Skip to content

Agentic review and linting#798

Draft
ocampana-videotec wants to merge 5 commits into
developmentfrom
tc/agentic-review
Draft

Agentic review and linting#798
ocampana-videotec wants to merge 5 commits into
developmentfrom
tc/agentic-review

Conversation

@ocampana-videotec

Copy link
Copy Markdown
Collaborator

This PR establishes a repository-wide, tool-agnostic AI guidelines framework. As different contributors use different AI assistants (GitHub Copilot, OpenAI, Claude, Gemini, or Cursor), this setup ensures that all models adhere to the exact same repository rules, code conventions, and formatting constraints without duplication.

We are using a "Hub-and-Spoke" configuration layout:

  • The Hub (.ai/): Houses our actual rules and active skill sets written in pure, human-readable Markdown.
  • The Spokes (Root Adapters): Lightweight entry-point files required by various IDEs and AI engines. These files tell the respective AI tools to immediately ingest our central .ai/ directory before processing any user prompts.

I think the main focus should be in reviewing the skill more than the configuration. For me, this could replace PR #726

@willysagefalk

Copy link
Copy Markdown
Member

Maybe a structure like this? Easier to maintain and reuse in different workflows like

  • PR review
  • release review
  • editorial cleanup

.ai/
system-guidelines.md

skills/
onvif-review.md # Main orchestrator
docbook-lint.md # DocBook/XML structure
normative-language.md # RFC 2119 / ISO-style wording
backward-compatibility.md # Release-to-release compatibility
schema-wsdl-xsd-review.md # XML schema and service contract checks
conformance-impact.md # Profiles, add-ons, test specs, test tools
proofreading.md # Grammar, spelling, encoding, whitespace

Comment thread .cursorrules
@venki5685

Copy link
Copy Markdown
Contributor

are we tried this on current ONVIF 26.06 RC2 spec documents to see how it really performs as experimental?

@kieran242

kieran242 commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

I would further echo and support the query @venki5685 has made.

For my own opinion I am very in favour of this functionality as similar Github hooks are in place on all of our dev products within my own organization and it really improves quality.

@ocampana-videotec

Copy link
Copy Markdown
Collaborator Author

Hello, I just implemented a proposal based on Willy's feedback:

  • Central Config (.ai/config.md): Centralizes all formatting, encoding, and Git branch variables into a single file to eliminate rule duplication and configuration drift.
  • ONVIF Guidelines (.ai/system-guidelines.md): Enforces a formal committee tone and strict adherence to RFC 2119 uppercase keywords (SHALL, SHOULD, MAY) to protect specification integrity.
  • Modular Skills: Split the core operations into focused, single-responsibility files (docbook-lint.md, proofreading.md, normative-language.md, backward-compatibility.md, etc.).
  • Workflow Orchestrator (onvif-review.md): Automatically chains relevant sub-skills based on the current task context (e.g., Editorial Cleanup, PR Review, or Release Review).
  • Progressive Git-Diff Formatting: Restricts AI formatting and indentation passes only to lines explicitly modified in the Git diff tree, preventing sweeping layout changes that would cause merge conflicts with other open PRs.

@kieran242 kieran242 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have reviewed all the MD files and for the most part I agree with the content within.

I am however concerned that instead of flagging issues to a user via Git Review comment or suggestion that AI has been given the automatic privilege to update and change content . See my review comment below regarding "Shall" being converted to "SHALL" below.

Can you please confirm my query? and clarify for this PR the intended AI privileges that are being afforded to these tools?

Comment thread .ai/skills/normative-language.md Outdated

### 1. Case Alignment & Syntax Audits
- You SHALL scan all modified prose clauses for requirement keywords (`shall`, `shall not`, `should`, `should not`, `recommended`, `may`).
- If any requirement keyword is found in lowercase or mixed-case within a normative requirement context, you SHALL convert it to strict **UPPERCASE** (e.g., changing "the device shall" to "the device SHALL").

