Corpus miner: run own-check over public C# repos + aggregate a report#19
Conversation
… a report Evaluation tooling for the analyser: clone one public C# repo (shallow) and run the existing own-check pipeline over it, then aggregate the findings into a structured Markdown report. Mining is cheap because the extractor needs no per-repo build (error-tolerant SemanticModel; unresolved external types become OWN050 "unchecked"), so we just point it at the .cs. - scripts/mine.sh: clone (--depth 1) + own-check + report; needs dotnet (or CI). - scripts/mine_report.py: dotnet-free aggregator (counts by code/severity/kind, noisiest files, candidate-leak triage, OWN050 coverage signal); --selftest. - .github/workflows/mine.yml: workflow_dispatch (inputs via env, no injection); report to the run summary + artifact, so any repo can be mined without local .NET. - corpus/targets.txt: seed list (Dapper, CsvHelper, Newtonsoft.Json, RestSharp). - .gitignore: corpus/mined/ (never commit third-party source; reduce real finds into corpus/real-world/ instead). - docs/notes/mining.md: usage, how to read the report, the triage loop, honest gaps. - own-check.sh: refresh the stale loop caveat (A1 + while/foreach landed). mine_report --selftest 7/7, ruff clean, suite unaffected (corpus 2/2). The real end-to-end mine runs in CI (dotnet); first target Dapper, once the workflow is on the default branch. https://claude.ai/code/session_01Rg8kSk1YT14x7A1vo5zgED
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughAdds a corpus mining harness for the Own.NET analyzer: a Python report library that parses ChangesCorpus Mining Harness
Sequence DiagramsequenceDiagram
participant Trigger as GitHub Actions
participant Workflow as mine.yml
participant MineScript as mine.sh
participant Git as git clone
participant Analyzer as own-check.sh
participant Reporter as mine_report.py
participant Summary as Step Summary
Trigger->>Workflow: workflow_dispatch(repo, ref, paths)
Workflow->>MineScript: REPO/REF/PATHS env vars
MineScript->>Git: shallow clone --branch ref
Git-->>MineScript: commit SHA
MineScript->>Analyzer: run on scan path
Analyzer-->>MineScript: findings.txt + extract.log
MineScript->>Reporter: parse findings + aggregate
Reporter-->>MineScript: report.md + report.json
MineScript->>Summary: append report.md
Workflow-->>Trigger: upload mine-report artifact
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (2)
docs/notes/mining.md (1)
20-22: 💤 Low valueAdd language tag to fenced code block.
Markdownlint expects a language identifier on fenced code blocks. Consider adding
yamlortextto satisfy the linter and improve consistency.📝 Proposed fix
-``` +```yaml inputs: repo = DapperLib/Dapper ref = (optional) paths = (optional subdir)</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.In
@docs/notes/mining.mdaround lines 20 - 22, The fenced code block showing the
inputs specification is missing a language identifier on the opening fence. Add
a language tag (such asyamlortext) immediately after the opening triple
backticks to satisfy markdownlint requirements and improve code block
consistency. For example, change the opening fromtoyaml or ```text
before the line containing "inputs: repo = DapperLib/Dapper".</details> <!-- cr-comment:v1:bea3245903560f0600a1eed5 --> </blockquote></details> <details> <summary>.github/workflows/mine.yml (1)</summary><blockquote> `52-53`: _⚡ Quick win_ **Use `find` instead of `ls` for robustness.** Shellcheck SC2012 recommends `find` to handle filenames with spaces or special characters. While the glob is constrained, `find` is more robust. <details> <summary>🛡️ Proposed fix</summary> ```diff - report=$(ls corpus/mined/*/report.md 2>/dev/null | head -1 || true) + report=$(find corpus/mined -name report.md -type f 2>/dev/null | head -1 || true) ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/mine.yml around lines 52 - 53, The variable assignment for report uses ls with a glob pattern, which is not robust for handling filenames with spaces or special characters. Replace the ls command with find to locate the first report.md file in the corpus/mined directory structure. Use find with appropriate options like -maxdepth and -name to search for report.md files, pipe to head -1 to get the first result, and maintain the error redirection and fallback logic with || true to ensure the script continues even if no file is found. ``` </details> <!-- cr-comment:v1:8b2a4dd0ffa56bda2186b2a6 --> _Source: Linters/SAST tools_ </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.Nitpick comments:
