ci: bump actions/checkout from 4.3.1 to 6.0.2#4
Closed
dependabot[bot] wants to merge 1 commit intomainfrom
Closed
Conversation
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/checkout-6.0.2
branch
from
a313aba to
4a2814f
Compare
szTheory
added a commit
that referenced
this pull request
Apr 12, 2026
…enabled? Task 1 of Plan 11-04 (Wave 3): extract v1.0 installer file catalog into Sigra.Install.Features.Core as a pure addition. The 785-line monolith at lib/mix/tasks/sigra.install.ex is UNCHANGED in this wave — Features.Core is defined, unit-tested, and ready but not yet wired into the install path. Wave 4 will flip the walker to use it. Callback coverage in this commit: - enabled?/1: always true (Phase 11 Success Criterion #4) - files/1: 25 base + 9 live UI (or 3 controller-mode UI) + 2 api + 1 jwt — matches the monolith's rendered template set byte-for-byte across every --live/--api/--jwt combination - migrations/1: 3 slots (:primary, :api_token, :audit_events) - injections/1 and post_instructions/2: stub returns populated in Task 2 Binding contract documented in moduledoc; isolation invariant (Pitfall X-1) mechanically enforced by CoreTest — zero references to Organizations/ Passkeys/Admin in the non-moduledoc source.
szTheory
added a commit
that referenced
this pull request
Apr 12, 2026
* docs(10.1.1-08): complete CI rename + branch protection plan
- Write SUMMARY.md covering rename, RUNBOOK update, and branch-protection checkpoint
- Document ruleset introspection via gh api and deletion of duplicate ruleset
- Mark plan 08 complete in ROADMAP (phase 10.1.1 now 8/8)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs(10.1.1): verify phase 10.1.1 complete — 23/23 must-haves passed
- All 9 UAT bugs (B1-B9) closed in example + installer template
- All 15 CONTEXT decisions (D-01..D-15) satisfied with evidence
- CI harness live: 5 required checks on main via ruleset 14941512
- Example app compiles cleanly with --warnings-as-errors
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs(v1.0): re-audit milestone — status passed after phase 10.1.1
- 7 of 19 HUMAN-UAT items resolved by Playwright golden-path + CI smoke jobs
- 4 partially resolved; 8 remain genuinely human-only (email visual, OAuth creds, UX)
- Zero wiring gaps, zero unsatisfied requirements, traceability table updated
- Nyquist 5/12 compliant, 6/12 partial, 1/12 missing — non-blocking
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs(v1.0): capture v1.0 tech debt as 2 seeds + 2 backlog items
Seeds (trigger-conditioned, surface during /gsd-new-milestone):
- SEED-001: Run 8 remaining human-only UAT items before v1.0 GA announce
(email visual × 4, OAuth real-credential × 4)
- SEED-002: Convert phase 9 log_safe/3 hybrid to atomic Ecto.Multi
(C-1 caveat followup — trigger on customer report or compliance review)
Backlog (999.x parking lot):
- 999.1: Retroactive Nyquist validation pass for 6 draft + 1 missing
- 999.2: Dependabot major-version bumps (setup-node 4→6, upload-artifact
4→7, checkout 4→6) — requires per-bump CI verification
Nothing blocks v1.0 close; everything is tracked.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: complete v1.0 milestone — Phoenix Auth Library initial release
Archive:
- ROADMAP.md → milestones/v1.0-ROADMAP.md (full phase details preserved)
- REQUIREMENTS.md → milestones/v1.0-REQUIREMENTS.md (85/85 complete)
- v1.0-MILESTONE-AUDIT.md → milestones/v1.0-MILESTONE-AUDIT.md
Updated:
- MILESTONES.md — v1.0 entry with 9 key accomplishments
- ROADMAP.md — collapsed to milestone-grouped format + backlog section
- PROJECT.md — all requirements → Validated v1.0, Key Decisions updated
with outcomes, Current State section added
- STATE.md — v1.0 marked complete
Scope: 12 phases, 60 plans, 117 tasks. 1249 tests + 33 doctests +
3 properties, 0 failures. 85/85 requirements satisfied. 5 required
CI checks green on main.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: scope v1.1 foundations + earmark v1.2 admin dashboard
Rewrite MILESTONE-CONTEXT.md for v1.1 "Foundations" scope (Organizations +
Passkeys). Organizations comes first because it's architecturally
foundational — retrofitting org-scoping into an admin UI later would be
painful. Passkeys pairs with it because it's self-contained.