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reads, as do some other parts of the MD files, in this PR that you are stating that this AI set of tools can automatically change and update the content of the ONVIF standards and not flag a review comment!! instead for PR's.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the last push, the feedback does not operate on source but generates a table, as you can see in the following comment

@ocampana-videotec

Copy link
Copy Markdown
Collaborator Author

So, I gave the prompt

Perform a "Release Review" workflow on my currently open specification files using the orchestrator in #file:.ai/skills/onvif-review.md

int this branch, where I basically only have the draft of the draft of AI.xml while the rest is in sync with 26.06 RC2:

# Severity Sub-skill File Line Finding
1 🔴 HIGH Backward Compatibility AI.xml 304-305 The specification normatively mandates MCP 2026-07-28, which the Normative References XML comment (line 122) identifies as a Release Candidate. Binding a released ONVIF specification to an unfinalized external protocol version is a structural backward-compatibility risk; if MCP 2026-07-28 changes semantics before finalization, all conformant implementations become non-conformant. The referenced version MUST be a finalized, immutable published specification before this document is released.
2 🔴 HIGH Backward Compatibility AI.xml 305 MUST NOT use the session-era MCP 2025-11-25 protocol introduces a blanket prohibition of the prior MCP protocol version with no deprecation annotation and no migration guidance. Implementations already adopting MCP 2025-11-25 are rendered immediately non-conformant. A deprecation clause or transition normative annex SHALL be included prior to release.
3 🔴 HIGH Conformance Impact AI.xml 97-108 Chapter 1 (Scope) is an empty stub (<para/> and XML comments only). A conformance test system cannot determine which device classes, profile tiers, or service capabilities are within scope. This is a release-blocking defect; the chapter MUST be fully populated before release.
4 🔴 HIGH Conformance Impact AI.xml 113-134 Chapter 2 (Normative References) is an empty stub. The specification body prose cites MCP, LinkML, ONVIF Core, JWT RFCs, and TLS 1.3 normatively, yet no reference entries exist in the Normative References section. This is a release-blocking defect.
5 🔴 HIGH Conformance Impact AI.xml 620-654 Sections 6.3 (Control Bus), 6.4 (Metadata Data Bus), and 6.5 (Identity and Authorization Server) are empty stubs. These sections are normatively cross-referenced at lines 517-519 ("The Control Bus (A) carries... The Data Bus (B) carries..."). Release with unresolved stub cross-references creates unverifiable conformance requirements.
6 🔴 HIGH Conformance Impact AI.xml 661-770 Chapter 7 (Service Discovery and Data Exchange) is entirely stub content. All subsections — Network Discovery, Session Initialization, Schema Retrieval, Tool Discovery, Skill Invocation, Metadata Event Delivery, and Post-Handshake Knowledge — contain no normative prose. No ONVIF test tool can derive test cases for the core service interaction model. This is a release-blocking defect.
7 🔴 HIGH Conformance Impact AI.xml 807-808 Each Skill exposed via tools/list SHALL include an annotation declaring its access class — the term "annotation" is undefined. No field name, JSON Schema representation, or MCP Tool definition placement is specified. This is an untestable requirement assertion: an implementer cannot determine what to produce, and a test tool cannot determine what to validate. The annotation format SHALL be normatively specified.
8 🟡 MED Normative Language AI.xml 294 This specification normatively uses the Streamable HTTP transport. — "normatively uses" is not an RFC 2119 keyword construct. This sentence is redundant with the binding requirement at line 299 and introduces obligation-level ambiguity. Replace with informative framing (e.g., "The Streamable HTTP transport is used as defined in Section 5.2.2") or remove; the normative MUST at line 299 is sufficient.
9 🟡 MED Normative Language AI.xml 304 This specification normatively requires MCP 2026-07-28. — "normatively requires" is not an RFC 2119 keyword construct. This sentence is redundant with the MUST NOT at line 305. Replace with an informative sentence or remove; retain the binding keyword requirement at line 305.
10 🟡 MED Normative Language AI.xml 457-464 The dynamic schema registration procedure is framed with it SHOULD: but sub-steps 1-4 are expressed as bare imperative paragraphs with no per-step RFC 2119 keyword. The obligation level inherited from the enclosing SHOULD is ambiguous. Each sub-step SHALL be explicitly prefixed with the inherited SHOULD keyword, or the procedure SHALL be restructured using <orderedlist> items with unambiguous RFC 2119 language at each step.
11 🟡 MED Normative Language AI.xml 800 Anonymous access to any MCP endpoint is not permitted. — "is not permitted" is an ambiguous non-RFC 2119 phrase (equivalent to SHALL NOT / MUST NOT). Replace with: An ONVIF Device SHALL NOT accept unauthenticated requests on any MCP endpoint.
12 🟡 MED Normative Language AI.xml 801-806 The paragraph contains two normative behavioral requirements stated without RFC 2119 keywords: (a) "The ONVIF Device maps the access class... and rejects requests... with HTTP 403" SHALL be restated as "The ONVIF Device SHALL map... and SHALL reject..."; (b) "A token carrying onvif:Administrator satisfies all lower access class requirements; a token carrying onvif:Operator satisfies READ_SYSTEM in addition to ACTUATE" — SHALL be restated with SHALL to assert the role hierarchy normatively.
13 🟡 MED Conformance Impact AI.xml 141-206 Terms and Definitions (Section 3.1) and Abbreviations (Section 3.2) are stubs. Terms used normatively throughout the body prose — including "Skill", "Control Bus (A)", "Data Bus (B)", "Schema Registry", and "WSDL-MCP Bridge" — are defined only within XML comments and carry no normative status. Undefined normative terms create conformance test ambiguity; these sections SHALL be populated before release.
14 🟡 MED Conformance Impact AI.xml 404-406 ONVIF Devices MUST pre-compile their LinkML schemas at build time — the qualifier "at build time" introduces an untestable requirement assertion. A runtime conformance test tool cannot determine when compilation occurred. Remove "at build time" and replace with an observable runtime assertion: e.g., "ONVIF Devices MUST include a compiled JSON Schema document in every Tool definition returned by tools/list."
15 🟡 MED Conformance Impact AI.xml 457-464 The SHOULD procedure for dynamic schema re-registration (sub-steps 1-4) defines no timeout bound for step 1 ("Suspend validation"), no maximum retry count, and no error recovery behavior. Without deterministic bounds, the ONVIF Client Test Tool cannot programmatically verify conformance. A normative timeout value and error handling clause SHALL be added to make this procedure testable.
16 ℹ️ INFO Conformance Impact AI.xml N/A No normative mapping between the ONVIF AI Service and any existing ONVIF Profile (S, G, T, M, or newer profiles) is present in any populated section of the document. If any Profile mandates AI analytics service capabilities, this omission creates an untraceable profile conformance gap. The working group SHALL determine and document the Profile dependency matrix — or explicitly state "no Profile dependency" — in Chapter 1 (Scope) before release.

