Skip to content

build(release): 支持依赖与安全提交触发补丁发布#319

Merged
GeWuYou merged 2 commits into
mainfrom
build/semantic-release-rules
May 4, 2026
Merged

build(release): 支持依赖与安全提交触发补丁发布#319
GeWuYou merged 2 commits into
mainfrom
build/semantic-release-rules

Conversation

@GeWuYou

@GeWuYou GeWuYou commented May 3, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Owner

  • 更新 semantic-release 规则,将 deps 与 security 提交映射为 patch 发布

  • 补充 AGENTS 与贡献文档中的提交类型语义

  • 记录 SEMREL-RP-005 验证结果与分支恢复入口

Summary by CodeRabbit

发布说明

  • Chores
    • 将依赖(deps)与安全(security)类提交纳入补丁(patch)发布规则,并确保这些类型在发布说明中作为可见节展示(“Dependency Updates”、“Security Fixes”)。
  • Documentation
    • 更新贡献指南与相关文档,新增 deps 类型说明并同步语义化版本规则与发布说明映射。

@GeWuYou
build(release): 支持依赖与安全提交触发补丁发布
53f8baf 
- 更新 semantic-release 规则,将 deps 与 security 提交映射为 patch 发布

- 补充 AGENTS 与贡献文档中的提交类型语义

- 记录 SEMREL-RP-005 验证结果与分支恢复入口
@coderabbitai

coderabbitai Bot commented May 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8bd153f3-a2d1-4fb7-8288-679d8fa98d68

📥 Commits

Reviewing files that changed from the base of the PR and between 53f8baf and c5ca161.

📒 Files selected for processing (3)
  • .releaserc.json
  • ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
  • ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md
📜 Recent review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Code Quality & Security
  • GitHub Check: Build and Test
  • GitHub Check: Analyze (C#)
🧰 Additional context used
📓 Path-based instructions (4)
ai-plan/public/**

📄 CodeRabbit inference engine (AGENTS.md)

Contributors MUST keep committed ai-plan/public/** content safe to publish in Git history; never write secrets, tokens, credentials, private keys, machine usernames, home-directory paths, hostnames, IP addresses, proprietary URLs, or other sensitive environment details

Files:

  • ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md
  • ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
ai-plan/**

📄 CodeRabbit inference engine (AGENTS.md)

Never record absolute file-system paths in ai-plan/**; use repository-relative paths, branch names, PR numbers, or stable document identifiers instead

Files:

  • ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md
  • ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
ai-plan/public/**/traces/**

📄 CodeRabbit inference engine (AGENTS.md)

Contributors MUST maintain a matching execution trace under ai-plan/public/<topic>/traces/ for complex work recording the current date, key decisions, validation milestones, and the immediate next step

Files:

  • ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md
ai-plan/public/**/todos/**

📄 CodeRabbit inference engine (AGENTS.md)

When working from a tracked implementation plan, contributors MUST update the corresponding tracking document under ai-plan/public/<topic>/todos/ in the same change with completed work, newly discovered issues, validation results, and the next recommended recovery point

Recovery documents MUST record the current phase, the active recovery point identifier, known risks, and the next recommended resume step so another contributor or subagent can continue the work safely

Files:

  • ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
🧠 Learnings (1)
📓 Common learnings 
Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Read `@.ai/environment/tools.ai.yaml` before choosing runtimes or CLI tools; prefer project-relevant tools listed there instead of assuming every installed system tool is fair game

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: When working in WSL against a Windows-backed worktree, first prefer Linux `git` with explicit `--git-dir=<repo>/.git/worktrees/<worktree-name>` and `--work-tree=<worktree-root>` binding for every repository command

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Every completed task MUST pass at least one build validation before it is considered done; establish warning baseline from a non-incremental repository-root build by running `dotnet clean` and then `dotnet build`

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Commit messages MUST use Conventional Commits format: `<type>(<scope>): <summary>` with summary in simplified Chinese; commit body MUST use unordered list items starting with action verbs such as `新增`、`修复`、`优化`、`更新`、`补充`、`重构`

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Commit `type` MUST reflect release semantics: use `feat` for user-facing/consumer-facing capability additions, `fix` for behavior corrections, `perf` for observable performance improvements, `refactor` for non-feature code restructuring, `deps` for dependency updates, `security` for vulnerability fixes, and `docs`、`test`、`chore`、`build`、`ci`、`style` for their literal categories; use `BREAKING CHANGE` footer or `!` suffix for major version changes