Create v1.2-DIRECTION.md capturing full direction on admin UI +
impersonation + audit views, including all user-provided context
(Django-admin-loved vibe, mobile-first, light+dark mode, branding,
UX principles, impersonation security model, research assignments).
Dormant until v1.1 completes.
Scope decision logged in .claude/plans/breezy-beaming-beacon.md.
* docs: start milestone v1.1 Foundations — Organizations + Passkeys
Update PROJECT.md with Current Milestone v1.1 section and Active
requirements list. Reset STATE.md for new milestone. Remove consumed
MILESTONE-CONTEXT.md. Clear 12 v1.0 phase directories from
.planning/phases/ (contents remain in git history; milestone-level
v1.0 docs preserved in .planning/milestones/). 999.x backlog phases
left in place.
Next: spawn 4 parallel research agents (STACK, FEATURES, ARCHITECTURE,
PITFALLS) covering multi-tenancy org patterns, passkey UX, invite flow
failure modes, and WebAuthn/MT CVEs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs(v1.1): complete research phase — stack, features, architecture, pitfalls, summary
Four parallel research tracks + synthesis, all focused on v1.1 Foundations
(Organizations + Passkeys):
- STACK: add {:wax_, "~> 0.7"} only; SimpleWebAuthn 13 in generator JS;
reuse cloak_ecto vault; no MT library; no Igniter
- FEATURES: table stakes from Clerk/Auth0/WorkOS/GitHub/Jetstream/FIDO;
anti-features list (no auto personal org, no PG schema-per-tenant)
- ARCHITECTURE: 13 phases, two parallelizable tracks; 12 v1.2 forward-compat
load-bearing decisions identified (reserved impersonating_from scope field,
audit_events real org_id + effective_user_id columns, subdir feature
manifest pattern, etc.)
- PITFALLS: 26 pitfalls with CVE/post-mortem citations; top 5 criticals are
cross-tenant leak, invite hijack, last-owner lockout, WebAuthn challenge
replay, stolen-session passkey enrollment
- SUMMARY: single coherent view with top 10 prioritized pitfalls, phase
ordering with pitfall mitigations as phase requirements, and 12 open
questions for discuss-phase
No cross-researcher contradictions except backfill default (flagged in
open questions #1).
* docs(v1.1): define milestone requirements — 69 REQs across 11 categories
REQUIREMENTS.md covers organizations (foundation + scope + UX + upgrade),
invitations, audit integration, passkeys (foundation + UX), generator
feature-manifest system, and DX. Every REQ is user-centric and testable.
Decisions embedded from /gsd-discuss-phase answers:
- No auto personal orgs on signup; opt-in backfill for v1.0 upgraders
- Passkey-as-primary is opt-in config with mandatory magic-link fallback
- Conditional UI autofill ships in v1.1 (progressive enhancement)
- Sign-count regression defaults to :warn (Apple iCloud / Google compat)
- Challenge storage in signed+encrypted Plug session
- Per-session active-org on user_sessions
- Nullable audit_events.organization_id (library events outside org ctx)
- Marker-based JS injection with manual fallback for custom bundlers
- 7d invite TTL configurable, >30d warning
- Credo custom check time-boxed, ship if <=300 lines
- 12 v1.2 forward-compat decisions locked in v1.1
v1.2-DIRECTION.md updated with Q0 on packaging shape (single sigra
package vs separate sigra_admin package / monorepo) for v1.2 kickoff
discussion.
