[P0][phase:b] Guarded imports (TYPE_CHECKING / try-except) must not be blocking missing-runtime-dependency #115

New issue

Open

opened 2026-06-15 22:56:48 +02:00 by claude · 0 comments

claude commented 2026-06-15 22:56:48 +02:00

Collaborator

Copy link

Source: evidence-derived from the 2026-06-15 real-world precision audit (docs/dogfood/real-world-precision-2026-06-15.md).

Problem

fallow-py flags imports that are guarded by if TYPE_CHECKING: or try/except ImportError: as missing-runtime-dependency — the only blocking/error-severity rule. This means a first-time CI integration fails the build on type-only and optional imports.

This is the most damaging defect found, because it is blocking. missing-runtime-dependency measured 3% precision (29 of 30 sampled findings were false positives).

Evidence (real repos, no config)

• celery/app/base.py: if typing.TYPE_CHECKING: from pydantic import BaseModel → flagged as a blocking missing dependency (the import never runs)
• flask/config.py: if t.TYPE_CHECKING: import typing_extensions as te → blocking error
• click/_winconsole.py: if t.TYPE_CHECKING: ... from typing_extensions import Buffer → blocking error
• celery/backends/arangodb.py: try: from pyArango import ... except ImportError: (handled optional driver) → flagged missing
• requests/__init__.py, httpx/_transports/asgi.py: try/except ImportError optional imports → flagged missing
• celery: _patch_eventlet() / _patch_gevent() function-local optional-backend imports → flagged missing

The analyzer already records evidence.guarded: true for several of these, yet still emits them at error severity.

Proposed fix

1. TYPE_CHECKING-guarded imports are never runtime dependencies — exclude them from missing-runtime-dependency entirely (at most an info note).
2. try/except ImportError-guarded imports are optional — do not emit blocking; at most decision_needed.
3. Respect the existing evidence.guarded signal: a guarded import must never be blocking.

Acceptance criteria

• No TYPE_CHECKING-guarded or try/except ImportError-guarded import is ever reported at blocking/error severity.
• benchmarks/fp-cases/type-checking-guarded-import/ fixture added and passes.
• Re-running the audit shows missing-runtime-dependency precision rising substantially from the 3% baseline.

Priority

P0. This is the adoption-breaker — it is the difference between "noisy" and "actively fails first-time CI." Fix first regardless of volume rank.

---

Opened by claude (Opus 4.8) from the 2026-06-15 precision audit. Audit PR: #113.

**Source:** evidence-derived from the 2026-06-15 real-world precision audit (`docs/dogfood/real-world-precision-2026-06-15.md`). ## Problem `fallow-py` flags imports that are guarded by `if TYPE_CHECKING:` or `try/except ImportError:` as **`missing-runtime-dependency`** — the only `blocking`/error-severity rule. This means a first-time CI integration **fails the build on type-only and optional imports**. This is the **most damaging defect found**, because it is `blocking`. `missing-runtime-dependency` measured **3% precision** (29 of 30 sampled findings were false positives). ### Evidence (real repos, no config) - `celery/app/base.py`: `if typing.TYPE_CHECKING: from pydantic import BaseModel` → flagged as a blocking missing dependency (the import never runs) - `flask/config.py`: `if t.TYPE_CHECKING: import typing_extensions as te` → blocking error - `click/_winconsole.py`: `if t.TYPE_CHECKING: ... from typing_extensions import Buffer` → blocking error - `celery/backends/arangodb.py`: `try: from pyArango import ... except ImportError:` (handled optional driver) → flagged missing - `requests/__init__.py`, `httpx/_transports/asgi.py`: `try/except ImportError` optional imports → flagged missing - `celery`: `_patch_eventlet()` / `_patch_gevent()` function-local optional-backend imports → flagged missing The analyzer already records `evidence.guarded: true` for several of these, yet still emits them at `error` severity. ## Proposed fix 1. **`TYPE_CHECKING`-guarded imports are never runtime dependencies** — exclude them from `missing-runtime-dependency` entirely (at most an `info` note). 2. **`try/except ImportError`-guarded imports are optional** — do not emit `blocking`; at most `decision_needed`. 3. Respect the existing `evidence.guarded` signal: a guarded import must never be `blocking`. ## Acceptance criteria - No `TYPE_CHECKING`-guarded or `try/except ImportError`-guarded import is ever reported at `blocking`/error severity. - `benchmarks/fp-cases/type-checking-guarded-import/` fixture added and passes. - Re-running the audit shows `missing-runtime-dependency` precision rising substantially from the 3% baseline. ## Priority **P0.** This is the adoption-breaker — it is the difference between "noisy" and "actively fails first-time CI." Fix first regardless of volume rank. --- *Opened by `claude` (Opus 4.8) from the 2026-06-15 precision audit. Audit PR: #113.*

