> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase38-session06-policy-docs-and-catalogs/code-review.md).

# Code Review and Repair Report

**Session ID**: `phase38-session06-policy-docs-and-catalogs` **Reviewed**: 2026-06-29 **Scope**: All uncommitted changes in the working tree **Result**: RESOLVED

## Review Surface

**Files reviewed** (all uncommitted changes before this report was written):

* `.spec_system/CONSIDERATIONS.md` - tracked-modified
* `.spec_system/PRD/PRD.md` - tracked-modified
* `.spec_system/PRD/phase_38/PRD_phase_38.md` - tracked-modified
* `.spec_system/PRD/phase_38/session_04_dream_scheduling_and_setup.md` - tracked-modified
* `.spec_system/SECURITY-COMPLIANCE.md` - tracked-modified
* `.spec_system/specs/phase38-session02-platform-foundation/security-compliance.md` - tracked-modified
* `.spec_system/specs/phase38-session02-platform-foundation/validation.md` - tracked-modified
* `.spec_system/specs/phase38-session03-aggregate-and-dream-health/IMPLEMENTATION_SUMMARY.md` - tracked-modified
* `.spec_system/specs/phase38-session03-aggregate-and-dream-health/security-compliance.md` - tracked-modified
* `.spec_system/specs/phase38-session03-aggregate-and-dream-health/validation.md` - tracked-modified
* `.spec_system/state.json` - tracked-modified
* `AGENTS.md` - tracked-modified
* `LICENSE` - tracked-modified
* `NOTICE` - tracked-modified
* `README.md` - tracked-modified
* `docs/CHANGELOG.md` - tracked-modified
* `docs/development.md` - tracked-modified
* `docs/onboarding.md` - tracked-modified
* `docs/runbooks/ai-os-dream.md` - tracked-modified
* `package.json` - tracked-modified
* `scripts/lib/__tests__/hermes-dev-bridge.test.ts` - tracked-modified
* `scripts/lib/__tests__/model-helpers.test.ts` - tracked-modified
* `scripts/lib/__tests__/session-scanner.test.ts` - tracked-modified
* `scripts/lib/hermes-dev-bridge.ts` - tracked-modified
* `scripts/lib/model-helpers.ts` - tracked-modified
* `scripts/lib/session-scanner.ts` - tracked-modified
* `src/components/hermes/__tests__/hermes-sections.test.tsx` - tracked-modified
* `src/lib/hermes-demo-data.ts` - tracked-modified
* `.spec_system/specs/phase38-session06-policy-docs-and-catalogs/implementation-notes.md` - untracked
* `.spec_system/specs/phase38-session06-policy-docs-and-catalogs/spec.md` - untracked
* `.spec_system/specs/phase38-session06-policy-docs-and-catalogs/tasks.md` - untracked
* `docs/intelligence-view.md` - untracked
* `docs/local-voice-setup.md` - untracked

**Inventory commands**: `git status`, `git diff HEAD`, `git diff --cached`, `git ls-files --others --exclude-standard`

## Findings by Severity

### Critical

* None.

### High

* None.

### Medium

* `scripts/lib/model-helpers.ts:19` - Dotted upstream Claude catalog IDs such as `claude-opus-4.8` and `claude-sonnet-4.6` normalized correctly but `humanModelName` fell through to generic family labels. Usage and spend summaries that use `humanModelName` could lose the model version. | Fix: made Claude 4.x display regexes accept hyphen, dot, underscore, and colon separators, and added dotted Opus/Sonnet assertions in `scripts/lib/__tests__/model-helpers.test.ts`. | Status: FIXED
* `.spec_system/specs/phase38-session02-platform-foundation/validation.md:27` and `.spec_system/specs/phase38-session03-aggregate-and-dream-health/validation.md:29`
  * Prettier-formatted evidence tables containing command strings with pipe characters became malformed Markdown tables. | Fix: converted the affected Evidence Ledger tables to bullet ledgers and reran a changed-Markdown table integrity scan. | Status: FIXED

