changed (systemic first)
Screens / viewports verified
UX Regression Checklist (must all be ✅)
Theme & contrast
mat-icon-button+ destructive actions)Mobile space & layout
Responsive patterns
Maintainability
!important(or justified below)Justifications (required if any)
!importantadded because: