Overnight Maintenance Log - 2026-07-02
Branch: codex/overnight-maintenance
Upstream: origin/codex/overnight-maintenance
Spec: external overnight-maintenance/maintenance-spec.md skill spec
Parameters: PASSES=25, MAX_PASSES=75, PUSH=yes, NUMBERED_DOCS=yes
1. Coverage Decisions
Applied checks:
- Baseline repository scan: Python code, notebooks, tests, docs, scripts, CI, Docker, devcontainer, dependency manifests.
- Documentation indexing and hierarchical numbering because NUMBERED_DOCS=yes.
- End-to-end execution-flow tracing for notebooks, scripts, Makefile targets, and test/tooling entry points.
- Design-pattern and refactoring opportunity scan.
- Error-handling, configuration, secrets, versioning, build, supply-chain, complexity, dependency-contract, and examples/library-fit checks.
Skipped checks: - HTTP/RPC handler contracts: N/A, no service handlers found in this repository. - Database and migration hygiene: N/A, no persistent database or migration files found. - i18n/a11y UI checks: N/A, no user-facing frontend application found. - Multi-language parity for active surfaces: N/A for active notebooks and Python helpers; archived CodexGLUE material is reviewed as archive hygiene, not an active supported surface. - Performance budget benchmarking: N/A unless a repository-declared performance budget is found during pass review.
2. Pass History
| Pass | Type | Issues | Coverage Evidence | Result |
|---|---|---|---|---|
| 1 | genuine | 18 | Inventory gathered: git state, tracked files, 51 notebooks / 61 Python files / 30 Markdown files; baseline and post-fix ruff check .; pytest tests/; pytest tests/nnx_surface; python scripts/verify_repo.py --check all --fast; pip-audit -r requirements.txt -r torch-requirements.txt; fresh-eyes report-only subagents for docs, notebooks, tooling/security/dependencies, and Python/tests/complexity. |
Non-zero pass; valid findings fixed or explicitly deferred |
| 2 | genuine | 8 | Fresh-eyes report-only subagents for changed docs/logs, changed code/tests/runtime, and CI/dependency/security; focused red/green tests for scalar one-hot encoding and multiline/spaced ToSparseTensor calls; ruff check .; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; workflow/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-2 follow-ups fixed |
| 3 | genuine | 9 | Fresh-eyes report-only subagents for committed docs/logs, code/tests/runtime, and CI/security/dependencies; focused red/green tests for string-source notebook guards and aliased deprecated import rewrites; ruff check .; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; workflow/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-3 follow-ups fixed or explicitly deferred |
| 4 | genuine | 4 | Fresh-eyes report-only subagents for committed docs/logs, code/tests/runtime, and CI/security/dependencies; focused red/green tests for parenthesized deprecated imports and alias/bare NNParams import coexistence; action tag SHA resolution with git ls-remote; ruff check .; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; workflow/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-4 follow-ups fixed |
| 5 | genuine | 8 | Fresh-eyes report-only subagents for committed docs/logs, code/tests/runtime, and CI/security/dependencies; focused red/green tests for comment/string-safe deprecated Params rewrites, unconfigured active notebook enforcement, and verifier timeout byte-stream handling; runtime-doc wording sweep; workflow/override/config YAML parse; make check-tier-a-clean; ruff check .; python -m py_compile scripts/rewrite_imports.py scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-5 follow-ups fixed |
| 6 | genuine | 8 | Fresh-eyes report-only subagents for committed docs/logs, code/tests/runtime, and CI/security/dependencies; focused red/green tests for parameter-cell baseline exclusions, papermill-unsafe parameter comments, string/comment-safe notebook static guards, and NNRun.load("best") AST detection; papermill parameter inspection of four Reddit phase3 notebooks; local Docker build smoke; workflow/override/config YAML parse; make check-tier-a-clean; ruff check .; python -m py_compile scripts/verify_repo.py scripts/rewrite_imports.py scripts/inject_smoke_test_cell.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-6 follow-ups fixed |
| 7 | local genuine | 1 | Attempted fresh-eyes report-only subagents for docs, code/tests/notebooks, and CI/security, but all errored on account usage limits; local audit covered CI install commands, Docker/devcontainer/venv setup docs, Makefile setup targets, workflow action/runner pins, Markdown anchor probe, and standard validation: make -n install-torch-stack codespace-setup; workflow/override/config YAML parse; ruff check .; python -m py_compile scripts/verify_repo.py scripts/rewrite_imports.py scripts/inject_smoke_test_cell.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; bash -n scripts/start-jupyterhub.sh; make check-tier-a-clean; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-7 local finding fixed; subagent coverage unavailable |
| 8 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered dependency manifest single-source-of-truth drift, Docker/Make/CI install paths, CI cache keys, dependency ledger, active config/Tier-A consistency, and standard validation: make -n install-torch-stack codespace-setup; workflow/override/config YAML parse; ruff check .; python -m py_compile scripts/verify_repo.py scripts/rewrite_imports.py scripts/inject_smoke_test_cell.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; bash -n scripts/start-jupyterhub.sh; make check-tier-a-clean; docker build -t ml-eng-lab-ci .; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-8 local finding fixed; subagent coverage unavailable |
| 9 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered verifier coverage for Markdown file/fragment links, code-span/fenced-code false-positive handling, and standard validation: focused S3 regression tests; ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; workflow/override/config YAML parse; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; bash -n scripts/start-jupyterhub.sh; make check-tier-a-clean; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-9 local finding fixed; subagent coverage unavailable |
| 10 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered notebook Markdown link hygiene, S3 relative-link base handling for notebooks, code-span false positives in notebook markdown, and standard validation: focused S3 regression tests; ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; bash -n scripts/start-jupyterhub.sh; make check-tier-a-clean; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-10 local finding fixed; subagent coverage unavailable |
| 11 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered papermill parameter contract enforcement for active notebooks, AST-safe parameter assignment detection, focused E10 regression tests, and standard validation: focused verifier tests (3 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-11 local finding fixed; subagent coverage unavailable |
| 12 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered helper/verifier contract alignment for papermill parameter injection, existing tagged-cell repair behavior, and standard validation: focused injector tests (6 passed); ruff check scripts/inject_smoke_test_cell.py tests/test_inject_smoke_test_cell.py; python -m py_compile scripts/inject_smoke_test_cell.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-12 local finding fixed; subagent coverage unavailable |
| 13 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered Tier-A execution-list drift between Makefile and scripts/verify_repo_config.yaml, focused E11 parser/current-state tests, and standard validation: focused verifier tests (2 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-13 local finding fixed; subagent coverage unavailable |
| 14 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered the E11 missing/empty Makefile TIER_A edge case, focused missing-list regression tests, and standard validation: focused verifier tests (2 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-14 local finding fixed; subagent coverage unavailable |
| 15 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered Tier-A CI artifact upload path drift against verifier config, focused E12 workflow parser/current-state tests, and standard validation: focused verifier tests (2 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-15 local finding fixed; subagent coverage unavailable |
| 16 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered verifier CLI import/config failure modes, configless --help behavior, and standard validation: focused help tests (2 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-16 local finding fixed; subagent coverage unavailable |
| 17 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered verifier --phase-b-out CLI argument contract, conditional --check requirement, focused CLI tests, and standard validation: focused verifier tests (3 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/override/config YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-17 local finding fixed; subagent coverage unavailable |
| 18 | local genuine | 0 | Local audit while subagent quota remained unavailable; covered verifier/tooling CLI contracts, Tier-A config/workflow sync, docs/runtime wording drift, current standard validation, and the corrected workflow/config/override YAML parse target. Validation: pytest tests/ -v (360 passed, 3 skipped, 19 warnings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25; subagent coverage unavailable |
| 19 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered NNx surface-test discovery, untracked scratch-notebook isolation, deferred OM-018, focused regression coverage, and standard validation: focused discovery test (1 passed); full NNx surface file (291 passed); ruff check tests/nnx_surface/test_notebook_api_surface.py; python -m py_compile tests/nnx_surface/test_notebook_api_surface.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-19 local finding fixed; zero-issue streak reset; subagent coverage unavailable |
| 20 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered verifier test isolation, synthetic repo fixtures, hidden --repo-root test hook, deferred OM-016, and standard validation: pytest tests/test_verify_repo.py -q (39 passed); ruff check scripts/verify_repo.py tests/test_verify_repo.py; python -m py_compile scripts/verify_repo.py tests/test_verify_repo.py; pytest tests/ -v; python scripts/verify_repo.py --check all --fast; make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-20 local finding fixed; zero-issue streak remains reset; subagent coverage unavailable |
| 21 | local genuine | 1 | Local audit while subagent quota remained unavailable; covered maintenance-log issue-state consistency for previously deferred/fixed items and found OM-017 still marked deferred after pass-16 fixed the same verifier --help failure. Validation: pytest tests/test_verify_repo.py::test_help_does_not_require_adjacent_config -q (1 passed); python scripts/verify_repo.py --check docs --fast; python scripts/verify_repo.py --check all --fast; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt. |
Non-zero pass; pass-21 log consistency finding fixed; zero-issue streak remains reset; subagent coverage unavailable |
| 22 | local genuine | 0 | Local audit while subagent quota remained unavailable; covered remaining deferred Reddit NNx import/seed items, dependency/digest deferrals, and standard validation. The remaining deferred work still requires coordinated NNx/dependency/image upgrades rather than a safe standalone maintenance edit. Validation: pytest tests/ -v (361 passed, 3 skipped, 19 warnings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25; subagent coverage unavailable |
| 23 | local genuine | 0 | Local audit while subagent quota remained unavailable; covered maintenance-log stale states, active documentation references, remaining deferred issue boundaries, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); pytest tests/ -v (361 passed, 3 skipped, 19 warnings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25; subagent coverage unavailable |
