From 54949c37fd639cb767d18af5bf1d9d33885c32ee Mon Sep 17 00:00:00 2001 From: mkdev11 Date: Thu, 4 Jun 2026 08:27:13 +0200 Subject: [PATCH 1/4] feat(signals): add contribution policy snapshot API --- src/api/routes.ts | 27 +++++- src/signals/focus-manifest-loader.ts | 8 +- test/integration/api.test.ts | 119 ++++++++++++++++++++++++ test/unit/focus-manifest-loader.test.ts | 3 +- 4 files changed, 154 insertions(+), 3 deletions(-) diff --git a/src/api/routes.ts b/src/api/routes.ts index 0b032b6a..11945cdf 100644 --- a/src/api/routes.ts +++ b/src/api/routes.ts @@ -175,7 +175,8 @@ import { buildContributorOpenPrMonitor } from "../signals/contributor-open-pr-mo import { buildPullRequestReviewability, type PullRequestReviewability } from "../signals/reward-risk"; import { buildLocalBranchAnalysis, findCurrentBranchPullRequest } from "../signals/local-branch"; import { MAX_LOCAL_SCORER_WARNING_CHARS, MAX_LOCAL_SCORER_WARNING_COUNT } from "../signals/local-scorer-diagnostics"; -import { loadRepoFocusManifest } from "../signals/focus-manifest-loader"; +import { compileFocusManifestPolicy } from "../signals/focus-manifest"; +import { loadRepoFocusManifest, upsertRepoFocusManifest } from "../signals/focus-manifest-loader"; import { buildRepoSettingsPreview } from "../signals/settings-preview"; import { buildGittensorConfigRecommendation, buildRegistrationReadiness, type InstallationHealthSummary } from "../signals/registration-readiness"; import { fileUpstreamDriftIssues, loadUpstreamStatus, refreshUpstreamDrift, registryHyperparameterDriftWarningsForRepo } from "../upstream/ruleset"; @@ -2172,6 +2173,30 @@ export function createApp() { ); }); + app.get("/v1/internal/repos/:owner/:repo/contribution-policy", async (c) => { + const fullName = `${c.req.param("owner")}/${c.req.param("repo")}`; + const focusManifest = await loadRepoFocusManifest(c.env, fullName, { fetcher: async () => null }); + return c.json({ + repoFullName: fullName, + generatedAt: nowIso(), + focusManifest, + policy: compileFocusManifestPolicy(focusManifest), + }); + }); + + app.post("/v1/internal/repos/:owner/:repo/contribution-policy", async (c) => { + const body = await c.req.json().catch(() => null); + if (body === null) return c.json({ error: "invalid_contribution_policy_json" }, 400); + const fullName = `${c.req.param("owner")}/${c.req.param("repo")}`; + const focusManifest = await upsertRepoFocusManifest(c.env, fullName, body, "api_record"); + return c.json({ + repoFullName: fullName, + generatedAt: nowIso(), + focusManifest, + policy: compileFocusManifestPolicy(focusManifest), + }); + }); + return app; } diff --git a/src/signals/focus-manifest-loader.ts b/src/signals/focus-manifest-loader.ts index 8a7ed682..ade1aa43 100644 --- a/src/signals/focus-manifest-loader.ts +++ b/src/signals/focus-manifest-loader.ts @@ -90,8 +90,14 @@ export async function upsertRepoFocusManifest(env: Env, repoFullName: string, ra async function readCachedManifest(env: Env, repoFullName: string, maxAgeMs: number): Promise { const [latest] = await listSignalSnapshots(env, REPO_FOCUS_MANIFEST_SIGNAL, repoFullName); if (!latest) return null; + const manifest = parseFocusManifest(latest.payload); + const explicitSource = + latest.payload !