Skip to content

GitHub Refresh Operations

PR advisor dashboard for repository review and GitHub workflow context

PR advisor dashboard for repository review and GitHub workflow context.

This is the dry-run playbook for repository settings, labels, and issue cleanup. It was prepared from a read-only gh issue list check on 2026-06-19. Do not run mutating commands until a maintainer explicitly approves the exact action.

Repository Settings

Recommended topics:

gh repo edit NihadMemmedli/quorvex_ai \
  --add-topic playwright \
  --add-topic testing \
  --add-topic test-automation \
  --add-topic ai-agents \
  --add-topic self-hosted \
  --add-topic fastapi \
  --add-topic nextjs \
  --add-topic qa-automation \
  --add-topic e2e-testing \
  --add-topic developer-tools

Repository features:

  • Issues: enabled
  • Discussions: enabled
  • Private vulnerability reporting: enable in repository security settings if available
  • Pages: keep pointed at the MkDocs deployment generated by .github/workflows/docs.yml

Branch protection for main:

  • Require a pull request before merging
  • Require conversation resolution
  • Dismiss stale approvals on new commits
  • Require CODEOWNER review after .github/CODEOWNERS is expanded
  • Require deterministic checks:
  • Python lint
  • Python unit tests
  • Frontend typecheck
  • Frontend lint
  • Frontend build
  • docs check from Deploy Documentation
  • Docker build once stable enough for every PR

Release environment:

  • Create a protected release GitHub Environment.
  • Require at least one maintainer reviewer.
  • Allow image publishing only from main manual runs or vMAJOR.MINOR.PATCH tags.

Label Sync

Labels are declared in .github/labels.yml. A maintainer can sync them with gh label create/edit commands or a label-sync action. Suggested manual dry run:

python - <<'PY'
import yaml
for item in yaml.safe_load(open(".github/labels.yml")):
    print(f"gh label create {item['name']!r} --color {item['color']!r} --description {item['description']!r} --repo NihadMemmedli/quorvex_ai || gh label edit {item['name']!r} --color {item['color']!r} --description {item['description']!r} --repo NihadMemmedli/quorvex_ai")
PY

Replacement Issues To Create First

Create these before closing replaced issues.

Create curated demo spec catalog for onboarding and docs

Replaces #18 and #21.

Labels: type:docs, area:docs, area:playwright, priority:p2, effort:medium, status:ready

Body:

## Goal

Create a small maintained catalog of demo specs and generated outputs that new evaluators can trust.

## Context

The repository contains many generated and exploratory specs. That is useful for development, but noisy for onboarding and profile review.

## Acceptance criteria

- Curate 3-5 maintained examples covering UI login, authenticated flow, API/OpenAPI, generated output, and one specialized testing domain.
- Link the examples from `README.md` and `docs/tutorials/examples.md`.
- Add short notes explaining which examples are safe for local evaluator runs.
- Keep real credentials out of specs and generated output.
- Add a maintenance note describing when examples should be updated.

## Replaces

Replaces #18 and #21.

Audit CLI output boundaries: user-facing print vs structured logging

Replaces #25 and should also absorb #49.

Labels: type:maintenance, area:backend, priority:p2, effort:medium, status:ready

Body:

## Goal

Audit CLI output so user-facing terminal messages stay intentional while diagnostics use structured logging.

## Context

The old issues split terminal polish and `print()` cleanup. A better task is to define the boundary first, then update `orchestrator/cli.py` and related command-line scripts.

## Acceptance criteria

- Document which CLI messages are user-facing and may remain on stdout.
- Move diagnostics, warnings, and internal progress details to logging or stderr.
- Keep machine-readable output modes stable.
- Add or update tests for representative success and failure output.
- Avoid color/progress dependencies unless they improve a documented user workflow.

## Replaces

Replaces #25 and #49.

Professionalization Issues

Create these as roadmap issues after this refresh lands if the work is not fully complete in the PR.

Shorten and reposition README for hiring/profile review

Labels: type:docs, area:docs, priority:p1, effort:small

Acceptance criteria:

  • README opens with the product value, demo asset, fastest setup paths, examples, and docs links.
  • Long setup, troubleshooting, and comparison detail lives in docs pages instead of the README.
  • Badge row is high signal and not dominated by vanity metrics.

Harden required CI and optional AI smoke workflows

Labels: type:maintenance, area:ci, priority:p1, effort:medium

Acceptance criteria:

  • Required CI jobs are deterministic without provider credentials.
  • Credentialed AI/browser checks are clearly named optional.
  • Branch protection documentation names exact required checks.
  • Python format enforcement is either enabled after a formatting migration or tracked separately.

Add security automation: CodeQL, dependency review, secret scan, Scorecard

Labels: type:security, area:ci, priority:p1, effort:medium

Acceptance criteria:

  • CodeQL analyzes Python and JavaScript/TypeScript.
  • Dependency review runs on PRs.
  • Secret scanning runs on pushes and PRs.
  • OpenSSF Scorecard publishes SARIF.

Harden release image publishing with protected environment, scans, and provenance

Labels: type:security, area:ci, area:docker, priority:p1, effort:medium

Acceptance criteria:

  • Release image workflow has concurrency.
  • Publishing is restricted to semver tags or approved manual runs from main.
  • Protected release environment is required.
  • SBOM/provenance is enabled where supported.
  • Trivy scan results are uploaded.

