paulk-asert opened a new pull request, #195:
URL: https://github.com/apache/airflow-steward/pull/195
## Follow-up to #187 — add the missing `## License headers` rule body
#187 added **License headers** to the canonical category list in
`criteria.md` and a section-anchor URL in the template, and re-synced the
`review-flow.md` Step 4 enumeration. It did not add a `## License headers`
section. That left it the only framework-default category (the others being
*Third-party license compliance*, *Security model*, *Quality signals — image
IP / compiled artifacts*) with **neither an adopter source file nor a
`criteria.md` rule body** — just a name and a link to a policy page. The
existing *Relationship to "License headers"* cross-reference in the
Third-party section also pointed at a section that did not exist.
This PR adds that section, written as a **deference-plus-judgement layer,
not a re-implementation of `apache-rat` / pre-commit**.
### What it covers
- **Defer to header tooling when it exists.** If a license-header check
(`apache-rat`, pre-commit `insert-license`, `license-eye`, …) is in the
PR's status-check rollup, that tool is authoritative for mechanical
presence/absence. The skill does **not** raise a duplicate "missing
header" finding — Golden rule 8 + the CI precheck already take `APPROVE`
off the table on its failure and quote the failing check. The project's
tool config (not the policy page) is treated as the source of truth for
scope and exclusions, so the skill cannot drift from / contradict the
tool's own exclusion list.
- **No-tooling fallback retained.** Not every ASF project wires header
checks into required CI. Where none is present, the skill is the safety
net and scans added / materially-rewritten source files itself.
- **Exclusion-masking case (the gap CI deference does *not* close).** When
the same PR both (a) adds or modifies a header-tool exclusion entry —
`<exclude>` in `pom.xml`/`build.gradle`, a line in `.rat-excludes`, an
`exclude:` pattern in `.pre-commit-config.yaml`, an ignore glob in
`licenserc.yaml` — and (b) adds a file with no header or a third-party
header, the check passes **green by construction**. Deference gives no
coverage here, so the skill raises a finding asking the maintainer to
confirm the new exclusion is appropriate (legitimately exempt vs masking
a missing header).
- **Judgement cases the tool cannot decide:** mis-applied SPDX / wrong
license on a contributor-authored file (the tool sees *a* header and
passes), and third-party-header routing — closing the loop with the
existing *Third-party license compliance* cross-reference, which now
links forward to the new section.
### Scope / testing
- Single file changed: `.claude/skills/pr-management-code-review/criteria.md`
(new `## License headers` section + a forward link added to the existing
cross-reference so the loop resolves).
- `skill-validate`, `markdownlint`, and the full pre-commit hook set pass.
- Severity calibration is summarised in a table matching the file's
existing compact-table house style.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
