Skip to content

Add Pandora operator verification console#133

Merged
besfeng23 merged 1 commit into
mainfrom
codex/build-pandora-operator-verification-console
Jul 3, 2026
Merged

Add Pandora operator verification console#133
besfeng23 merged 1 commit into
mainfrom
codex/build-pandora-operator-verification-console

Conversation

@besfeng23

Copy link
Copy Markdown
Owner

Motivation

  • Provide a production-safe, read-only Operator Verification Console in /pandora to prove live dashboard data, namespace invariants, master-pack supersession, audit/smoke evidence, and honest retrieval-eval status without exposing fake claims or unsafe actions.
  • Keep all reads scoped to the server-derived authenticated userId, surface missing/unreadable tables as warnings, and preserve existing visual layout and dashboard guards.

Description

  • New server loader lib/services/pandora-verification-service.ts that reads memory_context_packs, audit_logs, and retrieval_logs scoped to the authenticated userId, converts read failures to warnings, and computes per-namespace summaries, supersession evidence, retrieval-eval honesty, smoke evidence, and invariant statuses.
  • Extended components/pandora/types.ts with strongly typed verification models including VerificationStatus, NamespaceVerificationSummary, PackSupersessionSummary, RetrievalEvalSummary, AuditEvidenceItem, SmokeEvidenceSummary, and PandoraVerificationData.
  • New UI cards under components/pandora/: VerificationConsoleCard.tsx, NamespaceInvariantCard.tsx, PackSupersessionCard.tsx, RetrievalEvalCard.tsx, and AuditEvidenceCard.tsx, and wired the verification console into components/pandora/PandoraDashboard.tsx while retaining the three-column layout and existing cards.
  • Dashboard service composition updated to call loadPandoraVerificationData and merge verification warnings into the dashboard warnings without accepting any client-supplied user_id values.
  • Removed production components’ dependency on mock-data (moved nav constants to nav-items.ts) to satisfy production guard rules.
  • Tests added/updated: tests/unit/pandora-verification-service.test.ts, updated tests/unit/pandora-dashboard-ui.test.tsx and tests/unit/pandora-dashboard-guard.test.ts to assert honest not_run behavior and that the verification loader is read-only and service-role-free.
  • Documentation docs/pandora-verification-console.md describing what is live, what remains gated, status semantics, and manual verification steps.
  • Safety boundaries preserved: no model calls, no embeddings, no service-role usage in browser code, no destructive actions or mutations from the verification loader, and all reads use the server-derived user identity.

Testing

  • Ran npm run typecheck (TypeScript tsc --noEmit) — passed.
  • Ran npm run lint (ESLint) — passed with pre-existing warnings (not introduced by this change).
  • Ran npm run test (Vitest) — all tests passed: 93 test files, 598 tests (598 passed, 0 failed) after adding and updating verification tests; targeted test files also pass individually.
  • Ran npm run build (Next.js build) — build succeeded (Next.js runtime warnings unrelated to these changes are unchanged).
  • Ran npm run env:policy — Env Broker policy passed for discovered env keys.

Commands executed in CI-local verification: npm run typecheck, npm run lint, npm run test, npm run build, npm run env:policy.


Codex Task

@vercel

vercel Bot commented Jul 3, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
memory Ready Ready Preview, Comment Jul 3, 2026 8:01pm

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@besfeng23, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 41 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5eff587d-aa79-42e1-a06d-5d358a68e618

📥 Commits

Reviewing files that changed from the base of the PR and between 06ca7ca and 4d7151f.

📒 Files selected for processing (17)
  • components/pandora/AuditEvidenceCard.tsx
  • components/pandora/MobileBottomNav.tsx
  • components/pandora/NamespaceInvariantCard.tsx
  • components/pandora/PackSupersessionCard.tsx
  • components/pandora/PandoraDashboard.tsx
  • components/pandora/RetrievalEvalCard.tsx
  • components/pandora/Sidebar.tsx
  • components/pandora/VerificationConsoleCard.tsx
  • components/pandora/mock-data.ts
  • components/pandora/nav-items.ts
  • components/pandora/types.ts
  • docs/pandora-verification-console.md
  • lib/services/pandora-dashboard-service.ts
  • lib/services/pandora-verification-service.ts
  • tests/unit/pandora-dashboard-guard.test.ts
  • tests/unit/pandora-dashboard-ui.test.tsx
  • tests/unit/pandora-verification-service.test.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/build-pandora-operator-verification-console

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@besfeng23 besfeng23 merged commit a8731de into main Jul 3, 2026
5 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4d7151f1a2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

const latest = rows[0];
if (!latest) return { status: "not_run", source: "retrieval_logs", latestRunId: null, latestRunAt: null, resultLabel: "Not run", realResultAvailable: false, warnings: ["No retrieval eval/log rows returned for this operator."] };
const label = latest.eval_result ?? latest.result ?? latest.status ?? latest.retrieval_service ?? "Real retrieval log row present; no score column returned";
return { status: "pass", source: "retrieval_logs", latestRunId: String(latest.id ?? "unknown"), latestRunAt: String(latest.created_at ?? "No created_at returned"), resultLabel: String(label), realResultAvailable: true, warnings: [] };

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Require eval proof before marking retrieval pass

In environments where any ordinary retrieval has been logged, this returns status: "pass" and realResultAvailable: true without checking for an eval-specific marker; the existing retrieval service writes generic retrieval_logs rows for scaffold searches, and the core table only has generic retrieval columns. That lets /pandora claim the retrieval eval passed from a normal log row, contrary to the gated/no-fake-eval boundary; keep this not_run or warning unless the row proves an actual eval run/result.

Useful? React with 👍 / 👎.

const warnings: string[] = [];
const [packRowsByNamespace, auditRows, retrievalRows] = await Promise.all([
Promise.all(namespaces.map((namespace) => readRows(client, "memory_context_packs", input.userId, warnings, namespace, 100))),
readRows(client, "audit_logs", input.userId, warnings, undefined, 50),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Query audit evidence before truncating rows

When an operator has more than 50 newer audit rows for unrelated actions, this call truncates the audit history before the later filters look for memory_context_pack_distilled and smoke actions. Existing distill or smoke proof just outside the newest 50 rows will be reported as missing/not_run, so a healthy deployment can show false evidence gaps; filter by the target actions in the query or page far enough before deciding evidence is absent.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant