Commit Graph
58 Commits
Author SHA1 Message Date
sysadmin c278e16053 fix: resolve conflicts for PR #356 2026-07-07 05:35:13 -04:00
sysadmin e1dabd1b0f Merge pull request 'feat: reject legacy Workspace mutations field in reviewer handoffs (Closes #320)' (#357) from feat/issue-320-remove-workspace-mutations into master 2026-07-07 04:33:31 -05:00
sysadmin 4d3e90e7c5 Merge pull request 'feat: enforce queue ordering proof in reviewer reports (Closes #321)' (#351) from feat/issue-321-queue-ordering-proof into master 2026-07-07 04:31:14 -05:00
sysadmin 2cf0ad5908 feat: add composable final-report validator for reviewer and reconciliation handoffs (Closes #327) 2026-07-07 05:27:24 -04:00
sysadmin 077cedc0c9 feat: enforce queue ordering proof in reviewer reports (Closes #321) 2026-07-07 05:27:18 -04:00
sysadmin c83c18e52a Merge pull request 'feat: enforce proof wording for pagination and live claims (Closes #330)' (#346) from feat/issue-330-proof-wording-enforcement into master 2026-07-07 04:26:44 -05:00
sysadmin 1666e55e60 Merge pull request 'feat: reject workspace-none claims after worktree mutations (Closes #313)' (#354) from feat/issue-313-worktree-mutation-consistency into master 2026-07-07 04:23:54 -05:00
sysadmin e9fdb356dd fix: resolve conflicts for issue 330 (master refresh) 2026-07-07 05:21:43 -04:00
sysadmin 897d256f98 Merge pull request 'feat: add queue-status report verifier for reviewer handoffs (Closes #339)' (#347) from feat/issue-339-queue-status-report-verifier into master 2026-07-07 04:20:09 -05:00
sysadmin 240e7adf46 fix: resolve conflicts for issue 339 2026-07-07 05:18:29 -04:00
sysadmin deb228d629 Merge pull request 'feat: require conflict proof for skipped non-mergeable PRs (Closes #322)' (#353) from feat/issue-322-mergeability-skip-proof into master 2026-07-07 04:17:09 -05:00
sysadminandClaude Opus 4.8 94b022b24d fix: resolve conflicts for issue 330
Merge prgs/master into feat/issue-330-proof-wording-enforcement and keep
both assess_proof_wording (#330) and git ref mutation reporting (#297).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 05:16:57 -04:00
sysadminandClaude Opus 4.8 71b8d00897 feat: classify merge simulation as worktree/index mutations (Closes #317)
Add assess_merge_simulation_report to reject local merge simulations listed
as read-only diagnostics and require Worktree/index mutations documentation
with worktree path, pre/merge/abort/post-clean proof when simulation
commands appear in the session log.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 05:13:30 -04:00
sysadmin 6bf0210128 Merge pull request 'feat: enforce branches-only baseline validation in reviewer reports (Closes #325)' (#349) from feat/issue-325-baseline-worktree-validation into master 2026-07-07 04:13:22 -05:00
sysadminandClaude Opus 4.8 c2bba27b86 feat: reject legacy Workspace mutations field in reviewer handoffs (Closes #320)
Reviewer controller handoffs must now report the precise mutation
categories (File edits by reviewer, Worktree/index mutations, Git ref
mutations, MCP/Gitea mutations, Review mutations, Merge mutations,
Cleanup mutations, External-state mutations, Read-only diagnostics)
instead of the ambiguous legacy "Workspace mutations" field.

