GitHub Refresh Operations¶

PR advisor dashboard for repository review and GitHub workflow context.
This is the dry-run playbook for repository settings, labels, and issue cleanup. It was prepared from a read-only gh issue list check on 2026-06-19. Do not run mutating commands until a maintainer explicitly approves the exact action.
Repository Settings¶
Recommended topics:
gh repo edit NihadMemmedli/quorvex_ai \
--add-topic playwright \
--add-topic testing \
--add-topic test-automation \
--add-topic ai-agents \
--add-topic self-hosted \
--add-topic fastapi \
--add-topic nextjs \
--add-topic qa-automation \
--add-topic e2e-testing \
--add-topic developer-tools
Repository features:
- Issues: enabled
- Discussions: enabled
- Private vulnerability reporting: enable in repository security settings if available
- Pages: keep pointed at the MkDocs deployment generated by
.github/workflows/docs.yml
Branch protection for main:
- Require a pull request before merging
- Require conversation resolution
- Dismiss stale approvals on new commits
- Require CODEOWNER review after
.github/CODEOWNERSis expanded - Require deterministic checks:
Python lintPython unit testsFrontend typecheckFrontend lintFrontend build- docs check from
Deploy Documentation - Docker build once stable enough for every PR
Release environment:
- Create a protected
releaseGitHub Environment. - Require at least one maintainer reviewer.
- Allow image publishing only from
mainmanual runs orvMAJOR.MINOR.PATCHtags.
Label Sync¶
Labels are declared in .github/labels.yml. A maintainer can sync them with gh label create/edit commands or a label-sync action. Suggested manual dry run:
python - <<'PY'
import yaml
for item in yaml.safe_load(open(".github/labels.yml")):
print(f"gh label create {item['name']!r} --color {item['color']!r} --description {item['description']!r} --repo NihadMemmedli/quorvex_ai || gh label edit {item['name']!r} --color {item['color']!r} --description {item['description']!r} --repo NihadMemmedli/quorvex_ai")
PY
Replacement Issues To Create First¶
Create these before closing replaced issues.
Create curated demo spec catalog for onboarding and docs¶
Replaces #18 and #21.
Labels: type:docs, area:docs, area:playwright, priority:p2, effort:medium, status:ready
Body:
## Goal
Create a small maintained catalog of demo specs and generated outputs that new evaluators can trust.
## Context
The repository contains many generated and exploratory specs. That is useful for development, but noisy for onboarding and profile review.
## Acceptance criteria
- Curate 3-5 maintained examples covering UI login, authenticated flow, API/OpenAPI, generated output, and one specialized testing domain.
- Link the examples from `README.md` and `docs/tutorials/examples.md`.
- Add short notes explaining which examples are safe for local evaluator runs.
- Keep real credentials out of specs and generated output.
- Add a maintenance note describing when examples should be updated.
## Replaces
Replaces #18 and #21.
Audit CLI output boundaries: user-facing print vs structured logging¶
Replaces #25 and should also absorb #49.
Labels: type:maintenance, area:backend, priority:p2, effort:medium, status:ready
Body:
## Goal
Audit CLI output so user-facing terminal messages stay intentional while diagnostics use structured logging.
## Context
The old issues split terminal polish and `print()` cleanup. A better task is to define the boundary first, then update `orchestrator/cli.py` and related command-line scripts.
## Acceptance criteria
- Document which CLI messages are user-facing and may remain on stdout.
- Move diagnostics, warnings, and internal progress details to logging or stderr.
- Keep machine-readable output modes stable.
- Add or update tests for representative success and failure output.
- Avoid color/progress dependencies unless they improve a documented user workflow.
## Replaces
Replaces #25 and #49.
Professionalization Issues¶
Create these as roadmap issues after this refresh lands if the work is not fully complete in the PR.
Shorten and reposition README for hiring/profile review¶
Labels: type:docs, area:docs, priority:p1, effort:small
Acceptance criteria:
- README opens with the product value, demo asset, fastest setup paths, examples, and docs links.
- Long setup, troubleshooting, and comparison detail lives in docs pages instead of the README.
- Badge row is high signal and not dominated by vanity metrics.
Harden required CI and optional AI smoke workflows¶
Labels: type:maintenance, area:ci, priority:p1, effort:medium
Acceptance criteria:
- Required CI jobs are deterministic without provider credentials.
- Credentialed AI/browser checks are clearly named optional.
- Branch protection documentation names exact required checks.
- Python format enforcement is either enabled after a formatting migration or tracked separately.
Add security automation: CodeQL, dependency review, secret scan, Scorecard¶
Labels: type:security, area:ci, priority:p1, effort:medium
Acceptance criteria:
- CodeQL analyzes Python and JavaScript/TypeScript.
- Dependency review runs on PRs.
- Secret scanning runs on pushes and PRs.
- OpenSSF Scorecard publishes SARIF.
Harden release image publishing with protected environment, scans, and provenance¶
Labels: type:security, area:ci, area:docker, priority:p1, effort:medium
Acceptance criteria:
- Release image workflow has concurrency.
- Publishing is restricted to semver tags or approved manual runs from
main. - Protected
releaseenvironment is required. - SBOM/provenance is enabled where supported.
- Trivy scan results are uploaded.
