choo121600 opened a new pull request, #122:
URL: https://github.com/apache/airflow-steward/pull/122
## Summary
Trims `security-issue-fix` frontmatter (`description` + `when_to_use`) from
**1,249 → 881** characters.
Same principle as #103, #119, #120, #121: frontmatter is the routing layer.
The body's Golden rule already enforces that every state-changing action
(writes, commits, pushes, PR open, tracker update) is a proposal requiring
explicit user confirmation, and the confidentiality section already itemises
every public-PR scrub requirement.
Tracking: #118
## Before / after
| | before | after | Δ |
|--------------|-------:|------:|-------:|
| description | 757 | 471 | -286 |
| when_to_use | 492 | 410 | -82 |
| **total** | **1,249** | **881** | **-368** |
| budget margin | 287 | 655 | +368 |
| budget | 1,536 | 1,536 | |
## What moved where
| Detail
| Where it lives now
|
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|
| Easily-fixable analysis rationale ("clear consensus, small scope, known
location"; "If it is, proposes an implementation plan, waits for explicit user
confirmation, …") | Body's Golden rule
(state-changing actions are proposals requiring explicit confirmation) |
| Implementation step enumeration ("writes the change in the user's local
`<upstream>` clone, runs the local checks and tests, opens a PR from the user's
fork via `gh pr create --web`, …") | Body's Steps section + the
sync-first composition note (L42-45) |
The confidentiality scrub (`not reveal the CVE`, `not the security nature of
the change`, `not any link back to <tracker>`) is **kept** in the trimmed
`description` — even though body L56-65 itemises it — because it is
load-bearing for routing: a user asking *"draft a public PR for this CVE"* must
see the scrub requirement before the agent decides to invoke this skill.
## Trigger-phrase preservation
Every literal trigger phrase from the original `when_to_use` is preserved
verbatim:
- `"try to fix issue NNN"`
- `"see if you can land a fix for NNN"`
- `"draft a PR for NNN"`
- `*after* the issue has been triaged and the team has a rough consensus`
Skip cues preserved:
- `still being assessed`
- `not yet classified as valid vulnerabilities` (was *"haven't been
classified as valid vulnerabilities"* — semantically identical, kept matchable
substring `classified as valid vulnerabilities`)
- `private-PR fallback in process step 9 of README.md`
Routing recall does not regress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
