تشغيل أي مهارة في Manus بنقرة واحدة

inspequte-oss-fp-hunt

النجوم٦

التفرعات٢

آخر تحديث٢٨ فبراير ٢٠٢٦ في ٢٣:٤٢

Run inspequte false-positive hunting against small OSS libraries (Kotlin and Java+Guava), enable inspequte-gradle-plugin in cloned fixtures, capture Jaeger trace screenshots via the shared `scripts/capture-jaeger-trace-screenshot.mjs` helper, and triage SARIF findings one by one.

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

تشغيل في Manus

المصدر

KengoTODA

KengoTODA/inspequte

فتح مستودع GitHub عرض مستودعات المنشئ

تنزيل

تشغيل في Manus

المهن ذات الصلةSOC

استنادا إلى تصنيف SOC المهني

محللو ضمان جودة البرمجيات والمختبرونمهن الحاسوب والرياضيات·SOC 15-1253

مستكشف الملفات

7 ملفات

SKILL.md

readonly

name	inspequte-oss-fp-hunt
description	Run inspequte false-positive hunting against small OSS libraries (Kotlin and Java+Guava), enable inspequte-gradle-plugin in cloned fixtures, capture Jaeger trace screenshots via the shared `scripts/capture-jaeger-trace-screenshot.mjs` helper, and triage SARIF findings one by one.

inspequte OSS FP hunt

Inputs

Repository root of this project (contains gradle-plugin/ and target/debug/inspequte).
Docker available for Jaeger.
Java 21 available and set via JAVA_HOME.
Network access to clone OSS fixtures from GitHub.
Node.js + npm available for screenshot capture.

Outputs

Fixture clones and temporary patches under target/oss-fp/workdir/.
SARIF reports under target/oss-fp/<fixture>/inspequte/.
Triage ledgers under target/oss-fp/triage/.
Run summary in target/oss-fp/report.md.
Jaeger screenshot and trace analysis under target/oss-fp/jaeger/.

Fixture policy

Default fixture set:

Kotlin fixture: plasmoapp/plasmo-config
Java+Guava fixture: launchdarkly/okhttp-eventsource

If one fixture is not buildable, replace it with another thin OSS fixture of the same category and record the reason in target/oss-fp/report.md.

Workflow

Execute .codex/skills/inspequte-oss-fp-hunt/scripts/run-once.sh from repository root.
The script clones fixtures, enables io.github.kengotoda.inspequte with local includeBuild, runs analysis tasks, exports SARIF, and writes triage ledgers with first-pass TP/FP/FAILED classification plus reason and spec=... reference.
Export trace JSON and resolve trace ID:
- trace_json="$(JAEGER_OUT_DIR=target/oss-fp/jaeger .codex/skills/jaeger-spotbugs-benchmark/scripts/export-jaeger-trace.sh)"
- trace_id="$(basename "${trace_json}" .json)"
- trace_id="${trace_id#jaeger-trace-}"
Prepare Playwright runtime once per environment:
- npm install --no-save --no-package-lock playwright@1.53.0
- npx playwright install --with-deps chromium
Capture screenshot via shared script:
- screenshot_png="$(JAEGER_OUT_DIR=target/oss-fp/jaeger node scripts/capture-jaeger-trace-screenshot.mjs "${trace_id}")"
Analyze trace:
- .codex/skills/jaeger-spotbugs-benchmark/scripts/analyze-trace-json.sh "${trace_json}"
Review findings one-by-one in each triage ledger and adjust status only when code evidence contradicts the first-pass classification.

Finding triage rules

First-pass automated classification in run-once.sh:

FP when file is under /.gradle/caches/modules-2/ (classpath dependency out of scope).
FAILED when line=0 (non-actionable location; requires manual rule/location handling).
FP when duplicated by exact key (rule, file, line, message) after first occurrence.
Other findings are marked FAILED with spec=<path> to the corresponding rule spec file.

Manual review policy:

Confirm referenced file/line exists in fixture source.
Compare finding message and source code against the referenced spec.md.
Resolve FAILED items first, then override status only with short code-backed reason.

Guardrails

Do not edit fixture repositories outside target/oss-fp/workdir/.
Keep all artifacts under target/oss-fp/.
Do not report performance bottlenecks without numeric evidence from trace summary.
Keep screenshot files only under target/oss-fp/jaeger/.

المزيد من هذا المستودع

نفس المستودع

inspequte-cargo-audit-fix

KengoTODA/inspequte

Fix Rust dependency audit failures in inspequte by reading cargo audit SARIF output, updating Cargo.toml or Cargo.lock with minimal dependency changes, and verifying with cargo build, cargo test, and cargo audit.