* docs(v1.1): create milestone roadmap — 13 phases (11-23)
Phase breakdown for v1.1 Foundations:
- 11. Generator Feature System (subdir + behaviour pattern, load-bearing v1.2)
- 12. Scope + Session Foundation (reserved impersonating_from field)
- 13. Org schemas + context (last-owner guard, for_org/2, reserved slugs)
- 14. Org plugs + scope hydration (stale-pointer reset, 0/1/2+ login)
- 15. Audit integration (real org_id + effective_user_id columns, Sigra.Workers)
- 16. Org LiveViews + switcher (create/switch/settings/members, no auto personal)
- 17. Invitation flow (email-bound HMAC, mismatch page, rate-limited)
- 18. Backfill + --organizations wiring (upgrade test, org-axis smoke)
- 19. Passkey schema + contexts (wax_, Cloak pubkey, credential-confusion defense)
- 20. Passkey challenge plug + runtime + JS hooks (Plug session, marker injection)
- 21. Passkey LiveViews (sudo-gated, 2FA + opt-in primary, Conditional UI)
- 22. --passkeys generator wiring (combinatorial matrix)
- 23. Docs + CI smoke + upgrade guide (3 guides, Playwright, test helpers)
79/79 requirements mapped. Phases 13/15/17/19/20/21 ship pitfall
mitigations as phase requirements (not follow-ups). Org track and
passkey track parallelizable after foundation phases 11+12. Phases 18
and 22 are serialization points; phase 23 is the release gate.
Phase numbering continues from v1.0 (last phase was 10.1.1). 999.x
backlog phases preserved in place.
* docs(11): capture phase context
* docs(state): record phase 11 context session
* docs(11): research generator feature system phase
* docs(11): add validation strategy
* test(11-01): add InstallFixture helper for golden-diff harness
- scaffolds fresh mix phx.new tmp app
- patches mix.exs to use path: sigra dep
- runs mix sigra.install capturing stdout
- provides normalize_tree/1 + normalize_stdout/2 for golden diffing
* test(11-01): add golden-diff test harness (regression barrier)
- asserts generated tree + stdout match committed fixture
- fails loudly with runbook pointer if fixture missing/empty
- normalizes migration timestamps + ANSI + absolute paths
- tagged :golden + :integration, 300s timeout for mix phx.new
* test(11-01): filter dep noise + normalize config secrets + delta tree
- pre-compile deps before sigra.install run to silence dep compile output
- snapshot baseline tree so only installer-touched files are captured
- normalize Phoenix-generated random salts in config/*.exs files
- strip macOS /private path prefix + dep compile noise lines from stdout
- golden_diff_test passes the baseline paths into normalize_tree/2
* test(11-01): capture pre-refactor golden fixture (42 files)
Captured from pre-refactor monolith lib/mix/tasks/sigra.install.ex via
mix sigra.install Accounts User users --yes against a fresh mix phx.new
(--no-assets --no-mailer --no-install) app with --live default.
Contents:
- 41 delta files under tree/ (lib/, priv/repo/migrations/, config/, test/support/)
- STDOUT.txt (3.5KB, normalized)
Migration filenames normalized to TIMESTAMP_ prefix (D-05). Migration
file contents are byte-identical. Phoenix-generated random salts in
config/*.exs replaced with deterministic placeholders. Dep compile
output and absolute paths stripped from STDOUT.txt.
This fixture is the Phase 11 regression barrier — every subsequent
wave's commits are gated against mix test test/sigra/install/golden_diff_test.exs.
* docs(11-01): complete golden-diff harness plan
SUMMARY captures the Wave 0 regression barrier: InstallFixture helper +
golden_diff_test harness + committed pre-refactor fixture (41 delta files
+ STDOUT.txt). Notes the 45-file threshold spec mismatch (installer
generates 41 files on --live default path) and the two Rule 2 fixes
applied inline during capture (baseline-diff tree + dep compile
noise filtering).
