Strip internal issue-tracker references from tests and comments

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqlitewire/__init__.py

@@ -9,8 +9,7 @@
 # C-level atomicity for bytearray.extend(), slicing, and attribute rebinding
 # inside _maybe_compact(). Under a free-threaded build, concurrent access
 # produces SIGSEGV in the read path and a process-level hang in the write
-# path (see issues/033-free-threaded-segfault-in-readbuffer.md for the full
-# reproduction and rationale). The single-owner-per-instance contract alone
+# path. The single-owner-per-instance contract alone
 # is not enough to keep users safe, because "share across threads" is an
 # easy mistake and the failure mode is an interpreter crash rather than a
 # Python exception.
@@ -24,8 +23,7 @@
             "dqlitewire does not support free-threaded Python "
             "(python3.13t / no-GIL). The ReadBuffer and WriteBuffer classes "
             "rely on bytearray mutation semantics that cause SIGSEGV and "
-            "process hangs under free-threading. See "
-            "issues/033-free-threaded-segfault-in-readbuffer.md. "
+            "process hangs under free-threading. "
             "To override at your own risk, set "
             "DQLITEWIRE_ALLOW_FREE_THREADED=1."
         )

src/dqlitewire/buffer.py

@@ -12,10 +12,9 @@ class WriteBuffer:
     Thread-safety: NOT thread-safe. A single ``WriteBuffer``
     instance must be owned by one thread (or one asyncio
     coroutine) at a time. The single-owner contract matches Go's
-    ``driver.Conn`` layer in go-dqlite; see issue 021 for the full
-    analysis. ``write_padded`` guards against the specific
-    torn-payload/pad interleave described in issue 034, but that is
-    a narrow defense, not a general thread-safety guarantee.
+    ``driver.Conn`` layer in go-dqlite. ``write_padded`` guards
+    against a specific torn-payload/pad interleave, but that is a
+    narrow defense, not a general thread-safety guarantee.
     """
 
     def __reduce__(self) -> None:  # type: ignore[override]
@@ -36,8 +35,8 @@ def write_padded(self, data: bytes) -> None:
 
         The padded bytes are built locally and emitted via a single
         ``bytearray.extend`` so that under accidental concurrent misuse
-        (see issue 021 for the single-owner contract) two threads'
-        payloads and padding cannot interleave. This still does not make
+        two threads' payloads and padding cannot interleave. This
+        still does not make
         ``WriteBuffer`` thread-safe in any strong sense, but it removes
         the torn payload/pad split that used to be visible to callers.
         """
@@ -67,7 +66,7 @@ class ReadBuffer:
     Thread-safety: NOT thread-safe. A single ``ReadBuffer`` instance
     must be owned by one thread (or one asyncio coroutine) at a
     time. The single-owner contract matches Go's ``driver.Conn``
-    layer in go-dqlite; see issue 021 for the full analysis.
+    layer in go-dqlite.
 
     Concurrent misuse from multiple threads produces **silent data
     corruption**, not exceptions. Specifically:
@@ -81,10 +80,9 @@ class ReadBuffer:
 
     The ``poison()`` mechanism does NOT and CANNOT detect this
     class of failure. Poison is designed to catch single-owner
-    torn state from interrupted signal delivery (see issues 037,
-    041, 045). It cannot observe lost-update races or torn reads
-    that produce valid-looking output. See issue 050 for
-    reproduction details.
+    torn state from interrupted signal delivery. It cannot observe
+    lost-update races or torn reads that produce valid-looking
+    output.
 
     If you need concurrent access to a single wire stream, wrap
     every call site in an ``asyncio.Lock`` (for coroutines) or
@@ -167,7 +165,7 @@ def feed(self, data: bytes) -> None:
         ``reset()``/``clear()``) if the resulting buffer size would
         exceed ``max_message_size``.
 
-        Signal-safety note (issue 048): the mutation block below is
+        Signal-safety note: the mutation block below is
         wrapped in ``try/except BaseException`` so that any async
         exception leaking out — most notably between the
         ``_maybe_compact()`` return and the subsequent
@@ -235,7 +233,7 @@ def has_message(self) -> bool:
 
         # Read size from header (first 4 bytes = size in words)
         size_words = int.from_bytes(self._data[self._pos : self._pos + 4], "little")
-        # Torn-read sanity (issue 051): if the slice was widened by
+        # Torn-read sanity: if the slice was widened by
         # a concurrent realloc, report "something to consume" so the
         # caller's while-loop proceeds to read_message(), which then
         # poisons. has_message() itself is a total predicate and
@@ -280,7 +278,7 @@ def peek_header(self) -> tuple[int, int, int] | None:
         self._check_torn_size(size_words)
         total_size = HEADER_SIZE + (size_words * WORD_SIZE)
         if total_size > self._max_message_size:
-            # Format size in hex: under concurrent misuse (see issue 033)
+            # Format size in hex: under concurrent misuse
             # `total_size` can be a torn bigint whose decimal form exceeds
             # CPython's 4300-digit int-to-str limit, which would make this
             # f-string itself raise ValueError. Hex formatting has no cap.
@@ -311,7 +309,7 @@ def read_message(self) -> bytes | None:
         total_size = HEADER_SIZE + (size_words * WORD_SIZE)
 
         if total_size > self._max_message_size:
-            # Format size in hex: under concurrent misuse (see issue 033)
+            # Format size in hex: under concurrent misuse
             # `total_size` can be a torn bigint whose decimal form exceeds
             # CPython's 4300-digit int-to-str limit, which would make this
             # f-string itself raise ValueError. Hex formatting has no cap.
@@ -458,7 +456,7 @@ def peek_bytes(self, n: int) -> bytes | None:
     def _maybe_compact(self) -> None:
         """Compact buffer if we've consumed a lot.
 
-        Signal-safety note (issue 037): this method mutates two
+        Signal-safety note: this method mutates two
         attributes — ``_data`` and ``_pos`` — which compile to two
         ``STORE_ATTR`` bytecodes. CPython checks for pending signals
         at bytecode line transitions, so a ``KeyboardInterrupt`` (or
@@ -507,11 +505,11 @@ def clear(self) -> None:
         """Clear buffer state and un-poison.
 
         Equivalent to ``reset()``. Kept as a convenience alias because
-        ``clear()`` predates the poison concept (issue 026) and was
-        briefly inconsistent with ``reset()`` — it used to leave the
+        ``clear()`` predates the poison concept and was briefly
+        inconsistent with ``reset()`` — it used to leave the
         ``_poisoned`` flag intact, which meant a caller who reached
         for ``clear()`` as a recovery primitive got a half-fresh
         buffer that still raised ``ProtocolError`` on the next
-        operation (issue 040).
+        operation.
         """
         self.reset()

src/dqlitewire/codec.py

@@ -113,8 +113,7 @@ class MessageEncoder:
     at a time. The encoder is effectively stateless after
     construction (it only caches a protocol ``_version``), but the
     single-owner contract matches the rest of the package — see
-    issue 021 and the class docstring on ``MessageDecoder`` /
-    ``ReadBuffer``.
+    the class docstring on ``MessageDecoder`` / ``ReadBuffer``.
     """
 
     def __reduce__(self) -> None:  # type: ignore[override]
@@ -156,24 +155,23 @@ class MessageDecoder:
     Thread-safety: NOT thread-safe. A single ``MessageDecoder``
     instance must be owned by one thread (or one asyncio coroutine)
     at a time. The single-owner contract matches Go's
-    ``driver.Conn`` layer in go-dqlite; see issue 021 for the full
-    analysis.
+    ``driver.Conn`` layer in go-dqlite.
 