| 24 | local genuine | 0 | Local audit while subagent quota remained unavailable; covered Python package/tooling environment sanity, manifest review, compile checks, and standard validation. pip check reports shared-environment conflicts from globally installed packages outside the repo manifests; no repo-declared dependency drift was found. Validation: python -m compileall -q scripts tests; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 3/25; subagent coverage unavailable |
| 25 | local genuine | 0 | Local audit while subagent quota remained unavailable; covered git/worktree hygiene, branch/upstream parity, ignored-artifact boundaries, generated cache cleanup, and standard validation. Validation: pytest tests/ -v (361 passed, 3 skipped, 19 warnings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 4/25; subagent coverage unavailable |
| 26 | genuine | 3 | Fresh-eyes report-only subagents reviewed docs/logs, Python/tests/notebook guards, and dependency/security/build/runtime hygiene; local audit covered docs navigation, marker scans, tracked run metadata, secret/path scans, Tier-B smoke-contract wording, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-26 documentation findings fixed; zero-issue streak reset |
| 27 | genuine | 6 | Fresh-eyes report-only subagents reviewed post-fix documentation consistency, notebook smoke-contract traces, and release/dependency/reproducibility/security contract drift; local audit covered residual smoke-policy strings, Codespaces install wording, CI trigger docs, task README sweep dimensions, helper docstring accuracy, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-27 documentation/tooling-doc findings fixed; zero-issue streak remains reset |
| 28 | genuine | 3 | Fresh-eyes report-only subagents reviewed post-pass-27 documentation/tooling consistency, notebook smoke contracts, and build/dependency/security/runtime hygiene; local audit covered residual stale-string scans, branch/upstream parity, active config counts, Docker context ignore boundaries, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-28 documentation/Docker hygiene findings fixed; zero-issue streak remains reset |
| 29 | local genuine | 1 | Local audit covered post-pass-28 branch/upstream parity, Tier-B/Tier-C CI trigger documentation against workflow if: clauses, residual trigger wording scans, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-29 Tier smoke-trigger documentation finding fixed; zero-issue streak remains reset |
| 30 | local genuine | 0 | Local audit covered post-pass-29 branch/upstream parity, Tier-B/Tier-C trigger docs against workflow if: clauses, residual smoke-trigger wording across active docs and task READMEs, workflow timeout/condition summary, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 31 | local genuine | 0 | Local audit covered post-pass-30 branch/upstream parity, dependency-contract ledger consistency against current pip-audit JSON output, unique accepted advisory ID parity, current manifest/runtime documentation references, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 32 | local genuine | 1 | Local audit covered post-pass-31 branch/upstream parity, Makefile help/header accuracy, setup/tooling command documentation against CI workflow usage, and standard validation. Validation: make help; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-32 Makefile CI-trigger comment finding fixed; zero-issue streak reset |
| 33 | local genuine | 0 | Local audit covered post-pass-32 branch/upstream parity, Docker/devcontainer/CI/Make setup-command parity, Torch-first install ordering, Codespaces postCreateCommand documentation, and standard validation. Validation: make -n install-torch-stack codespace-setup; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); make check-tier-a-clean; workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 34 | local genuine | 0 | Local audit covered post-pass-33 branch/upstream parity, tracked ignored-artifact absence, tracked cache/secret/data/run pattern absence, ignored local artifact boundaries for data/runs/superpowers/Claude scratch, generated cache scan/cleanup, and standard validation. Validation: python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 35 | local genuine | 0 | Local audit covered post-pass-34 branch/upstream parity, CI action SHA pin integrity against remote tag refs, mutable-action-reference absence, ubuntu-24.04 runner pinning, read-only workflow permissions, checkout credential persistence settings, and standard validation. Validation: git ls-remote --tags for actions/checkout@v5, actions/setup-python@v6, and actions/upload-artifact@v5; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 3/25 |
| 36 | local genuine | 1 | Local audit covered post-pass-35 branch/upstream parity, Torch core/PyG manifest topology, duplicated core-pin absence, install-order parity across Make/Docker/CI/Codespaces docs, dependency-ledger exact-pin coverage, and standard validation. Validation: focused manifest-vs-ledger exact-reference check; make -n install-torch-stack codespace-setup; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-36 dependency-ledger finding fixed; zero-issue streak reset |
| 37 | local genuine | 0 | Local audit covered post-pass-36 branch/upstream parity, tracked active notebook coverage against verifier config, active task-directory coverage against README/config, Tier-A Makefile/YAML parity, documentation link verification, corrected YAML-key probe recovery, and standard validation. Validation: active notebook/config comparison (29/29); active task-dir README/config comparison (21/21); Tier-A Makefile/config comparison (19/19); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 38 | local genuine | 0 | Local audit covered post-pass-37 branch/upstream parity, helper-script compileability, verifier help/config behavior, injector/rewriter/editor usage paths, JupyterHub wrapper uninitialized-submodule recovery, helper-doc reference scan, focused helper regression tests, and standard validation. Validation: python -m py_compile for helper scripts; python scripts/verify_repo.py --help; helper no-arg usage probes; bash -n scripts/start-jupyterhub.sh; wrapper recovery probe; focused helper tests (58 passed, 2 warnings); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 39 | local genuine | 0 | Local audit covered post-pass-38 branch/upstream parity, maintenance pass numbering, issue-ID sequencing, issue-status validity, deferred-state inventory, recent-commit/log correspondence, OM-081 representation, and standard validation. Validation: pass sequence 1..38 before logging; issue sequence OM-001..OM-081; no duplicate pass/issue IDs; five expected deferred/documented-deferred items; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 3/25 |
| 40 | local genuine | 0 | Local audit covered post-pass-39 branch/upstream parity, ruff-only pyproject.toml configuration, Makefile target/help text parity, CI/docs references for test/lint/verify targets, TOML parseability, and standard validation. Validation: make help; tomllib parse of pyproject.toml; config reference scan across README/CONTRIBUTING/docs/CI/Makefile; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 4/25 |
| 41 | local genuine | 0 | Local audit covered post-pass-40 branch/upstream parity, archive/read-only boundary checks, archive notebook exclusion from active config expectations, ruff archive/vendor/venv exclusions, ignored local data/runs/scratch isolation, tracked generated-cache/data pattern scan, and standard validation. Validation: archive inventory (22 archived notebooks); git status --ignored --short; tracked cache/data/run pattern scan; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 5/25 |
| 42 | local genuine | 0 | Local audit covered post-pass-41 branch/upstream parity, NLP asset dependency paths, requirements.txt spaCy/NLTK presence, Makefile/CI/Codespaces nlp-assets parity, text/sentiment notebook dependency references, and standard validation. Validation: focused NLP asset consistency check; make -n nlp-assets codespace-setup; notebook source dependency probe; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 6/25 |
| 43 | local genuine | 0 | Local audit covered post-pass-42 branch/upstream parity, Dockerfile install/runtime contract, .devcontainer/devcontainer.json JSONC parse and Codespaces settings, .dockerignore coverage for local-only credential/cache/data patterns, setup-command documentation references, and standard validation. Validation: Dockerfile contract probe; devcontainer JSONC parse (postCreateCommand: make codespace-setup, forwardPorts: [8888]); Docker ignore parity probe (47 Docker patterns checked against required local-only patterns); make -n install-torch-stack codespace-setup; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 7/25 |
| 44 | local genuine | 1 | Local audit covered post-pass-43 branch/upstream parity, active notebook JSON metadata, cell-id coverage, kernelspec/language metadata, papermill parameter tags, verifier S1 coverage, and standard validation. Validation: active notebook metadata probe (29 checked, 0 missing cell IDs after fix); focused S1 missing-cell-id regression (1 passed); python scripts/verify_repo.py --check structure --fast (0 errors, 4 warnings); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (362 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-44 notebook metadata finding fixed; zero-issue streak reset |
| 45 | local genuine | 0 | Local audit covered post-pass-44 branch/upstream parity, latest commit/log correspondence, maintenance pass numbering, issue-ID sequencing through OM-082, pass-44 streak-reset recording, S1.cell_id references, and standard validation. Validation: pass sequence 1..44 before logging; issue sequence OM-001..OM-082; latest commit 88a5209 fix: enforce notebook cell ids; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (362 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 46 | local genuine | 1 | Local audit covered post-pass-45 branch/upstream parity, pytest warning hygiene, injector synthetic notebook fixtures, inserted parameter-cell nbformat IDs, and standard validation. Validation: focused injector tests with MissingIDFieldWarning promoted to error (6 passed); ruff check scripts/inject_smoke_test_cell.py tests/test_inject_smoke_test_cell.py --no-cache; python -m py_compile scripts/inject_smoke_test_cell.py tests/test_inject_smoke_test_cell.py; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (362 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-46 warning-hygiene finding fixed; zero-issue streak reset |
| 47 | local genuine | 0 | Local audit covered post-pass-46 branch/upstream parity, active notebook cell-ID preservation, focused nbformat warning-as-error coverage for injector and verifier fixtures, S1.cell_id/smoke-params reference scan, pytest warning-baseline stability, and standard validation. Validation: focused warning-as-error tests (7 passed); active notebook missing-ID probe (0); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (362 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 48 | local genuine | 0 | Local audit covered post-pass-47 branch/upstream parity, active notebook cell-ID uniqueness and nbformat-format validity, helper smoke-parameter ID collision behavior, notebook-edit helper ID generation references, and standard validation. Validation: active notebook ID probe (616 cells, 0 missing/invalid/duplicate IDs); injector collision probe (smoke-params-3); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (362 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 49 | local genuine | 1 | Local audit covered post-pass-48 branch/upstream parity, script shebang/executable-bit parity, helper CLI no-arg behavior, helper compileability, S8 verifier coverage, and standard validation. Validation: focused script-mode probe (all four scripts/*.py shebang/executable pairs aligned after fix); focused S8 regression (1 passed); python scripts/verify_repo.py --check structure --fast (0 errors, 4 warnings); helper no-arg usage probes; python -m py_compile for helper scripts; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (363 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-49 script-mode finding fixed; zero-issue streak reset |