* docs(11): create phase plans + resolve research/validation revisions
Adds 6 PLAN.md files for Phase 11 (generator feature system), applies
planner revisions to RESEARCH.md (Open Questions → RESOLVED) and
VALIDATION.md (per-task map extensions for stdout byte-gate and
Oban/Swoosh post_instructions tests). Updates ROADMAP.md Phase 11
entry with the 6-plan list.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(11-02): add Feature behaviour + Injection struct + Injector.apply/2
- New Sigra.Install.Feature behaviour with 5 callbacks (enabled?/1,
files/1, injections/1, migrations/1, post_instructions/2) per D-01
- New %Sigra.Install.Injection{} struct (target/marker/anchor/content)
with enforced keys per D-02
- New Sigra.Install.Injector.apply/2 adapter — thin idempotent wrapper
over the existing marker-based injector; returns {:ok, :injected} or
{:ok, :already_present} — GEN-04 idempotency primitive
- Sigra.Install.Report struct pre-defined so Feature typespec compiles
(public API + tests land in Task 2)
- Unit tests: feature_test (behaviour shape), injection_test (struct
construction + idempotency on two consecutive apply/2 calls)
- Monolith lib/mix/tasks/sigra.install.ex UNTOUCHED (Wave 0 golden-diff
regression barrier intact)
* feat(11-02): add Report tests + MigrationTimestamps slot allocator
- New Sigra.Install.MigrationTimestamps.allocate/2 — deterministic
slot-based timestamp allocator per D-04/GEN-07. Walks features in
canonical order; assigns base_time + N seconds globally across all
slots so Features.Core always precedes Features.Organizations
regardless of wall-clock. Replaces offset_timestamp/1 in the
monolith (wired up in Wave 4).
- Report unit tests: new/0, record_*, render_summary/1 (header row,
sort stability, empty-report guard, long-path padding without
trailing empty row per plan-checker info-level fix)
- MigrationTimestamps unit tests: monotonic-within-feature,
cross-feature order, determinism (same input = same output),
14-digit timestamp format, empty feature list guard
- Monolith untouched; golden-diff regression barrier intact
* docs(11-02): complete generator primitives plan summary
* refactor(11-03): relocate v1.0 templates into core/ subdirectory
Mechanical content-preserving move of all 45 v1.0 templates from
priv/templates/sigra.install/*.{ex,exs} to priv/templates/sigra.install/core/
to prepare for Wave 3 feature-module extraction (GEN-02, D-03).
- git-mv every template file (45 pure renames, 0 content changes)
- find_template/1: both override path and library fallback now include
the core/ prefix (CD-01: breaking change for pre-1.0 override consumers)
- Update every test helper that reads raw template files to point at core/:
api_token/email/mfa/reset/wiring generator tests, session/settings template
tests, installer_drift_test, application_cookie_warning_test,
auth_fixtures_scenario_test, guides_dx02_test
- Add test/sigra/install/templates_layout_test.exs asserting the new
manifest: 45 files under core/, 0 files at the flat top level
Golden-diff test stays green: rendered output paths are unchanged,
only the template source location moved.
* docs(11-03): complete template relocation plan summary
* test(11-04): add failing Features.Core behaviour contract tests
* feat(11-04): implement Features.Core behaviour with files/migrations/enabled?
Task 1 of Plan 11-04 (Wave 3): extract v1.0 installer file catalog into
Sigra.Install.Features.Core as a pure addition. The 785-line monolith at
lib/mix/tasks/sigra.install.ex is UNCHANGED in this wave — Features.Core
is defined, unit-tested, and ready but not yet wired into the install path.
Wave 4 will flip the walker to use it.
Callback coverage in this commit:
- enabled?/1: always true (Phase 11 Success Criterion #4)
- files/1: 25 base + 9 live UI (or 3 controller-mode UI) + 2 api + 1 jwt
— matches the monolith's rendered template set byte-for-byte across
every --live/--api/--jwt combination
- migrations/1: 3 slots (:primary, :api_token, :audit_events)
- injections/1 and post_instructions/2: stub returns populated in Task 2
Binding contract documented in moduledoc; isolation invariant (Pitfall X-1)
mechanically enforced by CoreTest — zero references to Organizations/
Passkeys/Admin in the non-moduledoc source.
* test(11-04): add Features.Core injection + Oban/Swoosh fixture tests
Task 2 of Plan 11-04 (Wave 3): lock in the full injection and
post-instruction contract of Sigra.Install.Features.Core.