In @.github/workflows/mine.yml:
- Around line 52-53: The variable assignment for report uses ls with a glob
pattern, which is not robust for handling filenames with spaces or special
characters. Replace the ls command with find to locate the first report.md file
in the corpus/mined directory structure. Use find with appropriate options like
-maxdepth and -name to search for report.md files, pipe to head -1 to get the
first result, and maintain the error redirection and fallback logic with || true
to ensure the script continues even if no file is found.In
@docs/notes/mining.md:
- Around line 20-22: The fenced code block showing the inputs specification is
missing a language identifier on the opening fence. Add a language tag (such as
yamlortext) immediately after the opening triple backticks to satisfy
markdownlint requirements and improve code block consistency. For example,
change the opening fromtoyaml or ```text before the line containing
"inputs: repo = DapperLib/Dapper".</details> --- <details> <summary>ℹ️ Review info</summary> <details> <summary>⚙️ Run configuration</summary> **Configuration used**: Repository UI **Review profile**: CHILL **Plan**: Pro Plus **Run ID**: `2accdfed-41f3-441d-8bdb-b364c8b98027` </details> <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 0facc5a2b1ff04c8341ce7a663f6f47d276a763f and a7669e0f490ff0648aaa35f28619e05f4e21ca84. </details> <details> <summary>📒 Files selected for processing (7)</summary> * `.github/workflows/mine.yml` * `.gitignore` * `corpus/targets.txt` * `docs/notes/mining.md` * `scripts/mine.sh` * `scripts/mine_report.py` * `scripts/own-check.sh` </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
…check) - docs/notes/mining.md: tag the inputs code fence as `text` (markdownlint MD040). - .github/workflows/mine.yml: locate the report with `find` instead of `ls` (shellcheck SC2012 — robust to odd filenames). https://claude.ai/code/session_01Rg8kSk1YT14x7A1vo5zgED
Corpus miner — stress-test the analyser on real repos
Evaluation tooling: clone one public C# repo (shallow) and run the existing
own-checkpipeline over it, then aggregate the findings into a structured Markdown report. The goal is evaluating the analyser (precision, false-positive patterns, coverage gaps) — a deliberate spot-check, one repo at a time, not a crawler.Why it's cheap
The Roslyn extractor (P-014 Tier A) builds a best-effort
SemanticModelfrom the runtime's trusted-platform assemblies and is error-tolerant: it reads symbols without adotnet restore/build of the target, and unresolved external (NuGet) types become an honestOWN050"unchecked" marker. So mining needs no per-repo build setup — just point it at the.cs.What's here
scripts/mine.sh— clone (--depth 1) +own-check+ report →corpus/mined/<slug>/(gitignored). Needsdotnet/git/Python; guards with a clear message ifdotnetis absent.scripts/mine_report.py— dotnet-free aggregator: counts by OWN code / severity / resource kind, the noisiest files, a candidate-leak triage list, and theOWN050coverage signal. Has--selftest(7/7)..github/workflows/mine.yml—workflow_dispatch(inputsrepo/ref/paths, passed via env, never interpolated into the shell). Publishes the report to the run summary + an artifact, so any repo can be mined without local .NET.corpus/targets.txt— seed list (Dapper, CsvHelper, Newtonsoft.Json, RestSharp)..gitignore—corpus/mined/(never commit third-party source; reduce real finds intocorpus/real-world/instead).docs/notes/mining.md— usage, how to read the report, the triage loop, honest gaps.own-check.sh— refresh the stale loop caveat (A1 + while/foreach landed).How to read a report (the point)
OWN001s is either real leaks (reduce one →corpus/real-world/regression) or a false-positive pattern → harden the extractor.OWN050= coverage gap (unresolved external refs), not a wrong answer.Honest gaps (v1)
No coverage/skip-rate yet (a method the extractor can't model is silently absent —
--statson the extractor is the planned next step); one target by hand (no auto-discovery); reporting upstream is a separate manual step.Validation
mine_report --selftest7/7,ruff check .clean, full suite unaffected (corpus 2/2,ownir 47/47). The dotnet-dependent end-to-end runs in CI —workflow_dispatchonly becomes triggerable oncemine.ymlis on the default branch, so the first real mine (Dapper) runs right after this merges.https://claude.ai/code/session_01Rg8kSk1YT14x7A1vo5zgED
Generated by Claude Code
Summary by CodeRabbit
Release Notes
New Features
Documentation
Chores