Summary
Audited the VERIFIED reddit QA rows whose Mercury vs Official doc status was FAILED, then re-grepped each action's real HTTP path(s) before deriving CNF-only _scopes.
Changed actions
| Action | Old | New | Reason | Source |
|---|
REDDIT_CREATE_COMMENT | {"all_of": [{"any_of": ["submit OR privatemessages (parent-dependent)"]}]} | {"all_of": [{"any_of": ["submit", "privatemessages"]}]} | POST /api/comment is documented as an any endpoint, but the page explicitly says Link/Comment replies require submit and Message replies require privatemessages. Replaced the invented prose token with the real scope alternatives from the endpoint doc. | QA row + Reddit docs POST /api/comment |
REDDIT_GET_FLAIR | no _scopes gate | {"all_of": ["modflair"]} | Action code calls GET /r/{subreddit}/api/flairlist; the Reddit docs mark that endpoint modflair. | QA row + Reddit docs GET /r/{subreddit}/api/flairlist |
REDDIT_GET_SCOPES | [] | {"all_of": []} | GET /api/v1/scopes is an any endpoint. Kept the no-scope semantics but normalized to the CNF-only _scopes shape requested for this audit. | QA row + Reddit docs GET /api/v1/scopes |
REDDIT_GET_USER_ABOUT | {"all_of": [{"any_of": ["*"]}]} | {"all_of": [{"any_of": ["identity", "read"]}]} | The action has two mutually exclusive real code paths: username == "me" calls GET /api/v1/me (identity), while all other usernames call GET /user/{username}/about (read). Since each invocation executes only one branch, the correct CNF is a single OR clause, not an AND across both scopes. | QA row + Reddit docs GET /api/v1/me, GET /user/{username}/about |
REDDIT_GET_USERNAME_AVAILABLE | {"all_of": [{"any_of": ["identity"]}]} | {"all_of": []} | GET /api/username_available is documented as any, so the old identity requirement was an unnecessary runtime gate. | QA row + Reddit docs GET /api/username_available |
Coverage matrix
REDDIT_CREATE_COMMENT
| Code path | Actual endpoint | Doc scopes | Covered by new _scopes |
|---|
Reply to Link (t3_...) | POST /api/comment | submit | yes |
Reply to Comment (t1_...) | POST /api/comment | submit | yes |
Reply to Message (t4_...) | POST /api/comment | privatemessages | yes |
REDDIT_GET_USER_ABOUT
| Code path | Actual endpoint | Doc scopes | Covered by new _scopes |
|---|
username == "me" branch | GET /api/v1/me | identity | yes |
| public-user branch | GET /user/{username}/about.json | read | yes |
Reviewed but not changed
No need review rows were present on VERIFIED reddit.
| Action | QA row outcome | Why no change | Source |
|---|
REDDIT_REDDIT_GET | FAILED (Url not present) | The sheet had no reliable endpoint mapping, so I re-checked the action code. It only dispatches to listing endpoints selected by sort (/hot, /new, /rising, /top, /controversial, /best), and Reddit documents those listing endpoints under read. Existing _scopes = {"all_of": [{"any_of": ["read"]}]} was already correct. | Reddit docs GET /hot, GET /new, GET /rising, GET /top, GET /controversial |
Validation
./.nox/fmt_app/bin/ruff format apps/reddit/actions/create_comment.py apps/reddit/actions/get_flair.py apps/reddit/actions/get_scopes.py apps/reddit/actions/get_user_about.py apps/reddit/actions/get_username_available.py./.nox/chk_app/bin/ruff check apps/reddit/actions/create_comment.py apps/reddit/actions/get_flair.py apps/reddit/actions/get_scopes.py apps/reddit/actions/get_user_about.py apps/reddit/actions/get_username_available.py- AST-verified each edited
_scopes with ast.literal_eval against the CNF shape required by mercury/tools/_base/action.py.
Bugbot pass
- Addressed Cursor Bugbot thread
PRRT_kwDOOV9UsM6BGOik in follow-up commit 502ebe4bc0.
- Addressed a second Cursor Bugbot thread
PRRT_kwDOOV9UsM6BGTv4 with clarification commit 08c6239ba7; this was a false positive caused by interpreting mutually exclusive branches as a single multi-endpoint invocation.
- Addressed a third Cursor Bugbot thread
PRRT_kwDOOV9UsM6BGdQ5 in commit 396357d8c7 by normalizing REDDIT_GET_FLAIR to the standard single-clause CNF wrapper form without changing its required scope.
- Resolved all three threads after pushing and replied inline on each.
Retrospective
- The first PR version over-applied the “include every actual HTTP call” rule to
REDDIT_GET_USER_ABOUT. Although the action references two documented endpoints, they are reached through mutually exclusive branches, not a multi-endpoint sequence in one invocation.
- The fix was to revert the overly strict
identity AND read gate to the correct branch-aware OR gate: {"all_of": [{"any_of": ["identity", "read"]}]}.
Follow-up note
REDDIT_GET_USER_ABOUT intentionally remains {"all_of": [{"any_of": ["identity", "read"]}]}. The action branches by input and each invocation hits exactly one documented endpoint, so requiring both scopes would over-restrict valid read-only calls for public-user lookups.
@surajmarkupchecks…fix/reddit-scope-qa-mismatches → master5 files · +10 −4updated 1mo ago