docs(skill): improve backport-management with tiered triage, path pre-filter, and public-API conflict review

[DrJKL]

PR Created by the Glary-Bot Agent

---

Synthesizes lessons from the recent v1.43.16 backport session (PRs #11856–#11862) into the .claude/skills/backport-management/ skill.

Documentation only — no code, no workflow, no automation changes.

What's new

SKILL.md

• Quick Start expanded from 7 to 12 steps, surfacing the pre-filter and target-file-existence check that should run BEFORE per-PR triage
• New gotcha: Cherry-Picked Tests Can Reference Files Added By Earlier Unbackported PRs — drop the test, document why
• New gotcha: Backport-Only Compatibility Shims — when a refactor-style fix's mechanism relies on changes that aren't on the older branch, a literal cherry-pick can recreate the bug for extensions still using the old contract. Real example: fix: stop duplicate node creation when dropping image on Vue nodes #11541 + LGraphNode.vue handleDrop
• New section: Path Pre-Filter under Auto-Skip Categories — auto-skip PRs touching only apps/website/, browser_tests/, .github/, packages/design-system/, generated types, .claude/, docs/, or *.stories.ts. Removes 30–50% of candidates without reading their bodies

reference/analysis.md

• New subsection: Verify Target File Existence — git cat-file -e before cherry-pick to skip PRs targeting features the branch doesn't ship, faster than letting cherry-pick fail with modify/delete
• New section: Tiered Triage — Tier 1 (core editor must-haves), Tier 2 (cloud-distribution only), Tier 3 (skip) before per-PR Y/N. Surfaces release-engineering decisions a flat MUST/SHOULD list obscures

reference/discovery.md

• Reconciliation workflow combining Slack bot list + git gap, subtracting already-backported PRs (extracted via Backport of # grep on the branch)
• Clarifies that no single source is authoritative

reference/execution.md

• New Step 0: Test-Then-Resolve Pre-Pass — moved the dry-run loop to the top of the workflow so you classify clean vs conflict before triggering automation
• New inline guard: Public-API conflict review in the manual cherry-pick loop — consult oracle BEFORE pushing if resolution touches LiteGraph callbacks, node.* methods, or extension-API surfaces
• Per-PR validation block (typecheck + targeted unit tests + ESLint + oxfmt) before push, in addition to wave verification
• Three new lessons learned (19–21) covering the above
• New PR Body Template for manual cherry-picks — non-negotiable conflict-resolution section so reviewers don't have to re-derive resolution logic from the diff six months later

Why

1. Path pre-filtering caught 35 of 61 candidates as skip before any per-PR analysis was needed during the v1.43.16 session (apps/website/, CI, tests, design-system). The previous flat MUST/SHOULD/SKIP rubric meant reading every PR.

2. Oracle review on PR [backport core/1.43] fix: stop duplicate node creation when dropping image on Vue nodes (#11541) #11856 (fix: stop duplicate node creation when dropping image on Vue nodes #11541 backport) caught a regression in LGraphNode.vue:823 where the upstream PR's removal of the legacy handled === true sync-return path would silently break custom nodes still using the old onDragDrop contract — recreating the very duplicate-node bug the PR was fixing. The skill had no guidance for this class of issue.

3. Two separate backports (fix cloud frontend runtime guard regressions #11180, fix: stop duplicate node creation when dropping image on Vue nodes #11541) hit the same modify/delete conflict pattern: a test file added on main by an earlier unbackported PR. The skill's Conflict Triage table covered modify/delete generally but didn't surface this specific anti-pattern of smuggling in test scaffolding without its prerequisites.

4. Discovery sources — the skill assumed Slack bot + git gap as inputs but didn't show how to reconcile them with already-backported PRs, leading to potential double-cherry-picking.

Verification

• No code, no workflow, no automation changes — skill documentation only
• git diff --check clean
• All four edited files render as valid markdown
• Cross-references between SKILL.md and reference/*.md files validated by line-count check

Out of scope (intentionally not changed)

• The pr-backport.yaml GitHub Action — the skill describes this but doesn't own it
• The Slack bot — described as Source 1, not modified
• The PR title convention [backport TARGET] ... — kept as-is (CodeRabbit's auto-skip filter relies on it)

┆Issue is synchronized with this Notion page by Unito

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR expands the backport-management playbook: adds path pre-filtering, a target-file-existence pre-check with auto-skip, a dry-run "test-then-resolve" cherry-pick classification, tiered triage, public-API conflict review guidance (LiteGraph/extension/node.*), richer discovery reconciliation, and standardized PR body templates and logging.

Changes

Backport-Management Playbook Enhancement

Layer / File(s)	Summary
Discovery & Reconciliation .claude/skills/backport-management/reference/discovery.md	Adds "run all sources then reconcile", documents source failure modes, adds "Already-Backported PRs (cross-reference)" source, and expands candidate table schema with Source, Path bucket, and Tier.
Path Pre-Filter .claude/skills/backport-management/SKILL.md	Adds a "Path Pre-Filter (run BEFORE reading PR bodies)" step to bucket large candidate sets by changed-path prefixes and auto-skip low-value path buckets.
Target Existence Check .claude/skills/backport-management/reference/analysis.md	Introduces "Verify Target File Existence" step to check each PR's non-test files exist on origin/$TARGET and mark SKIP / feature-not-on-branch when primary runtime files are missing.
Tiered Triage .claude/skills/backport-management/reference/analysis.md	Replaces flat guidance with a three-tier framework (Tier 1 core, Tier 2 cloud-only, Tier 3 skip), indicator lists, presentation template, and interactive Y/N flow guidance for Tier 1/2.
Dry-run Classification .claude/skills/backport-management/reference/execution.md	Adds Step 0 "Test-Then-Resolve Pre-Pass" that uses temporary worktree dry-run git cherry-pick to classify candidates into CLEAN vs CONFLICT before automation.
Manual Conflict Handling & Validation .claude/skills/backport-management/reference/execution.md	Inserts required public-API/oracle review for LiteGraph/extension/node.* conflicts and mandates per-PR validation commands (pnpm typecheck, targeted unit tests, eslint, oxfmt) before pushing.
PR Body Template & Guidance .claude/skills/backport-management/reference/execution.md, .claude/skills/backport-management/SKILL.md	Adds a standardized "PR Body Template (Manual Cherry-Picks)", guidance for backport-only compatibility shims, and troubleshooting for cherry-picked test files that reference files introduced by unbackported PRs (detection and git rm fix).
Quick Start & Logs .claude/skills/backport-management/SKILL.md	Expands "Quick Start" from 7 to 12 steps to include discovery reconciliation, path pre-filtering, target-file checks, tiered triage, dry-run classification, public-API review, and expanded session logging/reporting outputs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 I nibble at conflicts, tidy and spry,
Paths pre-filtered, dry-runs catch why,
Tiers sort the important from fluff,
LiteGraph shims keep old calls from gruff,
Hop—backports saner, one careful try.

---

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

• Ignore (reviewers only)

❌ Failed checks (1 error, 1 inconclusive)

Check name	Status	Explanation	Resolution
End-To-End Regression Coverage For Fixes	❌ Error	Commit subjects contain bug-fix language ('fixes'), but no browser_tests/ files were modified and PR description lacks concrete explanation for why e2e testing is impractical.	Add Playwright regression tests under browser_tests/ covering the fixes, or provide concrete explanation in PR description of why e2e testing is not practical.
Description check	❓ Inconclusive	The description comprehensively covers what changed, why it was needed, and verification steps, but does not follow the provided template structure with explicit Summary and Changes sections.	Restructure the description to follow the template format with a concise one-sentence Summary and a Changes section listing What, Breaking (if applicable), and Dependencies.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Adr Compliance For Entity/Litegraph Changes	✅ Passed	PR modifies only documentation files in .claude/skills/backport-management/, none matching specified paths for litegraph/ECS/graph entity compliance checks.
Title check	✅ Passed	The title accurately summarizes the three main improvements added to the backport-management skill documentation: tiered triage, path pre-filter, and public-API conflict review.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch glary/skill-backport-management-improvements

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.claude/skills/backport-management/reference/discovery.md (1)

3-83: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Upstream-mirrored skill content appears locally diverged

These edits modify content inside .claude/skills/, which is documented as upstream-mirrored content. Please confirm this was first updated upstream (or explicitly approved as a local exception); otherwise this should be moved to repo-local docs/metadata instead of changing the mirrored skill body.

Based on learnings: Treat all files under .claude/skills/ as verbatim upstream content sourced from CloudAI-X/threejs-skills, preserving content unless upstream updates are requested.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/backport-management/reference/discovery.md around lines 3 -
83, The PR edits upstream-mirrored skill content (the "Run all sources, then
reconcile." section in discovery.md), which must either be updated upstream or
treated as a local exception; do not leave divergent changes under mirrored
content. Revert or remove the changes in discovery.md that live under the
upstream-mirrored skill (the "Run all sources, then reconcile." section), then
either (a) open/track an upstream update in the source repo to apply these edits
there, or (b) move your local edits into a repo-local doc (e.g., docs/ or
metadata files) outside the mirrored skill area and reference them from the
mirrored file if needed; ensure the mirrored file remains identical to upstream
unless an explicit local-exception approval is recorded.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/skills/backport-management/reference/analysis.md:
- Around line 104-118: The fenced code block that begins with ``` and contains
the "Tier 1 (N PRs) — strong backport candidates" list is missing a language
identifier; update the opening fence to include a language (e.g., change ``` to
```text or ```md) so markdownlint MD040 stops flagging it and the block renders
correctly.

In @.claude/skills/backport-management/reference/execution.md:
- Around line 140-144: The per-PR scripted commands (the pnpm test:unit -- run
$(git diff --name-only HEAD~1 | grep -E "\.test\.ts$"), pnpm exec eslint $(git
diff --name-only HEAD~1 | grep -E "\.(ts|vue)$"), and pnpm exec oxfmt --check
$(git diff --name-only HEAD~1 | grep -E "\.(ts|vue)$") invocations) must be
guarded against empty globs: capture each git diff result into a variable (e.g.,
changed_tests, changed_ts_vue), check if the variable is non-empty before
running the corresponding pnpm command, and otherwise skip with a clear message
so the commands don't run with empty args or unintended scopes.

In @.claude/skills/backport-management/SKILL.md:
- Around line 185-196: The table row for the "apps/desktop-ui/" entry is
malformed (it currently has only two pipe-separated columns), which violates the
"Path prefix | Bucket | Reason" structure and triggers MD056; edit the
.claude/skills/backport-management/SKILL.md table so every row has three columns
by fixing the "apps/desktop-ui/" row to include the missing third column
(Reason) text (e.g., "Desktop app, separate release cadence") and ensure proper
pipe separators around the `core/*` code span so the row reads: |
apps/desktop-ui/ | SKIP for `core/*` | Desktop app, separate release cadence |.

---

Outside diff comments:
In @.claude/skills/backport-management/reference/discovery.md:
- Around line 3-83: The PR edits upstream-mirrored skill content (the "Run all
sources, then reconcile." section in discovery.md), which must either be updated
upstream or treated as a local exception; do not leave divergent changes under
mirrored content. Revert or remove the changes in discovery.md that live under
the upstream-mirrored skill (the "Run all sources, then reconcile." section),
then either (a) open/track an upstream update in the source repo to apply these
edits there, or (b) move your local edits into a repo-local doc (e.g., docs/ or
metadata files) outside the mirrored skill area and reference them from the
mirrored file if needed; ensure the mirrored file remains identical to upstream
unless an explicit local-exception approval is recorded.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d8418278-cd41-465b-9fe7-0debc367683e

📥 Commits

Reviewing files that changed from the base of the PR and between 7abd9d1 and 1b1e6b0.

📒 Files selected for processing (4)

• .claude/skills/backport-management/SKILL.md
• .claude/skills/backport-management/reference/analysis.md
• .claude/skills/backport-management/reference/discovery.md
• .claude/skills/backport-management/reference/execution.md

[glary-bot]

@christian-byrne — addressed all 4 review comments in cff064043. Replies couldn't post inline (parent-comment 404 on the API), so consolidating here:

On 3177812247 (blocker — missing helpers): You're right. Verified searchBoxV2.setup, searchBoxV2.open, subgraph.getActiveGraphId, nodeOps.getSelectedNodeIds, and the addNode(...{ ghost: true }) option all return 0 hits in browser_tests/fixtures/ on this branch.

Picked option 2 (trim to the actual #11779 fix and inline minimal helpers):

• Dropped both feat: Node search UX updates #9714/test: Expand node search box V2 e2e coverage #10620 tests entirely.
• Trimmed Escape during ghost placement inside a subgraph… to use only 1.43-available APIs:
  • subgraph.getActiveGraphId() → page.evaluate(() => window.app!.canvas?.graph?.id ?? null)
  • searchBoxV2.setup() + searchBoxV2.open() → setting Comfy.NodeSearchBoxImpl=default + FollowCursor=true + comfyPage.canvas.dblclick(…) to open the v2 search box
  • comfyPage.keyboard.press('Escape') → comfyPage.page.keyboard.press('Escape') (helper API differs on 1.43)

Production code (LGraphCanvas.ts, LGraphCanvas.ghost.test.ts) unchanged — still byte-identical to upstream b8dfbfc0b.

Sandbox doesn't have a display server for pnpm test:browser:local, so I'm deferring the -g 'ghost' run to CI on this PR. Typecheck/typecheck:browser/eslint/oxfmt all pass.