Tests added to core_test.exs:
- injections/1 returns non-empty list of %Injection{} records
- (target, marker) pairs are unique — the monolith uses one shared
'# Sigra authentication' marker across router/config/test.exs targets
and that is fine because idempotency is per-file
- every anchor is supported by Injector.apply_anchor/3
- router injection content contains the mandatory plug pipeline + routes
for both --live and --no-live modes
- config injection content interpolates otp_app + context module correctly
- --api adds api-router + api-config injections
- --jwt adds an additional jwt-router injection on top of --api
Tests added to core_post_instructions_test.exs (new file, async: false):
- Oban detected in config/config.exs emits queue instruction
- Oban detected in config/runtime.exs is preferred over config/config.exs
- Oban already-configured (sigra_mailer queue present) emits the yellow
'already configured' line
- Oban absent emits the synchronous-mode warning
- No config files at all also emits Oban-absent warning
- Swoosh already-configured in config/dev.exs emits already-configured
line and does NOT mutate the file
- Swoosh absent mutates config/dev.exs with Swoosh.Adapters.Local block
(side effect preserved for byte-identity with v1.0 monolith)
- Missing config/dev.exs produces no Swoosh output (no-op)
- app_module binding routes to the raw <App>.Mailer module, not the
Sigra.Mailer behaviour wrapper
base instruction tests also moved into the post_instructions file
because they share the required temp-dir cd (Features.Core.post_instructions
reads real files from cwd).
post_instructions tests strip ANSI atoms (:yellow/:green/:reset) via
IO.ANSI.format(false) before IO.iodata_to_binary/1.
Monolith still untouched (git diff lib/mix/tasks/sigra.install.ex == 0).
Golden-diff test still green. All 322 install tests pass.
* docs(11-04): complete wave 3 Features.Core extraction plan summary
* refactor(11-05): extract generic walker into Sigra.Install.Runner
Shrink the 795-line Mix.Tasks.Sigra.Install monolith to 139 LOC of
pure arg parsing + binding build + Runner.run invocation. The new
Sigra.Install.Runner walks a canonical feature list (currently just
[Sigra.Install.Features.Core]) and is completely feature-agnostic —
adding Features.Organizations / Features.Passkeys / Features.Admin
in a later phase requires ZERO edits to the runner.
Key changes:
- lib/sigra/install/runner.ex (new, 187 LOC): walks features, filters
by enabled?/1, allocates migration timestamps via
MigrationTimestamps.allocate/2 up-front, overlays existing on-disk
migrations for re-run idempotency (GEN-04), then for each feature
renders files, applies injections via Injector.apply/2, and prints
post_instructions chunks.
- lib/mix/tasks/sigra.install.ex (139 LOC, was 795): only arg parse,
binding build, and Runner.run invocation. Zero Core-specific
logic; @features [Sigra.Install.Features.Core] is the only
reference to the Core module.
- lib/sigra/install/injector.ex: extend apply_anchor/3 with
:elixir_config, :append_eof, and :conn_case_helpers so
Injection records targeting non-module files (config.exs,
test.exs, conn_case.ex) produce byte-identical output to the v1.0
monolith's specialized inject_config / inject_test_config /
inject_conn_case helpers.
- lib/sigra/install/features/core.ex:
* files/1 inlines primary and audit_events migration entries at
their monolith positions so the walker's create_file loop emits
them byte-identical to the pre-refactor output. api_token
migration is similarly inlined in the --api/--jwt branch. Slot
metadata remains in migrations/1 for MigrationTimestamps.
* post_instructions/2 returns a list of per-info-call chunks
(oban → swoosh → base instructions) in the monolith's ordering
so the walker's Mix.shell().info loop reproduces the exact
trailing-newline topology the golden STDOUT.txt fixture captured.
* router_injection heredocs reindented to match the monolith's
4-space nested-route stripping so router.ex output is byte-
identical.
* config/test_config/conn_case injections updated to use the new
dedicated anchors.
- Tests:
* test/sigra/install/features/core_test.exs: length assertions
updated (34→36 default, 28→30 --no-live) for inlined migrations;
anchor-support list extended for the new anchors.
* test/sigra/install/generator_{mfa,wiring}_test.exs,
test/sigra/install/api_token_generator_test.exs: legacy
white-box asserts that grep the monolith's source re-pointed
at lib/sigra/install/features/core.ex since Features.Core now
owns the content.
Verification:
- mix test test/sigra/install/golden_diff_test.exs → 2/2 green
(both tree byte-identity AND STDOUT.txt byte-identity). The
test/fixtures/install_golden/ directory is UNCHANGED.
- mix test test/sigra/install → 322/322 green.
- mix test test/sigra → 1296/1296 green.
- mix compile --warnings-as-errors → clean.
- wc -l lib/mix/tasks/sigra.install.ex → 139 (target ≤150).