there are still some enhancements to be done, because for example always having development as reference branch is not the best solution. But at least, this gives the idea

@ocampana-videotec

Copy link
Copy Markdown
Collaborator Author

See my review comment below regarding "Shall" being converted to "SHALL" below.

Capitalization of SHALL and similar words has been removed because it was wrong.

@willysagefalk

Copy link
Copy Markdown
Member

Maybe having a set of fix skills that creates PRs ?

Review skills = find everything.
Fix skills = repair boring mechanical stuff
Humans/WG = decide semantic/specification changes.

E.g.

fix/
editorial-fix.md # spelling, grammar, safe prose cleanup
docbook-fix.md # validated , nesting, structural DocBook fixes
formatting-fix.md # whitespace, line endings, indentation
reference-fix.md # broken links/references if target is unambiguous
release-cleanup-pr.md # orchestrates safe fixes and creates one PR

### Pass 2: DocBook 5 Structural Alignment & Paragraph Enforcement
Before calculating indentation depths, evaluate the semantic structure of the document:
1. **DocBook 5 Schema Verification:** If `STRICT_DOCBOOK` is true, evaluate the document against DocBook 5 structural hierarchies. Identify any broken structural syntax or out-of-order parent/child element relationships.
2. **Paragraph Enforcement:** Scan for text blocks, tables, or itemized lists missing container elements. If an exposed or raw text node falls within or immediately adjacent to a modified line tracked in Pass 1, explicitly wrap it in properly closed `<para>...</para>` tags to ensure schema compliance.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will auto-inserts tags, but system-guidelines.md 4 prohibits content generation

- If a modified clause introduces a requirement that cannot be programmatically verified by the ONVIF Device or Client Test Tools, flag it as an "untestable requirement assertion" so the committee can adjust the wording.

### 3. Data Tracking Requirement
- When a structural schema validation error occurs or a missing `<para>` tag is injected, you SHALL record the exact `File` and the specific `Line` number where the structural modification took place.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel this belongs in the lint skills

## Instructions

### 1. ONVIF Structural Contract Audits
- Verify that all newly introduced or modified namespaces strictly adhere to official ONVIF naming conventions and URL structures.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it could be worth to add an inline definition of the pattern (e.g. http://www.onvif.org/ver{NN}/{service}/) or reference a file in the repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants