fix: address late-landing bot review findings on PR #1038 and #1041#1052
Merged
Conversation
- #1038 (plan_metadata_utils.py): a brand-new query_id whose fingerprint_version differs from prev's default fell into the version-comparability-mismatch branch, which fell back to prev_metadata.plan_versions.get(query_id, 0) - writing an invalid version 0 (validate_plan_metadata rejects versions < 1). Bypass that branch entirely for query_ids absent from prev_metadata: there is no prior recording to be "not comparable" to, so a new query always starts at version 1. - #1038 (schema.py): plan_capture_error was added to ResultBuilder's in-memory query_results dict, but the actual JSON export goes through schema.py's _build_query_results_section, a separate serialization path that copies only specific fields onto the compact queries[] entry. Added plan_capture_error there too, so the real DataFrame capture-failure cause reaches the persisted bundle, not just the in-memory representation. - #1041 (validate-submission.yml): the "Reject non-maintainer vendor/ additions" step's OWNER/MEMBER/COLLABORATOR allowlist didn't account for the trusted same-repo auto/results-mirror-* PRs that sync-results-data-to-published.yml opens with secrets.GITHUB_TOKEN (authored by github-actions[bot]), so a maintainer's vendor bundle published through that path was blocked. Added the same two-signal trust check (head.repo.fork == false AND the mirror branch pattern) the "Validate bundles" step's manifest waiver already uses. Each fix has a regression test verified to fail before the fix and pass after. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01SKw2UhgHuzYPo3y5MfarD6
joeharris76
enabled auto-merge (squash)
July 8, 2026 11:34
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 00a76cf4b7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
The export fix alone was incomplete: _reconstruct_query_results() copied iter/stream/run_type/test_type from the compact queries[] entry but not plan_capture_error, so an export -> load -> re-export round trip silently dropped the real DataFrame capture-failure cause again even though it survived the first export. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01SKw2UhgHuzYPo3y5MfarD6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Description
Follow-up sweep for
chatgpt-codex-connectorreview comments that landed on two already-merged PRs shortly after they merged: #1038 (2 findings) and #1041 (1 finding).plan_metadata_utils.py:update_plan_versionsfell into the fingerprint-version-mismatch branch for a brand-new query_id (one absent fromprev_metadataentirely), which fell back toprev_metadata.plan_versions.get(query_id, 0)— writing an invalid version0(validate_plan_metadatarejects versions < 1) whenever a newly-added query's captured fingerprint_version differed from prev's default. Fixed by bypassing that branch entirely for query_ids not inprev_metadata.plan_fingerprints— there's no prior recording to be "not comparable" to, so a new query always starts at version 1.schema.py:plan_capture_errorwas added toResultBuilder's in-memoryquery_resultsdict (from PR fix: address late-landing bot review findings across 11 merged PRs #1038's own fix(qpc-05): surface plan capture/load failures instead of converting them to absence #1032 fix), but the actual JSON export goes throughschema.py's_build_query_results_section, a separate serialization path that copies only specific fields onto the compactqueries[]entry. The real DataFrame plan-capture-error cause was reaching the in-memory representation but getting silently dropped on export/reload. Addedplan_capture_errorto_build_query_results_section(and toschema_specs.yaml'squery_key_orderfor stable placement).validate-submission.yml: the "Reject non-maintainer vendor/ additions" step'sOWNER | MEMBER | COLLABORATORallowlist didn't account for the trusted same-repoauto/results-mirror-*PRs thatsync-results-data-to-published.ymlopens withsecrets.GITHUB_TOKEN(authored bygithub-actions[bot]), so a maintainer's vendor bundle published through that path fell through toexit 1. Added the same two-signal trust check (head.repo.fork == falseAND the mirror branch pattern) the "Validate bundles" step's manifest waiver already uses —head.repo.forkis the unforgeable, load-bearing signal sincegithub.head_refalone is attacker-controlled on fork PRs.Type of Change
Testing
Every fix has a dedicated regression test, verified to fail before the fix and pass after via
git stash:Full
tests/unit/ -m fastsuite (23,323 tests) also run: 3 pre-existing failures, confirmed to reproduce identically on a cleandevelopcheckout (unrelated to this PR — sandbox runs as root, bypassing two filesystem-permission-error tests, and thezstdCLI binary is absent for a third).ruff check/ruff format --check/ty checkall clean on every changed file..github/workflows/validate-submission.ymlYAML-parse verified.Public Contract Check
docs/reference/public-contracts.md, or this PR does not change public, beta-public, deprecated, generated, experimental, or repo-only contract surfaces.plan_capture_erroron the exportedqueries[]entry is additive; existing consumers are unaffected.Documentation
Code Quality
Artifact Hygiene
Notes
Not CODEOWNERS-gated (no changes under
benchbox/core/query_plans/parsers/**,benchbox/core/expected_results/**, or the other soundness-critical paths) — squash auto-merge will be enabled.🤖 Generated with Claude Code
Generated by Claude Code