fix: personal-prod 리뷰 코멘트 후속 보정#55
Conversation
Gemini 리뷰에서 남은 personal-prod 후속 항목을 하나의 변경으로 묶어 반영한다. - 공백 SECURITY_SCANNER_CACHE_ROOT는 기본 cache root로 폴백 - legacy baseline sentinel job을 full-history baseline으로 처리 - incremental discovery의 repo health advance를 protocol 직접 호출로 정리 - personal-prod slice TasksMax 여유 확대 및 lease reaper Persistent 제거 - systemd artifact 검사 범위와 fake store protocol 테스트 보강 검증: - uv run pytest -q - uv run ruff check src/security_scanner/targets/fetcher.py src/security_scanner/runtime/scan_worker.py src/security_scanner/runtime/incremental_discovery.py tests/test_fetcher.py tests/test_scan_worker.py tests/test_incremental_discovery.py tests/test_personal_prod_systemd_units.py - uv run python -m governance.autopilot_gate --base origin/main - uv run python -m governance.public_safety --diff origin/main...HEAD - git diff --check Co-Authored-By: Codex GPT-5 <noreply@openai.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the repo health advancement logic by removing legacy getattr guards and directly calling advance_repo_health on the store. It introduces a helper to identify baseline jobs, including legacy baseline jobs identified by a commit sentinel, and ensures they advance baseline health correctly. Additionally, it increases the TasksMax limit in the systemd slice configuration, strips whitespace from the SECURITY_SCANNER_CACHE_ROOT environment variable, and updates the test suite to match these changes. There are no review comments to address.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
origin/main이 personal-prod-deploy 계열(PR #51~#55, M8 dashboard)로 전진해 충돌. 사용자 승인 결정대로 해소: - governance 3파일(autopilot_goal.yml/current.yml/CURRENT.md) → main(theirs) 채택. main의 active_goal(personal-prod-deploy)을 그대로 유지 = governance를 main에 맞춤(우리 goal-activation 폐기). 이 3파일은 origin/main과 byte-identical → governance self-modification도 scope-expansion도 아님. ghas는 active_goal 슬롯 불필요(M1~M5 전부 default-off/report-only라 슬롯 없이 안전 동작). - 코드 2파일(scan_worker.py/test_scan_worker.py) → 양쪽 로직 병합. main의 baseline-job full-history(_scan_options_for_job/_is_baseline_job)와 우리 M3 verify job pending-반환 가드 + enqueue가 양립(auto-merge 성공, 테스트 green). - 우리 신규 파일(parity/normalize/context_filter/verify_queue/parity_slo, eval/ghas-parity-corpus, spec docs)은 충돌 없음. 검증: uv run pytest 1253 passed, 4 skipped(env-gated). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TwGs78e6Rb7P5BDe2ezQEh
1 participant
What
SECURITY_SCANNER_CACHE_ROOT는 기본 cache root로 폴백합니다.jobType이 없거나 incremental로 decode되어도 full-history baseline으로 처리하고 baseline health를 advance합니다.advance_repo_health호출은 required store protocol을 직접 사용하도록 정리했습니다.securityscanner.sliceTasksMax를 1024로 올리고 lease reaper timer의 monotonic timer용Persistent=true를 제거했습니다.Review thread mapping
OnActiveSec=2min; preserved here.TasksMax: fixed here.Persistent=true: fixed here.advance_repo_health: fixed here.Validation
uv run pytest -q-> 1069 passed, 1 skippeduv run ruff check src/security_scanner/targets/fetcher.py src/security_scanner/runtime/scan_worker.py src/security_scanner/runtime/incremental_discovery.py tests/test_fetcher.py tests/test_scan_worker.py tests/test_incremental_discovery.py tests/test_personal_prod_systemd_units.pyuv run python -m governance.autopilot_gate --base origin/mainuv run python -m governance.public_safety --diff origin/main...HEADgit diff --check