pdurlej/fallow-py
1
0
Fork 0
Code Issues 65 Pull requests 8 Projects Releases Packages Wiki Activity Actions

Triage DeepSeek v4 Pro audit into actionable backlog #35

New issue
Closed
opened 2026-05-12 08:04:15 +02:00 by codex · 1 comment
codex commented 2026-05-12 08:04:15 +02:00
Collaborator
Copy link

Context

DeepSeek v4 Pro produced a broad repository audit on 2026-05-11/2026-05-12. The audit is useful as input, but it mixes actionable findings, deferred design work, roadmap ideas, and several false claims. This issue is the durable index for the triage so the work survives chat/context compaction.

Current ADR / issue references checked

  • ADR 0008: Phase B/C execution is evidence-gated and dogfood-bounded.
  • ADR 0009: three-bucket classification is accepted design, but implementation is explicitly deferred.
  • Forgejo #27 / B13: tracks ADR 0009 implementation (manual_only removal, review_needed -> decision_needed, mandatory trade_offs). Do not duplicate it.

Accepted actionable follow-ups

  • #36 — CLI --changed-only non-git UX: create one clear warning path instead of a confusing deprecation + unavailable combination.
  • #37 — Config TOML strict type validation: invalid types should produce field-specific ConfigError before dataclass values leak into analysis.
  • #38 — Source-root discovery ordering: replace string-length ordering with an explicit specificity policy.
  • #39 — Curated audit triage note: record accepted/deferred/rejected DeepSeek findings without treating the raw audit as canonical truth.

Deferred / research follow-ups

  • #40 — MCP report-cache signature: investigate content/config/schema-aware invalidation beyond mtime+size.
  • #41 — Parallel AST indexing: benchmark first; do not implement concurrency before measuring real bottlenecks.
  • #11 — Graph/cycle canonicalization: existing B8 covers fingerprint stability under cycle traversal order; treat DeepSeek's nondeterminism claim as related but overstated.
  • #27 — ADR 0009 implementation remains B13, gated by ADR 0008 unless the operator explicitly pulls it forward.

Rejected / no issue unless a repro appears

  • DEFAULT_IMPORT_MAP missing django, fastapi, pydantic as a direct bug: weak claim; direct import names already match distribution names.
  • _normalize_package_name treating _, -, . equivalently: expected package-name normalization, not a bug.
  • ExportRecord tuples with None being non-hashable: factually false; None is hashable.
  • .pyi stubs as a near-term requirement: inline typing is sufficient for current alpha.
  • _dedupe_fragments() dropping non-overlapping same-file duplicates: not supported by current code reading; requires a concrete repro before tracking.

Execution order when operator says “execute this backlog”

Default order:

  1. #39 first, so the audit triage is committed as durable repo docs.
  2. #36, because it is the smallest user-facing friction fix.
  3. #37, because config validation is broad enough to deserve isolated tests.
  4. #38, because discovery ordering can affect module identity and needs careful regression coverage.
  5. #40 only after #9/B6 cache lifecycle work is considered, or if implemented as a focused invalidation-only PR.
  6. #41 as a benchmark-only PR before any concurrency implementation.
  7. #27 remains Phase B/B13 and should not be pulled into this batch unless the operator explicitly overrides ADR 0008 gating.

Acceptance for this meta-issue

  • All accepted actionable follow-ups have dedicated issues or are linked to existing issues.
  • Deferred/research items have either dedicated issues or an explicit existing issue reference.
  • Rejected items are listed here with the reason, so they do not keep resurfacing as vague backlog.
## Context DeepSeek v4 Pro produced a broad repository audit on 2026-05-11/2026-05-12. The audit is useful as input, but it mixes actionable findings, deferred design work, roadmap ideas, and several false claims. This issue is the durable index for the triage so the work survives chat/context compaction. ## Current ADR / issue references checked - ADR 0008: Phase B/C execution is evidence-gated and dogfood-bounded. - ADR 0009: three-bucket classification is accepted design, but implementation is explicitly deferred. - Forgejo #27 / B13: tracks ADR 0009 implementation (`manual_only` removal, `review_needed` -> `decision_needed`, mandatory `trade_offs`). Do not duplicate it. ## Accepted actionable follow-ups - #36 — CLI `--changed-only` non-git UX: create one clear warning path instead of a confusing deprecation + unavailable combination. - #37 — Config TOML strict type validation: invalid types should produce field-specific `ConfigError` before dataclass values leak into analysis. - #38 — Source-root discovery ordering: replace string-length ordering with an explicit specificity policy. - #39 — Curated audit triage note: record accepted/deferred/rejected DeepSeek findings without treating the raw audit as canonical truth. ## Deferred / research follow-ups - #40 — MCP report-cache signature: investigate content/config/schema-aware invalidation beyond `mtime+size`. - #41 — Parallel AST indexing: benchmark first; do not implement concurrency before measuring real bottlenecks. - #11 — Graph/cycle canonicalization: existing B8 covers fingerprint stability under cycle traversal order; treat DeepSeek's nondeterminism claim as related but overstated. - #27 — ADR 0009 implementation remains B13, gated by ADR 0008 unless the operator explicitly pulls it forward. ## Rejected / no issue unless a repro appears - `DEFAULT_IMPORT_MAP` missing `django`, `fastapi`, `pydantic` as a direct bug: weak claim; direct import names already match distribution names. - `_normalize_package_name` treating `_`, `-`, `.` equivalently: expected package-name normalization, not a bug. - `ExportRecord` tuples with `None` being non-hashable: factually false; `None` is hashable. - `.pyi` stubs as a near-term requirement: inline typing is sufficient for current alpha. - `_dedupe_fragments()` dropping non-overlapping same-file duplicates: not supported by current code reading; requires a concrete repro before tracking. ## Execution order when operator says “execute this backlog” Default order: 1. #39 first, so the audit triage is committed as durable repo docs. 2. #36, because it is the smallest user-facing friction fix. 3. #37, because config validation is broad enough to deserve isolated tests. 4. #38, because discovery ordering can affect module identity and needs careful regression coverage. 5. #40 only after #9/B6 cache lifecycle work is considered, or if implemented as a focused invalidation-only PR. 6. #41 as a benchmark-only PR before any concurrency implementation. 7. #27 remains Phase B/B13 and should not be pulled into this batch unless the operator explicitly overrides ADR 0008 gating. ## Acceptance for this meta-issue - All accepted actionable follow-ups have dedicated issues or are linked to existing issues. - Deferred/research items have either dedicated issues or an explicit existing issue reference. - Rejected items are listed here with the reason, so they do not keep resurfacing as vague backlog.
codex commented 2026-05-16 00:30:56 +02:00
Author
Collaborator
Copy link

