This is an automated email from the ASF dual-hosted git repository.
chaokunyang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/fory.git
The following commit(s) were added to refs/heads/main by this push:
new d42cbef47 chore: fold Fory review skill into agent guidance (#3779)
d42cbef47 is described below
commit d42cbef4771b58fe54b3cd947eab8642f09ba60a
Author: Shawn Yang <[email protected]>
AuthorDate: Tue Jun 23 14:16:32 2026 +0530
chore: fold Fory review skill into agent guidance (#3779)
## Why?
## What does this PR do?
## Related issues
## AI Contribution Checklist
- [ ] Substantial AI assistance was used in this PR: `yes` / `no`
- [ ] If `yes`, I included a completed [AI Contribution
Checklist](https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs)
in this PR description and the required `AI Usage Disclosure`.
- [ ] If `yes`, my PR description includes the required `ai_review`
summary and screenshot evidence of the final clean AI review results
from both fresh reviewers on the current PR diff or current HEAD after
the latest code changes.
## Does this PR introduce any user-facing change?
- [ ] Does this PR introduce any public API change?
- [ ] Does this PR introduce any binary protocol compatibility change?
## Benchmark
---
.agents/README.md | 12 ++-
.agents/ci-and-pr.md | 87 ++++++++++++++++++++-
.agents/skills/fory-code-review/SKILL.md | 90 ----------------------
.agents/skills/fory-code-review/agents/openai.yaml | 21 -----
.../references/lesson-derived-red-flags.md | 45 -----------
.../references/review-checklist.md | 53 -------------
.../references/validation-command-matrix.md | 79 -------------------
.github/pull_request_template.md | 4 +-
AGENTS.md | 11 ++-
AI_POLICY.md | 20 ++---
CONTRIBUTING.md | 3 +-
docs/DEVELOPMENT.md | 4 +
12 files changed, 123 insertions(+), 306 deletions(-)
diff --git a/.agents/README.md b/.agents/README.md
index ed0e89ae3..d850cd3c7 100644
--- a/.agents/README.md
+++ b/.agents/README.md
@@ -6,7 +6,8 @@ Load `AGENTS.md` first. Do not load every file under `.agents/`
by default; read
- `repo-reference.md`: repo layout, protocol overview, compiler notes, and
runtime map.
- `docs-and-formatting.md`: docs, specs, markdown formatting, publishing
notes, and generated-artifact rules.
-- `ci-and-pr.md`: GitHub Actions triage, PR expectations, and commit message
format.
+- `ci-and-pr.md`: code review workflow, review red flags, validation guidance,
GitHub Actions
+ triage, PR expectations, and commit message format.
- `testing/integration-tests.md`: `integration_tests/` prerequisites,
regeneration rules, and commands.
## Runtime References
@@ -44,12 +45,17 @@ Load `AGENTS.md` first. Do not load every file under
`.agents/` by default; read
- relevant runtime file under `languages/`
- `docs-and-formatting.md`
- skill-specific references if using a performance skill
-- PR review or CI triage:
+- Apache Fory PR, branch, commit-range, local-diff code review, or CI triage:
- `AGENTS.md`
- `ci-and-pr.md`
- relevant runtime file under `languages/`
+- Independent general reviewer required by `AI_POLICY.md`:
+ - Follow the `AGENTS.md` independent-review carve-out if tooling auto-loads
`AGENTS.md`.
+ - Do not load `ci-and-pr.md` or use copied Fory-specific review checklist
prompts.
## Canonicality
- Treat the files in this directory as the canonical agent-specific guidance.
-- Existing skill reference matrices under `.agents/skills/` are task-focused
quick references; when they overlap with runtime rules, prefer the matching
file in `languages/` or `testing/`.
+- Review workflow, review red flags, and PR preparation rules belong in
`ci-and-pr.md`;
+ runtime-specific details belong in `languages/`, and cross-language
validation details belong in
+ `testing/`.
diff --git a/.agents/ci-and-pr.md b/.agents/ci-and-pr.md
index 9a3ccd0fe..6f7171f09 100644
--- a/.agents/ci-and-pr.md
+++ b/.agents/ci-and-pr.md
@@ -1,6 +1,8 @@
# CI And PR Guidance
-Load this file when triaging GitHub Actions, preparing a pull request, or
writing commit messages.
+Load this file when doing Apache Fory code reviews of PRs, branches, commit
ranges, or local diffs;
+triaging GitHub Actions; preparing a pull request; or writing commit messages.
Do not load this file
+when explicitly acting as the independent general reviewer required by
`AI_POLICY.md`.
## Workflow Pointers
@@ -37,6 +39,89 @@ Typical flow:
- Before pushing PR work, verify `git remote -v`, the current branch, and the
PR head repository/branch; do not infer push targets from contributor names.
- Do not stage or commit task scratch files such as `tasks/task-*.md`,
`tasks/lessons.md`, or synthesis/plan notes unless the user explicitly asks to
version them.
+## Review Subagents
+
+- When the task environment supports review subagents, perform Apache Fory
code review in a fresh read-only review subagent. The main agent coordinates
scope, sanity-checks findings, and reports the final review.
+- Reuse the same review subagent for later review passes on the same feature
unless the user or workflow requires a fresh reviewer. Start a fresh review
subagent for a different feature, PR, issue, branch, commit range, local diff
topic, or subsystem review.
+- Keep review subagents read-only. They must not edit files, apply patches,
run tests, run builds, run benchmarks, run linters, install packages, commit,
push, fix tests, update docs, or perform implementation work.
+- Review subagents report findings or an explicit no-findings result to the
caller. The main agent decides whether any separate implementation, CI fixing,
or verification task should happen.
+
+## Review Workflow
+
+1. Define the review target.
+
+- Determine whether the target is a GitHub PR, branch, commit range, local
diff, or file subset.
+- For GitHub PR review, create and use a dedicated local worktree before
checking out or fetching the PR branch unless the user explicitly asks to reuse
the current workspace.
+- If reviewing against main, run `git fetch apache main` before diffing.
+- Inspect `git diff --stat` first, then inspect the full patch by touched
subsystem.
+
+2. Load focused context.
+
+- Protocol, type mapping, xlang, `TypeMeta`, `TypeInfo`, reference tracking,
schema evolution, or wire-format changes require the relevant
`docs/specification/**` sections.
+- Runtime-specific changes require the matching `.agents/languages/*.md` file.
+- Runtime cleanup or cross-language alignment changes require comparing the
changed ownership/API shape to the reference runtimes before judging drift,
usually C++ then Rust or Java.
+- Cross-language changes require `.agents/testing/integration-tests.md`.
+- Documentation, public API, benchmark report, or generated-artifact changes
require `.agents/docs-and-formatting.md`.
+
+3. Inspect in priority order.
+
+- Correctness, data corruption, security, and protocol drift.
+- Cross-language consistency and native/xlang behavior boundaries.
+- Performance regressions or invalid benchmark methodology.
+- Public API growth, legacy shims, wrapper layers, and architecture drift.
+- Missing tests, wrong test placement, and missing docs/spec updates.
+
+4. Validate each finding.
+
+- Tie every finding to exact changed lines.
+- Explain the concrete failure mode or regression risk.
+- State why the current code is wrong or incomplete, not only that it differs
from another style.
+- Recommend the missing test, benchmark, spec update, or doc update when that
is the gap.
+
+5. Report findings.
+
+- Findings come first and are ordered by severity.
+- Keep overview and change summary brief and secondary.
+- If there are no findings, say that explicitly and mention residual risks or
testing gaps.
+- If review comments will be posted on GitHub, write them as concise inline
comments with enough context for the author to act.
+
+## Review Red Flags
+
+- One runtime changes xlang or protocol behavior while other affected runtimes
are not updated or explicitly ruled out.
+- Compatible-mode, type-mapping, or wire-format semantics are described from
memory instead of current specs.
+- Runtime ownership moves into broad facades or helper layers instead of the
resolver, context, buffer, stream, or runtime type that owns the state.
+- Removed APIs come back as aliases, shims, or thin wrappers without a clear
user-owned reason.
+- Hot shared paths gain mode booleans, per-call allocations, callback objects,
holder objects, wrapper round trips, or unnecessary forwarding helpers.
+- Benchmark-only flags, payload identity caches, fixture-specific shortcuts,
or serializer-specific conversions inside timed loops change what is measured.
+- Benchmark comparisons are run concurrently on one host, based on smoke
settings, or reported without regenerated `docs/benchmarks/**` artifacts when
benchmark logic changed.
+- Two objects appear to own one reader or writer index.
+- Stream bind or rebind paths do not detach stale backlinks.
+- Flush behavior depends on implicit side effects instead of one explicit
owner.
+- Stream read-loop comments or fixes assume `(0, nil)` from a socket reader
must be fatal immediately.
+- Claimed cleanup is not backed by a full-tree search or exact command output.
+- Documentation overstates runtime support, benchmark conclusions, or
competitive claims beyond the evidence in code and tests.
+
+## Review Validation Matrix
+
+Canonical runtime-specific command rules live in `.agents/languages/*.md`, and
cross-language
+validation rules live in `.agents/testing/integration-tests.md`. This matrix
is a review-oriented
+shortcut for spotting missing evidence.
+
+Use the smallest command set that proves the changed behavior. If protocol or
xlang behavior changed, require the relevant cross-language tests even when the
author did not run them yet.
+For review-only tasks, use this matrix to identify missing verification
evidence and recommend
+commands; do not run these commands from a read-only review subagent. Run
commands only during an
+implementation, CI-fix, or verification task, or when the user explicitly asks
for command execution.
