AUD-008: reconcile spec/task drift for release checklist

[nsalvacao]

Summary:\n- add specs/001-cli-plugins-base/tasks.md into candidate audit branch for release tracking\n- reconcile false-open items for version detection work (T019, T021) based on current repository implementation/tests\n- mark remaining US1 integration gaps (T017, T018) explicitly as release blockers\n\nNotes:\n- scope intentionally limited to task tracking file only\n- no source/workflow/docs code changes

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[github-actions]

🔍 AI Code Review

# Code Review

---

### 🔴 Critical

- None found.

---

### 🟡 Warning

- In `crawl_cli` (_pipeline.py), the `_is_missing_root_cli_binary` function checks for missing binary by scanning stderr/stdout for error strings. This is heuristic and may produce false positives or miss some cases. Consider more robust detection or explicit error codes if possible.

- In `plugin_generator.py`, the new error handling for JSON loading is good, but consider logging the exceptions before exiting for easier debugging.

---

### 🔵 Info

- Good addition of `RootCLIBinaryNotFoundError` exception and early binary existence check with `shutil.which()` to fail fast.

- Consistent use of exit codes (`ROOT_CLI_NOT_FOUND_EXIT_CODE = 2`) improves CLI UX and scripting.

- Removal of unused `cli_name` parameter in `_embed_raw` simplifies the function signature.

- Handling of raw output embedding corrected from `data.get("tree", {})` to `data.get("commands", {})` aligns with data structure.

- Graceful error handling in `plugin_generator.py` for missing or invalid JSON input improves robustness.

---

### Best Practices

- Consider adding unit tests for `_is_missing_root_cli_binary` to verify detection logic.

- When raising `RootCLIBinaryNotFoundError`, consider including the original exception or error output for diagnostics.

- Use `sys.exit()` with constants for all CLI exit points for consistency.

---

Overall, the changes improve error handling and robustness with minimal risk. The heuristic detection of missing binaries is the main area to monitor for false positives.

---

🤖 gpt-4.1-mini · 1903 tokens · GitHub Models free tier · 0 premium requests

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on updating the release checklist by adding the tasks.md file and reconciling the status of existing tasks. It aims to provide a clear overview of the project's progress and highlight any remaining blockers for the release.

Highlights

• Task List Update: This PR adds and updates the tasks.md file to track progress on the CLI Plugins Core project, focusing on the release checklist.
• Issue Reconciliation: The PR reconciles false-open items related to version detection and explicitly marks integration gaps as release blockers.
• Scope Limitation: The changes are intentionally limited to the task tracking file, with no modifications to source code, workflows, or documentation.

Changelog

• specs/001-cli-plugins-base/tasks.md
  • Added tasks.md to candidate audit branch for release tracking.
  • Reconciled false-open items for version detection work (T019, T021).
  • Marked remaining US1 integration gaps (T017, T018) explicitly as release blockers.

Activity

• Added specs/001-cli-plugins-base/tasks.md to the repository.
• Reconciled task statuses within the tasks.md file.
• Designated specific tasks as release blockers.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces a comprehensive tasks.md file, which serves as a detailed release checklist. This document is well-structured and provides a clear overview of the project's phases, user stories, and dependencies. It's a valuable addition for tracking progress and ensuring all necessary steps are covered before release.

[github-actions]

🔍 AI Code Review

🔵 CI Workflow (.github/workflows/ci.yml)

• Added candidate/** branches to trigger CI on push and PR events.

  • Good for testing candidate branches, but ensure branch naming is consistent and intentional.

• Added package-release-gates job to build and validate Python package artifacts:

  • Uses fixed SOURCE_DATE_EPOCH for reproducible builds (good practice).
  • Checks exactly one sdist and one wheel exist (good validation).
  • Smoke tests install and import of built wheel, and runs help commands on CLI tools.
  • Suggestion: Consider caching pip dependencies to speed up CI.
  • Suggestion: Add explicit failure messages for test commands to improve debugging.
  • Security: No secrets or tokens exposed here; safe.

---

🔵 cli_crawler.py

• The entire original CLI crawler script is replaced with a minimal shim that imports and runs main from crawler.cli_crawler.
• The original CLI parsing, logging, and crawling logic is removed here, presumably moved to crawler.cli_crawler.
• The docstring now suggests to use the canonical cli-crawler command instead of this script.
• Best Practice: This is a good approach to avoid duplication and keep CLI logic centralized.
• Warning: Ensure that the crawler.cli_crawler.main() function fully supports all previous CLI options and behaviors, or document breaking changes clearly.
• Security: No direct security concerns here.

---

🟡 General Recommendations

• Add explicit error handling and user-friendly messages in CI shell scripts (set -euo pipefail is good but adding || echo "Error message" can help).
• Confirm that the new branch pattern candidate/** does not unintentionally trigger workflows on unrelated branches.
• Verify that the removed CLI script is not used in any automation or documentation to avoid confusion.
• Consider adding unit or integration tests for the smoke import checks to catch regressions early.

---

Overall, the changes improve CI coverage and simplify CLI tooling, with no critical security or bug issues detected.

---

🤖 gpt-4.1-mini · 2106 tokens · GitHub Models free tier · 0 premium requests