feat: add QSL version control CLI#159
Conversation
Co-Authored-By: Codex <noreply@openai.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
🤖 Codex PR ReviewPlease ensure a human reviewer checks this PR before merging. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3a5e4527ac
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| ).strip() | ||
| except (subprocess.CalledProcessError, FileNotFoundError): | ||
| return False | ||
| return "github.com/QuantStrategyLab/" in remote |
There was a problem hiding this comment.
Accept SSH GitHub remotes in workspace scans
When a QuantStrategyLab checkout uses the common SSH origin form (git@github.com:QuantStrategyLab/Repo.git), this substring check returns false because it only matches HTTPS-style URLs with a slash after github.com. In that environment qslctl check-all silently skips otherwise valid repos that have qsl.toml, so workspace compatibility checks can report success without checking most local clones.
Useful? React with 👍 / 👎.
| r"name\s*=\s*\"(?P<package>[A-Za-z0-9_.-]+)\"[^\n]*" | ||
| r"git\s*=\s*\"https://github\.com/QuantStrategyLab/" | ||
| r"(?P<source_repo>[A-Za-z0-9_.-]+)\.git\?rev=(?P<ref>[A-Za-z0-9_.-]+)" |
There was a problem hiding this comment.
Parse uv.lock package source stanzas too
When an internal dependency appears only in its [[package]] stanza in uv.lock (for example a transitive locked package has name = "..." followed by source = { git = "https://github.com/QuantStrategyLab/..." } on the next line), this pattern never matches because it requires name and git on the same line. That means generate-matrix and matrix checks ignore those locked QSL refs unless they are also repeated in [package.metadata].requires-dist, allowing transitive internal pins in uv.lock to drift without being reported.
Useful? React with 👍 / 👎.
Co-Authored-By: Codex <noreply@openai.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
Summary\n- add qslctl as the unified QSL version-control entry point\n- parse uv.lock internal dependency pins in the dependency matrix checker\n- document the QSL version control plane\n- repair one stale InteractiveBrokersPlatform matrix pin\n\n## Validation\n- python3 -m unittest discover -s python/tests -v\n- python3 -m ruff check python/scripts/qslctl.py python/scripts/check_internal_dependency_matrix.py python/tests/test_qslctl.py python/tests/test_internal_dependency_matrix.py\n- python3 python/scripts/qslctl.py check-all --projects-root /Users/lisiyi/Projects --json\n- remote scan: 23 Quant Dependabot auto-merge workflows all include headRefOid, workflow_run.head_sha, and --match-head-commit