+
+- Repo-wide formatting/lint: `bash ci/format.sh --all`
+- Java: from `java/`, `mvn -T16 spotless:check`, `mvn -T16 checkstyle:check`,
`mvn -T16 test`, or targeted `mvn -T16 test -Dtest=<Class>#<method>`
+- C#: from `csharp/`, `dotnet format Fory.sln --verify-no-changes`, `dotnet
build Fory.sln -c Release --no-restore`, and `dotnet test Fory.sln -c Release`
+- C++: from `cpp/`, `bazel build //cpp/...` and `bazel test $(bazel query
//cpp/...)`; only add `--config=x86_64` on `x86_64` or `amd64`
+- Python: from `python/`, `ruff format .`, `ruff check .`,
`ENABLE_FORY_CYTHON_SERIALIZATION=0 pytest -v -s .`, and
`ENABLE_FORY_CYTHON_SERIALIZATION=1 pytest -v -s .`
+- Rust: from `rust/`, `cargo fmt --check`, `cargo clippy --all-targets
--all-features -- -D warnings`, and `cargo test --features tests`
+- Swift: from `swift/`, `swiftlint lint --config .swiftlint.yml`, `swift
build`, and `swift test`
+- Go: from `go/fory/`, `go fmt ./...` and `go test -v ./...`
+- Xlang matrix triggers: for xlang behavior, type mapping, protocol bytes,
compatible mode, `TypeMeta`, or cross-language container semantics, require
`org.apache.fory.xlang.CPPXlangTest`, `org.apache.fory.xlang.CSharpXlangTest`,
`org.apache.fory.xlang.RustXlangTest`, `org.apache.fory.xlang.GoXlangTest`, and
`org.apache.fory.xlang.PythonXlangTest`; include
`org.apache.fory.xlang.SwiftXlangTest` when Swift xlang behavior changes.
+
## Common CI Failures
- Code style failures: run the relevant formatter (`clang-format`, `prettier`,
`spotless:apply`, `dotnet format`, `cargo fmt`, and so on).
diff --git a/.agents/skills/fory-code-review/SKILL.md
b/.agents/skills/fory-code-review/SKILL.md
deleted file mode 100644
index 5085c57b9..000000000
--- a/.agents/skills/fory-code-review/SKILL.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-name: fory-code-review
-description: Review Apache Fory pull requests, branches, commits, or diffs
with a Fory-specific checklist. Use when auditing code in this repository for
protocol or xlang regressions, performance or benchmark-methodology issues,
cross-language inconsistencies, accidental public API growth, runtime ownership
drift, missing tests, or docs/spec mismatches. Also use before posting Fory
review findings inline to GitHub.
----
-
-# Fory Code Review
-
-## Mission
-
-Find the highest-value bugs, regressions, and missing verification in Apache
Fory changes. Prioritize correctness, protocol safety, performance discipline,
and maintainability over style-only comments.
-
-## Start Here
-
-1. Always perform the code review in a subagent. The main agent coordinates
scope, gathers the subagent's findings, sanity-checks them, and reports the
final review.
-2. Reuse the same review subagent for later review passes on the same feature
unless the user explicitly asks to review that feature in a new subagent.
-3. Do not reuse a review subagent across different features; start a new
subagent for each distinct feature or review topic.
-4. The review subagent must be read-only: it must not write code, apply
patches, create commits, push branches, fix tests, or update docs. It sends
review findings or an explicit no-findings result back to the caller.
-5. If the target is a GitHub PR, create a new local git worktree for the
review before checking out or fetching the PR branch.
-6. Do not switch the current branch or reuse the current worktree for PR
review unless the user explicitly asks for that.
-7. If reviewing against main, run `git fetch apache main` before diffing.
-8. Inspect the changed files first and cluster them by subsystem.
-9. Load only the references needed for the touched areas:
- - `references/review-checklist.md`
- - `references/lesson-derived-red-flags.md`
- - `references/validation-command-matrix.md`
- - matching runtime docs under `../../languages/*.md` when the patch is
language-specific
-
-## Subagent Reuse
-
-- Treat each feature under review as the reuse key. A feature may be a PR,
issue, branch, commit range, local diff topic, or clearly named subsystem
change.
-- When the user asks for another pass on the same feature, send the updated
context to the existing review subagent and ask it to continue from its prior
review state.
-- When the user asks to review a different feature, spawn a fresh review
subagent even if the same files, language, or subsystem are involved.
-- If the user explicitly requests a new subagent for the same feature, honor
that request and do not reuse the prior subagent.
-- Keep implementation work, CI fixing, and non-review exploration out of the
review subagent. The review subagent reports comments to the caller; the caller
decides whether any separate implementation task should happen.
-
-## Review Workflow
-
-1. Define the review target.
-
-- Determine whether the user wants a review of a PR, branch, commit range, or
local diff.
-- Assign the target to the correct review subagent using the Subagent Reuse
rules before inspecting code.
-- For a GitHub PR, create and use a dedicated local worktree for the review.
Keep the current worktree and branch unchanged unless the user explicitly
requests otherwise.
-- In that worktree, fetch the PR head and review there instead of checking out
the PR branch in the current workspace.
-- Prefer `git diff --stat` first, then inspect the full patch only for touched
subsystems.
-
-2. Load focused context.
