ezer-mishpati/legal-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: gate undefined names (pyflakes F821) + fix latent NameError in db.py
All checks were successful
G12 Leak-Guard / leak-guard (pull_request) Successful in 4s
Details
Lint — undefined names / undefined-names (pull_request) Successful in 10s
Details

Browse Source 
Prevents recurrence of the case-rename 500 (PR #249), whose root cause was
an undefined name (`paperclip_client`) sitting in a background_tasks callable
— invisible until that code path ran in production.

- scripts/check_undefined_names.py: runs pyflakes on web/, mcp-server/src,
  scripts/ and fails ONLY on "undefined name" / "may be undefined" (the
  runtime-crash class). Unused imports / f-strings are NOT gated — keeps the
  check high-signal and green.
- .gitea/workflows/lint.yaml: runs the guard on every PR and push to main,
  in a throwaway venv (PEP-668 safe).
- db.py: `from datetime import date` → `date, datetime`. The guard surfaced a
  real latent undefined name — `insert_panel_round`'s `round_ts: datetime`
  annotation referenced an unimported `datetime` (benign only because of
  `from __future__ import annotations`; now correct).
- SCRIPTS.md: documented the new guard.

Verified: clean tree → exit 0; injected undefined name → exit 1.

Invariants: engineering rule §6 (no silent failures shipping to runtime).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Chaim
2026-06-14 09:58:45 +00:00
parent 1fbb1eede6
commit 0a3bc35623
4 changed files with 85 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.gitea/workflows/lint.yaml Normal file
View File

@@ -0,0 +1,27 @@
name: Lint — undefined names
# High-signal static gate for the bug class behind PR #249 (case-rename 500):
# a name referenced but never imported/defined. Invisible to tests when it sits
# in a rarely-hit branch or a fire-and-forget background task — it only
# NameErrors at runtime. pyflakes catches it before merge. Gates ONLY on
# undefined names (not unused imports / f-strings — those are noise). Uses a
# throwaway venv so it is immune to PEP-668 externally-managed environments.
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
undefined-names:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run undefined-name guard
run: |
python3 -m venv /tmp/lintvenv
/tmp/lintvenv/bin/pip install --quiet pyflakes==3.4.0
/tmp/lintvenv/bin/python scripts/check_undefined_names.py