npm - @diffpal/diffpal - Versions diffs - 0.1.22 → 0.1.24 - Mend

@diffpal/diffpal 0.1.22 → 0.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +11 -37
package/package.json +6 -6

package/README.md CHANGED Viewed

@@ -98,9 +98,8 @@ cp examples/ci/github-actions/codex-api-key.yml .github/workflows/diffpal.yml
 Expected result:
-- a `diffpal-checks` check run
-- a `DiffPal Review Summary` PR comment with an overview of the change
-- inline comments only for actionable findings
+- a `DiffPal Review Summary` PR review with an overview of the change
+- inline review comments for actionable findings
 - `.artifacts/diffpal/findings.json` in the job workspace
 - a failed job only when `gate: true` and blocking findings exist, or when setup
   or publishing fails
@@ -118,7 +117,7 @@ DiffPal.
 | CI system | Examples | Output surfaces |
 | --- | --- | --- |
-| GitHub Actions | [`examples/ci/github-actions`](examples/ci/github-actions) | check run, PR summary, review comments, SARIF |
+| GitHub Actions | [`examples/ci/github-actions`](examples/ci/github-actions) | PR review summary, inline review comments, SARIF |
 | GitLab CI | [`examples/ci/gitlab`](examples/ci/gitlab) | MR summary, discussions, Code Quality, SARIF |
 | Azure Pipelines | [`examples/ci/azure-pipelines`](examples/ci/azure-pipelines) | PR summary thread, PR threads, PR status |
@@ -140,7 +139,7 @@ Azure Pipelines users can install the public
 [DiffPal Review extension](https://marketplace.visualstudio.com/items?itemName=diffpal.diffpal)
 from the Azure DevOps Marketplace and add the `DiffPalReview@1` task to PR
 validation pipelines. Extension source and release automation live in the
-separate [diffpal-azure-devops](https://github.com/diffpal/diffpal-azure-devops)
+separate [diffpal/azure-devops](https://github.com/diffpal/azure-devops)
 repository.
 The task installs `@diffpal/diffpal` by default, then runs `diffpal review ado`.
@@ -168,7 +167,6 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-      checks: write
     steps:
       - uses: actions/checkout@v6
         with:
@@ -229,17 +227,8 @@ diffpal:
     block_on: high
   review:
     language: en
-    prompt_profile: v2
-    strict_evidence: true
-    strict_injection: true
-    allow_nearby_context: true
     instructions: |
       Prefer actionable findings that are directly supported by the diff.
-    checks:
-      - security
-      - bugs
-      - performance
-      - best-practices
   platforms:
     github: {}
     gitlab: {}
@@ -250,22 +239,12 @@ profiles:
     diffpal:
       gate:
         block_on: high
-      review:
-        prompt_profile: v2
-        strict_evidence: true
-        strict_injection: true
-        allow_nearby_context: true
 ```
-Review checks are intentionally simple. They ask the agent what to focus on;
-DiffPal does not hardcode individual signal slugs:
-| Check | Finding categories the agent may return |
-| --- | --- |
-| `security` | security |
-| `bugs` | correctness, reliability |
-| `performance` | performance |
-| `best-practices` | maintainability, testing, style |
+DiffPal uses a fixed finding taxonomy: security, correctness, reliability,
+performance, maintainability, testing, and style. Use review instructions to
+change or extend the review scope, for example `Review for OWASP best practices
+and authz/authn regressions.`
 Severity is impact-based across all categories. The full critical/high/medium/low
 matrix is in the [config reference](docs/config-reference.md#severity-matrix).
@@ -273,11 +252,6 @@ matrix is in the [config reference](docs/config-reference.md#severity-matrix).
 Use `diffpal.review.instructions`, the `instructions` action input, or
 `--instructions-file` for repository-specific review guidance.
-The review rollout fields are safe to canary per profile. Keep the repository
-default conservative if needed, then set `profiles.ci.diffpal.review` to
-`prompt_profile: v2`, `strict_evidence: true`, `strict_injection: true`, and
-`allow_nearby_context: true` before making the gate blocking.
 ## Provider Recipes and Runtime Types
 DiffPal delegates review to `diffpal.provider`, which points at a provider
@@ -371,7 +345,7 @@ Use `feedback` for the normal user-facing shape:
 | Mode | Behavior |
 | --- | --- |
-| `summary` | One PR/MR summary plus check/status, no inline comments. |
+| `summary` | One PR/MR summary. On GitHub, DiffPal still publishes actionable findings as inline PR review comments. |
 | `balanced` | Summary plus actionable high-confidence inline feedback. |
 | `inline` | Summary plus a more permissive inline threshold. |
@@ -386,8 +360,8 @@ with:
   review-id: github-pr-${{ github.event.pull_request.number }}-diffpal-dev
 ```
-That produces a separate `diffpal-dev-checks` check run and separate summary
-comment.
+That produces a separate `diffpal-dev` PR review with its own summary and inline
+comments.
 ## Local Debugging

package/package.json CHANGED Viewed

@@ -14,11 +14,11 @@
   "license": "SEE LICENSE IN LICENSE",
   "name": "@diffpal/diffpal",
   "optionalDependencies": {
-    "@diffpal/diffpal-darwin-arm64": "0.1.22",
-    "@diffpal/diffpal-darwin-x64": "0.1.22",
-    "@diffpal/diffpal-linux-arm64": "0.1.22",
-    "@diffpal/diffpal-linux-x64": "0.1.22",
-    "@diffpal/diffpal-win32-x64": "0.1.22"
+    "@diffpal/diffpal-darwin-arm64": "0.1.24",
+    "@diffpal/diffpal-darwin-x64": "0.1.24",
+    "@diffpal/diffpal-linux-arm64": "0.1.24",
+    "@diffpal/diffpal-linux-x64": "0.1.24",
+    "@diffpal/diffpal-win32-x64": "0.1.24"
   },
-  "version": "0.1.22"
+  "version": "0.1.24"
 }