- assess_controller_handoff(role="review") no longer requires
  "Workspace mutations" and fails closed when any legacy
  "Workspace mutations:" line is present, regardless of value.
- New HANDOFF_REVIEW_MUTATION_FIELDS makes the nine precise categories
  required fields for review-role handoffs, matching the canonical
  schemas/review-merge-final-report.md field set.
- Tests cover approval, request-changes, merge, worktree cleanup,
  fetch-only, and blocked handoffs, plus rejection of
  "Workspace mutations: none" and non-none values.
- Author/create-issue/inventory roles keep their existing contracts.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 05:11:05 -04:00
sysadminandClaude Opus 4.8 9fbe556466 feat: reject workspace-none claims after worktree mutations (Closes #313)
Add assess_workspace_mutation_consistency to review_proofs: final
reports fail validation when they claim "Workspace mutations: none"
while worktree mutations (reset --hard, checkout, clean, worktree
add/remove, stash, merge, rebase, ...) occurred — either observed in
the workflow command log or self-reported in the report's own
"Worktree mutations" field. Observed worktree and git ref mutations
must be reported under their precise category fields; reports pass
when they say "File edits by reviewer: none" alongside a non-none
"Worktree mutations" entry. Tests cover reset, checkout, worktree add,
clean, fetch-only, and no-op cases.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 05:09:44 -04:00
sysadminandClaude Opus 4.8 cf1cedf5e3 feat: require conflict proof for skipped non-mergeable PRs (Closes #322)
Add assess_non_mergeable_skip_proof to validate reviewer reports document
head SHA, mergeability result, conflict proof command, conflicting files,
and head-change status for each skipped non-mergeable PR, or classify
MERGEABILITY_UNVERIFIED when proof cannot be retrieved.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 05:08:53 -04:00
sysadmin d7d2f92286 Merge pull request 'feat(reports): classify git fetch as a git ref mutation (closes #297)' (#344) from feat/issue-297-fetch-ref-mutation into master 2026-07-07 04:07:11 -05:00
sysadmin f92d1a29c2 Merge pull request 'Add pagination metadata to gitea_list_prs' (#342) from feat/issue-340-list-prs-pagination-metadata into master 2026-07-07 04:03:30 -05:00
sysadminandClaude Opus 4.8 a47083b9b8 feat: enforce branches-only baseline validation in reviewer reports (Closes #325)
Add assess_reviewer_baseline_validation_proof to block test-suite runs in
the main checkout and require complete baseline worktree proof when reports
claim pre-existing master failures.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 05:02:07 -04:00
sysadmin 6c653ce32a feat: add queue-status report verifier for reviewer handoffs (#339)
Add assess_queue_status_report and assess_proof_wording to reject
contradictory queue-status-only reports: passed gates without a selected
PR, prior diagnostic conflict proof, pagination assumptions, and
blocker contradictions. Wire into build_final_report and document the
queue-status-only schema path.

Closes #339
2026-07-07 04:57:50 -04:00
sysadmin 46703eac3f feat: enforce proof wording for pagination and live claims (#330)
Add assess_proof_wording to reject unsupported phrases such as
inventory complete, live proof, same as master, and file edits none
unless matching evidence is present. Wire into build_final_report and
add doc-contract tests.

Closes #330
2026-07-07 04:46:48 -04:00
sysadminandClaude Opus 4.8 c41a698a08 feat(reports): classify git fetch as a git ref mutation (closes #297)
Reviewer reports treated 'git fetch prgs master' as read-only
diagnostics while claiming 'Git/worktree mutations: None'. Fetch edits
no files but updates remote-tracking refs, so hiding it under
diagnostics understates what the run mutated.

Add git_ref_mutating_commands() classifying fetch, pull, push, merge,
update-ref, remote update, branch -d/-D, and reset --hard as git ref
mutations, and assess_git_ref_mutation_report() which fails a report
when ref-updating commands ran but the report lacks a non-none 'Git ref
mutations' entry, omits 'fetched <remote>/<branch>' for a targeted
fetch, still claims 'Git/worktree mutations: None', or lists the
command under read-only diagnostics.

