ci: fix-marker regression guard (witness-style)

Adds a fast per-PR gate that asserts previously-shipped fixes are still present in the tree — the CI analogue of the ruflo witness fix-marker system, but self-contained (no plugin dependency, reviewable as plain JSON). Complements the heavier checks (firmware build, deterministic pipeline proof, release witness bundle) by catching the silent-revert class of regression that build+test wouldn't. - scripts/fix-markers.json manifest: 11 markers (RuView#396, #521, #517, #505, #354, #263, #266/#321, #265, #232/#375/#385/#386/#390, ADR-028 proof + witness bundle). Each has files / require (literal substring or /regex/) / optional forbid / rationale / ref. - scripts/check_fix_markers.py stdlib-only checker. Exit 0 clean / 1 regression / 2 bad manifest. Modes: --list, --json, --only ID. - .github/workflows/fix-regression-guard.yml runs on PR + push to main/master; gates on the checker and writes the result table into the run summary + an artifact. If a fix is intentionally removed, update scripts/fix-markers.json in the same PR with a rationale — the diff becomes the audit trail. Co-Authored-By: claude-flow <ruv@ruv.net>
2026-06-09 10:13:17 +00:00 · 2026-05-11 10:48:14 -04:00
parent a1cb6bd8e5
commit eda45a6857
3 changed files with 359 additions and 0 deletions
@@ -0,0 +1,54 @@
+name: Fix-Marker Regression Guard
+
+# Asserts that previously-shipped fixes are still present in the tree.
+# Manifest: scripts/fix-markers.json   Checker: scripts/check_fix_markers.py
+# Run locally:  python scripts/check_fix_markers.py   (also --list / --json)
+#
+# This complements the heavyweight checks (firmware build, deterministic
+# pipeline proof, witness bundle) with a fast per-PR "did someone revert a
+# known fix?" gate — the CI analogue of the ruflo witness fix-marker system.
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  fix-markers:
+    name: Verify fix markers
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Validate the manifest is well-formed JSON
+        run: python -c "import json; json.load(open('scripts/fix-markers.json')); print('manifest OK')"
+
+      - name: Check fix markers
+        run: python scripts/check_fix_markers.py
+
+      - name: Emit machine-readable result (for the run summary)
+        if: always()
+        run: |
+          python scripts/check_fix_markers.py --json > fix-markers-result.json || true
+          {
+            echo '### Fix-marker regression guard'
+            echo ''
+            echo '```'
+            python scripts/check_fix_markers.py || true
+            echo '```'
+          } >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Upload result artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fix-markers-result
+          path: fix-markers-result.json
+          retention-days: 30