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Documentation-only changes MUST NOT use `feat`; if a commit changes both product behavior and related docs, either split the commit or use `feat` only when code/package behavior is the primary released change

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Keep technical terms in English when they are established project terms such as `API`、`Model`、`System`; prefer `docs(<module-or-area>)` for documentation-only work instead of ambiguous scopes like `feat(docs)`

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Governance-only material such as XML audit snapshots, documentation remediation baselines, backlog status, and recovery metadata belongs in `ai-plan/**` or other contributor-only artifacts, not in public docs or `README.md`

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: When implementation plans, traces, reviews, or design notes say 'reference a third-party project', prefer the repository-local path under `ai-libs/` instead of an unspecified upstream repository

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Use `ai-plan/public/**` only for durable, handoff-safe task state; put temporary notes, local experiments, or worktree-specific scratch recovery data under `ai-plan/private/`

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: For any multi-step refactor, migration, or cross-module task, contributors MUST create or adopt a dedicated recovery document under `ai-plan/public/<topic>/todos/` before making substantive code changes

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: When a stage inside an active topic is fully complete, move the finished artifacts into that topic's `archive/` directory instead of leaving every completed step in the default boot path

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: When a topic is fully complete, move the entire topic directory under `ai-plan/public/archive/<topic>/` and remove it from `ai-plan/public/README.md` in the same change

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: When a task spans multiple commits or is likely to exceed a single agent context window, update both the recovery document and the trace at each meaningful milestone before pausing or handing work off

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Prefer invoking `$gframework-boot` when the user uses short startup prompts such as `boot`、`continue`、`next step`、`按 boot 开始`、`先看 AGENTS`、`继续当前任务`

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: The boot skill is a startup convenience layer, not a replacement for AGENTS.md; if the skill and AGENTS.md diverge, follow AGENTS.md first and update the skill in the same change

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: The boot skill MUST read `AGENTS.md`、`.ai/environment/tools.ai.yaml`、`ai-plan/public/README.md` and the relevant active-topic `ai-plan/` artifacts before substantive execution

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Use subagents only when the task is complex, the context is likely to grow too large, or the work can be split into independent parallel subtasks; the main agent MUST identify the critical path first

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Use `explorer` subagents for read-only discovery, comparison, tracing, and narrow codebase questions; use `worker` subagents only for bounded implementation tasks with an explicit file or module ownership boundary

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Every delegation to subagents MUST specify: the concrete objective, the expected output format, the files or subsystem the subagent owns, and any constraints about tests, diagnostics, or compatibility

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Subagents are not allowed to revert or overwrite unrelated changes from the user or other agents; they must adapt to concurrent work instead of assuming exclusive ownership of the repository

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: Prefer lightweight models such as `gpt-5.1-codex-mini` for narrow exploration, indexing, and comparison tasks; prefer stronger models such as `gpt-5.4` for cross-module design work, non-trivial refactors, and tasks requiring higher confidence reasoning

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-04T00:16:53.747Z
Learning: The main agent remains responsible for reviewing and integrating subagent output; unreviewed subagent conclusions do not count as final results
🪛 LanguageTool
ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md

[grammar] ~11-~11: Ensure spelling is correct
Context: ...ad commit 没有未解决 review threads - CTRF 测试报告显示 2264 passed / 0 failed - 未找到 MegaLinter 明细块 - 本地复核结论: - `.releaser...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md

[grammar] ~29-~29: Ensure spelling is correct
Context: ...emantic-release的版本判断完全依赖 Conventional Commits;不规范提交会直接影响版本计算 - patch 级提交类型的发布语义需要同时维护在.releaserc.jsonAG...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~47-~47: Ensure spelling is correct
Context: ...RP-005已扩展deps/security的 patch 发布规则,并同步提交规范文档 -SEMREL-RP-006` 已根据 PR review 复核结果补齐 release notes 类型映射,避免 ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🔇 Additional comments (5)
.releaserc.json (2)

36-43: deps / security 的发布级别已对齐。

这两条规则与仓库里现有的 patch 语义一致,没有发现配置冲突。

81-119: 发布说明分类已补齐。

release-notes-generator 现在能把 deps / security 显式展示出来,和版本规则保持一致。

ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md (1)