Refresh SECURITY/SUPPORT/MAINTAINERS public governance docs

Labels: type:docs, area:docs, type:security, priority:p1, effort:small

Acceptance criteria:

  • SECURITY.md names private vulnerability reporting and fallback contact expectations.
  • SUPPORT.md routes bugs, questions, security, and operational expectations.
  • MAINTAINERS.md documents review expectations and ownership direction.

Align changelog, package versions, tags, and release notes

Labels: type:maintenance, area:ci, area:docs, priority:p2, effort:medium

Acceptance criteria:

  • CHANGELOG.md, pyproject.toml, root package.json, web/package.json, and latest tag agree.
  • Release notes can be generated from the changelog.
  • Existing/latest GitHub Release is updated only after maintainer approval.

Replace GitHub issue templates with project-specific issue forms

Labels: type:maintenance, area:docs, priority:p2, effort:small

Acceptance criteria:

  • Bug, feature, and docs issue forms exist.
  • Blank issues are disabled.
  • Security reports route away from public issues.

Expand GitHub labels and branch protection rules

Labels: type:maintenance, area:ci, priority:p2, effort:small

Acceptance criteria:

  • type:*, area:*, priority:*, effort:*, and status:* labels are available.
  • Branch protection required checks match current deterministic workflow job names.
  • CODEOWNER review can be enabled once ownership coverage is expanded.

Issues To Close After Approval

Use these only after this refresh lands and any replacement issues above exist.

Completed or stale

#54 Add Unit Tests for credentials.py

Comment:

Closing as completed/stale after the repository refresh. Credential masking and credential API tests now exist in `orchestrator/tests/test_credentials.py`, and any new credential coverage should be opened as a focused regression issue with current file references.

#46 Add Descriptive Alt Text to Visual Regression Diff Images

Comment:

Closing as stale after the documentation and issue taxonomy refresh. Accessibility work should now be filed with current dashboard/component references and acceptance criteria under the `type:bug` or `type:enhancement` issue form.

#44 Document the Template Include System with Examples

Comment:

Closing as completed/stale. The spec format reference documents `@include` usage and the refreshed examples index points contributors to maintained spec examples. Please open a new docs issue if a specific include behavior is still missing.

#42 Add Practical Examples to the CLI Reference

Comment:

Closing as completed/stale after the examples and docs refresh. Future CLI documentation requests should identify the exact command, expected reader goal, and missing example.

#41 Sync .env.example with the Environment Variables Reference

Comment:

Closing as completed/stale after the docs drift workflow and environment-reference cleanup path were refreshed. Please open a new issue with exact variable names if a current mismatch remains.

#23 Document all environment variables with examples

Comment:

Closing as completed/stale. Environment documentation now lives in the reference docs, and setup paths point readers there. New gaps should be filed as focused docs issues with variable names and expected examples.

Replaced

#18 and #21

Comment:

Closing as replaced by <NEW_ISSUE_URL>: Create curated demo spec catalog for onboarding and docs.

#25 and #49

Comment:

Closing as replaced by <NEW_ISSUE_URL>: Audit CLI output boundaries: user-facing print vs structured logging.

Issues To Keep And Refresh

Keep these open, then update titles/bodies/labels with current references:

Issue Suggested labels Current references
#53 JSON utility tests type:maintenance, area:backend, priority:p2, effort:small orchestrator/utils/json_utils.py
#52 backend silent exception logging type:bug, area:backend, priority:p2, effort:medium orchestrator/, scripts/
#51 optional type hints audit type:maintenance, area:backend, priority:p3, effort:small orchestrator/api/health.py
#50 credential masking docstring/security review type:security, area:backend, priority:p2, effort:small orchestrator/api/credentials.py, orchestrator/tests/test_credentials.py
#48 frontend fetch error feedback type:bug, area:frontend, priority:p2, effort:medium web/src/lib/, web/src/app/(dashboard)/
#47 dashboard route loading skeletons type:enhancement, area:frontend, priority:p2, effort:medium web/src/components/ui/page-skeleton.tsx, web/src/app/(dashboard)/
#45 reduced-motion support type:enhancement, area:frontend, priority:p2, effort:medium web/src/app/, web/src/components/
#43 production troubleshooting coverage type:docs, area:deployment, priority:p2, effort:small docs/guides/troubleshooting.md, docs/guides/company-deployment.md
#24 test run history CSV export type:enhancement, area:backend, area:frontend, priority:p2, effort:medium orchestrator/api/runs.py, web/src/app/(dashboard)/runs/page.tsx
#22 dashboard test-count badge type:enhancement, area:frontend, priority:p3, effort:small web/src/app/(dashboard)/layout.tsx, dashboard header components
#20 app-wide dark mode type:enhancement, area:frontend, priority:p2, effort:medium web/src/components/Providers.tsx, web/src/app/layout.tsx
#19 spec validation error quality type:bug, area:playwright, area:backend, priority:p2, effort:medium orchestrator/workflows/, orchestrator/cli.py, docs/reference/spec-format.md

Mutating Sequence

After explicit approval:

  1. Sync labels.
  2. Create replacement issues.
  3. Create any professionalization issues that remain incomplete.
  4. Comment on and close completed/stale issues.
  5. Comment on and close replaced issues with links.
  6. Refresh kept issues with labels and acceptance criteria.
  7. Apply repository topics/settings and branch protection.