     Concurrent misuse from multiple threads produces **silent data
     corruption**, not exceptions. The underlying ``ReadBuffer``
     suffers from lost-update races on ``_pos`` and torn
     ``_data``/``_pos`` snapshots across ``_maybe_compact()``
     calls; these produce valid-looking byte slices that decode
     cleanly to wrong (or duplicated) messages. Fuzz testing
-    (issue 050) confirms this reliably on every trial.
+    confirms this reliably on every trial.
 
     The ``is_poisoned`` flag does NOT detect concurrent misuse.
     Poison is designed to catch single-owner torn state from
-    interrupted signal delivery (see issues 037, 041, 045). It
-    cannot observe lost-update races or torn reads that produce
-    valid-looking output. If you need concurrent access, wrap every
-    call site in an ``asyncio.Lock`` or ``threading.Lock`` at the
-    layer that owns the socket.
+    interrupted signal delivery. It cannot observe lost-update
+    races or torn reads that produce valid-looking output. If you
+    need concurrent access, wrap every call site in an
+    ``asyncio.Lock`` or ``threading.Lock`` at the layer that owns
+    the socket.
     """
 
     def __reduce__(self) -> None:  # type: ignore[override]
@@ -389,8 +387,7 @@ def decode(self) -> Message | None:
         # Bytes have been consumed. ANY failure now leaves the buffer
         # at an unknown offset; poison so subsequent calls fail fast.
         # Catch BaseException so that signal-delivered
-        # KeyboardInterrupt (issue 045) also poisons before
-        # propagating. `decode_body` implementations can raise
+        # KeyboardInterrupt also poisons before propagating. `decode_body` implementations can raise
         # struct.error, ValueError, UnicodeDecodeError, IndexError,
         # etc., and all of them mean the stream is desynchronized.
         try:
@@ -401,7 +398,7 @@ def decode(self) -> Message | None:
             # between the successful decode and the flag store would
             # otherwise leave the stream desynchronized without
             # poisoning — the next ``decode()`` would mis-frame the
-            # continuation frame as a top-level message (issue 233).
+            # continuation frame as a top-level message.
             if isinstance(msg, RowsResponse) and msg.has_more:
                 self._continuation_expected = True
         except BaseException as e:
@@ -480,7 +477,7 @@ def decode_handshake(self) -> int | None:
         buffer untouched so that a retry is deterministic (same bytes, same
         error) rather than silently consuming the next 8 bytes of real data.
 
-        Signal-safety (issue 041): the commit order is
+        Signal-safety: the commit order is
         ``_version``/``_handshake_done`` FIRST, then ``read_bytes(8)``.
         If an async exception (``KeyboardInterrupt``) lands between the
         state commit and the buffer consume, the except block reverts

src/dqlitewire/exceptions.py

@@ -71,7 +71,7 @@ class ServerFailure(ProtocolError):
     state is disturbed. This exception is raised only from
     ``decode_continuation()`` when FAILURE arrives mid-stream during
     a multi-part ``RowsResponse``. In that path the buffer is also
-    poisoned (see issue 083): the remaining continuation frames the
+    poisoned: the remaining continuation frames the
     caller was expecting will never arrive, and the next decode must
     start fresh. Callers catching ``ServerFailure`` in that path
     should treat the decoder as requiring ``reset()`` and reconnect.

src/dqlitewire/messages/responses.py

@@ -246,7 +246,7 @@ class RowsResponse(Message):
     has_more: bool = False
 
     def __post_init__(self) -> None:
-        # Defensive copies (issue 042, ISSUE-61). Two sources of
+        # Defensive copies. Two sources of
         # aliasing motivate this:
         #
         # 1. ``decode_body`` stores ``column_types = types`` where
@@ -273,11 +273,11 @@ def _get_row_types(self, row_idx: int, row: list[Any]) -> list[ValueType]:
         ``self.column_types`` itself, so that a caller who mutates the
         return value cannot silently rewrite the message's private
         copy. This preserves the aliasing invariant that
-        ``__post_init__`` establishes (issue 042, issue 052).
+        ``__post_init__`` establishes.
 