3-27: 追踪记录完整。

本次漂移、修复、验证和下一步都串起来了,和 .releaserc.json 的改动保持一致。

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md (2)

16-23: 当前恢复点信息已对齐。

SEMREL-RP-006、当前阶段和焦点都更新到位,便于后续继续恢复。

47-69: 验证与收尾状态已补全。

SEMREL-RP-005/006 的完成项、验证结果和下一步都记录清楚了。

📝 Walkthrough

Walkthrough

本PR更新语义发布配置,将 commit 类型 depssecurity 映射为 patch 发布,并同步将这两类加入 release-notes 产出分类;同时更新贡献文档与内部跟踪记录以反映该规则变更与验证状态。

Changes

语义发布规则与文档同步

Layer / File(s) Summary
核心配置
.releaserc.json		 @semantic-release/commit-analyzerreleaseRules 中新增 deps → patchsecurity → patch 映射。
发布说明映射
.releaserc.json		 @semantic-release/release-notes-generatorpresetConfig.types 中加入 deps("Dependency Updates")与 security("Security Fixes"),均设为 hidden: false
提交规范文档
AGENTS.md, docs/zh-CN/contributing.md		 在 Conventional Commits 类型列表中新增/补充 securitydeps 的分类与其对版本影响(patch)的说明。
项目映射/跟踪条目
ai-plan/public/README.md, ai-plan/public/semantic-release-versioning/...		 新增 worktree 分支映射(build/semantic-release-rulessemantic-release-versioning),并在 todos/traces 文档中记录规则扩展、验证结果(包括 dry-run 加载通过但因远端 tag clobber 中止)与恢复点(SEMREL-RP-006)与下一步。

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed PR 标题清晰准确地总结了主要变更:支持依赖与安全提交触发补丁发布,与所有文件变更高度相关。
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch build/semantic-release-rules

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps

greptile-apps Bot commented May 3, 2026
edited
Loading

Copy link
Copy Markdown

Greptile Summary

This PR extends the semantic-release configuration to treat deps and security commits as patch releases, adds matching presetConfig.types entries to release-notes-generator so those commits appear in generated changelogs, and syncs the new types into AGENTS.md and the Chinese-language contributing guide. This directly resolves the previous P1 review finding about deps/security commits triggering a version bump without producing any release-note content.

Confidence Score: 5/5

Safe to merge — all changes are configuration and documentation, with the previously flagged P1 now fully resolved.

The prior P1 finding (deps/security commits triggering a release without appearing in release notes) is directly and correctly addressed by the new presetConfig.types block. Both plugins are now symmetric: commit-analyzer has the release rules and release-notes-generator has the matching visible sections. No logic, build, or security issues were found in the remaining documentation and tracking files.

No files require special attention.

Important Files Changed
Filename Overview
.releaserc.json Adds deps and security to both commit-analyzer releaseRules (patch) and release-notes-generator presetConfig.types (hidden: false); resolves prior P1 drift between version triggering and changelog rendering.
AGENTS.md Documents deps and security commit-type semantics and their patch-release mapping, keeping agent guidance in sync with .releaserc.json.
docs/zh-CN/contributing.md Adds deps and security entries to the public commit-type table; no issues found.
ai-plan/public/README.md Adds build/semantic-release-rules branch mapping to internal AI-plan index; documentation only.
ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md Updates tracking doc with SEMREL-RP-005/006 recovery points and validation results; internal planning artifact.
ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md Appends 2026-05-03 and 2026-05-04 trace entries documenting the patch-type extension and release-notes fix; internal audit trail.

Flowchart

 
%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Commit pushed] --> B{commit-analyzer\nreleaseRules}
    B -->|feat| C[minor release]
    B -->|fix / perf / refactor\ndeps / security| D[patch release]
    B -->|docs / test / chore\nbuild / ci / style| E[no release]
    B -->|BREAKING CHANGE / !| F[major release]
    D --> G[release-notes-generator\npresetConfig.types]
    C --> G
    F --> G
    G -->|feat → Features\nfix → Bug Fixes\nperf → Performance\nrefactor → Refactoring\ndeps → Dependency Updates\nsecurity → Security Fixes\nrevert → Reverts| H[GitHub Release notes rendered]
Loading