-
-- Protocol, type mapping, xlang, `TypeMeta`, `TypeInfo`, ref tracking, or
schema evolution changes:
- - Read the relevant `docs/specification/**` sections before reviewing
behavior.
-- Benchmark or performance changes:
- - Review both benchmark code and generated `docs/benchmarks/**` artifacts.
-- Runtime cleanup or cross-language alignment changes:
- - Compare the changed ownership/API shape to the reference runtimes first,
usually C++ then Rust/Java.
-
-3. Inspect in this priority order.
-
-- Correctness, data corruption, security, and protocol drift.
-- Cross-language consistency and native/xlang behavior boundaries.
-- Performance regressions or invalid benchmark methodology.
-- Public API growth, legacy shims, wrapper layers, and architecture drift.
-- Missing tests, wrong test placement, and missing docs/spec updates.
-
-4. Validate each finding.
-
-- Tie the finding to exact changed lines.
-- Explain the concrete failure mode or regression risk.
-- State why the current code is wrong or incomplete, not only that it differs
from another style.
-- Recommend the missing test, benchmark, or spec/doc update when that is the
gap.
-
-5. Report findings.
-
-- Findings first, ordered by severity.
-- Keep overview and change summary brief and secondary.
-- If there are no findings, say that explicitly and mention residual risks or
testing gaps.
-
-## Hard Rules
-
-- Do not lead with style nits when there are correctness or verification risks.
-- Do not write code, edit files, apply patches, commit, push, or fix tests
from the review subagent.
-- Treat benchmark-shape tricks, payload-specific caches, and methodology
changes as real findings.
-- Treat undocumented public API additions, compatibility shims, and one-line
wrapper growth as findings when they increase maintenance surface without clear
need.
-- Treat protocol or performance claims without verification evidence as
incomplete.
-- When stream read loops are involved, remember that `(0, nil)` can be
transient; do not assume immediate failure is correct.
-- If the user wants comments posted on GitHub, produce findings suitable for
inline comments, then use `gh-pr-inline-review` to publish them.
-
-## Output Expectations
-
-- Use clickable file references with line numbers.
-- Keep each finding concrete: impact, evidence, and required fix.
-- Mention missing verification commands when the patch touches protocol,
performance, or cross-language behavior.
diff --git a/.agents/skills/fory-code-review/agents/openai.yaml
b/.agents/skills/fory-code-review/agents/openai.yaml
deleted file mode 100644
index 2b423c171..000000000
--- a/.agents/skills/fory-code-review/agents/openai.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-interface:
- display_name: "Fory Code Review"
- short_description: "Review Apache Fory changes for protocol, perf, and API
risks"
- default_prompt: "Review Apache Fory changes with a Fory-specific checklist
focused on protocol correctness, cross-language consistency, benchmark rigor,
API discipline, missing tests, and docs/spec gaps."
diff --git
a/.agents/skills/fory-code-review/references/lesson-derived-red-flags.md
b/.agents/skills/fory-code-review/references/lesson-derived-red-flags.md
deleted file mode 100644
index f27a0766f..000000000
--- a/.agents/skills/fory-code-review/references/lesson-derived-red-flags.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Lesson-Derived Red Flags
-
-## Protocol Drift
-
-- One runtime changed, but the same xlang behavior exists in other runtimes.
-- Helper names were unified, but signatures still hard-code mode-specific
types.
-- The patch adds explicit `if (xlang)` branching where the protocol is shared.
-- Compatible-mode or type-mapping semantics are described from memory instead
of current spec text.
-
-## Benchmark Methodology Problems
-
-- Benchmark-only config flags or shortcuts bypass real runtime work.
-- Serializer-specific model conversion happens inside timed loops without
being called out.
-- Before/after results were gathered from parallel benchmark runs on one host.
-- Reports or plots were not regenerated after benchmark logic changed.
-- Conclusions are drawn from smoke settings or noisy single-shot runs.
-
-## API And Architecture Drift
-
-- Removed APIs come back as aliases or shims.
-- Thin wrappers and pass-through helpers accumulate instead of being deleted.
-- Public API grows to fix an internal bug.
-- Language-local wrapper types, pending-state stacks, or side caches appear
without matching reference-runtime concepts.
-- Wrapper layers retain ownership that should live in resolver/context/buffer
types.
-
-## Streaming And Buffer Risks
-
-- Two objects appear to own one reader/writer index.
-- Stream bind or rebind paths do not detach stale backlinks.
-- Flush behavior depends on implicit side effects instead of one explicit
owner.
-- Review comments assume `(0, nil)` from a socket reader must be fatal
immediately.
-
-## Tests And Verification Gaps
-
-- Tests live in the wrong package or language suite for the behavior under
review.
-- Protocol or xlang changes lack the required cross-language test coverage.
-- Performance-sensitive changes have no benchmark or regression evidence.
-- Claimed cleanup is not backed by a full-tree search or exact command output.
-
-## Docs And Claim Precision
-
-- Language counts or support coverage are phrased as a fixed closed set.
-- Broad competitive claims are not split into concrete technical dimensions.
-- Titles or summaries overstate what the body proves.
-- Package-facing docs point to the wrong canonical destination.
diff --git a/.agents/skills/fory-code-review/references/review-checklist.md
b/.agents/skills/fory-code-review/references/review-checklist.md
deleted file mode 100644
index 47b840008..000000000
--- a/.agents/skills/fory-code-review/references/review-checklist.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Review Checklist
-
-## 1. Scope And Diff Setup
-
-- Identify the exact review target: `apache/main...HEAD`, PR branch, commit
range, or file subset.
-- Run `git diff --stat` before deep inspection.
-- If the review baseline is `apache/main`, refresh it first with `git fetch
apache main`.
-
-## 2. Protocol And Xlang
-
-- Did the patch touch `docs/specification/**`, `TypeMeta`, `TypeInfo`, type
IDs, ref flags, schema evolution, or xlang header/state?
-- Did the author update every affected runtime, or explicitly prove why the
other runtimes are already aligned?
-- Does the change preserve the intended boundary: xlang changed only where
required, native unchanged unless explicitly requested?
-- Are cross-language tests required but missing?
-- Does the implementation follow current spec text instead of a remembered
older behavior?
-
-## 3. Runtime Ownership And API Shape
-
-- Does the patch move ownership to the right layer (`TypeResolver`,
`ReadContext`, `WriteContext`, buffer/stream owner) instead of bloating `Fory`
facades?
-- Does it introduce wrappers, carrier objects, pending-state stacks, or side
caches that do not exist in the reference runtimes without clear evidence?
-- Does it reintroduce removed APIs, aliases, or compatibility shims against
explicit direction?
-- Are there new one-line forwarding helpers that should be inlined?
-- Are mode booleans or mode-specific parameter types leaking into hot shared
paths?
-
-## 4. Performance And Benchmarks
-
-- Does the patch optimize the runtime rather than the benchmark harness?
-- Does it depend on repeated payload identity, root-only shortcuts, or
fixture-specific behavior?
-- Were benchmark comparisons run sequentially, not concurrently?
-- If benchmark logic/reporting changed, were markdown reports and plots under
`docs/benchmarks/**` refreshed?
-- Are throughput and size comparisons apples-to-apples across languages and
serializer modes?
-
-## 5. Tests And Verification
-
-- Are tests in the right subsystem instead of whichever suite was convenient?
-- Are there targeted regressions tests for the changed behavior?
-- If protocol or xlang behavior changed, is the relevant xlang matrix called
out?
-- If performance-sensitive code changed, is there benchmark or regression
evidence?
-- Do the reported commands match the touched language/module?
-
-## 6. Docs And Public Claims
-
-- Are README, guides, specs, or benchmark docs required by the code change?
-- Do the docs use precise terminology and current semantics?
-- Are tables, captions, and summaries consistent with the body text?
-- Are canonical links and references present where the patch depends on prior
docs or published articles?
-
-## 7. Review Output
-
-- Findings first.
-- Order by severity.
-- Include file/line references.
-- If no findings, still state residual risk or testing gaps.
diff --git
a/.agents/skills/fory-code-review/references/validation-command-matrix.md
b/.agents/skills/fory-code-review/references/validation-command-matrix.md
deleted file mode 100644
index 372c847bc..000000000
--- a/.agents/skills/fory-code-review/references/validation-command-matrix.md
+++ /dev/null
@@ -1,79 +0,0 @@
-# Validation Command Matrix
-
-Use the smallest command set that proves the changed behavior. If protocol or
xlang behavior changed, call out the cross-language tests that should run even
if the author did not run them yet.
-
-Canonical runtime-specific rules now live under `../../../languages/*.md` and
`../../../testing/integration-tests.md`. Use this file as the review-oriented
shortcut matrix.
-
-## Repo-Wide Anchors
-
-- Format/lint sweep: `bash ci/format.sh --all`
-- Refresh remote main before main-branch comparison: `git fetch apache main`
-
-## Java
-
-- Build/test from `java/`
-- Typical checks:
- - `mvn -T16 spotless:check`
- - `mvn -T16 checkstyle:check`
- - `mvn -T16 test`
- - targeted: `mvn -T16 test -Dtest=<Class>#<method>`
-
-## C\#
-
-- Build/test from `csharp/`
-- Typical checks:
- - `dotnet format Fory.sln --verify-no-changes`
- - `dotnet build Fory.sln -c Release --no-restore`
- - `dotnet test Fory.sln -c Release`
-
-## C++
-
-- Build/test from repo root or `cpp/`
-- Architecture note: only add `--config=x86_64` on `x86_64` or `amd64`, not on
arm64.