Tests cover fetch-only review, missing ledger entry, missing fetch
target, contradictory none-claim, read-only misclassification, worktree
creation (not a ref mutation), merge, cleanup branch deletion,
no-mutation blocked handoff, and dict command-log entries.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 04:26:58 -04:00
sysadmin 8929286276 feat: add pagination metadata to gitea_list_prs (#340)
Return wrapped {prs, pagination} from gitea_list_prs with has_more,
inventory_complete, and page traversal via api_fetch_page. Route
gitea_review_pr inventory through gitea_list_prs so trust gates can
prove pagination finality. Add assess_list_prs_pagination_proof verifier.

Closes #340
2026-07-07 04:25:02 -04:00
sysadmin 14f5c865b3 feat: add create-issue final-report verifier (#337)
Extend review_proofs with assess_create_issue_final_report to enforce
workflow-source proof, create-issue handoff schema fields, and rejection
of work-issue/review-merge cross-mode handoff fields.

Closes #337
2026-07-07 04:23:45 -04:00
sysadminandClaude Opus 4.8 ae4dd0ff91 Add final-report mutation ledger verifier (#331)
Introduce assess_mutation_ledger_report so reviewer final reports cannot
claim no file edits when the action log records performed mutations.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 04:08:27 -04:00
sysadmin c73e68bd75 Merge pull request 'feat(reports): add no-email identity summary and disclosure validator (closes #305)' (#329) from feat/issue-305-report-email-redaction into master 2026-07-07 03:03:12 -05:00
sysadminandClaude Opus 4.8 a3b79736e0 feat(reports): add no-email identity summary and disclosure validator (closes #305)
Workflow reports included the authenticated user's personal email even
when username/profile identity was sufficient (observed: 'Identity:
jcwalker3 / [email protected]' in a reconciliation handoff).

Add format_identity_summary() producing the canonical no-email identity
line ('<username> / <profile>' with optional role/remote, reducing an
email passed in the username slot to its local part), and
assess_email_disclosure() flagging personal email addresses in report
text unless the report itself justifies the disclosure (tool proof,
explicit request, or identity disambiguation).

Tests cover no-email summaries for author and reviewer identities,
role/remote suffixes, email-in-username reduction, clean reports,
single and multiple unjustified disclosures, and justified
disambiguation.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 02:57:45 -04:00
sysadminandClaude Opus 4.8 efb0a2d076 Add REQUEST_CHANGES override proof helper before approval (#326)
Introduce assess_request_changes_approval_proof in review_proofs.py so
review workflows can fail closed when approving an unchanged head after a
prior REQUEST_CHANGES unless explicit override proof is provided.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 02:53:25 -04:00
sysadminandClaude Opus 4.8 24d8891424 fix(issue-filing): enforce mutation-scope denials in generic loop (#191)
The forbidden-mutation loop in assess_issue_filing_mutation_scope never
appended reasons; align aggregation with issue-selection handoff checks.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 14:36:18 -04:00
sysadminandClaude Opus 4.8 27922c67f8 feat(issue-filing): harden final report proofs for handoff and mutations (#191)
Add assess_issue_filing_final_report and supporting checks for Controller
Handoff (issue_filing role), exact issue number/title, full 40-char SHAs,
per-mutation capability proof, single-mutation scope statements, and
duplicate-search summaries. Workflow skill documents the issue-filing
handoff fields.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 14:32:48 -04:00
sysadminandClaude Opus 4.8 70c868962a feat(reviewer): add queue-target lock before PR inventory trust gate (#200)
Operators can supply an active PR backlog for one repo while agents
inventory another and falsely report trusted_empty. reconcile_queue_target
locks the target repo from operator context/backlog before list_prs runs;
pr_inventory_trust_gate blocks target_repo_mismatch and unresolved locks.
assess_reviewer_queue_inventory wires the lock into the canonical path.