| 50 | local genuine | 0 | Local audit covered post-pass-49 branch/upstream parity, latest commit/log correspondence, pass/issue sequencing through pass 49 and OM-084, committed script-mode parity, S8 references, and standard validation. Validation: pass sequence 1..49 before logging; issue sequence OM-001..OM-084; latest commit ac53acf fix: verify script executable metadata; script mode probe (all four scripts/*.py aligned); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (363 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 51 | local genuine | 0 | Local audit covered post-pass-50 branch/upstream parity, dependency-manifest duplicate package absence, Torch core/extension manifest inclusion, install-order references across Make/Docker/CI, dry-run setup order, and standard validation. Validation: dependency manifest probe (29 package entries, no duplicates); torch-requirements.txt includes torch-core-requirements.txt; install-reference probe for Dockerfile/Makefile/CI; make -n install-torch-stack codespace-setup; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (363 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 52 | local genuine | 0 | Local audit covered post-pass-51 branch/upstream parity, CI action SHA pins against upstream tag refs, read-only workflow permissions, ubuntu-24.04 runner pinning, checkout credential persistence settings, and standard validation. Validation: workflow action/ref probe; git ls-remote --tags for actions/checkout@v5, actions/setup-python@v6, and actions/upload-artifact@v5; CI reference scan; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (363 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 3/25 |
| 53 | local genuine | 1 | Local audit covered post-pass-52 branch/upstream parity, active numbered-doc heading shape across root docs, required docs, maintenance docs, and active task READMEs; fixed OM-085 and added D9 verifier coverage. Validation: active numbered-doc probe (30 files, 3 malformed headings before fix); focused D9 tests (2 passed); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (365 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-53 numbered-doc finding fixed; zero-issue streak reset |
| 54 | local genuine | 0 | Local audit covered post-pass-53 branch/upstream parity, D9 verifier helper presence, active numbered-doc heading state after OM-085, maintenance pass/issue sequencing through pass 53 and OM-085, and standard validation. Validation: pass sequence 1..53; issue sequence OM-001..OM-085; D9 helper probe; active numbered-doc probe (30 files, 0 malformed headings); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (365 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 55 | local genuine | 0 | Local audit covered post-pass-54 branch/upstream parity, active Markdown heading-anchor uniqueness after numbered-heading punctuation changes, structure/docs linkability checks, and standard validation. Validation: active Markdown anchor probe (31 files, 242 headings, 0 duplicate base slugs); python scripts/verify_repo.py --check structure --fast (0 errors, 4 warnings); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (365 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 56 | local genuine | 1 | Local audit covered post-pass-55 branch/upstream parity, live pip-audit --format json advisory output versus docs/dependency-contracts.md, duplicate Torch advisory feed-record accounting, D10 verifier coverage, and standard validation. Validation: structured audit comparison found 23 live vulnerability records, 21 unique advisory IDs, and 2 collapsed duplicate records before fix; focused D10 tests (2 passed); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-56 dependency-ledger finding fixed; zero-issue streak reset |
| 57 | local genuine | 0 | Local audit covered post-pass-56 branch/upstream parity, dependency-ledger feed-record reconciliation after OM-086, maintenance pass/issue sequencing through pass 56 and OM-086, and standard validation. Validation: pass sequence 1..56; issue sequence OM-001..OM-086; dependency-ledger reconciliation (torch=21, pytorch-lightning=1, nltk=1, total 23/23); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 58 | local genuine | 0 | Local audit covered post-pass-57 branch/upstream parity, verifier check identifier inventory after D9/D10 additions, focused D9/D10 current-state coverage, docs verifier consistency, and standard validation. Validation: verifier ID inventory (48 finding IDs, D9/D10 test references present); focused D9/D10 current-state tests (2 passed); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 59 | local genuine | 0 | Local audit covered post-pass-58 branch/upstream parity, verifier CLI/help behavior after D9/D10 additions, copied-script --help resilience without adjacent config, focused CLI regressions, and standard validation. Validation: python scripts/verify_repo.py --help; copied-script help probe (rc=0, --check present); focused CLI tests (3 passed); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 3/25 |
| 60 | local genuine | 0 | Local audit covered post-pass-59 branch/upstream parity, latest commit/log correspondence, pass and issue sequencing through pass 59 and OM-086, docs verifier consistency, and standard validation. Validation: latest commit 6aad700 chore: record overnight maintenance pass 59; pass sequence 1..59; issue sequence OM-001..OM-086; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 4/25 |
| 61 | local genuine | 0 | Local audit covered post-pass-60 branch/upstream parity, active task directory and README coverage, required active documentation presence, tracked Markdown inventory, docs/structure verifier consistency, and standard validation. Validation: active task-dir/readme probe (21/21), required docs (5/5), tracked Markdown (32); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check structure --fast (0 errors, 4 warnings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 5/25 |
| 62 | local genuine | 0 | Local audit covered post-pass-61 branch/upstream parity, workflow trigger and job-gate contracts, Tier-B/Tier-C trigger documentation in contributor/setup docs and Makefile comments, Docker scheduled-run gating, and standard validation. Validation: workflow trigger probe for push/pull_request on main, workflow_dispatch, weekly cron, Tier-B dispatch/schedule/label gate, Tier-C dispatch/schedule gate, and non-scheduled docker-build; docs trigger-reference probe for CONTRIBUTING.md, docs/env-setup.md, and Makefile; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 6/25 |
| 63 | local genuine | 0 | Local audit covered post-pass-62 branch/upstream parity, Makefile .PHONY/target parity, required local tooling target presence, pyproject ruff-only configuration, setup/verification target dry-runs, command-reference alignment across docs and CI, and standard validation. Validation: Makefile target probe (12 required targets, 0 phony drift); make help; make -n verify test test-nnx-surface lint install-torch-stack codespace-setup; tomllib parse of pyproject.toml (line-length=120, target-version=py311, select=E/F/W, archive/vendor excludes); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 7/25 |
| 64 | local genuine | 0 | Local audit covered post-pass-63 branch/upstream parity, latest commit/log correspondence, maintenance pass sequencing through pass 63, issue sequencing through OM-086, issue-status vocabulary, deferred/fixed issue-state accounting, and standard validation. Validation: latest commit 67c684a chore: record overnight maintenance pass 63; branch/upstream SHA parity; pass sequence 1..63; issue sequence OM-001..OM-086; issue statuses (80 Fixed, 4 Deferred, 1 Fixed/documented, 1 Documented/deferred); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 8/25 |
| 65 | local genuine | 0 | Local audit covered post-pass-64 branch/upstream parity, root README active task inventory against task folders, task-table link freshness, roadmap completed-item accounting, and standard validation. Validation: active task-folder/link probe (21 active folders, 21 linked task dirs, 0 missing task links, 0 stale task links, completed roadmap item diffusion-mnist-ddpm-pytorch); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 9/25 |
| 66 | local genuine | 0 | Local audit covered post-pass-65 branch/upstream parity, .gitignore/.dockerignore local-only pattern parity, credential/cache/generated-artifact ignore coverage, tracked data/run/checkpoint/cache/key leakage, ignored artifact inventory, and standard validation. Validation: ignore parity probe (27 required patterns, 0 missing in .gitignore, 0 missing in .dockerignore); tracked-file leak probe (266 tracked files, 0 generated/credential leaks); git status --ignored --short; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 10/25 |
| 67 | local genuine | 0 | Local audit covered post-pass-66 branch/upstream parity, active notebook inventory, required-section config coverage, Tier-A verifier-config/Makefile parity, Tier-B/Tier-C execution-list counts, manual-only notebook boundary, and standard validation. Validation: active notebook contract probe (29 active notebooks, 29 required-section entries, 0 missing/stale required entries, Tier-A config/Makefile 19/19, Tier-B 5, Tier-C 4, manual-only notebooks/quantization-mnist-ffnn-pytorch/notebook.ipynb); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (367 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 11/25 |
| 68 | local genuine | 1 | Local audit covered post-pass-67 branch/upstream parity, helper-script shebang/executable parity, helper compileability, direct helper CLI/help behavior, and standard validation. Found and fixed OM-087: scripts/rewrite_imports.py --help treated --help as a missing notebook path instead of printing usage. Validation: helper metadata probe (4/4 shebang/executable aligned); python -m py_compile for helper scripts; red regression pytest tests/test_rewrite_imports.py::test_help_exits_zero_and_prints_usage -q failed before fix; focused regression passed after fix; pytest tests/test_rewrite_imports.py -q (11 passed); python scripts/rewrite_imports.py --help; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Non-zero pass; pass-68 helper CLI finding fixed; zero-issue streak reset |
| 69 | local genuine | 0 | Local audit covered post-pass-68 branch/upstream parity, OM-087 log/issue consistency, helper --help behavior after the fix, focused regression stability, pass/issue sequencing through pass 68 and OM-087, and standard validation. Validation: branch/upstream SHA parity at 9b922e3; python scripts/rewrite_imports.py --help; focused help regression (1 passed); pass sequence 1..68; issue sequence OM-001..OM-087; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 1/25 |
| 70 | local genuine | 0 | Local audit covered post-pass-69 branch/upstream parity, CI action SHA pinning, runner-label stability, read-only workflow permissions, checkout credential persistence settings, setup cache dependency paths, and standard validation. Validation: workflow action/ref probe (12 action uses, all 40-character SHAs); ubuntu-latest count 0, ubuntu-24.04 count 6; permissions: contents: read; persist-credentials: false count matches checkout count (6/6); cache paths include torch-core-requirements.txt and torch-requirements.txt; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 2/25 |
| 71 | local genuine | 0 | Local audit covered post-pass-70 branch/upstream parity, dependency accepted-advisory/feed-record reconciliation, package-level vulnerability ledger counts, D10 verifier coverage, focused D10 regressions, and standard validation. Validation: dependency advisory feed-record probe (torch=21, pytorch-lightning=1, nltk=1, total 23); focused D10 tests (2 passed); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 3/25 |