Reviews (2): Last reviewed commit: "build(release): 修复发布说明类型映射" | Re-trigger Greptile

@github-actions

github-actions Bot commented May 3, 2026

Copy link
Copy Markdown

Summary

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Other ❓ Flaky 🍂 Duration ⏱️
2264 2264 0 0 0 0 1ms

Test Results

passed 2264 passed

Details

tests 2264 tests
clock 37.7s
tool nunit
build CI - Build & Test arrow-right build-and-test link #1048
pull-request build(release): 支持依赖与安全提交触发补丁发布 link #319

Insights

Average Tests per Run Total Flaky Tests Total Failed Slowest Test (p95)
2264 0 0 3.2s

build-and-test: Run #1048

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Pending ⏳ Other ❓ Flaky 🍂 Duration ⏱️
2264 2264 0 0 0 0 0 37.7s

🎉 All tests passed!

Slowest Tests

Test 📝 Results 📊 Duration (avg) ⏱️ Duration (p95) ⏱️
CreateStream_Should_ResolveCqrsRuntime_OnlyOnce_When_AccessedConcurrently 1 3.2s 3.2s
Does_Not_Report_When_FieldInjectedModel_Is_Registered 1 2.2s 2.2s
Generates_Scene_Behavior_Boilerplate 1 2.1s 2.1s
CleanupDuringAcquire_Should_NotCauseRaceCondition 1 1.1s 1.1s
Append_ShouldNotBlock 1 1.0s 1.0s
Context_Caching_Should_Improve_Performance 1 783ms 783ms
PendingCount_ShouldReflectQueuedEntries 1 501ms 501ms
Cleanup_Should_NotRemoveActiveLocks 1 405ms 405ms
Cleanup_Should_RemoveUnusedLocks 1 401ms 401ms
Generates_Precise_Assembly_Type_Lookups_For_Inaccessible_External_Generic_Definitions_With_Visible_Type_Arguments 1 327ms 327ms

🎉 No failed tests in this run. | 🍂 No flaky tests in this run.

Github Test Reporter by CTRF 💚

@github-actions

github-actions Bot commented May 3, 2026
edited
Loading

Copy link
Copy Markdown

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ REPOSITORY gitleaks yes no no 4.5s
✅ REPOSITORY trufflehog yes no no 4.28s

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

coderabbitai[bot]
coderabbitai Bot reviewed May 3, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.releaserc.json (1)

36-43: ⚡ Quick win

deps/security 触发 patch 发布但不会出现在 semantic-release 生成的 notes 中

commit-analyzer 新增的两条规则可以正确触发 patch 版本计算,但 release-notes-generator(Lines 77–88)使用 conventionalcommits preset 且未配置 presetConfig.typeswriterOpts.types。Individual properties of parserOpts and writerOpts will override ones loaded with an explicitly set preset or config,且对于 conventionalcommits 这类需要配置对象的 preset,presetConfig 选项必须被设置。

因此 depssecurity 提交会触发版本升级,但不会出现在 semantic-release 的 workflow summary 输出里,CI 日志中无法看到版本升级的原因——尤其对 security 类型而言可读性较差。

如需在 workflow summary 中也显示这两个类型,可在 release-notes-generator 中补充 presetConfig

✨ 建议补充 presetConfig.types 配置 
 [
   "@semantic-release/release-notes-generator",
   {
     "preset": "conventionalcommits",
+    "presetConfig": {
+      "types": [
+        { "type": "feat",     "section": "Features",              "hidden": false },
+        { "type": "fix",      "section": "Bug Fixes",             "hidden": false },
+        { "type": "perf",     "section": "Performance",           "hidden": false },
+        { "type": "refactor", "section": "Refactoring",           "hidden": true  },
+        { "type": "deps",     "section": "Dependency Updates",    "hidden": false },
+        { "type": "security", "section": "Security Fixes",        "hidden": false },
+        { "type": "revert",   "section": "Reverts",               "hidden": false }
+      ]
+    },
     "parserOpts": {
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.releaserc.json around lines 36 - 43, The release notes generator currently
uses the "conventionalcommits" preset but lacks a presetConfig, so commit types
"deps" and "security" (added in commit-analyzer) trigger version bumps but do
not appear in generated notes; update the release-notes-generator configuration
to include a presetConfig that defines types for "deps" and "security" (e.g.,
add entries for the "deps" and "security" types in presetConfig.types) so they
are rendered in the semantic-release notes; ensure you modify the
release-notes-generator options in .releaserc.json (alongside
parserOpts/writerOpts if present) to include the new presetConfig.types mapping.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.releaserc.json:
- Around line 36-43: The release notes generator currently uses the
"conventionalcommits" preset but lacks a presetConfig, so commit types "deps"
and "security" (added in commit-analyzer) trigger version bumps but do not
appear in generated notes; update the release-notes-generator configuration to
include a presetConfig that defines types for "deps" and "security" (e.g., add
entries for the "deps" and "security" types in presetConfig.types) so they are
rendered in the semantic-release notes; ensure you modify the
release-notes-generator options in .releaserc.json (alongside
parserOpts/writerOpts if present) to include the new presetConfig.types mapping.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3eccc787-06e4-4442-a45e-7538a3a4cda4