         None values override the declared type to NULL, matching Go's
         per-row type header behavior where the nibble reflects the actual
-        value, not the column schema (issue 137).
+        value, not the column schema.
         """
         if self.row_types and row_idx < len(self.row_types):
             types = list(self.row_types[row_idx])
@@ -334,7 +334,7 @@ def decode_body(
     ) -> "RowsResponse":
         # Wrap in memoryview so per-iteration slices are O(1) rather
         # than O(remaining). Without this, a body with many small rows
-        # triggers quadratic-time decode (issue 228): each
+        # triggers quadratic-time decode: each
         # ``data[offset:]`` allocates a fresh ``bytes`` copy of the
         # tail. Memoryview slicing is a view, so slicing is free.
         view = memoryview(data)
@@ -475,7 +475,7 @@ def encode_body(self) -> bytes:
             # entries are written back-to-back with no explicit padding
             # and SQLite pages are always 8-byte aligned multiples of
             # 512. Validate here so a Python-encoded mock-server frame
-            # cannot diverge from what a real C peer produces (ISSUE-59).
+            # cannot diverge from what a real C peer produces.
             if len(content) % 8 != 0:
                 raise EncodeError(
                     f"FilesResponse content for {name!r} must be 8-byte aligned "
@@ -489,7 +489,7 @@ def encode_body(self) -> bytes:
 
     @classmethod
     def decode_body(cls, data: bytes, schema: int = 0) -> "FilesResponse":
-        # Memoryview for O(1) slicing in the per-file loop (issue 228).
+        # Memoryview for O(1) slicing in the per-file loop.
         view = memoryview(data)
         files: dict[str, bytes] = {}
         offset = 0
@@ -551,7 +551,7 @@ def encode_body(self) -> bytes:
 
     @classmethod
     def decode_body(cls, data: bytes, schema: int = 0) -> "ServersResponse":
-        # Memoryview for O(1) slicing in the per-node loop (issue 228).
+        # Memoryview for O(1) slicing in the per-node loop.
         view = memoryview(data)
         nodes: list[NodeInfo] = []
         offset = 0

src/dqlitewire/tuples.py

@@ -19,7 +19,7 @@
 
 # Full 8-byte sentinels matching DQLITE_RESPONSE_ROWS_DONE/PART. Used to
 # reject torn/corrupt row markers instead of accepting any 8 bytes that
-# happen to start with 0xff/0xee (ISSUE-63).
+# happen to start with 0xff/0xee.
 _ROW_DONE_MARKER = bytes([ROW_DONE_BYTE]) * 8
 _ROW_PART_MARKER = bytes([ROW_PART_BYTE]) * 8
 
@@ -236,7 +236,7 @@ def decode_row_header(
     # = 0xff..ff, _PART = 0xee..ee). Go's reference client checks only the
     # first byte; we validate all 8 bytes so torn/corrupt markers like
     # ``0xff 0x00..`` are rejected as malformed rather than silently
-    # truncating the result stream (ISSUE-63). This is strictly tighter
+    # truncating the result stream. This is strictly tighter
     # than the Go behavior.
     if len(data) >= 8:
         marker = bytes(data[:8]) if isinstance(data, memoryview) else data[:8]

src/dqlitewire/types.py

@@ -28,7 +28,7 @@ def decode_uint64(data: bytes | memoryview) -> int:
     """Decode an unsigned 64-bit integer (little-endian).
 
     Accepts ``bytes`` or ``memoryview`` so hot-path body decoders
-    (issue 228) can pass memoryview slices without copying.
+    can pass memoryview slices without copying.
     """
     if len(data) < 8:
         raise DecodeError(f"Need 8 bytes for uint64, got {len(data)}")
@@ -46,7 +46,7 @@ def encode_int64(value: int) -> bytes:
 def decode_int64(data: bytes | memoryview) -> int:
     """Decode a signed 64-bit integer (little-endian).
 