On 3177812249 (scope creep): Agreed, dropped both #9714/#10620 tests. PR description updated.

On 3177812250 (test name doesn't exercise setGraph path): Good point — kept your existing test name since the trimmed version is still the document-keydown path, and the unit test in LGraphCanvas.ghost.test.ts switching the active graph cancels any in-flight ghost covers the setGraph safety net. Worth a follow-up on main if you want a setGraph-traversal e2e variant — out of scope for this backport.

On 3177812252 (loose >20px assertion): N/A now — that test was dropped (originated from #9714, not #11779).

On 3177812254 (_ghostKeyHandler swallows Escape/Backspace inside <input>): Good catch but byte-identical to upstream b8dfbfc0b. Not introduced by this backport. Worth a separate upstream PR adding a target guard — would you like me to file one?

On 3177812256 (afterEach ordering in ghost.test.ts): Same — byte-identical to upstream. Out of scope for this backport, file as upstream follow-up.

[glary-bot]

@christian-byrne — replies (inline-reply API returned 404 on the parent comment IDs, so consolidating):

On 3177815230 (await result looks redundant): Done in 33a9ecdfa. Added a one-liner comment above await result:

// Awaited so async onDragDrop rejections propagate via Vue's errorHandler
await result

Good catch — this exact "looks redundant, delete it" trap is the kind of thing that would absolutely get refactored away in 6 months without a comment.

On 3177815232 (sync→async timing window for thrown exceptions): Acknowledged. The shift from NATIVE_EVENT_HANDLER to async error path is equivalent for normal Vue errorHandler routing, and any custom node relying on the sync-throw window is already incompatible with useNodeDragAndDrop (which is async and predates this change). Not adding a guard for that hypothetical — happy to revisit if a real report surfaces.

On 3177815234 (no direct test for the legacy result === true sync-claim branch): Intentional — useNodeDragAndDrop.test.ts was dropped from the backport (added on main by unrelated #11417), and the existing LGraphNode.test.ts cases assert the (event, true) call shape and the missing-handler path. The legacy sync-claim branch is the backport-only shim itself, which is small and self-evident from reading. Adding a focused test would be reasonable but I'd defer that to a follow-up if 1.43 needs another patch — the cost of pulling in test scaffolding for a backport-only path that doesn't exist on main feels disproportionate.

[glary-bot]

@christian-byrne — thanks for the review and approval.

On 3177815742 (wrap stale invocation in expect(() => …).not.toThrow()): Fair point — that would document regression intent more clearly than the indirect "no extra onConnectionsChange call" check. Since this is a non-blocking nitpick on test code and the PR is already approved, leaving the test as cherry-picked from upstream 9599a4e00 to keep the backport byte-faithful. Worth a follow-up on main if you want the assertion clarified everywhere — happy to file one.

On 3177815745 (other autogrow-map destructure sites at lines 371/384/433 don't have the guard): Agreed, those are sync paths where the group is guaranteed present, not part of the rAF race fixed in #11180. Out of scope for this backport. I'll leave that follow-up to you since you have the full context on which sites are sync-safe vs need the guard — let me know if you want me to file an issue instead.

[glary-bot]

@christian-byrne — thanks for the review and approval.

On 3177815533 (cross-reference comment + imprecise wording): Both fair — the useGraphNodeManager.ts:805-809 precedent is exactly the kind of thing future readers should be pointed at, and "doesn't trigger re-render" is sloppy when the actual mechanism is a custom outputs setter that detects the assignment and propagates it.

Leaving the cherry-pick byte-faithful to upstream 2fea0aa53 for this 1-file +4-line backport (the comment as cherry-picked is already on main for everyone else). Happy to send a follow-up on main improving both — small docs-only fix. Want me to file it?

[glary-bot]

Updated state of this PR after addressing review:

The browser_tests/tests/nodeGhostPlacement.spec.ts file is no longer byte-identical to upstream. The original cherry-pick of b8dfbfc0b brought in the union of three upstream PRs (#11779, #9714, #10620) because the spec file was last touched by all three. Only #11779 is targeted by this backport.

Trimmed the spec in cff064043:

• Dropped both moving ghost onto existing node… and subgraph blueprint added from search box… tests (originated from feat: Node search UX updates #9714/test: Expand node search box V2 e2e coverage #10620, depend on unbackported helpers, scope creep on a stable branch).
• Trimmed the Escape during ghost placement inside a subgraph… test to use only 1.43-available APIs (inline page.evaluate for subgraph.getActiveGraphId, canvas.dblclick to open v2 search box instead of searchBoxV2.setup/open, page.keyboard.press instead of comfyPage.keyboard.press).

Production code (LGraphCanvas.ts, LGraphCanvas.ghost.test.ts) remains byte-identical to upstream b8dfbfc0b. Only the e2e spec was trimmed, and only on this backport branch.

Net diff vs upstream: spec is +12/-123 lines smaller. The trimmed test is functionally equivalent to upstream's #11779 case (loads basic-subgraph, enters subgraph, opens v2 search box, picks a node to enter ghost mode, presses Escape, asserts ghost is cancelled and we're still in the subgraph).