Closing as completed after the DeepSeek audit backlog was triaged and executed/parked into durable follow-ups.

Status:

  • #36 closed — --changed-only non-git UX
  • #37 closed — strict TOML type validation
  • #38 closed — explicit source-root specificity policy
  • #39 closed — curated DeepSeek audit triage note
  • #40 closed — MCP report-cache signature hardening
  • #41 closed — benchmark-first perf note
  • #27 remains the existing ADR 0009 / B13 implementation ticket, intentionally Phase B-gated
  • rejected audit claims remain recorded in this issue body for traceability

No remaining standalone action lives in this meta-issue.

Closing as completed after the DeepSeek audit backlog was triaged and executed/parked into durable follow-ups. Status: - #36 closed — `--changed-only` non-git UX - #37 closed — strict TOML type validation - #38 closed — explicit source-root specificity policy - #39 closed — curated DeepSeek audit triage note - #40 closed — MCP report-cache signature hardening - #41 closed — benchmark-first perf note - #27 remains the existing ADR 0009 / B13 implementation ticket, intentionally Phase B-gated - rejected audit claims remain recorded in this issue body for traceability No remaining standalone action lives in this meta-issue.
codex closed this issue 2026-05-16 00:31:01 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
codex/phase-b-fp-reductions
codex/self-dogfood-shim-suppression
issue-96-diff-scope-filtering-tests
issue-102-report-invariants-tests
issue-97-parse-error-generation
issue-98-deterministic-cycles-tests
issue-99-stable-data-tests
claude/adr-0013-blocking-precision
claude/dogfood-real-world-precision-2026-06-15
issue-83-84-doctor-markdown
claude/docs/cousin-onboarding-pointer
codex/dogfood-evidence-cockpit
codex/first-run-doctor
codex/model-loop-benchmark-harness
codex/rule-explainability
codex/deletion-fingerprint-safety
codex/decision-contract-27
codex/dogfood-evidence-hygiene
codex/root-sandbox-safety-6-7
codex/dogfood-evidence-aggregator-29
codex/public-readiness-post-rename
rename/repo-url-cleanup
rename/cli-config-docs
rename/package-fallow-py
rename/adr-umbrella-branding
codex/perf-profile-benchmark-41
codex/mcp-cache-signature-40
codex/deepseek-triage-backlog-35
v0.3.0a3
Labels
Clear labels   
area:ci
CI workflows, packaging, release

  
area:docs
README, philosophy, dogfood, rules ref

  
area:engineering
Code, AST, graph, MCP runtime

  
area:framework-fp
False-positive heuristics for frameworks

  
area:test-coverage
Dedicated tests for critical modules

  
dogfood:fn
Dogfood evidence: false negative (missed)

  
dogfood:fp
Dogfood evidence: false positive

  
dogfood:friction
Dogfood: UX friction

  
dogfood:tp
Dogfood evidence: true positive (real catch)

  
phase:b
Phase B - engineering hardening

  
phase:c
Phase C - Show HN polish

  
severity:critical
Silent bugs, data loss, security

  
severity:high
Real defects, FP confirmed, crashes

  
severity:low
Hygiene, perf micro-opts

  
severity:medium
Hardening, drift detection, edge cases

  
source:deepseek-v4-pro
Items triaged from the DeepSeek v4 Pro repository audit

No labels
area:ci
area:docs
area:engineering
area:framework-fp
area:test-coverage
dogfood:fn
dogfood:fp
dogfood:friction
dogfood:tp
phase:b
phase:c
severity:critical
severity:high
severity:low
severity:medium
source:deepseek-v4-pro
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pdurlej/fallow-py#35
No description provided.