Release v1.1.0: dorian init + customer-readable PR comment (golden-path productization)

[ajaysurya1221]

Summary

Productizes the golden path for dorian as a deterministic CI/PR truth gate for AI-written code, and cuts v1.1.0. No breaking changes — command surface and output formatting only; the warrant format, checker grammar, exit codes, and trust semantics are unchanged.

What's in it

• dorian init (new command) — first-run scaffolding so a new user reaches a sealed warrant in minutes: a born-verifiable starter claims.json (a config-value:/path: claim that seals green), the change note it backs, and a version-pinned GitHub Action workflow. Writes files only (never runs a checker or executes code), repo-root confined, atomic, idempotent; --force / --dry-run / global --json.
• Customer-readable PR comment (revalidate --format md) — an explicit Status: Blocked/Passed/Errored line, an aggregate trust-change counts table (derived from folds — labeled as changes this PR made, not absolute state), a sealed in <artifact>.warrant line per artifact, and a verdict-keyed What to do: remediation. Deterministic and content-bounded as before; the existing per-claim table, fold transitions, recall section, and stats footer are unchanged.
• Packaging guards — a .gitignore rule + a Hatch wheel exclude so stray editor/cloud-sync … 2.py duplicate files can never be tracked or packaged. (These were untracked local working-tree artifacts — never tracked in git, never in a CI build or on PyPI.)
• Docs / release — README foregrounds dorian init; new CHANGELOG.md and docs/releases/v1.1.0.md; 1.0.2 → 1.1.0 across pyproject.toml, __init__.py, the README latest: + action refs, action/README.md, and the BENCHMARK_CURRENT stamp (figures unchanged — 1.1.0 touches no checker/binding/fold code; suites last executed at 1.0.2).

What dorian is / is not

dorian verifies explicit, checkable claims about code using deterministic, token-free checks, and re-checks them across PRs. It does not prove an entire PR correct, and is not a runtime agent control plane, MCP gateway, sandbox, or proof of arbitrary correctness. --deny-exec/--deny-shell and checker_trust: base are fail-closed policies, not sandboxes. dorian has exactly one documented, reproduced real cross-PR catch (encode/httpx) — not broad real-world validation.

Tests & verification

• uv run pytest — 883 passed (clean run; +8 new dorian init tests, + new PR-comment assertions)
• uv run ruff check + ruff format --check — clean
• uv build (wheel + sdist) — builds; 33 modules, no … 2.py
• Golden path end to end: init → verify exit 0, seals a warrant
• Adversarial release review (8 dimensions) — unanimous PASS, 0 confirmed findings

Note: tests/test_bench_public_claim_synthesis.py can flake under heavy concurrent CPU load (it runs a C3 code: checker in a timed worker subprocess); it passes reliably otherwise. Pre-existing, unrelated to this PR.

Security

Preserves deny-exec/deny-shell fail-closed behavior; dorian init never executes code, never writes outside the repo root, never overwrites without --force. No runtime network service, no telemetry, no model call in the verify path.

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added dorian init command to quickly scaffold starter claims.json, change notes, and GitHub Actions workflow for first-time setup.
  • Enhanced GitHub Action output with explicit status section and trust-changes summary for improved readability.

• Chores

  • Updated GitHub Action version references to v1.1.0.
  • Fixed packaging to exclude duplicate editor/cloud-sync artifact files from distribution.

[coderabbitai]

📝 Walkthrough

Walkthrough

Bumps dorian to v1.1.0 by adding a new dorian init first-run scaffolding command that writes claims.json, a change note, and a GitHub Actions workflow; enhances render_md() with verdict-driven status, trust-change aggregation, and remediation guidance; adds packaging hygiene guards for cloud-sync duplicate files; and updates all release documentation.

