Conversation
…is (B-0073) CodeQL was scanning .NET build artifacts under obj/ and bin/, including auto-generated xunit test entry points (`XunitAutoGeneratedEntry*.cs`). Findings on those files ask us to fix MSBuild's output, not source — wrong dependency direction. Empirically discovered 2026-04-28 while diagnosing why all 6 LFG PRs were BLOCKED with all-green CI: two open `cs/missed-ternary-operator` alerts on `obj/Release/net10.0/XunitAutoGenerated*.cs` were among 13 total Code Scanning alerts gating the LFG `code_quality:severity=all` ruleset on every PR. This config change drops 2 of 13 alerts via a single structural change with zero source-code risk. Composes with B-0073 (which covers the remaining 10 source alerts + 1 Scorecard meta-finding) and task Lucent-Financial-Group#306 (the original 'Analyze (csharp) on PR' workflow-cost concern, which this helps reduce by limiting scan scope). Verification: next CodeQL run on main should report 11 (or fewer) open alerts instead of 13. Agency-Signature-Version: 1 Agent: otto Agent-Runtime: claude-code Agent-Model: claude-opus-4-7 Credential-Identity: AceHack-shared Credential-Mode: shared-with-aaron Human-Review: not-implied-by-credential Human-Review-Evidence: aaron-explicit-ask Action-Mode: autonomous-fail-open Task: B-0073-step-1-codeql-exclude-build-artifacts
AceHack
deleted the
ops/codeql-exclude-obj-bin-build-artifacts-2026-04-28
branch
AceHack
added a commit
that referenced
this pull request
Apr 28, 2026
…erals (B-0073 step 2) (#97) The casts `((int, long))(N, NL)` on tuple literals like `(1, 1L)` are flagged by CodeQL as `cs/useless-cast-to-self` because the compiler already infers `(int, long)` from the literal types (`int` from N, `long` from NL). The cast adds no information. Sites fixed (10 alerts → 0 after this lands and CodeQL re-scans): - tests/Tests.CSharp/CircuitTests.cs lines 70-72 (3 casts) - tests/Tests.CSharp/ZSetTests.cs lines 30-31 (4 casts; two on each line) + lines 43-45 (3 casts) Build verification: `dotnet build tests/Tests.CSharp/ -c Release` returns 0 warnings, 0 errors. The casts were genuinely redundant — array type inference `new[] { ... }` correctly infers `(int, long)[]` from elements that are all `(int, long)`. This is step 2 of B-0073 (LFG csharp Code Scanning cleanup blocking the code_quality:severity=all ruleset). Step 1 (PR #96, obj/bin exclusion) drops 2 build-artifact alerts. This PR drops the 10 source alerts. After both land + forward-sync to LFG + CodeQL re-scan, only the Scorecard SAST meta-finding remains (which is informational, not a real defect — separate disposition). Agency-Signature-Version: 1 Agent: otto Agent-Runtime: claude-code Agent-Model: claude-opus-4-7 Credential-Identity: AceHack-shared Credential-Mode: shared-with-aaron Human-Review: not-implied-by-credential Human-Review-Evidence: aaron-explicit-ask Action-Mode: autonomous-fail-open Task: B-0073-step-2-useless-cast-removal
AceHack
added a commit
that referenced
this pull request
Apr 28, 2026
…hain + P1 legal fix (#98) * tick-history: 2026-04-28T09:37Z — 7 PRs MERGED + B-0073 LFG-unblock chain + P1 legal fix Major-arc structural-unblock tick chain covering ~50 minutes of work after 08:50Z post-compaction recovery: - 7 AceHack PRs MERGED: #28 #94 #23 #19 #95 #96 #97 - B-0073 P0 root-cause + 2-step LFG ruleset unblock (CodeQL obj/bin exclusion + 10 useless-cast removals; build-verified 0 warnings 0 errors) - PR #72: 18 threads drained including P1 legal/IP paraphrase fix on 5 leaked-source verbatim-quote sites - B-0074 P2 filed for spec-consistency drift sweep (8 deferred-with-tracking items per bulk-resolve discipline) Drift state: AceHack +9 ahead this chain (from merges), LFG unchanged at +499 ahead (forward-sync pending — B-0073 fixes need to land on LFG main before its ruleset gate clears). Cron ff34da97 verified live. Agency-Signature-Version: 1 Agent: otto Agent-Runtime: claude-code Agent-Model: claude-opus-4-7 Credential-Identity: AceHack-shared Credential-Mode: shared-with-aaron Human-Review: not-implied-by-credential Human-Review-Evidence: aaron-explicit-ask Action-Mode: autonomous-fail-open Task: tick-history-2026-04-28T09-37 * fix(pr-98): drain 5 review-thread findings on tick-history row - PR #94 timestamp: corrected from initial-draft '~08:48Z' to empirically-verified '09:09:02Z' (per gh pr view 94 --json mergedAt). The 08:48Z claim was stale-recall; the merge actually fired at 09:09Z when auto-merge cleared. - 7-vs-9 PR count discrepancy: clarified that 7 PRs merged in this tick chain, session-cumulative is 9 including the prior #92/#87 compacted-context window. Drift +9 was correct; framing was ambiguous about scope. - feedback_search_internet xref: replaced filename-pattern reference with full user-scope absolute path + explicit '(user-scope only; in-repo migration deferred per the natural-home-of-memories directive)' tag, addressing the P1 broken-xref finding. Agency-Signature-Version: 1 Agent: otto Agent-Runtime: claude-code Agent-Model: claude-opus-4-7 Credential-Identity: AceHack-shared Credential-Mode: shared-with-aaron Human-Review: not-implied-by-credential Human-Review-Evidence: aaron-explicit-ask Action-Mode: autonomous-fail-open Task: pr-98-thread-drain-5-substantive-fixes
There was a problem hiding this comment.
