feat(review-workflow): enforce single terminal review decision per review run (#211)
This commit is contained in:
+38
-1
@@ -634,7 +634,7 @@ def build_final_report(checkout_proof, inventory, validation, contamination,
|
||||
identity_eligible, merge_performed,
|
||||
issue_status_verified,
|
||||
capability_evidence=None, sweep=None, live_state=None,
|
||||
role_boundary=None):
|
||||
role_boundary=None, review_mutation=None):
|
||||
"""Required behavior 6 + acceptance criteria: one report, distinct proofs.
|
||||
|
||||
Combines the individual proof verdicts into the final-report fields the
|
||||
@@ -652,6 +652,8 @@ def build_final_report(checkout_proof, inventory, validation, contamination,
|
||||
(``assess_live_state_recheck`` — also required for ``merge_allowed``),
|
||||
and a clean role boundary (``assess_role_boundary``). Omitting any of
|
||||
them downgrades; a merge without the live recheck is a violation.
|
||||
|
||||
#211: the report must also carry the review mutation proof (``assess_review_mutation_final_report``).
|
||||
"""
|
||||
contamination_status = contamination.get("status", "unknown")
|
||||
checkout_proven = bool(checkout_proof.get("proven"))
|
||||
@@ -682,10 +684,23 @@ def build_final_report(checkout_proof, inventory, validation, contamination,
|
||||
"proven": False,
|
||||
"reasons": ["role-boundary/namespace usage not reported (#179)"],
|
||||
}
|
||||
review_mutation = review_mutation or {
|
||||
"complete": False,
|
||||
"downgraded": True,
|
||||
"reasons": ["review mutation proof not provided (#211)"],
|
||||
}
|
||||
|
||||
capability_proven = bool(capability_evidence.get("proven"))
|
||||
sweep_proven = bool(sweep.get("proven"))
|
||||
live_state_proven = bool(live_state.get("proven"))
|
||||
role_boundary_clean = bool(role_boundary.get("proven"))
|
||||
review_mutation_complete = bool(review_mutation.get("complete"))
|
||||
|
||||
review_mutation = review_mutation or {
|
||||
"complete": False,
|
||||
"reasons": ["review mutation proof missing"],
|
||||
}
|
||||
review_mutation_complete = bool(review_mutation.get("complete"))
|
||||
|
||||
downgrade_reasons = []
|
||||
if not identity_eligible:
|
||||
@@ -727,6 +742,9 @@ def build_final_report(checkout_proof, inventory, validation, contamination,
|
||||
if not role_boundary_clean:
|
||||
downgrade_reasons.append("role/namespace boundary not clean (#179)")
|
||||
downgrade_reasons.extend(role_boundary.get("reasons", []))
|
||||
if not review_mutation_complete:
|
||||
downgrade_reasons.append("review mutation proof missing or incomplete (#211)")
|
||||
downgrade_reasons.extend(review_mutation.get("reasons", []))
|
||||
|
||||
merge_allowed = (
|
||||
identity_eligible
|
||||
@@ -775,6 +793,7 @@ def build_final_report(checkout_proof, inventory, validation, contamination,
|
||||
"sweep_verdict": sweep.get("verdict"),
|
||||
"live_state_recheck_proven": live_state_proven,
|
||||
"role_boundary_clean": role_boundary_clean,
|
||||
"review_mutation_complete": review_mutation_complete,
|
||||
}
|
||||
|
||||
|
||||
@@ -1038,3 +1057,21 @@ def assess_duplicate_search_proof(report_text, matches):
|
||||
return issue_duplicate_gate.assess_duplicate_search_proof(
|
||||
report_text, matches
|
||||
)
|
||||
|
||||
|
||||
def build_review_mutation_proof(run_log: list[dict]) -> dict:
|
||||
"""Assess the live review mutations recorded during this run."""
|
||||
mutations = [e for e in (run_log or []) if e.get("kind") == "live_review_mutation"]
|
||||
if not mutations:
|
||||
return {
|
||||
"complete": False,
|
||||
"downgraded": True,
|
||||
"missing_fields": ["live review mutation"],
|
||||
"reasons": ["no live review mutation recorded in run log"],
|
||||
}
|
||||
return {
|
||||
"complete": True,
|
||||
"downgraded": False,
|
||||
"missing_fields": [],
|
||||
"reasons": [],
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user