Skip to content

Fix closed-PR review follow-ups for Pack release evidence and filed-return recovery #47

Description

@lamemustafa

Summary

A sweep of unresolved review threads on merged/closed Pack PRs found several comments that remain valid on current master (0161b8f). This issue tracks the concrete fixes so the original PR conversations can be linked, resolved, and closed without losing the implementation history.

Source review threads

Area Original thread Current validity
Detail identity scoping PR #25: src/connectors/gst/filed-returns-detail-identity.ts compact ReturnPeriod labels Valid: root detection still recognizes spaced labels only and can fall back to body-level stale text.
Harness policy provenance PR #25: policies/agent-harness-policy.snapshot.json snapshot metadata Valid: verifier still checks only field shape; it does not bind the canonical policy digest to the policy contents.
Pre-quarterly GSTR-3B API handoff PR #25: src/connectors/gst/filed-returns-api-search.ts role-status userPref Valid: missing userPref still blocks periods before the Jan 2021 quarterly threshold even though monthly handoff is deterministic.
Blocked evidence counts PR #25: scripts/lib/live-run-evidence.ts full-year evidence counts Valid: blocked/failed evidence still has to reconcile every eligible target, which rejects truthful partial blocked runs.
Node runtime type surface PR #27: package.json @types/node Valid in current form: Pack runtime/workflows remain Node 22.13.0 while the lockfile resolves @types/node@24.13.2.
Release provenance digest PR #32: scripts/verify-github-release-assets.mjs Valid: verifier compares ZIP checksum and asset name but not provenance.package.zipSha256.
Portal fallback correlation PR #33: src/background/filed-returns-download-trigger.ts Valid: portal fallback still observes with an empty URL-marker list, so unrelated GST-origin PDFs can correlate.
Stale popup recovery actions PR #33: src/entrypoints/popup/main.tsx Valid: stale summaries are hidden in the heading but still passed into RecoveryActions.
Direct-download readiness PR #33: src/background/filed-returns-flow-runner.ts / original anchored at background entrypoint Valid: direct download can trigger on the GSTR-3B detail route before period/FY identity is visible.
Trusted direct download evidence PR #33: src/background/download-correlation.ts and direct trigger path Valid: trustedDownloadIds currently bypass URL and PDF evidence.
Changelog readiness claims PR #35: CHANGELOG.md release notes Valid: Unreleased contains shipped release items, 0.2.0 full-year wording is unqualified, and safety/evidence entries are still incomplete.
Full-year per-artifact progress PR #42: src/background/filed-returns-full-fiscal-year.ts Valid: full-year GSTR-1 PDF progress is not durable enough for PDF+Excel retry after restart.
Resumed PDF page preparation PR #42: src/background/filed-returns-flow-runner.ts Valid: a resumed PDF completion skips Excel page preparation if the PDF was completed in a previous invocation.
Excel-specific recovery copy PR #42: src/background/filed-returns-download-trigger.ts Valid: several unconfirmed/rejected Excel download signals still fall back to generic/PDF-oriented copy.
Stale content script refresh PR #42: src/core/messages.ts / background message dispatch Valid: side-effectful messages are sent before protocol-version ping/injection, so updated flows can hit stale content listeners.

Acceptance criteria

  • Closed-PR review follow-ups are fixed in a task-owned worktree/branch, not on master.
  • Every runtime behavior change has a focused failing test first, then the minimal implementation.
  • Download correlation keeps target-bound evidence: direct and portal fallback paths require GST endpoint/period markers and artifact evidence before marking a target downloaded.
  • GSTR-1 PDF+Excel full-year retry does not repeat completed PDFs after service-worker/browser restart and prepares the Excel page even when PDF completion came from persisted progress.
  • Release evidence checks fail closed when checksum/provenance disagree and when harness policy metadata does not match canonical policy contents.
  • Public changelog/readiness wording stays source-build-alpha/local-first unless exact ZIP, clean-profile, restart/resume, and privacy evidence are recorded.
  • AGENTS.md, CLAUDE.md, and relevant docs capture the closed-PR review-thread cleanup process so future Pack work checks unresolved merged-PR review threads before claiming done.
  • Focused tests pass, then full Pack verification gates pass before PR: workflow preflight, dependency audit, WXT prepare, formatting check, ESLint, TypeScript, Vitest, WXT build/package/ZIP verification where applicable, git diff --check, and review gate when a PR exists.

Non-goals

  • Do not broaden Pack host permissions, telemetry, backend upload, credential/session capture, remote selector/config execution, or Chrome Web Store readiness claims.
  • Do not resolve stale/fixed GitHub review conversations without leaving a short evidence comment on the original thread.
  • Do not change release token/secrets policy in code unless the repository has a configured PAT/GitHub App token; current GitHub docs allow GITHUB_TOKEN-created pull_request workflows in approval-required state.

Review-thread cleanup rule

For each source thread above, reply with either the fixing PR/commit evidence or the reason it is no longer applicable, then resolve the review thread. Stale/fixed threads from PRs #32, #35, #37, and #39 should be handled separately with evidence comments and resolution, without being folded into this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions