@sohamganatrachecks…fix/audit-tag-corrections → master2271 files · +3180 −4744updated 1mo agoAudited every action under apps/ against the canonical convention defined in docs/TAG_CONVENTION.md (see #23000) and applied the meaningful fixes. 2,271 actions updated.
This is the cleanup follow-up to the Salesforce escalation (#22512) and the LLM-audited bulk PRs (#22514, #22523), running against the v5 convention with the lessons we learned from those.
To keep the diff focused on real escalation-class issues, deliberately filtered out:
idempotentHint:true on GETs/sets per the spec). Convention-compliant cleanup, can land in a follow-up.openWorldHint:true so missing isn't escalation-class.+destructiveHint on toggle-pair / relationship-severance verbs. Watch/Unwatch, Follow/Unfollow, Subscribe/Unsubscribe, Remove member from team, Detach driver from opportunity — these are reversible state changes per the convention's reversibility test.The convention itself was refined during this audit; updates land alongside #23000.
| count | diff | what it is |
|---|---|---|
| 843 | −idempotentHint | false replay-safety claim removed (e.g. POSTs that create new IDs) |
| 271 | +destructiveHint | true entity-destruction missing the flag (silently bypassing Block-Destructive policies) |
| 197 | +createHint −readOnlyHint | Salesforce-escalation class — write actions tagged read-only |
| 192 | −updateHint | over-tagged update on actions that are actually pure creates / deletes |
| 161 | +createHint −updateHint | misclassified — actually create new resources |
| 145 | +updateHint | missing primary classification entirely |
| 71 | +updateHint −createHint | misclassified — actually modify existing resources |
| 51 | −destructiveHint | false-restrictive — Asana-class fix, actions tagged destructive but reversible |
| 45 | +createHint −idempotentHint, −readOnlyHint | Salesforce-class with cleanup |
| 43 | +createHint | missing create classification |
| 38 | +updateHint −readOnlyHint | Salesforce-class for updates |
~280 actions in the explicit Salesforce-escalation class (was tagged readOnlyHint, actually a write).
Were tagged read-only but perform real writes:
CLICKHOUSE_EXECUTE_QUERY — runs arbitrary SQL incl. DROP TABLEANTHROPIC_ADMINISTRATOR_CREATE_MESSAGE — billable inference callAMPLITUDE_GET_COHORT — POST creates a cohort export jobSLACK_SET_USER_ACTIVE — state changeSTRIPE_EXPIRE_CHECKOUT_SESSION — irreversible session expiry (was already fixed in master between audit and this PR)Missing destructiveHint on real destruction:
GLEAP_ARCHIVE_A_TICKET / GLEAP_ARCHIVE_ALL_TICKETSCOUPA_CLOSE_SOFT_CLOSE_EXTERNAL_P_ONEW_RELIC_OVERRIDE_ENTITY_GOLDEN_TAGSFalsely tagged destructive on benign reversibles (the inverse Salesforce class):
NEW_RELIC_UNDELETE_DASHBOARD — restores a dashboard, opposite of destructiveGMAIL_STOP_WATCH — re-watching restoresNOTION_ARCHIVE_NOTION_PAGE — un-archive is a normal flowRun via the pipeline introduced in #23000 (scripts/tag_audit/):
_tags.ruff format only the touched files.🤖 Generated with Claude Code