| 72 | local genuine | 0 | Local audit covered post-pass-71 branch/upstream parity, latest commit/log correspondence, pass sequencing through pass 71, issue sequencing through OM-087, issue-status accounting, streak-marker coherence after the pass-68 reset, and standard validation. Validation: branch/upstream SHA parity at 7c08e1c; pass sequence 1..71; issue sequence OM-001..OM-087; issue statuses (81 Fixed, 1 Fixed/documented, 1 Documented/deferred, 4 Deferred); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 4/25 |
| 73 | local genuine | 0 | Local audit covered post-pass-72 branch/upstream parity, Markdown internal file/anchor link coverage, required top-level documentation presence, README active task table parity with task-folder READMEs, and standard validation. Validation: branch/upstream SHA parity at 8ceedf1; Markdown probe (44 files, 77 internal links, 0 broken internal file/anchor links); required docs 6/6; active task README/table-link parity (21/21, 0 missing, 0 stale); python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 5/25 |
| 74 | local genuine | 0 | Local audit covered post-pass-73 branch/upstream parity, script shebang/executable metadata, helper CLI/help behavior, Makefile documented target availability, and standard validation. Validation: branch/upstream SHA parity at 56745f8; entrypoint metadata probe (5 scripts checked, 0 shebang/executable mismatches); helper CLI probe (verify_repo.py --help, rewrite_imports.py --help, inject_smoke_test_cell.py no-args usage); make help lists 11 documented targets; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 6/25 |
| 75 | local genuine | 0 | Local audit covered post-pass-74 branch/upstream parity, final hard-cap pass/log sequencing, issue sequencing through OM-087, streak-marker coherence after the pass-68 reset, latest commit/log correspondence, and standard validation. Validation: branch/upstream SHA parity at 9b4fcfc; pass sequence 1..74; issue sequence OM-001..OM-087; final pre-row streak 6/25; python scripts/verify_repo.py --check docs --fast (0 findings); python scripts/verify_repo.py --check all --fast (0 errors, 5 warnings); ruff check . --no-cache; make check-tier-a-clean; pytest tests/ -v (368 passed, 3 skipped, 17 warnings); workflow/config/override YAML parse; bash -n scripts/start-jupyterhub.sh; git diff --check; pip-audit -r requirements.txt -r torch-requirements.txt still reports the documented 23 known vulnerabilities. |
Zero-issue pass; zero-issue streak 7/25; reached MAX_PASSES=75 |
3. Validation Log
ruff check .passed before and after the pass-1 fix batch.- Baseline
pytest tests/ -vpassed with291 passed, 3 skipped; post-fix full suite passed with325 passed, 3 skipped, 19 warnings. - Baseline
pytest tests/nnx_surface -vpassed with258 passed, 3 skipped; post-fix NNx-surface coverage is included in the fullpytest tests/ -vrun. python scripts/verify_repo.py --check all --fastpassed before and after the fix batch with0 errors, 5 warnings(torch_sparseunavailable in the local verifier environment for four Reddit phase3 notebooks, plus missing optionalshellcheck).bash -n scripts/start-jupyterhub.shpassed.- YAML parsing passed for
.github/workflows/ci.ymlanddeploy/genai-vanilla-jupyterhub.override.yml. scripts/start-jupyterhub.sh --helpexited with status 1 by design in this checkout and printed the intended uninitialized-submodule recovery command.git diff --checkpassed.pip-audit -r requirements.txt -r torch-requirements.txtstill reports 23 known vulnerabilities across resolvedtorch==2.4.1,pytorch-lightning==2.4.0, andnltk==3.9.4; this is recorded indocs/dependency-contracts.mdand remains a coordinated dependency-upgrade follow-up rather than a local green check.- Pass-2 red tests failed for scalar
one_hot_encode, multilineToSparseTensor(...), and spacedremove_edge_index = False; the same focused set passed after the fix. - Pass-2 full validation passed:
ruff check .;pytest tests/ -v(329 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings); workflow/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check. - Pass-3 red tests failed for string-source notebook guards and aliased deprecated import rewrites; the same focused set passed after the fix.
- Pass-3 full validation passed:
ruff check .;pytest tests/ -v(334 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings); workflow/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-4 red tests failed for parenthesized deprecated imports and alias/bare
NNParamsimport coexistence; the same focused set passed after the fix. - Pass-4 full validation passed:
ruff check .;pytest tests/ -v(336 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings); workflow/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-5 red tests failed for comment/string-safe deprecated Params rewrites, unconfigured active notebook enforcement, and verifier timeout byte-stream handling; the same focused set passed after the fix. A first full
pytest tests/ -vrun exposed a multiline constructor-tokenization regression, which was fixed and covered by the existing multiline call-site test. - Pass-5 full validation passed:
ruff check .;python -m py_compile scripts/rewrite_imports.py scripts/verify_repo.py;pytest tests/ -v(338 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings); workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;make check-tier-a-clean;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-6 focused tests passed for Tier-C parameter-cell baseline exclusions, papermill-unsafe parameter trailing comments, comment/string-safe notebook migration guards, stale IDP guards, and
NNRun.load("best")AST detection.papermill.inspection.inspect_notebook(...)inferredSMOKE_TEST,SMOKE_TEST_EPOCHS, andSMOKE_TEST_SUBSETfor all four Reddit phase3 notebooks after the parameter-cell cleanup. - Pass-6 first full
pytest tests/ -vrun exposed a regression in the new string/comment masking forNNRun.load("best"); the guard was converted to AST inspection and the focused regression set passed. - Pass-6 Docker validation first failed while building PyG extensions because
torchwas not installed beforetorch-scatterbuild isolation; after splitting the Dockerfile install order and using--no-build-isolationfortorch-requirements.txt,docker build -t ml-eng-lab-ci .completed successfully. - Pass-6 full validation passed:
ruff check .;python -m py_compile scripts/verify_repo.py scripts/rewrite_imports.py scripts/inject_smoke_test_cell.py;pytest tests/ -v(343 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings); workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;make check-tier-a-clean;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-7 subagent attempts for docs, code/tests/notebooks, and CI/security all errored on account usage limits, so no fresh-eyes reviewer findings were available for this pass.
- Pass-7 local audit found the non-Docker install-order mismatch left by OM-055.
make -n install-torch-stack codespace-setupshows the intended sequence: upgrade pip, install pinned Torch core packages, reinstalltorch-requirements.txtwith--no-build-isolation, installrequirements.txt, then download NLP assets. - Pass-7 full validation passed: workflow/override/config YAML parse;
ruff check .;python -m py_compile scripts/verify_repo.py scripts/rewrite_imports.py scripts/inject_smoke_test_cell.py;pytest tests/ -v(343 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);bash -n scripts/start-jupyterhub.sh;make check-tier-a-clean;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-8 local audit found Torch core pin duplication introduced by the Docker/Make install-order fixes. The pins now live in
torch-core-requirements.txt;torch-requirements.txtincludes that file for complete audit/install commands, while Docker and Make install the core file first before--no-build-isolationPyG installation. - Pass-8 full validation passed:
make -n install-torch-stack codespace-setup; workflow/override/config YAML parse;ruff check .;python -m py_compile scripts/verify_repo.py scripts/rewrite_imports.py scripts/inject_smoke_test_cell.py;pytest tests/ -v(343 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);bash -n scripts/start-jupyterhub.sh;make check-tier-a-clean;docker build -t ml-eng-lab-ci .(compiledtorch-scatter,torch-sparse,torch-cluster, andtorch-spline-conv, then exported imagea1913b7c...);git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-9 local audit found that
S3.broken_linkvalidated Markdown file existence but ignored#fragmentanchors, including same-file anchors. AddedS3.broken_anchorand regression coverage for missing anchors plus inline/fenced code examples that must not be treated as live links. - Pass-9 full validation passed: focused S3 regression tests (
3 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py; workflow/override/config YAML parse;pytest tests/ -v(346 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);bash -n scripts/start-jupyterhub.sh;make check-tier-a-clean;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-10 local audit found that S3 still ignored live Markdown links inside notebook markdown cells. Added notebook markdown documents to the S3 scan with notebook-relative link bases and regression coverage for broken notebook links plus notebook code-span examples.
- Pass-10 full validation passed: focused S3 regression tests (
5 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(348 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);bash -n scripts/start-jupyterhub.sh;make check-tier-a-clean;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-11 local audit found that E7 verified only the presence of a papermill
parameterstag, not that the tagged cell actually assignedSMOKE_TEST, even though Make smoke targets pass-p SMOKE_TEST 1. - Pass-11 full validation passed: focused E10 regression tests (
3 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(351 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-12 local audit found that
scripts/inject_smoke_test_cell.pystill treated any existingparameterstag as sufficient, so it would skip a notebook that pass-11's verifier now correctly rejects for lacking a realSMOKE_TESTassignment. - Pass-12 full validation passed: focused injector tests (
6 passed, 2 warnings);ruff check scripts/inject_smoke_test_cell.py tests/test_inject_smoke_test_cell.py;python -m py_compile scripts/inject_smoke_test_cell.py;pytest tests/ -v(352 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-13 local audit found that
scripts/verify_repo_config.yamldocumented the need to keeptier_a_notebooksin sync withMakefileTIER_A, but the verifier did not enforce the duplicated execution list. - Pass-13 full validation passed: focused E11 tests (
2 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(354 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-14 local audit found that the new E11 guard would detect
TIER_Amismatches but still pass silently if the Makefile variable was missing or parsed as empty. - Pass-14 full validation passed: focused E11 missing-list tests (
2 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(355 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-15 local audit found that the Tier-A notebook list was also duplicated in the CI artifact upload
pathblock, with no verifier check to catch workflow drift fromscripts/verify_repo_config.yaml. - Pass-15 full validation passed: focused E12 workflow tests (
2 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(357 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-16 local audit fixed deferred OM-017: verifier
--helpdepended on adjacent YAML config loading at import time, so a missing config file blocked basic CLI help. - Pass-16 full validation passed: focused help tests (
2 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(358 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-17 local audit found that
--phase-b-outskips the main verifier loop but still required--check, contradicting the export-only CLI contract. - Pass-17 full validation passed: focused phase-B CLI tests (
3 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py;pytest tests/ -v(360 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/override/config YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-18 local audit found no new actionable findings; covered verifier/tooling CLI contracts, Tier-A config/workflow sync, docs/runtime wording scan, and current standard validation.
