Skip to content

fix: pre-launch audit — AsyncTracer bugs, scorecard hardening, doc fixes#220

Open
bmdhodl wants to merge 2 commits intomainfrom
fix/pre-launch-audit
Open

fix: pre-launch audit — AsyncTracer bugs, scorecard hardening, doc fixes#220
bmdhodl wants to merge 2 commits intomainfrom
fix/pre-launch-audit

Conversation

@bmdhodl
Copy link
Owner

@bmdhodl bmdhodl commented Feb 20, 2026

Summary

Pre-launch repo audit fixing runtime bugs, security scorecard, and documentation accuracy.

  • AsyncTracer guard dispatch bug: Guards attached to AsyncTracer were skipping auto_check(), causing LoopGuard and other guards to not fire correctly. Now mirrors sync Tracer's _check_guards() pattern.
  • AsyncTracer API parity: Added sampling_rate, metadata, watermark parameters matching sync Tracer. Users switching from sync to async no longer silently lose functionality.
  • OpenSSF Scorecard hardening: Pinned all 21 GitHub Actions across 8 workflow files to full SHA hashes (fixes Pinned-Dependencies score).
  • Doc fixes: Replaced nonexistent agentguard view CLI command with agentguard report in 10 files. Fixed CLAUDE.md public API list. Fixed README duplicate BudgetGuard in LangChain example.
  • SECURITY.md: Updated supported version table (1.2.x current), added reporter credit policy for OpenSSF Best Practices compliance.

Test plan

  • 511 tests passing, 0 failures
  • No remaining agentguard view references (grep -r "agentguard view" . returns 0)
  • No conflict markers in guards.py
  • AsyncTracer guard dispatch verified via new tests
  • Sampling rate tests (0.0 emits nothing, 1.0 emits all, guards fire when sampled out)

🤖 Generated with Claude Code

@bmdhodl @claude
fix: pre-launch audit — AsyncTracer bugs, scorecard hardening, doc fixes
fc402c8 
- Fix AsyncTracer guard dispatch: use auto_check() matching sync Tracer
- Add sampling_rate, metadata, watermark params to AsyncTracer for API parity
- Pin all 21 GitHub Actions to SHA hashes (scorecard Pinned-Dependencies)
- Replace nonexistent `agentguard view` CLI command with `agentguard report`
- Fix CLAUDE.md public API list (remove unexported TraceContext)
- Fix README duplicate BudgetGuard in LangChain example
- Update SECURITY.md: version table (1.2.x), reporter credit policy
- Add 10 async tracer tests (511 total, all passing)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Feb 20, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bmdhodl