📥 Commits

Reviewing files that changed from the base of the PR and between fe1a875 and 53f8baf.

📒 Files selected for processing (6)
  • .releaserc.json
  • AGENTS.md
  • ai-plan/public/README.md
  • ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
  • ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md
  • docs/zh-CN/contributing.md
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Analyze (C#)
  • GitHub Check: Build and Test
  • GitHub Check: Code Quality & Security
🧰 Additional context used
📓 Path-based instructions (6)
docs/**/*.md

📄 CodeRabbit inference engine (CLAUDE.md)

Documentation should be organized with Chinese content in docs/zh-CN/ and structured to include getting started, module-specific capabilities (Core, Game, Godot, ECS), source generator usage, tutorials, best practices, and troubleshooting

The main documentation site lives under docs/, with Chinese content under docs/zh-CN/; keep code samples, package names, and command examples aligned with the current repository state

For integration-oriented features, documentation MUST cover: project directory layout and file conventions, required project or package wiring, minimal working usage example, and migration or compatibility notes when behavior changes

Do not rely on 'the code is self-explanatory' for framework features that consumers need to adopt; write the adoption path down so future users do not need to rediscover it from source

When examples are rewritten, preserve only the parts that remain true; delete or replace speculative examples instead of lightly editing them into another inaccurate form

Files:

  • docs/zh-CN/contributing.md
{README.md,docs/**/*.md}

📄 CodeRabbit inference engine (AGENTS.md)

Update the relevant README.md or docs/ page when behavior, setup steps, architecture guidance, or user-facing examples change

Public documentation under README.md and docs/** MUST stay reader-facing; do not publish governance-only content such as inventory tables, coverage baselines, review queues, batch metrics, recovery points, or trace summaries

Public documentation MUST use semantic section titles and link labels; do not surface raw filenames or paths as reader-facing navigation text when a meaningful destination label is available

Public documentation MUST avoid rhetorical, self-referential, or AI-sounding headings and prompts; prefer neutral labels for documentation sections

Public documentation MUST present limitations, suitability, and migration boundaries as adoption guidance for readers; do not publish internal-governance or product-roadmap wording

Prefer documenting behavior and design intent, not only API surface in public documentation

When a public page references XML docs or API coverage, convert that evidence into reader-facing guidance: explain which types, namespaces, or entry points readers should inspect and why

If an existing documentation page no longer reflects the current implementation, fixing the code without fixing the documentation is considered incomplete work

Files:

  • docs/zh-CN/contributing.md
docs/zh-CN/**/*.md

📄 CodeRabbit inference engine (AGENTS.md)

When a feature is added, removed, renamed, or substantially refactored, contributors MUST update or create the corresponding user-facing integration documentation in docs/zh-CN/ in the same change

Files:

  • docs/zh-CN/contributing.md
docs/**

📄 CodeRabbit inference engine (AGENTS.md)

If a docs category appears in VitePress navigation or sidebar, it MUST have a real landing page or be removed from navigation in the same change

Files:

  • docs/zh-CN/contributing.md
ai-plan/public/README.md

📄 CodeRabbit inference engine (AGENTS.md)

ai-plan/public/README.md MUST list only active topics; do not add ai-plan/public/archive/** content to the default boot index

When a worktree-to-topic mapping changes, or when a topic becomes active/inactive, contributors MUST update ai-plan/public/README.md in the same change