- Pass-18 full validation passed:
pytest tests/ -v(360 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-19 local audit fixed deferred OM-018: NNx surface tests discovered notebooks via filesystem
rglob, so untracked scratch notebooks could affect local static scans. - Pass-19 full validation passed: focused discovery test (
1 passed); full NNx surface file (291 passed);ruff check tests/nnx_surface/test_notebook_api_surface.py;python -m py_compile tests/nnx_surface/test_notebook_api_surface.py;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-20 local audit fixed deferred OM-016: verifier tests with synthetic files no longer write into the real checkout; they use temporary git repo roots through a hidden
--repo-roottest hook. - Pass-20 full validation passed:
pytest tests/test_verify_repo.py -q(39 passed);ruff check scripts/verify_repo.py tests/test_verify_repo.py;python -m py_compile scripts/verify_repo.py tests/test_verify_repo.py;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-21 local audit fixed maintenance-log state drift: OM-017 still said deferred even though pass 16 and OM-065 record the same verifier
--helpdefect as fixed. - Pass-21 doc validation passed: focused help regression (
1 passed);python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-22 local audit found no new actionable findings; remaining deferred Reddit NNx import/seed work, lockfile work, and base-image digest pinning still require coordinated NNx/dependency/image upgrades.
- Pass-22 full validation passed:
pytest tests/ -v(361 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-23 local audit found no new actionable findings; covered maintenance-log stale state checks, active documentation references, and the remaining deferred issue boundaries.
- Pass-23 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);pytest tests/ -v(361 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-24 local audit found no new actionable findings;
pip checkreports shared Python environment conflicts from unrelated global packages, while repo manifests did not show a new local dependency contract issue. - Pass-24 full validation passed:
python -m compileall -q scripts tests;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-25 local audit found no new actionable findings; tracked/untracked state was clean, branch/upstream parity was clean, ignored artifacts were limited to local data/runs/personal artifacts and generated caches, and generated caches were cleaned after validation.
- Pass-25 full validation passed:
pytest tests/ -v(361 passed, 3 skipped, 19 warnings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-26 fresh-eyes audit found three low documentation drift issues: README's repository-layout docs summary omitted current first-class docs, README pointed per-task docs at §10 instead of §4.1, and README/env-setup still described Tier-B phase2 Reddit smoke runs as hardcoded sweeps despite the notebooks'
SMOKE_TEST_EPOCHS/SMOKE_TEST_SUBSETwiring. - Pass-26 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-27 fresh-eyes audit found six low documentation/tooling-doc drift issues: live changelog smoke-contract wording still described old phase2 behavior, the Codespaces changelog entry predated the Torch-first install split, several changelog references still cited the old env-setup Tier mapping section, CONTRIBUTING omitted the Tier-B label-triggered CI path, the Tier-B MNIST README omitted the dropout dimension in its full sweep, and the smoke-parameter injector docstring described pre-OM-061 behavior.
- Pass-27 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-28 fresh-eyes audit found three documentation/Docker hygiene issues: the Tier-B MNIST README omitted the
workflow_dispatchtrigger, README/CHANGELOG described Codespaces dependency sync as happening at session start rather than one-time Codespace creation throughpostCreateCommand, and.dockerignoredid not mirror local environment/scratch-document ignore patterns from.gitignoreeven thoughDockerfileusesCOPY . .. - Pass-28 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-29 local audit found one Tier smoke-trigger documentation drift:
docs/env-setup.mdsaid Tier-B ran on-demand plus weekly cron while omitting the PR-label trigger, and said Tier-C was on-demand while omitting its weekly schedule path. - Pass-29 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-30 local audit found no new actionable findings; residual smoke-trigger references were either current active docs, historical changelog context with later corrections, or the maintenance log itself.
- Pass-30 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-31 local audit found no new actionable findings; current
pip-audit -f jsonoutput has 21 unique advisory IDs, and the accepted-advisory table indocs/dependency-contracts.mdhas the same 21 package/advisory pairs with no missing or extra IDs. - Pass-31 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-32 local audit found one low tooling-doc drift: the
Makefileheader said Tier-B/C were on-demand even though the workflow also runs both on the weekly schedule and Tier-B on PRs labeledtier-b-smoke. - Pass-32 full validation passed:
make help;python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-33 local audit found no new actionable findings; Docker, CI, Make, Codespaces, README, CONTRIBUTING, and environment docs now describe the same Torch-first install order and Codespaces
postCreateCommandflow. - Pass-33 full validation passed:
make -n install-torch-stack codespace-setup;python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);make check-tier-a-clean; workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-34 local audit found no new actionable findings; tracked ignored artifacts and tracked cache/secret/data/run patterns were absent, while ignored local artifacts were limited to expected data, runs, superpowers, and Claude scratch paths.
- Pass-34 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-35 local audit found no new actionable findings; CI action pins still match the remote
v5/v6tag SHAs, no mutable action refs orubuntu-latestrunners were present, checkout credential persistence remained disabled, and workflow permissions remained read-only. - Pass-35 full validation passed:
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-36 local audit found one low dependency-ledger drift:
docs/dependency-contracts.mdsaidtorch-requirements.txtpinned the PyG stack but named only the wheel index, not the exact PyG package pins from the manifest. - Pass-36 full validation passed: focused manifest-vs-ledger exact-reference check;
make -n install-torch-stack codespace-setup;python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-37 local audit found no new actionable findings; tracked active notebooks matched verifier required-section config, active task directories matched README/config coverage, and Tier-A Makefile/config membership stayed aligned.
- Pass-37 full validation passed: active notebook/config comparison (
29/29); active task-dir README/config comparison (21/21); Tier-A Makefile/config comparison (19/19);python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-38 local audit found no new actionable findings; helper scripts compiled, documented CLI usage paths behaved as expected, the JupyterHub wrapper still fails closed with the submodule recovery command, and focused helper tests passed.
- Pass-38 full validation passed:
python -m py_compilefor helper scripts;python scripts/verify_repo.py --help; helper no-arg usage probes;bash -n scripts/start-jupyterhub.sh; wrapper recovery probe; focused helper tests (58 passed, 2 warnings);python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings);git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-39 local audit found no new actionable findings; maintenance pass numbers and issue IDs were sequential and unique, issue statuses were valid, the deferred inventory remained the expected five items, and recent commit history matched the recorded maintenance passes/fixes.
- Pass-39 full validation passed: pass/issue sequence checks; status/deferred inventory checks; recent commit/log correspondence check;
python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-40 local audit found no new actionable findings;
pyproject.tomlremains ruff-only as documented, Makefile help matched the target surface, and docs/CI references still align withmake test,make lint,make verify, andmake test-nnx-surface. - Pass-40 full validation passed:
make help;tomllibparse ofpyproject.toml; config reference scan across README/CONTRIBUTING/docs/CI/Makefile;python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities. - Pass-41 local audit found no new actionable findings; archived notebooks remain intentionally tracked and excluded from active notebook expectations, ruff excludes archive/vendor/venv, ignored local artifacts were limited to expected data/runs/scratch paths, and no tracked generated caches or active data/run artifacts appeared.
- Pass-41 full validation passed: archive inventory (
22archived notebooks);git status --ignored --short; tracked cache/data/run pattern scan;python scripts/verify_repo.py --check docs --fast(0 findings);python scripts/verify_repo.py --check all --fast(0 errors, 5 warnings);ruff check . --no-cache;make check-tier-a-clean;pytest tests/ -v(361 passed, 3 skipped, 19 warnings); workflow/config/override YAML parse;bash -n scripts/start-jupyterhub.sh;git diff --check.pip-audit -r requirements.txt -r torch-requirements.txtstill reports the documented 23 known vulnerabilities.
4. Issue Log
| ID | Severity | Category | Location | Description | Status | Validation |
|---|---|---|---|---|---|---|
| OM-001 | High | §3.16 security / §3.14 CI | .github/workflows/ci.yml |
CI ran PR-controlled code without explicit least-privilege permissions and with persisted checkout credentials. | Fixed | Added top-level permissions: contents: read; set persist-credentials: false on checkout steps; workflow YAML parsed successfully. |
| OM-002 | High | §3.16 security / §3.26 configuration | scripts/start-jupyterhub.sh, deploy/genai-vanilla-jupyterhub.override.yml, runtime docs |
Wrapper mounted host ~/.ssh into JupyterHub by default. |
Fixed | Host SSH mount now opt-in via HOST_SSH_DIR; docs updated; shell syntax and override YAML validated. |
| OM-003 | High | §3.16 dependency security / §3.31 consumed contracts | requirements.txt, torch-requirements.txt, docs/dependency-contracts.md |
pip-audit reported 23 known vulnerabilities in resolved torch, pytorch-lightning, and nltk; exception state was undocumented. |
Fixed/documented | Added dependency contract ledger with audit snapshot and upgrade criteria; full upgrade deferred to coordinated Torch stack pass. |
| OM-004 | Medium | §3.29 reproducibility | Docker/devcontainer/PyPI/NLP assets | Build inputs are tag-pinned/ranged and external NLP assets are not checksum locked. | Documented/deferred | Ledger records current contract and stricter reproducibility upgrade path; full lockfile/digest migration deferred due broad dependency blast radius. |
| OM-005 | Medium | §3.14 CI/tooling | .github/workflows/ci.yml |
make verify was local-only, despite enforcing repo invariants. |
Fixed | Added verify-repo CI job running make verify; workflow YAML parsed successfully. Pass 2 added fetch-depth: 0 so the tag-backed E5 baseline is available in CI. |
| OM-006 | Low | §3.17 bootstrap tracing | scripts/start-jupyterhub.sh |
Wrapper only checked that vendor/genai-vanilla directory existed, not whether the submodule files were initialized. |
Fixed | Wrapper now checks for start.sh and docker-compose.yml; local uninitialized-submodule run prints git submodule update --init --recursive and exits 1 by design. |
| OM-007 | Low | §3.6 docs | README.md, .devcontainer/devcontainer.json |
Codespaces wording overpromised all active notebooks despite manual-only quantization. | Fixed | Wording now distinguishes 21 task folders, 29 active notebooks, 28 tier-covered runnable notebooks, and the manual-only quantization notebook. |
| OM-008 | Medium | §3.6 changelog hygiene | CHANGELOG.md |
[Unreleased] had duplicate ### Fixed sections. |
Fixed | Merged duplicate Fixed block. |
| OM-009 | Low | §3.9 numbered docs | archive/README.md |
Archive README headings were unnumbered under NUMBERED_DOCS=yes. |
Fixed | Renumbered archive headings hierarchically. |
| OM-010 | Low | §3.8 link hygiene | CHANGELOG.md |
Historical broken-link example was itself a live broken Markdown link. | Fixed | Rendered as literal code text. |
| OM-011 | Medium | §3.4 correctness / §3.13 tests | notebooks/image_classification-mnist-ffnn-numpy/utils.py |
one_hot_encode assumed dense zero-based integer labels and ignored explicit class order. |
Fixed | Added tests/test_numpy_utils.py; focused test and full pytest tests/ -v passed. |
| OM-012 | Medium | §3.15 hygiene / §3.17 generated-helper trace | scripts/rewrite_imports.py |
Simple import migration rewrote comments and string literals. | Fixed | Added regression test; focused test and full pytest tests/ -v passed. |
| OM-013 | Medium | §3.17 notebook trace / §3.31 PyG contract | notebooks/node_classification-reddit-gnn-pyg/phase1-dataset-exploration-notebook.ipynb |
ToSparseTensor() dropped edge_index by default while later cells rely on edge_index. |
Fixed | Added NNx surface guard; focused real-notebook test and full pytest tests/ -v passed. |
| OM-014 | Medium | §3.17 notebook reproducibility | Reddit phase2/phase3 notebooks | New upstream NNx supports NNGraphDataset(seed=...), but pinned thekaveh-nnx==0.2.0 does not. |
Deferred | Do not add seed= until requirements bump; track with next NNx upgrade. |
| OM-015 | Low | §3.32 examples/library-fit | Reddit notebooks | Some Reddit notebooks still use deep NNx imports instead of top-level public facade; phase3 has stale manual-PyG imports. | Deferred | Needs notebook source sweep and Tier-C baseline/E5 handling; not mixed into security/doc batch. |
| OM-016 | Medium | §3.13 tests / §3.15 hygiene | tests/test_verify_repo.py, scripts/verify_repo.py |
Some verifier tests wrote temporary files inside the real repo tree. | Fixed | Added a hidden --repo-root verifier test hook and moved synthetic Markdown/notebook/comment/common fixtures into temporary git repos; focused verifier tests and full validation passed. |
| OM-017 | Medium | §3.17 CLI trace | scripts/verify_repo.py |
Config/YAML loaded at import time before argparse --help. |
Fixed | Fixed in pass 16 / OM-065; help requests now tolerate missing adjacent config until real verification is requested, with copied-script regression coverage. |
| OM-018 | Low | §3.13 tests | tests/nnx_surface/test_notebook_api_surface.py |
_active_notebooks() scanned all files, so untracked scratch notebooks could affect local tests. |
Fixed | Notebook discovery now uses git ls-files -- *.ipynb and keeps archive/checkpoint exclusions; added a regression proving untracked scratch notebooks are ignored. |
| OM-019 | Medium | §3.13 tests / §3.31 PyG contract | tests/nnx_surface/test_notebook_api_surface.py |
Pass-1 ToSparseTensor guard used a line regex, missing multiline calls and falsely flagging spaced remove_edge_index = False. |
Fixed | Added red tests for multiline and spaced forms; replaced the check with AST call inspection; focused tests passed. |
| OM-020 | Low | §3.4 API compatibility | notebooks/image_classification-mnist-ffnn-numpy/utils.py, tests/test_numpy_utils.py |
Pass-1 one_hot_encode narrowed behavior for scalar labels. |
Fixed | Added scalar regression test; labels now normalize via np.asarray and preserve scalar/array output shape. |
| OM-021 | Medium | §3.14 CI/tooling | .github/workflows/ci.yml |
New verify-repo CI job used default shallow checkout, so missing pre-cleanup-baseline tag could downgrade E5 enforcement to a warning. |
Fixed | Added fetch-depth: 0 to the verify-repo checkout; workflow YAML parsed successfully. |
| OM-022 | Low | §3.16 dependency security / §3.6 docs | docs/dependency-contracts.md |
Dependency ledger called nltk>=3.9.3 a pinned package even though audit resolved nltk==3.9.4. |
Fixed | Ledger now distinguishes manifest constraint from audited resolved version. |
| OM-023 | Medium | §3.6 docs / §3.17 runtime trace | docs/jupyterhub-integration.md |
Standalone JupyterHub path said import nnx resolves out of the box despite the documented retired nnx-pytorch image layer. |
Fixed | Qualified the sentence to require either the image bump or the per-session install workaround. |
| OM-024 | Low | §3.6 changelog hygiene | CHANGELOG.md |
[Unreleased] section order drifted from the documented Added / Changed / Removed / Fixed convention. |
Fixed | Mechanically reordered Unreleased sections without changing entry text. |
| OM-025 | Low | §3.9 numbered docs | docs/maintenance/overnight-2026-07-02.md |
New maintenance log used unnumbered H2s despite NUMBERED_DOCS=yes. |
Fixed | Numbered the maintenance-log H2s hierarchically. |
| OM-026 | Low | §3.6 docs | .devcontainer/devcontainer.json |
Codespaces comment implied JupyterLab is the default browser surface; README frames browser VS Code as default. | Fixed | Comment now says browser-based VS Code, or JupyterLab if selected as the Codespaces editor. |
| OM-027 | Medium | §3.6 docs / §3.17 runtime trace | docs/jupyterhub-integration.md |
Build-failure guidance suggested docker exec as a workaround even though no container exists after a failed image build. |
Fixed | Split build-failure guidance from runtime ModuleNotFoundError guidance. |
| OM-028 | Medium | §3.6 docs / §3.17 runtime trace | docs/vscode-remote-access.md |
Intro said genai-vanilla ships the full ml-eng-lab dependency set, contradicting the later nnx image-bump caveat. |
Fixed | Qualified the intro and Mode-1 coverage to external deps/assets, with nnx caveated. |
| OM-029 | Low | §3.6 docs | docs/vscode-remote-access.md, .devcontainer/devcontainer.json |
VS Code remote docs said .devcontainer.json / Reopen in Container was not pursued, but the repo now has a Codespaces/local-devcontainer path. |
Fixed | Reframed as not applicable for attaching to the existing JupyterHub container; devcontainer is a separate path. |
| OM-030 | Low | §3.6 docs | docs/env-setup.md |
Tier-B MNIST PyTorch sweep description omitted the two dropout values. | Fixed | Updated the sweep to [9 hidden_dims × 2 dropouts × 500 epochs]. |
| OM-031 | Medium | §3.13 tests / §3.17 notebook guards | tests/nnx_surface/test_notebook_api_surface.py |
Static notebook guards assumed code-cell source is a list, missing cells serialized as a single string. |
Fixed | Added string-source regression tests; _live_lines() now normalizes string/list source forms. |
| OM-032 | Medium | §3.15 hygiene / §3.17 generated-helper trace | scripts/rewrite_imports.py, tests/test_rewrite_imports.py |
Deprecated aliased imports like GraphAttNNParams as GATParams rewrote to import NNParams from the wrong module. |
Fixed | Added alias regression test; import dropping now preserves aliases via nnx.nn.params.nn_params. |
| OM-033 | Medium | §3.29 reproducibility / §3.16 dependency security | requirements.txt, CI dependency installs |
Floating/ranged Python dependencies mean the same commit can resolve a different audited dependency set. | Deferred | Full Linux/Python 3.11 lockfile and CI install against it deferred to coordinated dependency-refresh pass. |
| OM-034 | Medium | §3.16 dependency security / §3.31 consumed contracts | docs/dependency-contracts.md |
Vulnerability ledger recorded package-level counts but not advisory IDs/fix versions. | Fixed | Added accepted advisory ID/fix-version table for the 2026-07-02 pip-audit result. |
| OM-035 | Low | §3.29 reproducibility | Dockerfile, .devcontainer/devcontainer.json |
Container bases are tag-pinned rather than digest-pinned. | Deferred | Digest pinning deferred to coordinated dependency-refresh pass with lockfile and image update validation. |
| OM-036 | Medium | §3.15 hygiene / §3.17 generated-helper trace | scripts/rewrite_imports.py, tests/test_rewrite_imports.py |
Parenthesized deprecated imports could rewrite continuation lines to import NNParams from the wrong module. |
Fixed | Added parenthesized-import regression test; rewriter now drops deprecated continuation symbols and injects NNParams from nnx.nn.params.nn_params. |
| OM-037 | Medium | §3.15 hygiene / §3.17 generated-helper trace | scripts/rewrite_imports.py, tests/test_rewrite_imports.py |
Existing NNParams as Alias imports suppressed bare NNParams injection for rewritten call sites, causing NameError. |
Fixed | Added alias-plus-call-site regression test; existing import tracking now distinguishes bound names. |
| OM-038 | Medium | §3.6 docs / §3.17 runtime trace | README.md, docs/jupyterhub-integration.md, docs/vscode-remote-access.md |
Standalone runtime docs treated NumPy as the only exception after the NNx image bump, omitting manual-only quantization. | Fixed | Wording now distinguishes 28 tier-covered notebooks from the manual-only quantization notebook. |
| OM-039 | Medium | §3.16 supply chain / §3.14 CI | .github/workflows/ci.yml |
Remote GitHub Actions used mutable major tags. | Fixed | Pinned actions/checkout, actions/setup-python, and actions/upload-artifact to current full-length tag SHAs resolved with git ls-remote, retaining version comments. |
| OM-040 | Medium | §3.6 docs / §3.17 runtime trace | README.md, docs/env-setup.md, docs/jupyterhub-integration.md, CONTRIBUTING.md |
Standalone runtime and contributor docs still overclaimed notebook coverage after the NNx image bump. | Fixed | Reworded to the tier-covered contract, explicit NumPy bind-mount exception, and manual-only quantization caveat; stale broad-claim scan is clean. |
| OM-041 | Medium | §3.29 reproducibility / §3.14 CI | .github/workflows/ci.yml |
CI jobs used mutable ubuntu-latest runner labels. |
Fixed | Pinned all jobs to ubuntu-24.04; workflow YAML parsed successfully. |
| OM-042 | Medium | §3.16 supply chain / §3.26 configuration | .dockerignore, Dockerfile |
Docker build context could include common local secret files because COPY . relies on .dockerignore. |
Fixed | Added explicit .env, cloud/SSH/GPG credential, package-token, and private-key patterns to .dockerignore. |
| OM-043 | Medium | §3.14 CI/tooling / §3.17 notebook trace | .github/workflows/ci.yml, Makefile |
Tier-A papermill CI uploaded refreshed notebooks but did not fail if tracked outputs changed. | Fixed | Added make check-tier-a-clean and wired it after make run-tier-a; local target passes. |
| OM-044 | Medium | §3.6 docs / §3.31 consumed contracts | README.md, CONTRIBUTING.md |
NNx bump guidance said Tier-A CI re-runs every notebook, overstating PR coverage. | Fixed | Guidance now says Tier-A CI re-runs the Tier-A list and calls out Tier-B/C smoke plus manual quantization validation when affected. |
| OM-045 | Medium | §3.17 CLI trace / §3.25 error handling | scripts/verify_repo.py, tests/test_verify_repo.py |
Timeout handling could raise TypeError when TimeoutExpired.stdout/stderr were bytes despite text=True. |
Fixed | Added byte-stream timeout regression; _run() normalizes stdout/stderr before returning rc 124. |
| OM-046 | Medium | §3.15 hygiene / §3.17 generated-helper trace | scripts/rewrite_imports.py, tests/test_rewrite_imports.py |
Deprecated Params call-site rewrite still mutated comments/string literals and injected real imports into prose-only cells. | Fixed | Added regression preserving comments/strings; call-site rewrite now uses Python tokenization and only rewrites real constructor-name tokens followed by (. |
| OM-047 | Medium | §3.13 tests / §3.6 docs | scripts/verify_repo.py, tests/test_verify_repo.py, scripts/verify_repo_config.yaml |
New active notebooks could bypass required-section and papermill-parameters checks if omitted from YAML. | Fixed | Added D1.unconfigured_notebook enforcement and regression coverage for an omitted active notebook. |
| OM-048 | Medium | §3.16 security / §3.29 reproducibility | .gitignore, .dockerignore |
Local secret-file ignores were stronger in .dockerignore than .gitignore, leaving common credential files easier to stage accidentally. |
Fixed | Mirrored common .env.*, cloud credential, SSH/GPG, package-token, private-key, and certificate patterns into .gitignore; tracked-secret scan found no matching committed files. |
| OM-049 | Medium | §3.14 CI/tooling / §3.29 reproducibility | .github/workflows/ci.yml, Dockerfile |
The Docker/devcontainer path had no CI build smoke, so runtime image drift could miss review. | Fixed | Added a non-scheduled docker-build CI job and validated the current image locally with docker build -t ml-eng-lab-ci .. |
| OM-050 | Medium | §3.6 docs / §3.31 consumed contracts | CONTRIBUTING.md, scripts/verify_repo_config.yaml |
New-notebook documentation implied an omitted config entry would use a default six-section requirement, contradicting strict active-notebook config enforcement. | Fixed | Updated contributor and config comments to require every active notebook to be listed explicitly. |
| OM-051 | Low | §3.8 link hygiene / §3.6 docs | docs/jupyterhub-integration.md, docs/vscode-remote-access.md |
Active runtime documentation contained stale intra-doc anchors after heading renumbering. | Fixed | Updated the stale anchors; targeted anchor sweep is clean for the touched links. |
| OM-052 | Medium | §3.17 notebook trace / §3.31 consumed contracts | Reddit phase3 notebooks, scripts/verify_repo.py, tests/test_verify_repo.py |
Tier-C parameter cells used trailing comments on assignments that papermill 2.7 does not infer reliably. | Fixed | Moved parameter comments to preceding lines; added E9.parameter_trailing_comment verifier coverage; papermill inspection now infers all three smoke parameters in each phase3 notebook. |
| OM-053 | Medium | §3.17 notebook trace / §3.13 tests | scripts/verify_repo.py, tests/test_verify_repo.py |
E5 Tier-C baseline comparison included papermill parameter cells, blocking safe boilerplate parameter fixes. | Fixed | Baseline comparison now excludes parameters and injected-parameters cells; added regression coverage. |
| OM-054 | Medium | §3.13 tests / §3.17 notebook guards | tests/nnx_surface/test_notebook_api_surface.py |
Notebook static guards scanned comments and string literals, allowing examples/docstrings to fail migration guard checks. | Fixed | Tokenized executable-line filtering now ignores comments/strings for regex-style guards; NNRun.load("best") detection uses AST calls; added regression tests. |
| OM-055 | Medium | §3.29 reproducibility / §3.31 consumed contracts | Dockerfile, torch-requirements.txt |
Local arm64 Docker builds failed when PyG source packages built before torch was importable in the build environment. |
Fixed | Dockerfile installs the core Torch stack before torch-requirements.txt and uses --no-build-isolation; local docker build -t ml-eng-lab-ci . passed. |
| OM-056 | Medium | §3.29 reproducibility / §3.17 setup trace | Makefile, .github/workflows/ci.yml, README.md, docs/env-setup.md, .devcontainer/devcontainer.json |
Non-Docker setup paths still installed the combined Torch/PyG manifest in one isolated pip transaction, leaving the same source-build failure mode fixed for Docker in OM-055. | Fixed | Added make install-torch-stack to install the pinned Torch core first and then torch-requirements.txt with --no-build-isolation; CI and Codespaces/venv docs now use the target; make -n install-torch-stack codespace-setup and workflow YAML parse passed. |
| OM-057 | Medium | §3.29 reproducibility / §3.31 consumed contracts | torch-core-requirements.txt, torch-requirements.txt, Dockerfile, Makefile, .github/workflows/ci.yml, docs/dependency-contracts.md |
The Torch-first install fixes duplicated core Torch pins across manifests and install scripts, creating a new drift risk. | Fixed | Added torch-core-requirements.txt as the single source for core pins; torch-requirements.txt includes it; Docker/Make install it first; CI cache keys include it; dependency docs updated; Docker build and full validation passed. |
| OM-058 | Medium | §3.8 link hygiene / §3.13 tests | scripts/verify_repo.py, tests/test_verify_repo.py |
S3.broken_link checked only Markdown file existence and missed stale #fragment anchors. |
Fixed | Added Markdown heading slug validation with S3.broken_anchor; ignores inline and fenced code examples; focused regressions and full verifier pass. |
| OM-059 | Medium | §3.8 link hygiene / §3.17 notebook trace | scripts/verify_repo.py, tests/test_verify_repo.py |
S3 link hygiene skipped Markdown links inside active notebook markdown cells. | Fixed | Active notebooks are now scanned as Markdown documents using notebook-relative link bases; added regressions for broken notebook links and notebook code-span examples. |
| OM-060 | Medium | §3.17 notebook trace / §3.13 tests | scripts/verify_repo.py, tests/test_verify_repo.py |
Parameters-tagged cells could omit a real SMOKE_TEST assignment and still pass the verifier, making papermill -p SMOKE_TEST 1 ineffective for smoke targets. |
Fixed | Added AST assignment extraction for parameter cells, new E10.missing_smoke_test_parameter enforcement, focused regression coverage, and full verifier pass. |
| OM-061 | Medium | §3.17 notebook trace / §3.15 helper hygiene | scripts/inject_smoke_test_cell.py, tests/test_inject_smoke_test_cell.py |
The smoke-parameter injector skipped any notebook with a parameters tag, even if that cell did not assign SMOKE_TEST, leaving the helper unable to repair E10 failures. |
Fixed | Injector now checks for a real SMOKE_TEST assignment and augments an existing parameters cell when absent; added regression coverage and full validation passed. |
| OM-062 | Medium | §3.14 CI/tooling / §3.17 notebook trace | scripts/verify_repo.py, tests/test_verify_repo.py |
