Add assess_reviewer_fallback_report to fail closed when reviewer final
reports or action logs show profiles.json access or local helper scripts
while MCP tools are available. Recovery mode requires explicit fallback
classification and identity/profile/repo/capability proof.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Resolve task_capability_map.py conflict by keeping all three capability
entries: commit_files and gitea_commit_files (gitea.repo.commit, #262,
from master) and reconcile_merged_cleanups (gitea.read, #269, this
branch). Capability boundaries unchanged — reconciliation reporting stays
read-only; no close/merge capability broadened.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
route_task_session now calls assess_infra_stop() live instead of
check_mid_merge(). Update TestMCPHealth.test_route_task_session_blocks_during_merge
to mock the infra-stop assessment path and assert infra_stop_assessment
is returned when blocked.
Part of #285 / PR #286 review fix.
Return wrapped {prs, pagination} from gitea_list_prs with has_more,
inventory_complete, and page traversal via api_fetch_page. Route
gitea_review_pr inventory through gitea_list_prs so trust gates can
prove pagination finality. Add assess_list_prs_pagination_proof verifier.
Closes#340
Extend review_proofs with assess_create_issue_final_report to enforce
workflow-source proof, create-issue handoff schema fields, and rejection
of work-issue/review-merge cross-mode handoff fields.
Closes#337
Introduce assess_mutation_ledger_report so reviewer final reports cannot
claim no file edits when the action log records performed mutations.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Consolidate all four canonical workflow files and router SKILL.md:
- review-merge-pr.md (from #334 canonical prompt)
- reconcile-landed-pr.md (reconciliation gates + handoff schema)
- create-issue.md (canonical issue-creation prompt)
- work-issue.md (canonical author/coder prompt)
SKILL.md is now a short router with mode isolation and universal rules.
Adds final-report schemas for all modes and 13 doc-contract tests.
Supersedes partial split work in PR #335; full #333 acceptance in one PR.
Closes#334
- Add workflows/review-merge-pr.md with reviewer-only gates and steps
- Add schemas/review-merge-final-report.md with mutation ledger fields
- Turn SKILL.md into task-mode router; replace inlined §F/§G with links
- Point review/merge templates at extracted workflow
- Add doc-contract tests for split structure
Part of #333.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Workflow reports included the authenticated user's personal email even
when username/profile identity was sufficient (observed: 'Identity:
jcwalker3 / [email protected]' in a reconciliation handoff).
Add format_identity_summary() producing the canonical no-email identity
line ('<username> / <profile>' with optional role/remote, reducing an
email passed in the username slot to its local part), and
assess_email_disclosure() flagging personal email addresses in report
text unless the report itself justifies the disclosure (tool proof,
explicit request, or identity disambiguation).
Tests cover no-email summaries for author and reviewer identities,
role/remote suffixes, email-in-username reduction, clean reports,
single and multiple unjustified disclosures, and justified
disambiguation.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Resolve _GUIDE_RULES conflict by keeping both operator guide keys:
shell_spawn_hard_stop (#258, landed on master via PR #281) and
subagent_delegation (#266, this branch).
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Introduce assess_request_changes_approval_proof in review_proofs.py so
review workflows can fail closed when approving an unchanged head after a
prior REQUEST_CHANGES unless explicit override proof is provided.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Adds subagent_gate.py following the author_proofs/review_proofs pure-policy
pattern:
- assess_subagent_delegation: deterministic write tasks (issue claim,
branch creation, code edits, commits, PR creation, review, merge,
cleanup) are blocked for subagents unless explicitly allowed with a
recorded justification and the full inherited gate context (issue lock,
branch/worktree path, identity/profile, allowed tool class, command
deny list, validation ledger requirement, final report schema);
read-only delegation stays allowed; unknown task types fail closed.
- validate_subagent_report: subagent output is accepted only when it
carries the same proof fields as a parent workflow final report.
- Operator guide: new subagent_delegation rule in _GUIDE_RULES so MCP
clients discover the policy.
- tests/test_subagent_gate.py: 13 tests covering blocked write
delegation, justification requirement, missing/blank inherited
context, allowed read-only delegation, unknown tasks, and invalid
subagent final reports.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Introduce validation_ledger with command ledger format, full-suite claim
checks, and structured final-report verification so sessions cannot
overclaim validation or misreport review/merge state.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Add assess_infra_stop() to scan git state and conflict markers on each
reviewer capability check, return the exact conflict path in responses,
and clear stale capability-stop terminal state once the worktree is clean.
Closes#285
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
test_skip_scan_walk_root_skips_sibling_worktrees_only derived its
fixture paths from __file__, so the branches/ sibling-worktree skip
assertion only held when the suite ran from a branches/<slug> worktree
whose orchestration checkout has a real branches/ directory —
skip_python_scan_walk_root skips a branches/ walk root only when
<project_root>/branches exists on disk. From the main checkout or any
plain clone the test failed with 'AssertionError: False is not true'.
Build the <main>/branches/<worktree> layout in a TemporaryDirectory and
assert against those paths instead. All four behavioural assertions are
preserved and no production code changes.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Document default tool-call and wall-time budgets for deterministic MCP
work, forbid subagent commit delegation when gitea_commit_files is
available, and pin the rules in runbooks, portable skill, operator guide,
and doc-contract tests.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Implement gitea_reconcile_merged_cleanups with dry-run reporting for merged
PR remote branches and local branches/ worktrees, plus confirmation-gated
execute mode. Safety gates cover protected branches, open PR references,
active issue locks, dirty worktrees, and delete_branch capability.
Closes#269
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Allow issue lock from base-equivalent branches/ worktrees instead of
requiring the literal master/main branch name. Runtime preflight and
mark_issue/lock_issue now inspect the declared active task workspace so
dirty control-checkout state does not block clean task worktrees.
Closes#275
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Document MCP-native gitea_commit_files as the only approved commit path when
gitea.repo.commit is allowed; ban WebFetch, Playwright, and manual base64
workarounds in runbooks and safety model. Add doc tests.
Closes#260.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>