When a topic is fully complete, move the entire topic directory under ai-plan/public/archive// and remove it from ai-plan/public/README.md in the same change

Files:

  • ai-plan/public/README.md
ai-plan/public/*/todos/**

📄 CodeRabbit inference engine (AGENTS.md)

When working from a tracked implementation plan, contributors MUST update the corresponding tracking document under ai-plan/public//todos/ in the same change

Files:

  • ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
🧠 Learnings (1)
📓 Common learnings 
Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Read @.ai/environment/tools.ai.yaml before choosing runtimes or CLI tools; prefer project-relevant tools listed there instead of assuming every installed system tool is fair game

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: When working in WSL against this repository's Windows-backed worktree, prefer Linux git with explicit --git-dir and --work-tree bindings over git.exe to avoid path translation mistakes

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Every completed task MUST pass at least one build validation before it is considered done

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: When the goal is to inspect or reduce warnings printed during project build, establish the warning baseline from a non-incremental repository-root build by running dotnet clean and then dotnet build

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Commit messages MUST use Conventional Commits format: <type>(<scope>): <summary>, with commit summary in simplified Chinese

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Commit body MUST use unordered list items, each starting with a verb such as 新增、修复、优化、更新、补充、重构

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Use commit type feat only for user-facing or consumer-facing capability additions; use fix for behavior corrections, perf for performance improvements, refactor for non-feature code restructuring, and deps/security/docs/test/chore/build/ci/style for their literal categories

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Use BREAKING CHANGE in commit footer or ! after type/scope header when the change should raise the major version segment

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Keep technical terms in English when they are established project terms, such as API、Model、System, in commit messages and documentation

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Prefer invoking $gframework-boot when the user uses short startup prompts such as boot、continue、next step

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Use subagents only when the task is complex, the context is likely to grow too large, or the work can be split into independent parallel subtasks

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Every non-trivial feature, bug fix, or behavior change MUST include tests or an explicit justification for why a test is not practical

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Public API changes must be covered by unit or integration tests

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: When a public API defines multiple contract branches, tests MUST cover the meaningful variants, including null, empty, default, and filtered inputs when those branches change behavior

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Regression fixes should include a test that fails before the fix and passes after it

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Every user-facing package or module directory that contains a *.csproj intended for direct consumption MUST have a sibling README.md

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Adding a new top-level module directory without a README.md is considered incomplete work

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Contributors MUST keep committed ai-plan/public/** content safe to publish in Git history

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Never write secrets, tokens, credentials, private keys, machine usernames, home-directory paths, hostnames, IP addresses, proprietary URLs, or other sensitive environment details into any ai-plan/** file

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Never record absolute file-system paths in ai-plan/**; use repository-relative paths, branch names, PR numbers, or stable document identifiers instead

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Use ai-plan/public/** only for durable, handoff-safe task state; put temporary notes, local experiments, or worktree-specific scratch recovery data under ai-plan/private/

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Tracking updates MUST reflect completed work, newly discovered issues, validation results, and the next recommended recovery point

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Active tracking and trace files are recovery entrypoints, not append-only changelogs; they MUST stay concise enough for boot to locate the current recovery point quickly

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Completing code changes without updating the active tracking document is considered incomplete work

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: For any multi-step refactor, migration, or cross-module task, contributors MUST create or adopt a dedicated recovery document under ai-plan/public/<topic>/todos/ before making substantive code changes

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Recovery documents MUST record the current phase, the active recovery point identifier, known risks, and the next recommended resume step so another contributor or subagent can continue the work safely

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: Contributors MUST maintain a matching execution trace under ai-plan/public/<topic>/traces/ for complex work, recording the current date, key decisions, validation milestones, and the immediate next step

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: When a stage inside an active topic is fully complete, move the finished artifacts into that topic's archive/ directory instead of leaving every completed step in the default boot path

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: When completed and validated stages begin to accumulate, contributors MUST archive their detailed history out of the active todos/ and traces/ entry files, keeping only current recovery point, active facts, active risks, immediate next step, and pointers to archive files

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: When a task spans multiple commits or is likely to exceed a single agent context window, update both the recovery document and the trace at each meaningful milestone before pausing or handing work off

Learnt from: CR
Repo: GeWuYou/GFramework

Timestamp: 2026-05-03T15:03:29.800Z
Learning: If subagents are used on a complex task, the main agent MUST capture the delegated scope and any accepted findings in the active recovery document or trace before continuing implementation
🪛 LanguageTool
ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md