### Low

* `.spec_system/specs/phase38-session06-policy-docs-and-catalogs/implementation-notes.md:864`
  * Three recorded fallback prereq commands pointed at the old plugin script path instead of the actual `skills/apex-spec/scripts/` path. | Fix: corrected all three fallback command paths and verified no stale path remains. | Status: FIXED

## Assumptions and Deliberate Non-Fixes

* The `code-review.md` report itself is the output of this command and was not part of the initial inventory count. It was added after all findings were resolved.
* Formatting-only changes in existing spec-system docs were left in place where they were structurally valid and did not change behavior or claims.

## Behavior Changes

* `humanModelName` now returns version-specific labels for dotted Claude 4.x IDs, such as `Claude Opus 4.8` and `Claude Sonnet 4.6`, matching the new catalog labels.

## Verification

* Tests: `bun run test` - PASS - 392 test files passed; 4525 tests passed.
* Focused test: `bun run test -- scripts/lib/__tests__/model-helpers.test.ts`
  * PASS - 44 tests passed.
* Linter: `bun run lint` - PASS.
* Formatter: `bun run format:check` - PASS - all matched files use Prettier code style.
* Type checker: `bun run typecheck` - PASS.
* Script type checker: `bun run typecheck:scripts` - PASS.
* Whitespace: `git diff --check` - PASS.
* Markdown table integrity scan over changed Markdown files - PASS.
* ASCII/LF scan over changed tracked and untracked files - PASS.
* Removed upstream endpoint scan over `README.md`, `AGENTS.md`, and `docs/`
  * PASS - no matches.
* Added-line secret-shaped string scan - PASS - no matches.
* Final diff re-read: no remaining review findings.

## Validation Follow-up Review

During `validate`, the security scan flagged pre-existing fake secret-shaped test fixtures in `scripts/lib/__tests__/hermes-dev-bridge.test.ts` because that file is part of this session's touched deliverables. The placeholders were shortened to non-secret-shaped fake values while preserving the redaction assertions.

**Follow-up scope**:

* `scripts/lib/__tests__/hermes-dev-bridge.test.ts` - validation-time fake secret placeholder cleanup.

**Follow-up result**: RESOLVED

**Follow-up verification**:

* `bun run test -- scripts/lib/__tests__/hermes-dev-bridge.test.ts` - PASS - 17 tests passed.
* `rg -n "sk-[A-Za-z0-9_-]{16,}|Bearer [A-Za-z0-9._-]{16,}|OPENAI_API_KEY=[A-Za-z0-9_-]{16,}|ANTHROPIC_API_KEY=[A-Za-z0-9_-]{16,}|password\\s*[:=]\\s*['\\\"][^'\\\"]{8,}|secret\\s*[:=]\\s*['\\\"][^'\\\"]{8,}" ...` - PASS - no matches in session deliverables after cleanup.
* `git diff --unified=0 -- scripts/lib/__tests__/hermes-dev-bridge.test.ts | rg '^\\+.*(sk-[A-Za-z0-9_-]{16,}|OPENAI_API_KEY=[A-Za-z0-9_-]{16,}|Bearer [A-Za-z0-9._-]{16,})' || true`
  * PASS - no added secret-shaped test placeholders.

## Summary

1. Reviewed 33 uncommitted files spanning policy docs, legal metadata, Hermes catalog data, model helpers, tests, and session artifacts.
2. Findings: 0 critical, 0 high, 2 medium, 1 low; all fixed.
3. No deliberate non-fixes remain; formatting-only historical docs were kept where valid.
4. Verification passed for tests, lint, format, app typecheck, script typecheck, whitespace, Markdown table integrity, ASCII/LF, stale endpoints, and added-line secret-shaped scans.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase38-session06-policy-docs-and-catalogs/code-review.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
