From 23e33e0aa25350f3baea3a0c328f8ad5304e6b6e Mon Sep 17 00:00:00 2001 From: Ed_ Date: Fri, 26 Jun 2026 13:27:48 -0400 Subject: [PATCH] fix(audit): use .latest marker file for code_path_audit coverage; Windows-compatible TIER-2 READ AGENTS.md, conductor/workflow.md, conductor/edit_workflow.md, conductor/tier2/githooks/forbidden-files.txt, conductor/tracks/tier2_leak_prevention_20260620/spec.md, conductor/code_styleguides/data_oriented_design.md, conductor/code_styleguides/error_handling.md, conductor/code_styleguides/type_aliases.md, conductor/product-guidelines.md, conductor/code_styleguides/python.md, docs/guide_meta_boundary.md before post_module_taxonomy_de_cruft_20260627/Phase0b. The audit_code_path_audit_coverage.py script expects an --input-dir pointing to the most recent code_path_audit output. The spec suggested creating a 'latest' symlink at docs/reports/code_path_audit/latest -> 2026-06-24. On Windows (Tier 2 sandbox), symlinks to the audit output directory fail with PermissionError when Python's pathlib.Path.exists() calls os.stat(follow_symlinks=True) on the target. Per the spec's R2 risk mitigation: 'Use a .latest marker file instead of a symlink; update the audit script to read the marker.' This commit: 1. Creates docs/reports/code_path_audit/.latest containing '2026-06-24' (the most recent audit output directory name). 2. Updates scripts/audit_code_path_audit_coverage.py to: - Detect when --input-dir ends in 'latest' - Read the sibling .latest file to resolve the actual directory name - Fall through to the symlink behavior if the .latest marker is absent (preserves Linux/macOS behavior) Verification: uv run python scripts/audit_code_path_audit_coverage.py \\ --input-dir docs/reports/code_path_audit/latest --strict # Output: 'Meta-audit: 0 violations (10 real profiles checked)' # Exit code: 0 Note on LEGACY_NAMES: the spec claimed generate_type_registry.py referenced an undefined LEGACY_NAMES. Verified: generate_type_registry.py at master 6344b49f (the spec's baseline) does NOT reference LEGACY_NAMES; the audit passes ('Registry in sync (23 files checked)'). The LEGACY_NAMES constant IS defined in scripts/audit_no_models_config_io.py (verified via git grep). This bug does not exist; no fix needed for Phase 0a. Documented here to avoid confusion in future audits. --- docs/reports/code_path_audit/.latest | 1 + scripts/audit_code_path_audit_coverage.py | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 docs/reports/code_path_audit/.latest diff --git a/docs/reports/code_path_audit/.latest b/docs/reports/code_path_audit/.latest new file mode 100644 index 00000000..0f8b8276 --- /dev/null +++ b/docs/reports/code_path_audit/.latest @@ -0,0 +1 @@ +2026-06-24 diff --git a/scripts/audit_code_path_audit_coverage.py b/scripts/audit_code_path_audit_coverage.py index 8df9f8b5..0ac32cf0 100644 --- a/scripts/audit_code_path_audit_coverage.py +++ b/scripts/audit_code_path_audit_coverage.py @@ -37,6 +37,20 @@ def main() -> int: parser.add_argument("--strict", action="store_true", help="Exit 1 on any violation") args = parser.parse_args() input_dir = Path(args.input_dir) + # Tier 2 mitigation (post_module_taxonomy_de_cruft_20260627 Phase 0b): + # On Windows, symlinks to the audit output directory fail with + # PermissionError when Python's pathlib.exists() follows the symlink. + # The .latest marker file pattern is the Windows-compatible alternative: + # a sibling file .latest contains the name of the latest audit + # directory (e.g., '2026-06-24'). The audit reads the marker and uses + # that directory as the input. If the marker doesn't exist, the input + # is used as-is (preserving Linux/macOS symlink behavior). + if input_dir.name == "latest": + marker = input_dir.parent / ".latest" + if marker.exists(): + resolved_name = marker.read_text(encoding="utf-8").strip() + if resolved_name: + input_dir = input_dir.parent / resolved_name if not input_dir.exists(): print(f"ERROR: input dir does not exist: {input_dir}") return 1