Phase 11 / Plan 05 / Wave 4. GEN-01, GEN-05, GEN-07.
Enables GEN-04 idempotency test in the next commit.
* test(11-05): add GEN-04 re-run idempotency proof
New test/sigra/install/idempotency_test.exs uses the Wave 0
InstallFixture helper to scaffold a fresh Phoenix tmp app, runs
mix sigra.install once (via setup_tmp_app/0), then runs it a second
time and asserts:
* sha256 snapshot of the tracked tree is byte-identical before
and after the second run (no content changes, no new files)
* on-disk mtimes are stable (stronger: proves the runner did not
even re-open existing files)
* second-run stdout contains "already exists" or "already
injected" skip markers emitted by Sigra.Install.Runner
This mechanically locks GEN-04: any future regression that causes
the walker to overwrite existing files on a second invocation
fails this test immediately. Runtime ~22s (dominated by the
shared setup_all phx.new + deps.get + first install run).
Phase 11 / Plan 05 / Wave 4. GEN-04.
* docs(11-05): complete wave 4 walker refactor plan summary
Capture the per-task commit log, the 3-iteration golden-diff
convergence, deviation rules applied (Rule 3 migration inlining,
Rule 1 :before_last_end bug fix + router indent fix, Rule 2
post_instructions chunking, Rule 3 white-box test re-pointing), and
final LOC + test counts.
Phase 11 / Plan 05 / Wave 4.
* test(11-06): add V-PA-01 purely-additive + V-ISOLATION-01 boundary guardrails
- purely_additive_test.exs: FakeFeature implementing Sigra.Install.Feature
is walked by Runner.run/3 against a tmp dir with ZERO source edits to
runner.ex or sigra.install.ex — mechanical proof of the Phase 11
purely-additive invariant (V-PA-01).
- Plus two grep assertions: sigra.install.ex has no per-feature case
branches and declares @features; runner.ex executable code has no
feature-specific references (docstring-stripped scan).
- isolation_test.exs: features/core.ex source and all 45 core/ templates
contain zero references to forbidden future-feature symbols
(Features.{Organizations,Passkeys,Admin}, UserPasskey, AdminUser, …) —
enforcing Pitfall X-1/X-3 at the source level.
- Both tests strip @moduledoc/@doc heredocs before scanning so docs
can name the invariant without failing the grep.
- 6 tests green in 0.05s; full test/sigra/install/ still 330/330 green.
* docs(11-06): finalize 11-VALIDATION.md — flip nyquist_compliant, populate per-task map
- Frontmatter: status draft→approved, nyquist_compliant false→true,
wave_0_complete false→true, updated to 2026-04-11.
- Per-task verification map: replaced skeleton rows (which referenced
nonexistent plans 07/08) with 12 real rows — one per task across
Plans 11-01..11-06. Each Automated Command is copied verbatim from
the task's <verify><automated> block.
- Wave 0 requirements checklist: all boxes now ticked (Wave 0 shipped
via Plans 11-01 and 11-02).
- Validation sign-off: all 6 boxes checked; Approval updated from
pending to approved (2026-04-11, Wave 5 completion).
- Phase 11 is now audit-ready for /gsd-verify-work.
* docs(11-06): complete validation guardrails plan summary
- V-PA-01 + V-ISOLATION-01 guardrails ship (6 tests, 0.05s).
- Full test/sigra/install/ suite: 330/330 green in 62.8s.
- Walker files (runner.ex, sigra.install.ex) unmodified vs Wave 4 base.
- 11-VALIDATION.md finalized: nyquist_compliant true, 12 task rows.
* docs(11): complete phase 11 — verification passed, state updated
All 5 phase success criteria achieved, all 5 GEN requirements satisfied.
Golden-diff regression barrier byte-identical end-to-end. Monolith shrunk
795→139 LOC. V-PA-01 purely-additive + V-ISOLATION-01 boundary guardrails
mechanically enforced. Phase 11 ready to close.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: clear ephemeral auto-chain flag after phase 11 run
* docs(11): ship phase 11 — PR #7
* fix(ci): exclude test/fixtures/ from test_load_filters
Mix 1.19 auto-discovers .ex/.exs files under test/ for compilation when
running `mix test`. The golden-diff snapshot tree at
test/fixtures/install_golden/tree/ references ephemeral project modules
(e.g., SigraInstallGoldenTmpWeb) that don't exist in the library compile
env, causing CompileError on clean CI builds.
Local runs worked because `_build/test` held stale compiled artifacts
from earlier runs. CI starts fresh and hits the undefined-module error
immediately during test file loading.
The fixture tree is a captured output, not source — Mix should never
try to compile it. Extends the existing negative lookahead (which
already skips test/example/) to also skip test/fixtures/.
This resolves the flag noted in Plan 11-03 SUMMARY.md as "Deferred:
Pre-existing Mix 1.19 auto-compilation issue with test/fixtures/
install_golden/tree/**/*.ex".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test(11-03): update sigra.install_test template paths to core/ subdir
Plan 11-03 relocated all v1.0 templates from priv/templates/sigra.install/
to priv/templates/sigra.install/core/ and updated 11 test helpers, but
missed test/mix/tasks/sigra.install_test.exs which has 15 hardcoded
Path.join references. Failed locally only with a clean _build/test
(stale bytecode masked it); failed on CI immediately.
Mechanical insert of "core" component into all 15 Path.join lists.
Verified: mix test test/mix/tasks/sigra.install_test.exs → 19/19 green;
full mix test suite → 1323 tests, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: install phx_new archive in library_tests job
test/sigra/install/golden_diff_test.exs and idempotency_test.exs use
InstallFixture.setup_tmp_app/1 which shells out to `mix phx.new` to
scaffold a fresh Phoenix app for byte-identity regression testing.
Locally the archive is always installed; on CI the library_tests job
was missing it (only install_smoke had it), causing these Phase 11
tests to fail with "The task phx.new could not be found".
Adds Install Hex + Rebar + Install phx_new archive steps to
library_tests, mirroring the existing install_smoke job setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test(11-01): filter OTP version warnings from normalized stdout
Mix on OTP 28.0 prints a 3-line warning to stdout about regex
recompilation at runtime (fixed in 28.1+). This is environment-
dependent noise, not part of the installer's own output — it must
not affect byte-identity against the committed golden fixture.
Local machine had a patch version that didn't print the warning when
the fixture was captured. CI ubuntu-latest has 28.0, which does
print it, causing STDOUT.txt divergence.
Fix: extend dep_compile_noise?/1 to drop three specific line
patterns (version-agnostic regexes so future OTP warnings about
other issues don't need new filters).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs(11): fix ExDoc warnings for broken function references
Phase 11 moduledocs referenced:
- Callback refs (Feature.injections/1) that ExDoc can't resolve as
functions — @callback declarations aren't runtime functions
- @impl-hidden refs (Features.Core.enabled?/1, migrations/1) — ExDoc
treats @impl true callbacks as hidden and rejects links to them
- Deleted refs (Mix.Tasks.Sigra.Install.generate/4 and
offset_timestamp/1) — removed by Wave 4 walker refactor, no longer
exist in the compiled module
Fix: split fully-qualified references into Module + separate fun/n
so ExDoc doesn't auto-link them as functions. Replace deleted-function
references with prose descriptions of the new walker architecture.
Local: `mix docs --warnings-as-errors` now clean. CI library_tests
job's "Check docs build cleanly" step should now pass.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/checkout-6.0.2
branch
from
4a2814f to
c083b44
Compare
szTheory
added a commit
that referenced
this pull request
Apr 15, 2026
…ation Plan 17-03 Deviation #4 flagged this as blocking Plan 17-06 work. Sigra.Organizations.Invitations.revoke/3 writes revoked_by_id via Ecto.Changeset.change/2 which requires the field to exist on the schema (raises ArgumentError 'unknown field :revoked_by_id' otherwise). Adds: - revoked_by_id field + belongs_to :revoked_by to template schema - revoked_by_id column to template migration (postgres + mysql/sqlite) - revoked_by_id to example-app copy of the schema - New example-app migration adding the column Required for Plan 17-06 LiveView revoke-modal flow tests to exercise the real revoke_invitation/2 use-macro delegator end-to-end.