2026-05-066

jaeger-spotbugs-benchmark

KengoTODA/inspequte

Launch Jaeger, run SpotBugs benchmark traces, capture Jaeger UI screenshots via the shared `scripts/capture-jaeger-trace-screenshot.mjs` helper, and report bottlenecks by rule, jar, and class for inspequte. Use when asked to profile `scripts/bench-spotbugs.sh`, inspect Jaeger traces, save screenshots under `target/bench`, and explain the slowest components.

2026-03-136

jaeger-trace-screenshot

KengoTODA/inspequte

Capture a Jaeger trace screenshot for a specified trace ID via `scripts/capture-jaeger-trace-screenshot.mjs`. Use when a trace ID is already known and the task is only to capture and return a deterministic screenshot artifact path.

2026-02-176

inspequte-rule-no-go-resume

KengoTODA/inspequte

Resume a rule implementation that was marked No-Go in GitHub Actions by importing plan/spec/impl from a PR, completing missing behavior and tests, and marking the rule as implemented in no-go-history.

2026-02-126

inspequte-rule-impl

KengoTODA/inspequte

Implement an inspequte rule from spec.md, including tests and minimal docs updates. Use when coding src/rules/<rule-id>/mod.rs and related tests while treating spec.md as immutable unless explicitly asked to change it.

2026-02-126

inspequte-rule-plan

KengoTODA/inspequte

Draft or update a rule plan for inspequte from a short idea and target rule-id. Use when the task is to create or refine src/rules/<rule-id>/plan.md, including risks, without creating spec.md.

2026-02-116

name	inspequte-oss-fp-hunt
description	Run inspequte false-positive hunting against small OSS libraries (Kotlin and Java+Guava), enable inspequte-gradle-plugin in cloned fixtures, capture Jaeger trace screenshots via the shared `scripts/capture-jaeger-trace-screenshot.mjs` helper, and triage SARIF findings one by one.

inspequte OSS FP hunt

Inputs

Repository root of this project (contains gradle-plugin/ and target/debug/inspequte).
Docker available for Jaeger.
Java 21 available and set via JAVA_HOME.
Network access to clone OSS fixtures from GitHub.
Node.js + npm available for screenshot capture.

Outputs

Fixture clones and temporary patches under target/oss-fp/workdir/.
SARIF reports under target/oss-fp/<fixture>/inspequte/.
Triage ledgers under target/oss-fp/triage/.
Run summary in target/oss-fp/report.md.
Jaeger screenshot and trace analysis under target/oss-fp/jaeger/.

Fixture policy

Default fixture set:

Kotlin fixture: plasmoapp/plasmo-config
Java+Guava fixture: launchdarkly/okhttp-eventsource

If one fixture is not buildable, replace it with another thin OSS fixture of the same category and record the reason in target/oss-fp/report.md.

Workflow

Execute .codex/skills/inspequte-oss-fp-hunt/scripts/run-once.sh from repository root.
The script clones fixtures, enables io.github.kengotoda.inspequte with local includeBuild, runs analysis tasks, exports SARIF, and writes triage ledgers with first-pass TP/FP/FAILED classification plus reason and spec=... reference.
Export trace JSON and resolve trace ID:
- trace_json="$(JAEGER_OUT_DIR=target/oss-fp/jaeger .codex/skills/jaeger-spotbugs-benchmark/scripts/export-jaeger-trace.sh)"
- trace_id="$(basename "${trace_json}" .json)"
- trace_id="${trace_id#jaeger-trace-}"
Prepare Playwright runtime once per environment:
- npm install --no-save --no-package-lock playwright@1.53.0
- npx playwright install --with-deps chromium
Capture screenshot via shared script:
- screenshot_png="$(JAEGER_OUT_DIR=target/oss-fp/jaeger node scripts/capture-jaeger-trace-screenshot.mjs "${trace_id}")"
Analyze trace:
- .codex/skills/jaeger-spotbugs-benchmark/scripts/analyze-trace-json.sh "${trace_json}"
Review findings one-by-one in each triage ledger and adjust status only when code evidence contradicts the first-pass classification.

Finding triage rules

First-pass automated classification in run-once.sh:

FP when file is under /.gradle/caches/modules-2/ (classpath dependency out of scope).
FAILED when line=0 (non-actionable location; requires manual rule/location handling).
FP when duplicated by exact key (rule, file, line, message) after first occurrence.
Other findings are marked FAILED with spec=<path> to the corresponding rule spec file.

Manual review policy:

Confirm referenced file/line exists in fixture source.
Compare finding message and source code against the referenced spec.md.
Resolve FAILED items first, then override status only with short code-backed reason.

Guardrails

Do not edit fixture repositories outside target/oss-fp/workdir/.
Keep all artifacts under target/oss-fp/.
Do not report performance bottlenecks without numeric evidence from trace summary.
Keep screenshot files only under target/oss-fp/jaeger/.