docs: reconcile widened doc-gate perimeter (DOC-ENV + ACCESSOR-TRUTH)#59
Closed
mjerris wants to merge 1 commit into
Closed
docs: reconcile widened doc-gate perimeter (DOC-ENV + ACCESSOR-TRUTH)#59mjerris wants to merge 1 commit into
mjerris wants to merge 1 commit into
Conversation
porting-sdk #99 widens accessor_truth.py + doc_env.py to read ALL tracked markdown (not just docs/**), surfacing real pre-existing doc drift. DOC-ENV — correct stale env-var names to the vars the SDK actually reads: - SWML_AUTH_USER -> SWML_BASIC_AUTH_USER - SWML_AUTH_PASS -> SWML_BASIC_AUTH_PASSWORD (auth_mixin.py / security_config.py read SWML_BASIC_AUTH_USER/PASSWORD) - SWML_LOG_LEVEL -> SIGNALWIRE_LOG_LEVEL (logging_config.py reads SIGNALWIRE_LOG_LEVEL) - SWML_BASIC_AUTH_PASSWORD_FILE: removed — the SDK never reads a *_FILE var; reworked the docker tutorial to use an env_file with the real SWML_BASIC_AUTH_USER/PASSWORD the SDK reads directly. ACCESSOR-TRUTH — math skill README described a phantom `eval()`: - the skill does NOT use Python's eval(); it parses to an AST and walks it with a restricted evaluator (ast.parse(mode="eval") + _safe_eval). Rewrote the "Safe Evaluation" section to describe the real AST-based implementation. Not touched (flagged for human decision, deliberately NOT allowlisted): SWML_SCHEMA_PATH / SWML_SCHEMA_MCP_DEBUG are documented in mcp/swml-schema-search/README.md and are genuinely read by the sibling mcp/swml-schema-search/swml_schema_mcp.py. The doc-gate flags them only because its code perimeter is signalwire/signalwire/**/*.py (shippable SDK surface) and excludes the standalone mcp/ tool. Docs and code are both correct; the mismatch is a perimeter artifact, not doc drift. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01PqshDQajCmDHD3xPo4CXMC
Collaborator
Author
|
Consolidated into #58 — one PR per repo for this wave. Closing duplicate. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
porting-sdk #99 widens the doc-gate perimeter —
accessor_truth.py+doc_env.pynow scan all tracked markdown (not justdocs/**). That surfaces real pre-existing doc drift the narrow perimeter missed. #99 can't land green until this port's findings are reconciled.All changes here are docs-only. No SDK code changed.
DOC-ENV findings → fixes (finding → truth-in-source → fix)
SWML_AUTH_USERauth_mixin.py/security_config.pyreadSWML_BASIC_AUTH_USERSWML_BASIC_AUTH_USERSWML_AUTH_PASSSWML_BASIC_AUTH_PASSWORDSWML_BASIC_AUTH_PASSWORDSWML_LOG_LEVELlogging_config.pyreadsSIGNALWIRE_LOG_LEVELSIGNALWIRE_LOG_LEVELSWML_BASIC_AUTH_PASSWORD_FILE*_FILEvar — it readsSWML_BASIC_AUTH_PASSWORDdirectlyenv_filepattern using the real varACCESSOR-TRUTH finding → fix
eval()with restricted builtins"skills/math/skill.pynever callseval(); it doesast.parse(mode="eval")+ a restricted_safe_evalAST walkerFlagged — NOT fixed, NOT allowlisted (needs a human decision)
SWML_SCHEMA_PATHandSWML_SCHEMA_MCP_DEBUGstill trip DOC-ENV. Both are real and correctly documented —mcp/swml-schema-search/swml_schema_mcp.pyreads them (schema-path override + debug-logging toggle), and the doc that names them lives right beside that script (mcp/swml-schema-search/README.md).The mismatch is a perimeter artifact: the gate's code perimeter is
signalwire/signalwire/**/*.py(shippable SDK surface) and deliberately excludes the standalonemcp/tool, while its doc perimeter is all tracked markdown. Docs and code are both correct.Per RULES.md (no autonomous allowlisting) I did not add a
DOC_ENV_ALLOW.mdentry or widen the gate to go green. Candidate resolutions for a maintainer to pick:DOC_ENV_ALLOW.md(they are legitimately doc+code correct, just outside the code perimeter), ormcp/**/*.pyindoc_env.py(treats the MCP tool as documentable surface).Verification
accessor_truth.py --port python→ clean (exit 0)doc_env.py --port python→ only the two flagged MCP vars remain (the perimeter artifact above)🤖 Generated with Claude Code
https://claude.ai/code/session_01PqshDQajCmDHD3xPo4CXMC