Refresh SECURITY/SUPPORT/MAINTAINERS public governance docs¶
Labels: type:docs, area:docs, type:security, priority:p1, effort:small
Acceptance criteria:
SECURITY.mdnames private vulnerability reporting and fallback contact expectations.SUPPORT.mdroutes bugs, questions, security, and operational expectations.MAINTAINERS.mddocuments review expectations and ownership direction.
Align changelog, package versions, tags, and release notes¶
Labels: type:maintenance, area:ci, area:docs, priority:p2, effort:medium
Acceptance criteria:
CHANGELOG.md,pyproject.toml, rootpackage.json,web/package.json, and latest tag agree.- Release notes can be generated from the changelog.
- Existing/latest GitHub Release is updated only after maintainer approval.
Replace GitHub issue templates with project-specific issue forms¶
Labels: type:maintenance, area:docs, priority:p2, effort:small
Acceptance criteria:
- Bug, feature, and docs issue forms exist.
- Blank issues are disabled.
- Security reports route away from public issues.
Expand GitHub labels and branch protection rules¶
Labels: type:maintenance, area:ci, priority:p2, effort:small
Acceptance criteria:
type:*,area:*,priority:*,effort:*, andstatus:*labels are available.- Branch protection required checks match current deterministic workflow job names.
- CODEOWNER review can be enabled once ownership coverage is expanded.
Issues To Close After Approval¶
Use these only after this refresh lands and any replacement issues above exist.
Completed or stale¶
#54 Add Unit Tests for credentials.py
Comment:
Closing as completed/stale after the repository refresh. Credential masking and credential API tests now exist in `orchestrator/tests/test_credentials.py`, and any new credential coverage should be opened as a focused regression issue with current file references.
#46 Add Descriptive Alt Text to Visual Regression Diff Images
Comment:
Closing as stale after the documentation and issue taxonomy refresh. Accessibility work should now be filed with current dashboard/component references and acceptance criteria under the `type:bug` or `type:enhancement` issue form.
#44 Document the Template Include System with Examples
Comment:
Closing as completed/stale. The spec format reference documents `@include` usage and the refreshed examples index points contributors to maintained spec examples. Please open a new docs issue if a specific include behavior is still missing.
#42 Add Practical Examples to the CLI Reference
Comment:
Closing as completed/stale after the examples and docs refresh. Future CLI documentation requests should identify the exact command, expected reader goal, and missing example.
#41 Sync .env.example with the Environment Variables Reference
Comment:
Closing as completed/stale after the docs drift workflow and environment-reference cleanup path were refreshed. Please open a new issue with exact variable names if a current mismatch remains.
#23 Document all environment variables with examples
Comment:
Closing as completed/stale. Environment documentation now lives in the reference docs, and setup paths point readers there. New gaps should be filed as focused docs issues with variable names and expected examples.
Replaced¶
#18 and #21
Comment:
#25 and #49
Comment:
Closing as replaced by <NEW_ISSUE_URL>: Audit CLI output boundaries: user-facing print vs structured logging.
Issues To Keep And Refresh¶
Keep these open, then update titles/bodies/labels with current references:
| Issue | Suggested labels | Current references |
|---|---|---|
#53 JSON utility tests | type:maintenance, area:backend, priority:p2, effort:small | orchestrator/utils/json_utils.py |
#52 backend silent exception logging | type:bug, area:backend, priority:p2, effort:medium | orchestrator/, scripts/ |
#51 optional type hints audit | type:maintenance, area:backend, priority:p3, effort:small | orchestrator/api/health.py |
#50 credential masking docstring/security review | type:security, area:backend, priority:p2, effort:small | orchestrator/api/credentials.py, orchestrator/tests/test_credentials.py |
#48 frontend fetch error feedback | type:bug, area:frontend, priority:p2, effort:medium | web/src/lib/, web/src/app/(dashboard)/ |
#47 dashboard route loading skeletons | type:enhancement, area:frontend, priority:p2, effort:medium | web/src/components/ui/page-skeleton.tsx, web/src/app/(dashboard)/ |
#45 reduced-motion support | type:enhancement, area:frontend, priority:p2, effort:medium | web/src/app/, web/src/components/ |
#43 production troubleshooting coverage | type:docs, area:deployment, priority:p2, effort:small | docs/guides/troubleshooting.md, docs/guides/company-deployment.md |
#24 test run history CSV export | type:enhancement, area:backend, area:frontend, priority:p2, effort:medium | orchestrator/api/runs.py, web/src/app/(dashboard)/runs/page.tsx |
#22 dashboard test-count badge | type:enhancement, area:frontend, priority:p3, effort:small | web/src/app/(dashboard)/layout.tsx, dashboard header components |
#20 app-wide dark mode | type:enhancement, area:frontend, priority:p2, effort:medium | web/src/components/Providers.tsx, web/src/app/layout.tsx |
#19 spec validation error quality | type:bug, area:playwright, area:backend, priority:p2, effort:medium | orchestrator/workflows/, orchestrator/cli.py, docs/reference/spec-format.md |
Mutating Sequence¶
After explicit approval:
- Sync labels.
- Create replacement issues.
- Create any professionalization issues that remain incomplete.
- Comment on and close completed/stale issues.
- Comment on and close replaced issues with links.
- Refresh kept issues with labels and acceptance criteria.
- Apply repository topics/settings and branch protection.