Skip to content

fix(audit): stabilize audit check ordering#761

Open
jojosenthusiast wants to merge 1 commit into
PostHog:mainfrom
jojosenthusiast:fix/audit-false-positives
Open

fix(audit): stabilize audit check ordering#761
jojosenthusiast wants to merge 1 commit into
PostHog:mainfrom
jojosenthusiast:fix/audit-false-positives

Conversation

@jojosenthusiast

Copy link
Copy Markdown

Refs #736

Summary

  • Adds a stable check-id tiebreaker to audit check sorting.
  • Covers both flat sorted checks and grouped-by-area checks with regression tests.

Verification

  • pnpm exec vitest run src/ui/tui/screens/audit/AuditChecksViewer/__tests__/sort.test.ts --reporter=verbose
  • git diff --check main...HEAD

Risk

Low. This only changes viewer ordering when checks otherwise have the same status and area.

Note

This handles the wizard-side nondeterministic ordering slice of #736. The false-positive detection logic for capture-event-names-static and capture-uses-proxy appears to live in the context-mill audit bundle rather than this repo, so that needs a separate context-mill follow-up.

The audit viewer sorts checks by status then area, but ties on
(status, area) fell through to insertion order. The audit skill writes
the ledger in whatever sequence it happens to resolve checks, so two
runs with identical findings rendered in different positions and the
list appeared to rotate between runs.

Add id as a final tiebreaker in both `sortChecks` and
`groupChecksByArea` so render order is a pure function of the ledger
contents. Adds a regression test covering both call sites.

Scoped fix: the audit logic for `capture-event-names-static` and
`capture-uses-proxy` lives in the external context-mill skill and is
out of scope for this repo.

Refs: PostHog#736
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant