Skip to content

docs: document _getDependencyData() directory parameter semantics#476

Merged
ruromero merged 3 commits intoguacsec:mainfrom
ruromero:TC-4102
Apr 15, 2026
Merged

docs: document _getDependencyData() directory parameter semantics#476
ruromero merged 3 commits intoguacsec:mainfrom
ruromero:TC-4102

Conversation

@ruromero
Copy link
Copy Markdown
Collaborator

@ruromero ruromero commented Apr 14, 2026
edited by atlassian bot
Loading

Summary

  • Add a "Provider Implementation" section to CONVENTIONS.md documenting the _getDependencyData() directory parameter semantics
  • Explains that _createSbom passes both manifestDir (project directory) and workspaceDir (lock file directory) to _getDependencyData
  • Provides guidance for new provider implementations on which directory parameter to use

Implements TC-4102

@ruromero
docs: document _getDependencyData() directory parameter semantics
9c2a34f 
Add JSDoc to Base_pyproject._getDependencyData() explaining that
manifestDir is the project directory and workspaceDir is the lock file
directory. Documents when each should be used by lock-file-based vs
non-lock-file providers.

Implements TC-4102

Assisted-by: Claude Code
@ruromero ruromero requested a review from Strum355 April 14, 2026 11:20
@ruromero
Copy link
Copy Markdown
Collaborator Author

ruromero commented Apr 14, 2026

Verification Report for TC-4102 (commit 9c2a34f)

Check Result Details
Review Feedback N/A No reviews or comments on the PR
Root-Cause Investigation N/A No sub-tasks to investigate
Scope Containment WARN Task specifies CONVENTIONS.md but PR modifies src/providers/base_pyproject.js — intentional scope change directed by author to co-locate docs with code
Diff Size PASS 11 additions, 0 deletions, 1 file — proportionate for a documentation task
Commit Traceability PASS Commit references Implements TC-4102
Sensitive Patterns PASS No matches
CI Status PASS All 4 checks pass (lint Node 22, lint Node 24, PR title, commit messages)
Acceptance Criteria PASS 2 of 2 criteria met (documentation placed in JSDoc per author direction)
Test Quality N/A No test files in the PR
Verification Commands N/A No verification commands in task

Overall: WARN

Scope deviation is intentional — the author redirected documentation from CONVENTIONS.md to a JSDoc comment on Base_pyproject._getDependencyData() in src/providers/base_pyproject.js for maintainability. Both acceptance criteria are satisfied in the new location.

This comment was AI-generated by sdlc-workflow/verify-pr v0.5.11.

Strum355
Strum355 reviewed Apr 14, 2026
View reviewed changes
@ruromero
docs: address review feedback on _getDependencyData JSDoc
72c3374 
Remove caller reference, fix inaccurate fallback claim, and correct
workspaceDir description to scope it to uv only (poetry ignores it).

Implements TC-4102

Assisted-by: Claude Code
@ruromero ruromero requested a review from Strum355 April 14, 2026 11:44
@ruromero
docs: drop obvious JS convention from JSDoc
4c9dc95 
Implements TC-4102

Assisted-by: Claude Code
@ruromero ruromero merged commit d84439a into guacsec:main Apr 15, 2026
4 checks passed
@ruromero ruromero deleted the TC-4102 branch April 15, 2026 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Strum355 Strum355 Strum355 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ruromero @Strum355