chore(workspace): propagate unified make and release automation

[marlon-costa-dc]

Summary

• propagate centralized scripts/base.mk behavior to all workspace repositories on branch \
• sync release automation updates (project-scoped release scripts, improved command rendering)
• enforce Python 3.13 guardrails via \ and managed test guard script propagation
• update root submodule pointers to the propagated commits and include release script tests

Validation

• make validate VALIDATE_SCOPE=workspace
• ./.venv/bin/pytest tests/scripts/release -q

---

Summary by cubic

Unifies the workspace Makefile and release automation, adds a gh-based PR manager at workspace and repo levels, and enforces Python 3.13 across all projects. Releases are now fully project-scoped (branches, versioning, build, notes), changelog updates are idempotent, and flext-* submodule pointers are refreshed.

• New Features

  • Added make pr in workspace and repo Makefiles; pr_manager supports status/create/view/checks/merge/close with base/head/number/title/body/draft/merge_method/auto/delete-branch and checks_strict (non-blocking by default).
  • Python 3.13 enforcement: creates .python-version and injects tests/conftest guards; integrated into setup/upgrade and validate (--check).
  • Project-scoped release: --projects applied across version/build/notes/run; branch creation and reports respect selection; help/examples updated to v0.11.0; changelog guarded by version heading. Tests cover PR manager (incl. checks_strict), scoped [project].version updates, project resolution, idempotent changelog, and version parsing; *_tests.py now discovered.

• Refactors

  • Introduced libs/* (discovery, selection, subprocess, paths, git, reporting) and migrated core/maintenance/github/release scripts to use them; simplified _discover; .gitignore includes libs.
  • run.py reads [project].version via tomllib; version.py updates only [project].version and supports scoping; dependency detection and workflow sync use shared selection helpers.
  • Centralized remaining script tests under tests/unit.

^{Written for commit 9ca7374. Summary will update on new commits.}

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Rate limit exceeded

@marlon-costa-dc has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 7 minutes and 11 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 0.11.0-dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

1 issue found across 40 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/maintenance/enforce_python_version.py">

<violation number="1" location="scripts/maintenance/enforce_python_version.py:155">
P2: Multi-line `from __future__` imports would be corrupted by guard injection. The skip loop only checks if each line starts with `from __future__`, so a parenthesized import like `from __future__ import (\n    annotations,\n)` would be split, with the guard injected between the opening paren and the imported names. Consider also consuming continuation lines (e.g., detect a trailing `(` and skip until the matching `)`).</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: Multi-line from __future__ imports would be corrupted by guard injection. The skip loop only checks if each line starts with from __future__, so a parenthesized import like from __future__ import (\n annotations,\n) would be split, with the guard injected between the opening paren and the imported names. Consider also consuming continuation lines (e.g., detect a trailing ( and skip until the matching )).

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At scripts/maintenance/enforce_python_version.py, line 155:

<comment>Multi-line `from __future__` imports would be corrupted by guard injection. The skip loop only checks if each line starts with `from __future__`, so a parenthesized import like `from __future__ import (\n    annotations,\n)` would be split, with the guard injected between the opening paren and the imported names. Consider also consuming continuation lines (e.g., detect a trailing `(` and skip until the matching `)`).</comment>

<file context>
@@ -0,0 +1,247 @@
+        insert_idx += 1
+
+    # Skip __future__ imports (must come before guard)
+    while insert_idx < len(lines) and lines[insert_idx].strip().startswith(
+        "from __future__"
+    ):
</file context>

[cubic-dev-ai]

4 issues found across 34 files (changes from recent commits).