[grammar] ~28-~28: Ensure spelling is correct
Context: ...emantic-release的版本判断完全依赖 Conventional Commits;不规范提交会直接影响版本计算 -depssecurity的发布语义需要同时维护在.releaserc.jso...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~29-~29: Ensure spelling is correct
Context: ...语义需要同时维护在 .releaserc.jsonAGENTS.md 和公开贡献文档中,避免规则漂移 - cycjimmy/semantic-release-action@v6 需要在 preview / release 两端都安装 `conventional-c...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🔇 Additional comments (5)
docs/zh-CN/contributing.md (1)

337-338: 新增类型描述与整体 PR 保持一致,LGTM。

depssecurity 的描述与 AGENTS.md 中对应的 release 语义(Lines 63–66)以及 .releaserc.json 中的 releaseRules 完全对齐。

AGENTS.md (1)

63-66: 规则描述清晰且与 .releaserc.json 和贡献文档完全对齐,LGTM。

ai-plan/public/README.md (1)

65-67: 新增分支映射符合追踪文档规范,LGTM。

build/semantic-release-rulessemantic-release-versioning 的映射与 coding guidelines 要求("When a worktree-to-topic mapping changes... contributors MUST update ai-plan/public/README.md in the same change")一致。

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md (1)

11-53: 追踪文档更新完整,与代码变更保持一致,LGTM。

恢复点升至 SEMREL-RP-005、已知风险补充了一致性约束、验证结果和下一步已按规范记录。

ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md (1)

3-22: Trace 条目内容完整,与追踪文档和代码变更一致,LGTM。

coderabbitai[bot]
coderabbitai Bot previously approved these changes May 3, 2026
View reviewed changes
@GeWuYou
build(release): 修复发布说明类型映射
c5ca161 
- 修复 release-notes-generator 的 Conventional Commits 类型映射

- 补充 SEMREL-RP-006 的验证结果与 PR review 恢复点
@github-actions

github-actions Bot commented May 4, 2026

Copy link
Copy Markdown

Summary

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Other ❓ Flaky 🍂 Duration ⏱️
2264 2264 0 0 0 0 37.5s    ↓280ms

Test Results

passed 2264 passed

Details

tests 2264 tests
clock 37.5s ↓280ms
tool nunit
build CI - Build & Test arrow-right build-and-test link #1051
pull-request build(release): 支持依赖与安全提交触发补丁发布 link #319

Insights

Average Tests per Run Total Flaky Tests Total Failed Slowest Test (p95)
2264 0 0 4.7s

build-and-test: Run #1051

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Pending ⏳ Other ❓ Flaky 🍂 Duration ⏱️
2264 2264 0 0 0 0 0 37.5s

🎉 All tests passed!

Slowest Tests

Test 📝 Results 📊 Duration (avg) ⏱️ Duration (p95) ⏱️
CreateStream_Should_ResolveCqrsRuntime_OnlyOnce_When_AccessedConcurrently 2 3.9s 4.7s
Does_Not_Report_When_FieldInjectedModel_Is_Registered 2 2.2s 2.2s
Generates_Scene_Behavior_Boilerplate 2 2.0s 2.1s
CleanupDuringAcquire_Should_NotCauseRaceCondition 2 1.1s 1.1s
Append_ShouldNotBlock 2 1.0s 1.0s
Context_Caching_Should_Improve_Performance 2 779ms 783ms
PendingCount_ShouldReflectQueuedEntries 2 501ms 501ms
Cleanup_Should_NotRemoveActiveLocks 2 404ms 405ms
Cleanup_Should_RemoveUnusedLocks 2 401ms 402ms
Generates_Precise_Assembly_Type_Lookups_For_Inaccessible_External_Generic_Definitions_With_Visible_Type_Arguments 2 318ms 327ms

± Comparison with run #1048 at 72b6793 | 🎉 No failed tests detected across all runs. | 🍂 No flaky tests detected across all runs. | ⏱️ Measured over 2 runs.

Github Test Reporter by CTRF 💚

@GeWuYou GeWuYou merged commit 69ea92c into main May 4, 2026
7 checks passed
@GeWuYou GeWuYou deleted the build/semantic-release-rules branch May 4, 2026 01:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GeWuYou