== null && typeof latest.payload === "object" && !Array.isArray(latest.payload) + ? (latest.payload as Record).source + : undefined; + if (explicitSource === "api_record") return manifest; if (snapshotAgeMs(latest.generatedAt) > maxAgeMs) return null; - return parseFocusManifest(latest.payload); + return manifest; } async function persistRepoFocusManifest(env: Env, repoFullName: string, manifest: FocusManifest): Promise { diff --git a/test/integration/api.test.ts b/test/integration/api.test.ts index aaad3ca6..c5ac10d6 100644 --- a/test/integration/api.test.ts +++ b/test/integration/api.test.ts @@ -4737,6 +4737,125 @@ describe("api routes", () => { expect(settings.status).toBe(200); await expect(settings.json()).resolves.toMatchObject({ commentMode: "detected_contributors_only" }); }); + + it("persists repo-owner contribution policy snapshots through protected internal API", async () => { + const app = createApp(); + const env = createTestEnv(); + + const rejected = await app.request( + "/v1/internal/repos/entrius/allways-ui/contribution-policy", + { + method: "POST", + body: JSON.stringify({ wantedPaths: ["src/"] }), + }, + env, + ); + expect(rejected.status).toBe(401); + + const privateNote = "Internal: wallet and hotkey evidence stays private."; + const updated = await app.request( + "/v1/internal/repos/entrius/allways-ui/contribution-policy", + { + method: "POST", + headers: internalHeaders(env), + body: JSON.stringify({ + wantedPaths: ["src/"], + blockedPaths: ["dist/"], + preferredLabels: ["bug"], + linkedIssuePolicy: "required", + issueDiscoveryPolicy: "discouraged", + testExpectations: ["Run npm run test:ci."], + maintainerNotes: [privateNote], + publicNotes: ["Prefer small, focused PRs."], + }), + }, + env, + ); + expect(updated.status).toBe(200); + await expect(updated.json()).resolves.toMatchObject({ + repoFullName: "entrius/allways-ui", + focusManifest: { + present: true, + source: "api_record", + wantedPaths: ["src/"], + blockedPaths: ["dist/"], + maintainerNotes: [privateNote], + }, + policy: { + present: true, + source: "api_record", + publicSafe: { + contributionLanes: { directPrLane: "preferred", issueDiscoveryLane: "discouraged", preferredEntryPaths: ["src/"] }, + discouragedWork: { blockedEntryPaths: ["dist/"], issueDiscoveryDiscouraged: true }, + labelExpectations: { preferredLabels: ["bug"], linkedIssuePolicy: "required" }, + validationExpectations: { testExpectations: ["Run npm run test:ci."], linkedIssueRequired: true }, + }, + authenticated: { maintainerContext: [privateNote] }, + }, + }); + + const readback = await app.request("/v1/internal/repos/entrius/allways-ui/contribution-policy", { headers: internalHeaders(env) }, env); + expect(readback.status).toBe(200); + await expect(readback.json()).resolves.toMatchObject({ + policy: { + publicSafe: { summary: expect.stringMatching(/direct PRs/i) }, + authenticated: { maintainerContext: [privateNote] }, + }, + }); + + const readiness = await app.request("/v1/repos/entrius/allways-ui/registration-readiness", { headers: apiHeaders(env) }, env); + expect(readiness.status).toBe(200); + const readinessPayload = (await readiness.json()) as { policyReadiness: Record }; + expect(readinessPayload.policyReadiness).toMatchObject({ + source: "focus_manifest_policy", + present: true, + ownerContext: { + manifestPresent: true, + manifestSource: "api_record", + privateNoteCount: 1, + wantedPathCount: 1, + blockedPathCount: 1, + validationExpectationCount: 1, + issueDiscoveryPolicy: "discouraged", + }, + }); + expect(JSON.stringify(readinessPayload)).not.toContain(privateNote); + expect(JSON.stringify(readinessPayload)).not.toMatch(FORBIDDEN_PUBLIC_REPORT_TERMS); + + const malformed = await app.request( + "/v1/internal/repos/entrius/allways-ui/contribution-policy", + { + method: "POST", + headers: internalHeaders(env), + body: JSON.stringify({ + wantedPaths: "src/", + preferredLabels: [123, "bug"], + linkedIssuePolicy: "sometimes", + publicNotes: ["reward estimate", "Keep scope focused."], + }), + }, + env, + ); + expect(malformed.status).toBe(200); + const