szTheory
added a commit
that referenced
this pull request
Apr 15, 2026
Absorbs Phase 18 Plan 18-03's scope boundary (originally deferred to a separate phase per coverage_test @known_drift) into Phase 24 so the install_matrix + install_smoke CI jobs can reach green and PR #8 can merge cleanly. Required because all 5 required status checks on PR #8 are currently red on exactly this wiring gap. ## Changes ### 1. Register the 4 v1.1 organization schemas in Features.Organizations.files/1 - `organization.ex`, `organization_invitation.ex`, `organization_membership.ex`, `organization_slug_alias.ex` — created in Phase 13 but never registered. `core/scope.ex` references `%<ContextModule>.Organization{}`, which compile-fails in the host app without the generated struct. Removed the 4 entries from `coverage_test.exs @known_drift`. ### 2. Move :audit_events_org_columns from Core to Organizations - The migration adds `references(:organizations, ...)` — a hard FK. It must run AFTER the organizations table is created, which means it needs a later timestamp than Organizations's own migration. The slot allocator walks features in order (Core → Organizations), so the only way to reorder is to move the slot to the later feature. - Also required for `--no-organizations` correctness: without the move, the alter migration ran unconditionally, failing with `relation "organizations" does not exist`. Moving it into Organizations's `files/1` + `migrations/1` means `enabled?/1` gates emission on the feature flag. - Added local `migration_target/3` helper to Features.Organizations (duplicated from Core to preserve X-3 isolation invariant). - The template file still lives under `priv/templates/sigra.install/core/` for co-location with other audit_events migrations; added to Core's `@known_drift` + the template-coverage test's `orphans` list. ### 3. Inline :assign_user_organizations on_mount clause in core/user_auth.ex - Previously injected via `Features.Organizations.injections/1` with `:before_last_end` anchor, which landed the new `def on_mount/4` clause far from the existing `on_mount` clauses. Elixir warns "clauses with the same name and arity should be grouped together" and "redefining @doc attribute" under `--warnings-as-errors`. - Fix: bake the clause directly into `core/user_auth.ex` gated on `<%= if organizations? do %>`, positioned right after the other `def on_mount` clauses. Removed the injection from `Features.Organizations.injections/1`. - The fragment template at `organizations/user_auth_on_mount_assign_user_organizations.ex` remains on disk as an orphan reference (moved from `@injection_whitelist` → `@known_drift`). ### 4. Fix organizations.ex defdelegate arity - `defdelegate set_active_organization(conn, org), to: ..., as: :call` targeted `call/2`, but `Sigra.Plug.PutActiveOrganization` defines `call/3`. Changed to an explicit `def` wrapper that calls `call(conn, org, [])`. ### 5. Test updates - Core tests: update file-count and migration-slot-count assertions (38→37, 32→31, 5→4) with comments explaining the Phase 24.1 shift. - Core template coverage test: add `alter_audit_events_add_org_columns.exs` to the orphans list. - Organizations tests: update `injections/1` test (2→1 entry, user_auth removed), `migrations/1` test (1→2 slots), defdelegate assertion (→ `def` + `call(conn, org, [])`). - Coverage test: add cross-feature ownership entry for `alter_audit_events_add_org_columns.exs` under Core's `@known_drift` with explanation. - `generator_mfa_test` @base_binding: add `organizations?: true` (the user_auth.ex template now has an EEx conditional on this key). ### 6. Golden fixture rebless - Fixture now includes the 4 newly-generated org schemas, the new `create_organizations.exs` migration, and the updated `organizations.ex` + `user_auth.ex` content from changes #3 and #4. ## Local verification - `mix test test/sigra/install/` → 473/473 green - `scripts/ci/install-smoke.sh` → compiles + migrates + done (full install pipeline green end-to-end locally, verified against a fresh postgres DB) Scope note: this commit crosses the Phase 24 / Phase 18 Plan 18-03 scope boundary previously documented in SUMMARY.md. User authorized the scope expansion to get CI green on PR #8.
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/checkout-6.0.2
branch
from
c083b44 to
8523309
Compare
Contributor
Author
|
Looks like actions/checkout is up-to-date now, so this is no longer needed. |
auto-merge was automatically disabled
April 20, 2026 02:28
Pull request was closed
dependabot
Bot
deleted the
dependabot/github_actions/actions/checkout-6.0.2
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4.3.1 to 6.0.2.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)