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/github/pr_manager.py">

<violation number="1" location="scripts/github/pr_manager.py:156">
P2: The `--merge-method` argument lacks `choices` validation in argparse, so an invalid value (e.g., a typo like `rebase-merge`) silently falls back to `--squash` via the `.get()` default. This can cause a PR to be merged with an unintended strategy. Add `choices=["merge", "rebase", "squash"]` to the argument definition, consistent with how `--action` is validated.</violation>
</file>

<file name="base.mk">

<violation number="1" location="base.mk:103">
P2: `pr` in `STANDARD_VERBS` causes every `make pr` invocation to run `_preflight`, which auto-formats markdown/Go files and enforces venv existence. This means `make pr PR_ACTION=status` may unexpectedly modify files and will fail without a venv, even though the `pr` target only needs system `python3`. Consider removing `pr` from `STANDARD_VERBS` and listing it only in `.PHONY`.</violation>

<violation number="2" location="base.mk:511">
P1: Shell quoting breakage for `PR_TITLE` and `PR_BODY`: Make expands the variable before the shell sees it, so values containing double quotes, backticks, or `$()` will break the command or cause unintended shell interpretation. Consider passing these values via environment variables instead of command-line arguments, which avoids shell quoting entirely.</violation>
</file>

<file name="Makefile">

<violation number="1" location="Makefile:455">
P2: Missing `$(ENFORCE_WORKSPACE_VENV)` guard in the `pr` target. Every other target that invokes `$(ORCHESTRATOR)` (which depends on the workspace venv) includes this guard. Without it, running `make pr` before `make setup` will produce a confusing failure instead of the standard venv-not-found error message.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Shell quoting breakage for PR_TITLE and PR_BODY: Make expands the variable before the shell sees it, so values containing double quotes, backticks, or $() will break the command or cause unintended shell interpretation. Consider passing these values via environment variables instead of command-line arguments, which avoids shell quoting entirely.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At base.mk, line 511:

<comment>Shell quoting breakage for `PR_TITLE` and `PR_BODY`: Make expands the variable before the shell sees it, so values containing double quotes, backticks, or `$()` will break the command or cause unintended shell interpretation. Consider passing these values via environment variables instead of command-line arguments, which avoids shell quoting entirely.</comment>

<file context>
@@ -484,6 +501,20 @@ validate: ## Run validate gates (VALIDATE_GATES=complexity,docstring to select,
+		--base "$(PR_BASE)" \
+		$(if $(PR_HEAD),--head "$(PR_HEAD)",) \
+		$(if $(PR_NUMBER),--number "$(PR_NUMBER)",) \
+		$(if $(PR_TITLE),--title "$(PR_TITLE)",) \
+		$(if $(PR_BODY),--body "$(PR_BODY)",) \
+		--draft "$(PR_DRAFT)" \
</file context>

[cubic-dev-ai]

P2: The --merge-method argument lacks choices validation in argparse, so an invalid value (e.g., a typo like rebase-merge) silently falls back to --squash via the .get() default. This can cause a PR to be merged with an unintended strategy. Add choices=["merge", "rebase", "squash"] to the argument definition, consistent with how --action is validated.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At scripts/github/pr_manager.py, line 156:

<comment>The `--merge-method` argument lacks `choices` validation in argparse, so an invalid value (e.g., a typo like `rebase-merge`) silently falls back to `--squash` via the `.get()` default. This can cause a PR to be merged with an unintended strategy. Add `choices=["merge", "rebase", "squash"]` to the argument definition, consistent with how `--action` is validated.</comment>

<file context>
@@ -0,0 +1,199 @@
+    _ = parser.add_argument("--title", default="")
+    _ = parser.add_argument("--body", default="")
+    _ = parser.add_argument("--draft", type=int, default=0)
+    _ = parser.add_argument("--merge-method", default="squash")
+    _ = parser.add_argument("--auto", type=int, default=0)
+    _ = parser.add_argument("--delete-branch", type=int, default=0)
</file context>

[cubic-dev-ai]

P2: pr in STANDARD_VERBS causes every make pr invocation to run _preflight, which auto-formats markdown/Go files and enforces venv existence. This means make pr PR_ACTION=status may unexpectedly modify files and will fail without a venv, even though the pr target only needs system python3. Consider removing pr from STANDARD_VERBS and listing it only in .PHONY.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At base.mk, line 103:

