Archie architecture snapshot + per-folder CLAUDE.md testbed#4228
Open
gbrbks wants to merge 15 commits into
Open
Archie architecture snapshot + per-folder CLAUDE.md testbed#4228gbrbks wants to merge 15 commits into
gbrbks wants to merge 15 commits into
Conversation
Contributor
|
Important Review skippedToo many files! This PR contains 289 files, which is 139 over the limit of 150. To get a review, narrow the scope: ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (11)
📒 Files selected for processing (289)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…e.json Older Archie (pre-2.4.4) was persisting the absolute project path into .archie/deep_scan_state.json under run_context.project_root, which leaked "/Users/hamutarto/DEV/gbr/openmeter" into the committed state file. Archie 2.4.4 stopped writing this field (BitRaptors/Archie#55). The existing leaked value is removed here so the committable state stays machine-agnostic and portable across dev laptops / CI runners. No other paths leaked — verified with grep for /Users/, /home/, /root/, /var/folders/, and "gbr" across .archie/, CLAUDE.md, AGENTS.md, .claude/. Every remaining "/" string comes from actual gitignore content or doc examples, not from environment-specific paths.
… rename - Replace time.Now() with clock.Now() in adapter/manage.go DeleteMeter - Make OrderBy switch in adapter/meter.go return a typed validation error for unknown values instead of silently falling back to createdAt - Rename package declaration in all httphandler/*.go files from httpdriver to httphandler so directory name matches package name Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ngRepo ListMeters and GetMeterByIDOrSlug now rebind to any ctx-carried Ent transaction, matching the pattern used by all mutating adapter methods. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…Meter] Replace the ad-hoc []PreUpdateMeterHook slice in ManageService with the canonical models.ServiceHookRegistry[Meter] pattern used by customer, subscription, and entitlement. The new RegisterHooks method aligns ManageService with the ServiceHooks interface. Pre-update hook now receives *Meter (the current entity) rather than UpdateMeterInput, matching the ServiceHook[T].PreUpdate signature. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…+1s hack Use clock.Now() in both ListEventsParams.Validate() and the default From floor in the v1 ListEvents handler so tests can freeze time. Remove the +1s workaround that compensated for the two separate time.Now() calls drifting apart — clock.Now() is the same instant across both call sites. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
# Conflicts: # AGENTS.md
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
Comment on lines
+77
to
+79
| if (token === ENTERPRISE_TOKEN) { | ||
| return fetchEnterpriseReport() | ||
| } |
There was a problem hiding this comment.
A timing attack might allow hackers to bruteforce passwords - high severity
An insecure way to compare passwords to user input might allow hackers to bruteforce passwords.
Show fix
Remediation: Use crypto.timingSafeEqual, a timing-safe string comparison function built into NodeJS
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
There was a problem hiding this comment.
9 Open source vulnerabilities detected - high severity
Aikido detected 9 vulnerabilities across 3 packages, it includes 1 high and 8 medium vulnerabilities.
Details
Remediation Aikido suggests bumping the vulnerable packages to a safe version.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.archie/(blueprint, scan, skeletons, dependency graph, drift history, health data) plusCLAUDE.md/AGENTS.md/.claude/rules/*synthesized from itCLAUDE.md(~505 files acrossopenmeter/,api/,pkg/,cmd/, etc.) so agents editing deep in the tree get folder-local architectural guidance instead of only the root docHow it was produced
/archie-deep-scan→.archie/blueprint.json+ rule files in.claude/rules//archie-intent-layer→ bottom-up DAG traversal of 504 folders, spawned Sonnet subagents per folder, merged results into per-folderCLAUDE.mdTest plan
openmeter/billing/CLAUDE.md,openmeter/billing/charges/CLAUDE.md,api/v3/handlers/customers/CLAUDE.md) and judge whether the guidance would help an agent making edits in that folderCLAUDE.md/AGENTS.mdat repo root against pre-Archie versions to see what the scan added.archie/drift_report.json/.archie/findings.jsonfor any surfaced architecture issuesCaveats
.archie/*.pytooling is gitignored; all outputs (JSON blueprints, enrichment files) are intentionally committed so the baseline travels with the branch🤖 Generated with Claude Code