-- Typical checks:
- - `bazel build //cpp/...`
- - `bazel test $(bazel query //cpp/...)`
-
-## Python
-
-- Work from `python/`
-- Typical checks:
- - `ruff format .`
- - `ruff check .`
- - `ENABLE_FORY_CYTHON_SERIALIZATION=0 pytest -v -s .`
- - `ENABLE_FORY_CYTHON_SERIALIZATION=1 pytest -v -s .`
-
-## Rust
-
-- Work from `rust/`
-- Typical checks:
- - `cargo fmt --check`
- - `cargo clippy --all-targets --all-features -- -D warnings`
- - `cargo test --features tests`
-
-## Swift
-
-- Work from `swift/`
-- Typical checks:
- - `swiftlint lint --config .swiftlint.yml`
- - `swift build`
- - `swift test`
-
-## Go
-
-- Work from `go/fory/`
-- Typical checks:
- - `go fmt ./...`
- - `go test -v ./...`
-
-## Xlang Matrix Triggers
-
-When the patch touches xlang behavior, type mapping, protocol bytes,
compatible mode, `TypeMeta`, or cross-language container semantics, require the
relevant Java-driven xlang tests:
-
-- `org.apache.fory.xlang.CPPXlangTest`
-- `org.apache.fory.xlang.CSharpXlangTest`
-- `org.apache.fory.xlang.RustXlangTest`
-- `org.apache.fory.xlang.GoXlangTest`
-- `org.apache.fory.xlang.PythonXlangTest`
-
-If the touched language is Swift and xlang behavior changed, include
`org.apache.fory.xlang.SwiftXlangTest` too.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 797a72ca6..37ca352a9 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -35,9 +35,9 @@
https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-fo
- [ ] Substantial AI assistance was used in this PR: `yes` / `no`
- [ ] If `yes`, I included a completed [AI Contribution
Checklist](https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs)
in this PR description and the required `AI Usage Disclosure`.
-- [ ] If `yes`, my PR description includes the required `ai_review` summary
and screenshot evidence of the final clean AI review results from both fresh
reviewers on the current PR diff or current HEAD after the latest code changes.
+- [ ] If `yes`, my PR description includes the required `ai_review` summary
and screenshot evidence or equivalent persisted links of the final clean AI
review results from both fresh reviewers described in `AI_POLICY.md`, the
Fory-guided reviewer and the independent general reviewer, on the current PR
diff or current HEAD after the latest code changes.
-<!-- If substantial AI assistance = `yes`, paste the completed checklist and
disclosure block here, including the final ai_review summary and screenshot
evidence from both fresh reviewers on the current PR diff or current HEAD after
the latest code changes. -->
+<!-- If substantial AI assistance = `yes`, paste the completed checklist and
disclosure block here, including the final ai_review summary and screenshot
evidence or equivalent persisted links from both fresh reviewers described in
AI_POLICY.md, the Fory-guided reviewer and the independent general reviewer, on
the current PR diff or current HEAD after the latest code changes. -->
## Does this PR introduce any user-facing change?
diff --git a/AGENTS.md b/AGENTS.md
index a1d207b6a..5cd2581d5 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -7,7 +7,7 @@ This is the entry point for AI guidance in Apache Fory. Read
this file first, th
- `.agents/README.md`: routing table for selective loading.
- `.agents/repo-reference.md`: repo layout, architecture, compiler notes, and
key directories.
- `.agents/docs-and-formatting.md`: documentation, specification, and markdown
rules.
-- `.agents/ci-and-pr.md`: CI triage, PR expectations, and commit conventions.
+- `.agents/ci-and-pr.md`: code review workflow, CI triage, PR expectations,
and commit conventions.
- `.agents/testing/integration-tests.md`: `integration_tests/` prerequisites,
regeneration rules, and commands.
- `docs/security/index.md`: security model index.
- `docs/security/threat-model.md`: project-level trust boundaries, non-goals,
@@ -139,6 +139,15 @@ This is the entry point for AI guidance in Apache Fory.
Read this file first, th
- When reviewing a GitHub pull request, always do the review in a new local
git worktree. Do not switch the current branch or reuse the current worktree
for that review unless the user explicitly asks for it.
- Contributors should fork `[email protected]:apache/fory.git`, push code
changes to the fork, and open pull requests from that fork into `apache/fory`.
+## Code Review Expectations
+
+- For Apache Fory PR, branch, commit-range, and local-diff code reviews, load
`.agents/ci-and-pr.md` and follow its review workflow, red flags, and
validation guidance unless explicitly acting as the independent general
reviewer required by `AI_POLICY.md`.
+- When explicitly acting as the independent general reviewer required by
`AI_POLICY.md`, do not load `.agents/ci-and-pr.md` or use copied Fory-specific
review checklist prompts. Still obey review-only safety rules, this carve-out,
and any general instructions required by the reviewer tool.
+- When the task environment supports review subagents, run Fory-guided code
review through a fresh read-only review subagent while the main agent
coordinates scope, checks findings, and reports the final result.
+- Reuse the same review subagent for later review passes on the same feature
unless a workflow explicitly requires a fresh reviewer; use a fresh review
subagent for each different feature.