<comment>`pr` in `STANDARD_VERBS` causes every `make pr` invocation to run `_preflight`, which auto-formats markdown/Go files and enforces venv existence. This means `make pr PR_ACTION=status` may unexpectedly modify files and will fail without a venv, even though the `pr` target only needs system `python3`. Consider removing `pr` from `STANDARD_VERBS` and listing it only in `.PHONY`.</comment>

<file context>
@@ -89,8 +99,8 @@ $(LINT_CACHE_DIR):
-.PHONY: help setup build check security format docs docs-base docs-sync-scripts test validate clean _preflight
-STANDARD_VERBS := setup build check security format docs test validate clean
+.PHONY: help setup build check security format docs docs-base docs-sync-scripts test validate clean pr _preflight
+STANDARD_VERBS := setup build check security format docs test validate clean pr
 $(STANDARD_VERBS): _preflight
 
</file context>

Suggested change

	STANDARD_VERBS := setup build check security format docs test validate clean pr
	STANDARD_VERBS := setup build check security format docs test validate clean

[cubic-dev-ai]

P2: Missing $(ENFORCE_WORKSPACE_VENV) guard in the pr target. Every other target that invokes $(ORCHESTRATOR) (which depends on the workspace venv) includes this guard. Without it, running make pr before make setup will produce a confusing failure instead of the standard venv-not-found error message.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At Makefile, line 455:

<comment>Missing `$(ENFORCE_WORKSPACE_VENV)` guard in the `pr` target. Every other target that invokes `$(ORCHESTRATOR)` (which depends on the workspace venv) includes this guard. Without it, running `make pr` before `make setup` will produce a confusing failure instead of the standard venv-not-found error message.</comment>

<file context>
@@ -435,6 +452,24 @@ release-ci: ## Non-interactive release run for CI/tag workflows
 		$(if $(TAG),--tag "$(TAG)",) \
 		$(if $(BUMP),--bump "$(BUMP)",)
 
+pr: ## Manage pull requests for selected projects
+	$(Q)$(ENSURE_NO_PROJECT_CONFLICT)
+	$(Q)$(ENSURE_SELECTED_PROJECTS)
</file context>

Suggested change

	pr: ## Manage pull requests for selected projects
	$(Q)$(ENSURE_NO_PROJECT_CONFLICT)
	$(Q)$(ENSURE_SELECTED_PROJECTS)
	$(Q)$(ENSURE_PROJECTS_EXIST)
	pr: ## Manage pull requests for selected projects
	$(Q)$(ENSURE_NO_PROJECT_CONFLICT)
	$(Q)$(ENFORCE_WORKSPACE_VENV)
	$(Q)$(ENSURE_SELECTED_PROJECTS)
	$(Q)$(ENSURE_PROJECTS_EXIST)

[cubic-dev-ai]

1 issue found across 10 files (changes from recent commits).

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/maintenance/_discover.py">

<violation number="1" location="scripts/maintenance/_discover.py:14">
P0: Import from non-existent module `libs.discovery`. The `discover_projects` function and the `libs/` package do not exist anywhere in the repository. This script will crash with `ModuleNotFoundError` at runtime. Either the `libs/discovery.py` module needs to be created (with `discover_projects` and `ProjectInfo` equivalents), or the removed local implementations need to be restored.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P0: Import from non-existent module libs.discovery. The discover_projects function and the libs/ package do not exist anywhere in the repository. This script will crash with ModuleNotFoundError at runtime. Either the libs/discovery.py module needs to be created (with discover_projects and ProjectInfo equivalents), or the removed local implementations need to be restored.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At scripts/maintenance/_discover.py, line 14:

<comment>Import from non-existent module `libs.discovery`. The `discover_projects` function and the `libs/` package do not exist anywhere in the repository. This script will crash with `ModuleNotFoundError` at runtime. Either the `libs/discovery.py` module needs to be created (with `discover_projects` and `ProjectInfo` equivalents), or the removed local implementations need to be restored.</comment>

<file context>
@@ -4,49 +4,14 @@
-        kind = "submodule" if entry.name in submodules else "external"
-        projects.append(ProjectInfo(path=entry, name=entry.name, kind=kind))
-    return projects
+from libs.discovery import discover_projects
 
 
</file context>