claude added the

phase:b

label 2026-06-15 22:56:48 +02:00

claude referenced this issue from a commit 2026-06-17 23:09:21 +02:00

fix: keep guarded imports out of runtime blockers

codex referenced this issue from a pull request that will close it, 2026-06-17 23:09:43 +02:00

Reduce dogfood false positives from Phase B audit #118

claude referenced this issue 2026-06-17 23:11:16 +02:00

[P0][harness] Precision-regression harness — make #114-117 falsifiable (the scoreboard) #119

claude added the

area:engineering

dogfood:fp

severity:high

labels 2026-06-17 23:11:17 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

codex/phase-b-fp-reductions

codex/self-dogfood-shim-suppression

issue-96-diff-scope-filtering-tests

issue-102-report-invariants-tests

issue-97-parse-error-generation

issue-98-deterministic-cycles-tests

issue-99-stable-data-tests

claude/adr-0013-blocking-precision

claude/dogfood-real-world-precision-2026-06-15

issue-83-84-doctor-markdown

claude/docs/cousin-onboarding-pointer

codex/dogfood-evidence-cockpit

codex/first-run-doctor

codex/model-loop-benchmark-harness

codex/rule-explainability

codex/deletion-fingerprint-safety

codex/decision-contract-27

codex/dogfood-evidence-hygiene

codex/root-sandbox-safety-6-7

codex/dogfood-evidence-aggregator-29

codex/public-readiness-post-rename

rename/repo-url-cleanup

rename/cli-config-docs

rename/package-fallow-py

rename/adr-umbrella-branding

codex/perf-profile-benchmark-41

codex/mcp-cache-signature-40

codex/deepseek-triage-backlog-35

v0.3.0a3

Labels

Clear labels   

area:ci

CI workflows, packaging, release

  

area:docs

README, philosophy, dogfood, rules ref

  

area:engineering

Code, AST, graph, MCP runtime

  

area:framework-fp

False-positive heuristics for frameworks

  

area:test-coverage

Dedicated tests for critical modules

  

dogfood:fn

Dogfood evidence: false negative (missed)

  

dogfood:fp

Dogfood evidence: false positive

  

dogfood:friction

Dogfood: UX friction

  

dogfood:tp

Dogfood evidence: true positive (real catch)

  

phase:b

Phase B - engineering hardening

  

phase:c

Phase C - Show HN polish

  

severity:critical

Silent bugs, data loss, security

  

severity:high

Real defects, FP confirmed, crashes

  

severity:low

Hygiene, perf micro-opts

  

severity:medium

Hardening, drift detection, edge cases

  

source:deepseek-v4-pro

Items triaged from the DeepSeek v4 Pro repository audit

No labels

area:ci

area:docs

area:engineering

area:framework-fp

area:test-coverage

dogfood:fn

dogfood:fp

dogfood:friction

dogfood:tp

phase:b

phase:c

severity:critical

severity:high

severity:low

severity:medium

source:deepseek-v4-pro

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pdurlej/fallow-py#115

No description provided.