Changes

dorian v1.1.0 Feature and Release

Layer / File(s)	Summary
init.py: data contracts, plan builder, and apply src/dorian/init.py	New module with InitFile, InitPlan, ApplyResult dataclasses; internal helpers for starter-claim selection (config-value: from pyproject.toml name or path: fallback) and deterministic content generation; build_plan() returning the three-file scaffold plan; apply() enforcing path-security and atomic writes with dry-run support.
CLI wiring: parser, cmd_init handler, output formatter src/dorian/cli.py, src/dorian/commands.py	Registers init subparser with --force/--dry-run flags; adds cmd_init handler calling build_plan/apply with EXIT_USAGE on errors; _print_init_summary formats human-readable output, and --json path emits structured created/overwritten/skipped/warnings payload.
render_md enhancements src/dorian/revalidate.py	Adds _REMEDIATION (exit-code → "What to do" text) and _TRUST_ORDER constants; render_md() now emits a Status verdict line, an aggregated "Trust changes" table ordered by _TRUST_ORDER when folds are present, per-artifact "sealed in .warrant" italic annotations, and a "What to do:" remediation footer.
Tests for init and render_md tests/test_init.py, tests/test_render_md.py	Full dorian init test suite covering golden path, dry-run, idempotency, --force, --json, pyproject-less fallback, and end-to-end seal+verify; test_render_md.py extended with Status line, trust aggregate, warrant annotation, and remediation assertions.
Version bump and packaging hygiene src/dorian/__init__.py, pyproject.toml, .gitignore	__version__ and pyproject.toml version updated to 1.1.0; Hatch wheel exclude added for **/* 2.py; .gitignore entries added for * 2.py and * 2.md cloud-sync duplicate artifacts.
Release docs and changelog docs/releases/v1.1.0.md, CHANGELOG.md, README.md, action/README.md, docs/BENCHMARK_CURRENT.md	Adds v1.1.0 release notes; populates CHANGELOG.md with 1.0.0–1.1.0 entries; updates README.md with dorian init getting-started sequence, command surface entry, and version references; bumps action@v1.1.0 in action docs and benchmark version stamp.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant CLI as dorian CLI
  participant init as init module
  participant FS as Filesystem
  participant verify as dorian verify

  User->>CLI: dorian init [--force] [--dry-run]
  CLI->>init: build_plan(repo)
  init->>FS: read pyproject.toml (project.name)
  init->>FS: check existence of claims.json, note, workflow
  init-->>CLI: InitPlan(files, starter_desc)
  CLI->>init: apply(plan, force, dry_run)
  init->>FS: atomic write claims.json, change-note.md, dorian.yml
  init-->>CLI: ApplyResult(created, overwritten, skipped)
  CLI-->>User: summary / JSON output
  User->>verify: dorian verify --note change-note.md --claims claims.json
  verify-->>User: sealed warrant + EXIT_OK

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐇 Hop hop, a brand new trail,
dorian init lays the first bale—
three files appear where once was none,
a warrant sealed, the green check done!
No sneaky * 2.py in the wheel,
just clean v1.1.0 with polished zeal. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 43.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Release v1.1.0: dorian init + customer-readable PR comment (golden-path productization)' directly and clearly summarizes the three main additions of this release: the dorian init scaffolding tool, improved PR comment formatting, and the overall golden-path productization focus.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/golden-plate-ci-truth-gate

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/dorian/init.py`:
- Around line 218-227: The apply() function uses f.exists which is determined at
plan-time, creating a race condition where files created after planning but
before applying can be overwritten without --force. Replace the plan-time
f.exists check with a runtime target.exists() call in two places: first in the
skip logic condition (currently "if f.exists and not force:") and second in the
classification logic where you append to either created or overwritten lists.
This ensures files are skipped or properly classified based on their actual
existence at apply-time, preserving the --force safety guarantee.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 645f34b4-e6d3-4fce-b007-4f241aa0722b

📥 Commits

Reviewing files that changed from the base of the PR and between 8790329 and b8b6c9b.

📒 Files selected for processing (14)

• .gitignore
• CHANGELOG.md
• README.md
• action/README.md
• docs/BENCHMARK_CURRENT.md
• docs/releases/v1.1.0.md
• pyproject.toml
• src/dorian/__init__.py
• src/dorian/cli.py
• src/dorian/commands.py
• src/dorian/init.py
• src/dorian/revalidate.py
• tests/test_init.py
• tests/test_render_md.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Re-check target existence at apply-time to preserve --force safety

apply() currently gates writes using plan-time f.exists. If the file appears after planning but before applying, it can be overwritten without --force. Use runtime target.exists() for both skip logic and created/overwritten classification.

🔧 Suggested fix

 def apply(plan: InitPlan, *, force: bool, dry_run: bool) -> ApplyResult:
@@
     for f in plan.files:
         target = plan.repo_root / f.path
         _ensure_within(plan.repo_root, target)
-        if f.exists and not force:
+        target_exists = target.exists()
+        if target_exists and not force:
             skipped.append(f.path)
             continue
         if not dry_run:
             _atomic_write(target, f.content)
-        (overwritten if f.exists else created).append(f.path)
+        (overwritten if target_exists else created).append(f.path)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/dorian/init.py` around lines 218 - 227, The apply() function uses
f.exists which is determined at plan-time, creating a race condition where files
created after planning but before applying can be overwritten without --force.
Replace the plan-time f.exists check with a runtime target.exists() call in two
places: first in the skip logic condition (currently "if f.exists and not
force:") and second in the classification logic where you append to either
created or overwritten lists. This ensures files are skipped or properly
classified based on their actual existence at apply-time, preserving the --force
safety guarantee.