docs: LLM-Agent-SHA opaque attribution convention, Phase 0 (#86)
Implements the Phase 0 owner decision on #86 (issuecomment-1354): - docs/llm-agent-sha.md: format llm-<12 lowercase hex> (^llm-[0-9a-f]{12}$), generation rules, per-PR/workstream lifetime, visible markdown metadata blocks, no SHA in branch/worktree names, same-SHA vs same-user vs same-profile distinction. Attribution only — never an eligibility input. - docs/llm-workflow-runbooks.md: attribution subsection + handoff/review runbook pointers. - templates start-issue.md / review-pr.md: handoff and review metadata blocks; reviewer rule that a different SHA is not a different actor. - tests/test_llm_agent_sha.py: negative tests — same Gitea user with a different LLM-Agent-SHA still fails self-review and self-merge; eligibility results are identical with/without/across SHA env values; no gate accepts or reads any agent-SHA input. No launcher/env handling, no gitea_whoami fields, no PR auto-injection, no audit schema changes. No eligibility behavior changed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -45,6 +45,18 @@ Use any eligible reviewer profile to review PR #N.
|
||||
Use any eligible merger profile to merge PR #N if checks pass.
|
||||
```
|
||||
|
||||
### Attribution: `LLM-Agent-SHA` (metadata only)
|
||||
|
||||
Sessions may attribute their work with an opaque `LLM-Agent-SHA`
|
||||
(`llm-<12 lowercase hex>`, e.g. `llm-8f3a9c2d6b41`) in PR-body and
|
||||
review-handoff metadata blocks — see
|
||||
[`llm-agent-sha.md`](llm-agent-sha.md) for the full convention. It is
|
||||
**attribution only**: eligibility is decided solely by the authenticated
|
||||
Gitea user and the profile's allowed operations. Two sessions with different
|
||||
SHAs under the same Gitea user are the same actor — a different SHA never
|
||||
permits self-review or self-merge. Keep the SHA out of branch and worktree
|
||||
names.
|
||||
|
||||
## Prerequisites: canonical config + thin launchers
|
||||
|
||||
Runtime profiles live in **one canonical JSON file**, referenced by every LLM
|
||||
@@ -274,7 +286,8 @@ touching anything.
|
||||
`fix/...` / `docs/...`); `cd` into that worktree; implement narrowly; add or
|
||||
update tests if behavior changes; run the full suite; commit with an
|
||||
issue-linked message; open a PR to `master`. **Do not** review or merge your
|
||||
own PR.
|
||||
own PR. Include an `LLM Handoff Metadata` block (with `LLM-Agent-SHA`) in
|
||||
the PR body — see [`llm-agent-sha.md`](llm-agent-sha.md).
|
||||
- **Prompt:** `Use an author profile to implement issue #N and open a PR to
|
||||
master. Do not self-review or self-merge.`
|
||||
|
||||
@@ -285,7 +298,11 @@ touching anything.
|
||||
- **Steps:** confirm identity + eligibility (menu eligibility check or
|
||||
`gitea_check_pr_eligibility`); read the diff; confirm scope matches the linked
|
||||
issue; post the review (`comment` / `request_changes` / `approve`) via the
|
||||
gated review tool. Pin the reviewed head SHA where supported.
|
||||
gated review tool. Pin the reviewed head SHA where supported. Include a
|
||||
`Review Metadata` block (with your own `LLM-Agent-SHA`) in the review —
|
||||
and remember: a different `LLM-Agent-SHA` does **not** make you a different
|
||||
actor; only a different authenticated Gitea user does
|
||||
([`llm-agent-sha.md`](llm-agent-sha.md)).
|
||||
- **Prompt:** `Use any eligible reviewer profile to review PR #N. Approve only
|
||||
if scope matches issue #M and checks pass; otherwise request changes.`
|
||||
|
||||
@@ -391,6 +408,7 @@ scripts/release-tag v0.4.0 --notes-file /tmp/release-notes.md --push
|
||||
|
||||
- [`../skills/llm-project-workflow/SKILL.md`](../skills/llm-project-workflow/SKILL.md) — portable cross-project LLM workflow skill.
|
||||
- [`gitea-execution-profiles.md`](gitea-execution-profiles.md) — the profile model.
|
||||
- [`llm-agent-sha.md`](llm-agent-sha.md) — opaque agent attribution metadata (never an eligibility input).
|
||||
- [`safety-model.md`](safety-model.md) — trust boundaries and audit logging.
|
||||
- [`tool-boundaries.md`](tool-boundaries.md) — per-tool allowed operations.
|
||||
- [`credential-isolation.md`](credential-isolation.md) — credential handling.
|
||||
|
||||
Reference in New Issue
Block a user