Pull request overview
Updates the repository’s CodeQL configuration to stop scanning .NET build artifact directories (obj/ and bin/), reducing noise from auto-generated sources and preventing artifact-only alerts from gating PR rulesets.
Changes:
- Add
**/obj/**and**/bin/**to CodeQLpaths-ignore. - Document the rationale and link it to B-0073 / observed alert gating.
AceHack
added a commit
that referenced
this pull request
Apr 28, 2026
…is (B-0073) (#96) CodeQL was scanning .NET build artifacts under obj/ and bin/, including auto-generated xunit test entry points (`XunitAutoGeneratedEntry*.cs`). Findings on those files ask us to fix MSBuild's output, not source — wrong dependency direction. Empirically discovered 2026-04-28 while diagnosing why all 6 LFG PRs were BLOCKED with all-green CI: two open `cs/missed-ternary-operator` alerts on `obj/Release/net10.0/XunitAutoGenerated*.cs` were among 13 total Code Scanning alerts gating the LFG `code_quality:severity=all` ruleset on every PR. This config change drops 2 of 13 alerts via a single structural change with zero source-code risk. Composes with B-0073 (which covers the remaining 10 source alerts + 1 Scorecard meta-finding) and task Lucent-Financial-Group#306 (the original 'Analyze (csharp) on PR' workflow-cost concern, which this helps reduce by limiting scan scope). Verification: next CodeQL run on main should report 11 (or fewer) open alerts instead of 13. Agency-Signature-Version: 1 Agent: otto Agent-Runtime: claude-code Agent-Model: claude-opus-4-7 Credential-Identity: AceHack-shared Credential-Mode: shared-with-aaron Human-Review: not-implied-by-credential Human-Review-Evidence: aaron-explicit-ask Action-Mode: autonomous-fail-open Task: B-0073-step-1-codeql-exclude-build-artifacts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Step 1 of B-0073 (LFG csharp Code Scanning cleanup blocking the `code_quality:severity=all` ruleset on every LFG PR).
CodeQL was scanning .NET build artifacts under `obj/` and `bin/` — including auto-generated xunit test entry points (`XunitAutoGeneratedEntry*.cs`). Findings on those files ask us to fix MSBuild's output, not source — wrong dependency direction.
Empirical evidence
`gh api repos/Lucent-Financial-Group/Zeta/code-scanning/alerts?state=open` returned 13 open alerts on LFG main as of 2026-04-28T09:14Z. Two of those (alerts #1 and #2: `cs/missed-ternary-operator` on `obj/Release/net10.0/XunitAutoGenerated*.cs`) are in the build-artifact tree this PR excludes.
Composes with
Verification
Next CodeQL run on main should report 11 (or fewer) open alerts instead of 13. Once forward-synced to LFG, the alert count drops by 2 → ruleset starts passing for the simplest PRs (those without the remaining 10-11 alerts on their diffs).
Agency-Signature-Version: 1
Agent: otto
Agent-Runtime: claude-code
Agent-Model: claude-opus-4-7
Credential-Identity: AceHack-shared
Credential-Mode: shared-with-aaron
Human-Review: not-implied-by-credential
Human-Review-Evidence: aaron-explicit-ask
Action-Mode: autonomous-fail-open
Task: B-0073-step-1-codeql-exclude-build-artifacts