malformedPayload = (await malformed.json()) as { + focusManifest: { warnings: string[] }; + policy: { publicSafe: Record }; + }; + expect(malformedPayload.focusManifest).toMatchObject({ + present: true, + wantedPaths: [], + preferredLabels: ["bug"], + linkedIssuePolicy: "optional", + }); + expect(malformedPayload.focusManifest.warnings).toEqual( + expect.arrayContaining([ + expect.stringContaining("wantedPaths"), + expect.stringContaining("preferredLabels"), + expect.stringContaining("linkedIssuePolicy"), + ]), + ); + expect(JSON.stringify(malformedPayload.policy.publicSafe)).not.toMatch(FORBIDDEN_PUBLIC_REPORT_TERMS); + }); }); async function signWebhook(body: string, secret: string): Promise { diff --git a/test/unit/focus-manifest-loader.test.ts b/test/unit/focus-manifest-loader.test.ts index 8c57af12..470dce48 100644 --- a/test/unit/focus-manifest-loader.test.ts +++ b/test/unit/focus-manifest-loader.test.ts @@ -73,8 +73,9 @@ describe("focus-manifest loader", () => { const saved = await upsertRepoFocusManifest(env, "owner/api", { wantedPaths: ["lib/"] }); expect(saved.present).toBe(true); expect(saved.source).toBe("api_record"); - // A subsequent load (without forcing refresh) returns the persisted manifest without calling the fetcher. + // API-backed settings snapshots are durable and do not age out like repo-file fetch caches. const reloaded = await loadRepoFocusManifest(env, "owner/api", { + maxAgeMs: -1, fetcher: async () => { throw new Error("should not be called"); }, From d06f3f26a0b5e83155df62370b0c636f275c70f9 Mon Sep 17 00:00:00 2001 From: mkdev11 Date: Thu, 4 Jun 2026 11:34:15 +0200 Subject: [PATCH 2/4] test: keep owner policy context private --- test/integration/api.test.ts | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/test/integration/api.test.ts b/test/integration/api.test.ts index e12350d6..b2d7e383 100644 --- a/test/integration/api.test.ts +++ b/test/integration/api.test.ts @@ -4825,17 +4825,10 @@ describe("api routes", () => { expect(readinessPayload.policyReadiness).toMatchObject({ source: "focus_manifest_policy", present: true, - ownerContext: { - manifestPresent: true, - manifestSource: "api_record", - privateNoteCount: 1, - wantedPathCount: 1, - blockedPathCount: 1, - validationExpectationCount: 1, - issueDiscoveryPolicy: "discouraged", - }, }); + expect(readinessPayload.policyReadiness).not.toHaveProperty("ownerContext"); expect(JSON.stringify(readinessPayload)).not.toContain(privateNote); + expect(JSON.stringify(readinessPayload)).not.toMatch(/privateNoteCount|blockedPathCount|validationExpectationCount/i); expect(JSON.stringify(readinessPayload)).not.toMatch(FORBIDDEN_PUBLIC_REPORT_TERMS); const malformed = await app.request( From 89e0f430928240310ddfec742c328140d66442e9 Mon Sep 17 00:00:00 2001 From: mkdev11 Date: Sat, 6 Jun 2026 14:47:04 +0200 Subject: [PATCH 3/4] Fix contribution policy snapshot test --- src/api/routes.ts | 10 ++++++---- test/integration/api.test.ts | 32 +++++++++++++++++++++++++++----- 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/src/api/routes.ts b/src/api/routes.ts index 9b3f0dda..0eda6df7 100644 --- a/src/api/routes.ts +++ b/src/api/routes.ts @@ -2227,11 +2227,12 @@ export function createApp() { app.get("/v1/internal/repos/:owner/:repo/contribution-policy", async (c) => { const fullName = `${c.req.param("owner")}/${c.req.param("repo")}`; const focusManifest = await loadRepoFocusManifest(c.env, fullName, { fetcher: async () => null }); + const generatedAt = nowIso(); return c.json({ repoFullName: fullName, - generatedAt: nowIso(), + generatedAt, focusManifest, - policy: compileFocusManifestPolicy(focusManifest), + policy: compileFocusManifestPolicy(fullName, focusManifest, { generatedAt }), }); }); @@ -2240,11 +2241,12 @@ export function createApp() { if (body === null) return c.json({ error: "invalid_contribution_policy_json" }, 400); const fullName = `${c.req.param("owner")}/${c.req.param("repo")}`; const focusManifest = await upsertRepoFocusManifest(c.env, fullName, body, "api_record"); + const generatedAt = nowIso(); return c.json({ repoFullName: fullName, - generatedAt: nowIso(), + generatedAt, focusManifest, - policy: compileFocusManifestPolicy(focusManifest), + policy: compileFocusManifestPolicy(fullName, focusManifest, { generatedAt }), }); }); diff --git a/test/integration/api.test.ts b/test/integration/api.test.ts index c463e961..f6f61055 100644 --- a/test/integration/api.test.ts +++ b/test/integration/api.test.ts @@ -5157,7 +5157,12 @@ describe("api routes", () => { env, ); expect(updated.status).toBe(200); - await expect(updated.json()).resolves.toMatchObject({ + const updatedPayload = (await updated.json()) as { + generatedAt: string; + policy: { generatedAt: string; publicSafe: { contributionLanes: unknown[] } }; + }; + expect(updatedPayload.policy.generatedAt).toBe(updatedPayload.generatedAt); + expect(updatedPayload).toMatchObject({ repoFullName: "entrius/allways-ui", focusManifest: { present: true, @@ -5167,13 +5172,30 @@ describe("api routes", () => { maintainerNotes: [privateNote], }, policy: { + repoFullName: "entrius/allways-ui", present: true, source: "api_record", publicSafe: { - contributionLanes: { directPrLane: "preferred", issueDiscoveryLane: "discouraged", preferredEntryPaths: ["src/"] }, - discouragedWork: { blockedEntryPaths: ["dist/"], issueDiscoveryDiscouraged: true }, - labelExpectations: { preferredLabels: ["bug"], linkedIssuePolicy: "required" }, - validationExpectations: { testExpectations: ["Run npm run test:ci."], linkedIssueRequired: true }, + contributionLanes: [ + expect.objectContaining({ + id: "direct-pr", + preference: "preferred", + preferredPaths: ["src/"], + discouragedPaths: ["dist/"], + validationExpectations: ["Run npm run test:ci."], + publicNotes: ["Prefer small, focused PRs."], + }), + expect.objectContaining({ + id: "issue-discovery", + preference: "discouraged", + preferredPaths: [], + discouragedPaths: ["dist/"], + }), + ], + labelPolicy: { preferredLabels: ["bug"], required: true }, + validation: { expectations: ["Run npm run test:ci."], linkedIssuePolicy: "required" }, + issueDiscoveryPolicy: "discouraged", + publicNotes: ["Prefer small, focused PRs."], }, authenticated: { maintainerContext: [privateNote] }, }, From fc6a902644faa9e2763b1d6e2c30fa1c3c78be88 Mon Sep 17 00:00:00 2001 From: mkdev11 Date: Sat, 6 Jun 2026 14:50:13 +0200 Subject: [PATCH 4/4] Cover contribution policy invalid JSON --- test/integration/api.test.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/integration/api.test.ts b/test/integration/api.test.ts index f6f61055..d1146237 100644 --- a/test/integration/api.test.ts +++ b/test/integration/api.test.ts @@ -5137,6 +5137,18 @@ describe("api routes", () => { ); expect(rejected.status).toBe(401); + const invalidJson = await app.request( + "/v1/internal/repos/entrius/allways-ui/contribution-policy", + { + method: "POST", + headers: internalHeaders(env), + body: "{", + }, + env, + ); + expect(invalidJson.status).toBe(400); + await expect(invalidJson.json()).resolves.toEqual({ error: "invalid_contribution_policy_json" }); + const privateNote = "Internal: wallet and hotkey evidence stays private."; const updated = await app.request( "/v1/internal/repos/entrius/allways-ui/contribution-policy",