Tier-A notebook membership was duplicated in Makefile and verifier config, but no check failed when the two execution lists drifted. |
Fixed | Added E11.tier_a_config_drift, a Makefile continuation-list parser, current-state regression coverage, and full verifier validation. |
| OM-063 | Medium | §3.14 CI/tooling / §3.17 notebook trace | scripts/verify_repo.py, tests/test_verify_repo.py |
The new Tier-A drift check still passed when Makefile TIER_A was missing or empty, leaving the execution contract unenforced. |
Fixed | Added E11.tier_a_makefile_missing and regression coverage for an absent Makefile variable; full verifier validation passed. |
| OM-064 | Medium | §3.14 CI/tooling / §3.17 notebook trace | scripts/verify_repo.py, tests/test_verify_repo.py, .github/workflows/ci.yml |
CI artifact upload paths duplicated Tier-A notebook membership but could drift from verifier config without failing local or CI verification. | Fixed | Added E12.tier_a_artifact_paths_missing / E12.tier_a_artifact_paths_drift, workflow parsing, current-state regression coverage, and full verifier validation. |
| OM-065 | Medium | §3.17 CLI trace / §3.25 error handling | scripts/verify_repo.py, tests/test_verify_repo.py |
verify_repo.py --help could fail before argparse ran because config loading happened at import time. |
Fixed | Help requests now tolerate missing config keys/files until real verification is requested; added a copied-script regression with no adjacent config file and full validation passed. |
| OM-066 | Medium | §3.17 CLI trace / §3.13 tests | scripts/verify_repo.py, tests/test_verify_repo.py |
--phase-b-out exported comment candidates without running the main check loop, but still required an irrelevant --check argument. |
Fixed | Made --check conditionally required only outside phase-B export mode; added missing-check and checkless-export regressions; full validation passed. |
| OM-067 | Low | §3.6 docs / §3.8 documentation indexing | README.md |
Repository-layout summary described docs/ as only env/JupyterHub/VS Code/findings docs, omitting current first-class docs such as dependency contracts and the maintenance log. |
Fixed | Broadened the layout summary; docs verifier and full validation passed. |
| OM-068 | Low | §3.6 docs / §3.8 documentation indexing | README.md |
README said per-folder docs were linked from §10, but active task folders are indexed in §4.1 and §10 covers secondary documentation. | Fixed | Updated the navigation sentence to point per-task folders at §4.1 and secondary docs at §10; docs verifier and full validation passed. |
| OM-069 | Low | §3.6 docs / §3.17 notebook trace | README.md, docs/env-setup.md |
Tier-B docs still described the four phase2 Reddit notebooks as a hardcoded sweep even though they now honor SMOKE_TEST_EPOCHS/SMOKE_TEST_SUBSET, and notebook4 also reduces fanout under smoke mode. |
Fixed | Reworded Tier-B policy text to match the current make smoke-tier-b contract; docs verifier and full validation passed. |
| OM-070 | Low | §3.6 docs / §3.17 notebook trace | CHANGELOG.md |
Live [Unreleased] changelog smoke-contract wording still described phase2 Reddit notebooks as hardcoded/unparameterized despite current smoke truncation. |
Fixed | Updated current and historical-context changelog wording to distinguish then-current behavior from the current smoke hooks; docs verifier and full validation passed. |
| OM-071 | Low | §3.6 docs / §3.29 reproducibility | CHANGELOG.md |
Codespaces changelog entry still described the pre-Torch-first install recipe and omitted torch-core-requirements.txt / make install-torch-stack. |
Fixed | Reworded the entry to match codespace-setup: install-torch-stack; docs verifier and full validation passed. |
| OM-072 | Low | §3.6 docs / §3.8 documentation indexing | CHANGELOG.md |
Changelog entries still cited docs/env-setup.md §5 for Tier mapping after Codespaces renumbered Tier mapping to §6. |
Fixed | Updated live references to docs/env-setup.md §6 Tier mapping; docs verifier and full validation passed. |
| OM-073 | Low | §3.6 docs / §3.14 CI/tooling | CONTRIBUTING.md |
Contributor workflow said Tier-B/C CI run only on schedule and workflow_dispatch, omitting the tier-b-smoke PR-label trigger. |
Fixed | Documented the Tier-B label trigger and clarified Tier-C remains schedule/dispatch only; docs verifier and full validation passed. |
| OM-074 | Low | §3.6 docs / §3.17 notebook trace | notebooks/image_classification-mnist-ffnn-pytorch/README.md |
Tier-B MNIST README described the full sweep as 9 hidden_dims × 500 epochs, omitting the two dropout values. |
Fixed | Updated the sweep to 9 hidden_dims × 2 dropouts × 500 epochs; docs verifier and full validation passed. |
| OM-075 | Low | §3.15 helper hygiene / §3.17 generated-helper trace | scripts/inject_smoke_test_cell.py |
Smoke-parameter injector docstring still described the old skip-on-any-parameters-cell behavior, not the current augment-when-SMOKE_TEST-missing behavior. |
Fixed | Updated the docstring; full pytest and verifier validation passed. |
| OM-076 | Low | §3.6 docs / §3.14 CI/tooling | notebooks/image_classification-mnist-ffnn-pytorch/README.md |
Tier-B MNIST README said smoke CI runs only on the weekly schedule or PRs labeled tier-b-smoke, omitting the manual workflow_dispatch trigger. |
Fixed | Added workflow_dispatch to the Tier-B smoke CI sentence; docs verifier and full validation passed. |
| OM-077 | Low | §3.6 docs / §3.29 reproducibility | README.md, CHANGELOG.md |
Codespaces documentation said dependencies are auto-synced at session start, but .devcontainer/devcontainer.json uses a one-time postCreateCommand during Codespace creation. |
Fixed | Reworded the live docs and changelog to say sync happens during Codespace creation via postCreateCommand; docs verifier and full validation passed. |
| OM-078 | Medium | §3.16 supply chain / §3.29 reproducibility / §3.26 configuration | .dockerignore, .gitignore, Dockerfile |
Docker build context could include future ignored local environment or scratch-document files because .dockerignore missed patterns already excluded by .gitignore while Dockerfile uses COPY . .. |
Fixed | Mirrored local environment and scratch-document ignore patterns into .dockerignore; full validation passed. |
| OM-079 | Low | §3.6 docs / §3.14 CI/tooling | docs/env-setup.md, .github/workflows/ci.yml |
Tier mapping docs under-described smoke CI triggers: Tier-B omitted the tier-b-smoke PR-label path and Tier-C omitted the weekly schedule path. |
Fixed | Reworded Tier-B/Tier-C trigger summaries to match the workflow if: clauses; docs verifier and full validation passed. |
| OM-080 | Low | §3.6 docs / §3.14 CI/tooling | Makefile, .github/workflows/ci.yml |
Makefile header still said Tier-B/C were on-demand, omitting the weekly schedule and Tier-B PR-label CI paths. | Fixed | Updated the header comment to distinguish local/manual smoke targets from scheduled and label-triggered CI; full validation passed. |
| OM-081 | Low | §3.6 docs / §3.31 consumed contracts | docs/dependency-contracts.md, torch-requirements.txt |
Dependency ledger said torch-requirements.txt pinned the PyG stack but listed only the wheel index, not the exact PyG package pins from the manifest. |
Fixed | Added the five exact PyG package/version pins to the ledger; focused manifest-vs-ledger check and full validation passed. |
| OM-082 | Medium | §3.13 tests / §3.17 notebook trace | Reddit phase2/phase3 notebooks, scripts/verify_repo.py, tests/test_verify_repo.py |
Eight active Reddit notebooks had 91 cells without nbformat v4 id fields; nbformat currently warns and auto-fills them in memory, but future versions may make this a hard error. |
Fixed | Added deterministic IDs to the affected cells and an S1 verifier rule/regression that checks raw notebook JSON before nbformat can normalize it; full validation passed. |
| OM-083 | Low | §3.13 tests / §3.15 helper hygiene | scripts/inject_smoke_test_cell.py, tests/test_inject_smoke_test_cell.py |
The smoke-parameter injector inserted a parameters cell without an nbformat id, leaving its own synthetic tests to emit MissingIDFieldWarning after OM-082 made cell IDs an explicit invariant. |
Fixed | Inserted parameter cells now receive a unique smoke-params ID; focused injector tests pass with MissingIDFieldWarning promoted to error, and full pytest warning count dropped from 19 to 17. |
| OM-084 | Low | §3.15 helper hygiene / §3.17 CLI trace | scripts/inject_smoke_test_cell.py, scripts/rewrite_imports.py, scripts/verify_repo.py, tests/test_verify_repo.py |
Two direct CLI helper scripts had shebangs but lacked executable bits, so script entrypoint metadata was inconsistent. | Fixed | Set executable bits on the shebang-bearing helpers and added S8 verifier/test coverage for script shebang/executable parity; full validation passed. |
| OM-085 | Low | §3.9 numbered docs / §3.13 tests | notebooks/node_classification-reddit-gnn-pyg/README.md, scripts/verify_repo.py, tests/test_verify_repo.py |
Three active Reddit README H3 headings used 3.1 Phase... instead of the dotted numbered-doc form 3.1. Phase..., and the docs verifier did not enforce this heading shape. |
Fixed | Corrected the headings and added D9.numbered_heading coverage for active numbered docs; focused D9 tests and full validation passed. |
| OM-086 | Low | §3.16 dependency security / §3.31 consumed contracts | docs/dependency-contracts.md, scripts/verify_repo.py, tests/test_verify_repo.py |
The dependency ledger recorded 23 accepted vulnerability findings but the advisory table collapsed duplicate torch feed records for PYSEC-2025-191 and PYSEC-2025-41, leaving only 21 table records. |
Fixed | Added feed-record counts to the accepted advisory table and D10.dependency_ledger_count verifier coverage; focused D10 tests and full validation passed. |
| OM-087 | Low | §3.17 CLI trace / §3.15 helper hygiene | scripts/rewrite_imports.py, tests/test_rewrite_imports.py |
scripts/rewrite_imports.py --help treated --help as a missing notebook path and printed no usage text. |
Fixed | Added a focused CLI regression test and a minimal -h/--help branch that prints usage to stdout with exit 0; focused and full validation passed. |