+- Review-only tasks are read-only: do not create task files, edit files, apply
patches, run tests, run builds, run benchmarks, run linters, install packages,
commit, push, fix tests, or update docs unless the user explicitly starts an
implementation or verification task.
+- Review-only agents keep planning and findings in memory or in the final
review response. They report missing validation evidence instead of running
validation commands themselves.
+
## Shared Validation Expectations
- Run the relevant tests for every touched language or subsystem before
finishing.
diff --git a/AI_POLICY.md b/AI_POLICY.md
index 850189799..5af135f1b 100644
--- a/AI_POLICY.md
+++ b/AI_POLICY.md
@@ -44,7 +44,7 @@ Required disclosure fields:
- Scope of assistance (for example: design drafting, code drafting, refactor
suggestions, tests, docs)
- Affected files or subsystems (high-level)
- AI review summary (self-review completed, AI review loop status, and final
result)
-- Final AI review artifacts (embedded screenshots or links showing the final
clean AI review results from both fresh reviewers on the current PR diff or
current HEAD after the latest code changes)
+- Final AI review artifacts (embedded screenshots or equivalent persisted
links showing the final clean AI review results from both fresh reviewers on
the current PR diff or current HEAD after the latest code changes)
- Human verification performed (checks run locally or in CI, and results
reviewed by the contributor)
- Provenance and license confirmation (see Section 6)
@@ -56,7 +56,7 @@ AI Usage Disclosure
- scope: <design drafting | code drafting | refactor suggestions | tests |
docs | other>
- affected_files_or_subsystems: <high-level paths/modules>
- ai_review: <line-by-line self-review completed; summarize the two-reviewer
loop and final no-further-comments result>
-- ai_review_artifacts: <embedded screenshots or links showing the final clean
review results from both fresh reviewers on the current PR diff or current HEAD
after the latest code changes>
+- ai_review_artifacts: <embedded screenshots or equivalent persisted links
showing the final clean review results from both fresh reviewers on the current
PR diff or current HEAD after the latest code changes>
- human_verification: <checks run locally or in CI + pass/fail summary +
contributor reviewed results>
- performance_verification: <N/A or benchmark/regression evidence summary>
- provenance_license_confirmation: <Apache-2.0-compatible provenance
confirmed; no incompatible third-party code introduced>
@@ -92,17 +92,17 @@ For substantial AI assistance, every PR MUST also provide
verifiable evidence of
- The contributor personally performs a line-by-line self-review first and
fixes all issues found before requesting AI review.
- The contributor then runs two fresh AI review agents on the current PR diff
or current HEAD after the latest code changes:
- - one reviewer MUST use `.claude/skills/fory-code-review/SKILL.md`
- - one reviewer MUST NOT use that skill
+ - one reviewer MUST be a Fory-guided reviewer prompted to follow `AGENTS.md`
and the review workflow in `.agents/ci-and-pr.md`
+ - one reviewer MUST be an independent general reviewer in a separate
clean-context review session; it MAY follow mandatory repository safety and
contribution instructions required by its tooling, but it MUST NOT be pointed
to `.agents/ci-and-pr.md` or any copied Fory-specific review checklist. If its
tooling auto-loads `AGENTS.md`, it MUST follow the independent-review carve-out
there instead of loading `.agents/ci-and-pr.md`.
- The contributor addresses all actionable comments from both reviewers,
reruns both reviewers on the updated diff, and repeats this loop until both
reviewers report no further actionable comments.
-- The PR body MUST include the final clean AI review result from both
reviewers plus screenshot evidence in the `AI Usage Disclosure`.
+- The PR body MUST include the final clean AI review result from both
reviewers plus screenshot evidence or equivalent persisted links in the `AI
Usage Disclosure`.
- If the contributor cannot produce this evidence, the PR is not ready for
maintainer review.
Definitions for AI review evidence:
- Fresh AI review agent means a new clean-context review session started on
the current diff after the latest code changes. Reusing an old reviewer thread
as the final review evidence is not sufficient.
- Final clean AI review result means the last rerun of both reviewers on the
current PR diff or current HEAD, with no unresolved actionable comments
remaining.
-- Screenshot evidence must show, for each reviewer, the reviewer identity or
workflow label, the reviewed diff/commit or PR state, and the clean
no-further-actionable-comments result. Persisted links with equivalent
information MAY be used when screenshots are impractical.
+- Screenshots or equivalent persisted links must show, for each reviewer, the
reviewer identity or workflow label, the reviewed diff/commit or PR state, and
the clean no-further-actionable-comments result.
Definition of adequate human verification:
@@ -150,7 +150,7 @@ Maintainers MAY close or return PRs that materially fail
project standards, incl
- Contributor cannot explain key implementation logic
- Missing required disclosure for substantial AI assistance
-- Missing required AI review loop evidence, final clean reviewer outputs, or
screenshot artifacts in the PR body
+- Missing required AI review loop evidence, final clean reviewer outputs, or
screenshot artifacts or equivalent persisted links in the PR body
- Missing or inadequate human verification evidence for changed behavior
- Redundant implementation of existing utilities without clear necessity
- Introduction of dead code, unused helpers, or placeholder abstractions
without justification
@@ -182,9 +182,9 @@ This is the canonical checklist for the PR template AI
section.
