chore: add .github/CODEOWNERS with @cmeans as default reviewer#335
Merged
Conversation
GitHub auto-requests review from CODEOWNERS matches on every PR. A wildcard-only file assigns the maintainer as default reviewer on everything, which closes the "drive-by PR slips past review when the maintainer isn't looking" gap and makes review-assignment state explicit. Path-specific ownership rules can be added above the wildcard later as the contributor base grows. GitHub evaluates last-matching-pattern-wins, so leaving the wildcard at the bottom preserves the default. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
cmeans-claude-dev
Bot
added
the
Dev Active
github-actions
Bot
added
the
Awaiting CI
cmeans-claude-dev
Bot
removed
the
Dev Active
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
github-actions
Bot
added
Ready for QA
Owner
|
QA Active — starting review of the CODEOWNERS addition. |
github-actions
Bot
removed
the
Ready for QA
cmeans
reviewed
Apr 21, 2026
Owner
cmeans
left a comment
cmeans
left a comment
There was a problem hiding this comment.
QA Review — Round 1
Verdict: Ready for QA Signoff. Zero findings.
Pure repo-config addition. File is 9 lines, single wildcard, well-commented; CHANGELOG entry is under ### Added with clear narrative. CI fully green.
Steps verified
| Step | Result |
|---|---|
1. File exists, non-empty, exactly one * @cmeans line |
1 ✓ |
2. gh api repos/cmeans/mcp-awareness/codeowners/errors?ref=chore/add-codeowners --jq '.errors' (alternative path) |
[] ✓ |
| 3. Auto-review-request on next PR | Deferred — post-merge empirical (CODEOWNERS only takes effect from the default branch) |
4. Diff is exactly .github/CODEOWNERS (9 lines added) + CHANGELOG.md (3 lines added) |
✓ |
Notes
- Step 2 is technically testable pre-merge by passing
?ref=to the codeowners errors endpoint, so I ticked it on the strength of[]against the PR branch. The post-merge UI walk-through is still worth doing once onmainas a sanity check, but it isn't gating. - Wildcard-only design is the explicit choice; path-specific rules can be layered above the wildcard later (last-matching-pattern-wins per GitHub's evaluation order — confirmed in the file comments and matches GitHub docs).
- No
Closes #Nclaim, so no issue-scope cross-check required. PR body contextualizes it as part of the #305–#311 beta-readiness hygiene bundle.
Maintainer to apply QA Approved.
Owner
|
Audit: applying Ready for QA Signoff as the final act on |
cmeans
added
Ready for QA Signoff
cmeans
added
QA Approved
This was referenced Apr 21, 2026
cmeans-claude-dev Bot
added a commit
that referenced
this pull request
Apr 21, 2026
Patch release stamping the hygiene work shipped this session. **No code changes** beyond the version bump and CHANGELOG reshuffle — everything under this release landed in its own feature PR with full QA. ## What ships in v0.18.1 | PR | Summary | |----|---------| | [#333](#333) | **Security:** hardened `pr-labels-ci.yml` against fork-PR shell injection (closes [#332](#332)) | | [#335](#335) | `.github/CODEOWNERS` — maintainer auto-requested on every PR | | [#336](#336) | `SECURITY.md` vulnerability disclosure policy (closes [#309](#309)) | | [#337](#337) | `docs/backup.md` self-hoster backup + restore guide (closes [#310](#310)) | | [#343](#343) | `.github/dependabot.yml` expanded to 4 ecosystems with grouped weekly updates | Semver is **patch** (`0.18.0 → 0.18.1`): all changes are CI, security hardening, policy docs, and operational tooling — no runtime behavior change for the Python package. ## Changes in this PR - **`CHANGELOG.md`** — `## [Unreleased]` content renamed to `## [0.18.1] - 2026-04-20`; a fresh empty `[Unreleased]` header added above it to accumulate future work; `[Unreleased]` comparison link updated to point at `v0.18.1...HEAD`; new `[0.18.1]` link added pointing at `v0.18.0...v0.18.1`. - **`pyproject.toml`** — `version = "0.18.0"` → `"0.18.1"`. No source, no tests, no migrations. `docker-compose.yaml` uses `:latest` — no update needed per the release process. ## Review Docs-and-version-only change; no QA section per the repo's release process (feature PRs already carried their own QA). A reviewer should verify: 1. `head -12 CHANGELOG.md` shows a fresh `## [Unreleased]` followed by `## [0.18.1] - 2026-04-20` — both present, in that order. 2. `grep '^\[Unreleased\]:' CHANGELOG.md` resolves to `v0.18.1...HEAD`. 3. `grep '^\[0\.18\.1\]:' CHANGELOG.md` resolves to `v0.18.0...v0.18.1`. 4. `grep '^version' pyproject.toml` → `0.18.1`. 5. `git diff --stat origin/main` shows exactly `CHANGELOG.md` + `pyproject.toml`, nothing else. ## Merge + tag (maintainer) After `QA Approved` lands and CI is green: ```bash gh pr merge <this-pr> --repo cmeans/mcp-awareness --squash --delete-branch git checkout main && git pull --ff-only git tag -a v0.18.1 -m "v0.18.1 — beta-readiness hygiene bundle (SECURITY.md, backup guide, CODEOWNERS, dependabot, workflow hardening)" git push origin v0.18.1 ``` Docker Publish workflow will build and publish `ghcr.io/cmeans/mcp-awareness:v0.18.1` and update `:latest` on tag push. Co-authored-by: cmeans-claude-dev[bot] <3223881+cmeans-claude-dev[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
.github/CODEOWNERSwith a single wildcard rule:GitHub auto-requests review from CODEOWNERS matches on every PR. Today, review assignment is implicit (the maintainer watches the repo); with this file it becomes explicit state on every PR. The immediate concrete gain is that drive-by PRs can no longer slip past review when the maintainer happens not to be watching at the time they land — GitHub will attach the review-requested state directly to the PR.
Wildcard-only for now. GitHub evaluates CODEOWNERS last-matching-pattern-wins, so leaving the wildcard at the bottom lets path-specific rules be added above it later (e.g.,
docs/ @someoneonce a docs contributor joins) without rewriting the default.Scope
.github/CODEOWNERS(new, 9 lines)CHANGELOG.md([Unreleased]→### Added)No source, no tests, no workflow, no migrations.
References
QA
Prerequisites
None. Pure repo-config file.
Automated checks
Lint, typecheck, pytest, coverage, CLA — none touch
.github/CODEOWNERS. All should remain green unchanged.Manual tests
1. File exists, is non-empty, and contains exactly one wildcard assignment.CODEOWNERStab shows no parse errors. Alternatively,gh api repos/cmeans/mcp-awareness/codeowners/errors --jq '.errors'returns[].@cmeanswas auto-requested (requesting yourself on your own PR is no-op for notification purposes, so this may or may not show a request on self-opened PRs — the acceptance is really "no GitHub error, and any future fork PR will see the request"). The real test comes when the next external PR lands..github/CODEOWNERSadded (9 lines) +CHANGELOG.mdupdated (3 lines). Nothing else.