-    Accepts ``bytes`` or ``memoryview`` (issue 228).
+    Accepts ``bytes`` or ``memoryview``.
     """
     if len(data) < 8:
         raise DecodeError(f"Need 8 bytes for int64, got {len(data)}")
@@ -64,7 +64,7 @@ def encode_uint32(value: int) -> bytes:
 def decode_uint32(data: bytes | memoryview) -> int:
     """Decode an unsigned 32-bit integer (little-endian).
 
-    Accepts ``bytes`` or ``memoryview`` (issue 228).
+    Accepts ``bytes`` or ``memoryview``.
     """
     if len(data) < 4:
         raise DecodeError(f"Need 4 bytes for uint32, got {len(data)}")
@@ -86,7 +86,7 @@ def decode_double(data: bytes | memoryview) -> float:
 
     All IEEE 754 values are accepted, including NaN and infinity,
     matching the Go reference implementation behavior. Accepts
-    ``bytes`` or ``memoryview`` (issue 228).
+    ``bytes`` or ``memoryview``.
     """
     if len(data) < 8:
         raise DecodeError(f"Need 8 bytes for double, got {len(data)}")
@@ -122,7 +122,7 @@ def encode_text(value: str) -> bytes:
 # Threshold below which we materialize a memoryview to bytes in one
 # shot (one allocation + one ``bytes.find``) instead of the chunked
 # scan. Row text payloads are almost always well under 64 KiB, so the
-# one-shot path dominates the common case (ISSUE-65). Above the
+# one-shot path dominates the common case. Above the
 # threshold we fall back to chunked scanning to bound peak memory for
 # pathologically long texts.
 _TEXT_ONE_SHOT_MAX = 65_536
@@ -137,14 +137,14 @@ def decode_text(data: bytes | memoryview) -> tuple[str, int]:
 
     The decoder's hot body loops (RowsResponse, FilesResponse,
     ServersResponse) wrap the body in a ``memoryview`` so
-    per-iteration slices are O(1) rather than O(remaining) — see
-    issue 228. ``bytes`` inputs use zero-copy ``.index(b"\\x00")``.
+    per-iteration slices are O(1) rather than O(remaining).
+    ``bytes`` inputs use zero-copy ``.index(b"\\x00")``.
 
     ``memoryview`` inputs use a single ``bytes(mv).find(b"\\x00")``
     when the remaining buffer is small (< 64 KiB). This is one
     allocation and one C-level scan, matching the hot-path cost of the
     ``bytes`` branch. For larger buffers we fall back to a chunked
-    scan so peak memory stays bounded (ISSUE-65).
+    scan so peak memory stays bounded.
     """
     if isinstance(data, memoryview):
         data_len = len(data)
@@ -263,7 +263,7 @@ def encode_value(value: Any, value_type: ValueType | None = None) -> tuple[bytes
         # Reject arbitrary ints — the previous ``1 if value else 0``
         # coercion silently mapped values like ``5`` or ``-1`` to True,
         # which round-trips as the bool True and loses the caller's
-        # original value (ISSUE-60).
+        # original value.
         if isinstance(value, bool):
             return encode_uint64(1 if value else 0), value_type
         if isinstance(value, int) and value in (0, 1):
@@ -320,7 +320,7 @@ def decode_value(data: bytes | memoryview, value_type: ValueType) -> tuple[Any,
         # Return raw int64 to preserve round-trip identity at the wire level.
         # Higher-level clients (like the dqlite DBAPI) turn this into a
         # datetime, matching what Go's Rows.Next() does in the database/sql
-        # driver layer. See issue 006.
+        # driver layer.
         return decode_int64(data), 8
     elif value_type == ValueType.FLOAT:
         return decode_double(data), 8