- [ ] If `yes`, I can explain and defend all important changes without AI help.
- [ ] If `yes`, I reviewed AI-assisted code changes line by line before
submission.
- [ ] If `yes`, I completed line-by-line self-review first and fixed issues
before requesting AI review.
-- [ ] If `yes`, I ran two fresh AI review agents on the current PR diff or
current HEAD after the latest code changes: one using
`.claude/skills/fory-code-review/SKILL.md` and one without that skill.
+- [ ] If `yes`, I ran two fresh AI review agents on the current PR diff or
current HEAD after the latest code changes: one Fory-guided reviewer using
`AGENTS.md` and `.agents/ci-and-pr.md`, and one independent general reviewer in
a separate clean-context review session that was not pointed to
`.agents/ci-and-pr.md` or any copied Fory-specific review checklist. If the
independent reviewer's tooling auto-loaded `AGENTS.md`, it followed the
independent-review carve-out there.
- [ ] If `yes`, I addressed all AI review comments and repeated the review
loop until both ai reviewers reported no further actionable comments.
-- [ ] If `yes`, I attached screenshot evidence of the final clean AI review
results from both fresh reviewers on the current PR diff or current HEAD after
the latest code changes in this PR body.
+- [ ] If `yes`, I attached screenshot evidence or equivalent persisted links
of the final clean AI review results from both fresh reviewers on the current
PR diff or current HEAD after the latest code changes in this PR body.
- [ ] If `yes`, I ran adequate human verification and recorded evidence
(checks run locally or in CI, pass/fail summary, and confirmation I reviewed
results).
- [ ] If `yes`, I added/updated tests and specs where required.
- [ ] If `yes`, I validated protocol/performance impacts with evidence when
applicable.
@@ -198,7 +198,7 @@ AI Usage Disclosure
- scope: <design drafting | code drafting | refactor suggestions | tests |
docs | other>
- affected_files_or_subsystems: <high-level paths/modules>
- ai_review: <line-by-line self-review completed; summarize the two-reviewer
loop and final no-further-comments result>
-- ai_review_artifacts: <embedded screenshots or links showing the final clean
review results from both fresh reviewers on the current PR diff or current HEAD
after the latest code changes>
+- ai_review_artifacts: <embedded screenshots or equivalent persisted links
showing the final clean review results from both fresh reviewers on the current
PR diff or current HEAD after the latest code changes>
- human_verification: <checks run locally or in CI + pass/fail summary +
contributor reviewed results>
- performance_verification: <N/A or benchmark/regression evidence summary>
- provenance_license_confirmation: <Apache-2.0-compatible provenance
confirmed; no incompatible third-party code introduced>
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2cf1fa02b..6039ea363 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -33,7 +33,8 @@ Key points:
- AI tools are allowed as assistants, but contributors remain fully
responsible for all submitted changes.
- AI-assisted code must be reviewed carefully line by line before submission,
and contributors must be able to explain and defend it during review.
-- For substantial AI assistance, contributors must complete a self-review
first, then repeat a two-reviewer AI review loop until both reviewers report no
further actionable comments, and include the final clean review screenshots in
the PR disclosure.
+- For substantial AI assistance, contributors must complete a self-review
first, then repeat a two-reviewer AI review loop on the current PR diff or
current HEAD after the latest code changes until both reviewers report no
further actionable comments. One reviewer must be Fory-guided by `AGENTS.md`
and `.agents/ci-and-pr.md`; the other must be an independent general reviewer
in a separate clean-context session that is not pointed to
`.agents/ci-and-pr.md` or copied Fory-specific review c [...]
+- Include the final clean review screenshots or equivalent persisted links
from both fresh reviewers in the PR disclosure.
- For substantial AI assistance, provide privacy-safe disclosure in the PR
using the [AI Contribution
Checklist](./AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs)
template. Minor/narrow AI assistance does not require full disclosure.
- Include adequate human verification evidence (for example exact
build/lint/test commands and pass/fail outcomes), and add/update tests and
specs where required.
- For protocol/type-mapping/wire-format or performance-sensitive changes,
provide the required compatibility/performance validation evidence.
diff --git a/docs/DEVELOPMENT.md b/docs/DEVELOPMENT.md
index 8fa9fec92..411255a4a 100644
--- a/docs/DEVELOPMENT.md
+++ b/docs/DEVELOPMENT.md
@@ -129,3 +129,7 @@ npx prettier --write "**/*.md"
## Contributing
For contribution details, see [How to contribute to Apache
Fory™](https://github.com/apache/fory/blob/main/CONTRIBUTING.md).
+For AI-assisted contributions, follow the
+[AI Contribution
Policy](https://github.com/apache/fory/blob/main/AI_POLICY.md), including the
+required self-review, two-reviewer AI review loop, disclosure, and
verification evidence for
+substantial AI assistance.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]