Tests cover Gitea-Tools backlog vs mcp-control-plane inventory mismatch,
ambiguous dual-repo context, conflicting directive vs backlog, and final-
report field requirements.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 12:29:16 -04:00
sysadminandClaude Opus 4.8 dc41b685d0 feat(author): add continuation-mode selection wall for open-PR issues (#188)
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 11:40:35 -04:00
jcwalker3 056a232ef8 revert: remove #208 from master (land via PR #235) 2026-07-06 10:19:26 -05:00
sysadminandClaude Opus 4.8 ca3de3da53 feat(reviewer): require trust-gate proof in empty-queue reports (#198)
Add assess_empty_queue_report to block empty-queue claims without
pr_inventory_trust_gate.status == trusted_empty, reject weak merge-commit
corroboration, extend inventory handoff fields, and wire the gate into
build_final_report and capability-stop terminal validation.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 11:16:35 -04:00
sysadminandClaude Opus 4.8 1033a22407 feat(reviewer): wire PR inventory trust gate into live queue path (#196)
Run pr_inventory_trust_gate on empty gitea_review_pr inventory results,
add assess_reviewer_queue_inventory for multi-repo completeness checks,
and require trusted_empty before empty-queue claims in reports/templates.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 02:08:55 -04:00
sysadminandClaude Opus 4.8 4f466550ca feat(reviewer): fail closed on dirty worktrees and forbidden git cleanup (#233)
Add reviewer_worktree proofs that block stash/reset/checkout -- cleanup of
unrelated local files, require scratch worktree reporting when the main tree
is dirty outside PR scope, and integrate the gate into final report grading
and Controller Handoff review fields.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 02:04:34 -04:00
sysadminandClaude Opus 4.8 6ac6b9528c test: require issue-lock proof in author handoffs (#208)
Add Issue lock proof to author HANDOFF_ROLE_FIELDS and update controller
handoff tests. Strengthen create_pr tests to read and validate the issue
lock file (branch match, Closes #N, reveal opt-in unchanged).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 02:02:26 -04:00
sysadminandClaude Opus 4.8 cbce6cb2e7 Block author mutations from reviewer MCP namespace (Issue #209)
Add role_namespace_gate to fail closed when reviewer-bound sessions attempt
author mutations (create_pr always blocked; create_issue only when profile
explicitly grants gitea.issue.create). Extend mutation audit records with
mcp_namespace, task_role, and operation fields. Add handoff parity checks in
review_proofs for author role vs reviewer namespace mismatches.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-05 21:12:33 -04:00
sysadmin 5229dedb03 feat(author): harden reporting and claim capability per #183
- Add 'mark_issue' to TASK_MAP in resolve_task_capability for exact mutation proof (closes gap on unknown treated as allowed).
- Add assess_controller_handoff and integrate into build_final_report (downgrades missing handoff).
- Add tests for handoff and update existing.
- Update SKILL.md and review-pr.md to mandate exact 'Controller Handoff' section, exact sweep evidence, PR head SHA in reports.
- Author profile used throughout; no review/merge.

Refs #183
2026-07-05 20:41:34 -04:00
sysadminandClaude Opus 4.8 7a7e9c0cbc feat: enforce capability stop terminal mode after reviewer denial (Issue #197)
Enter terminal mode when review_pr/merge_pr capability is denied. Block
reviewer queue tools (list_prs, eligibility checks) and add report-purity
validators for forbidden PR selection, fallback, and empty-queue claims.

Closes #197

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-05 20:36:23 -04:00
sysadmin ab95f1b253 feat(preflight): block workspace edits before identity/capability verification (Closes #210) 2026-07-05 20:31:51 -04:00
sysadmin 8dd1b2ee34 Merge pull request 'feat(author-workflow): enforce exact issue lock before branch/commit/push/PR (Issue #204, recreation of PR #205)' (#213) from feat/issue-204-exact-issue-lock-v2 into master 2026-07-05 19:28:14 -05:00
sysadmin 16f977fde0 fix(review): harden #211 decision lock and CLI gate per review blockers
- Bind review decision state to in-process session (pid + profile lock); drop /tmp file path.
- Fail closed on review_pr.py CLI; route live reviews through gated MCP tools only.
- Require operator_authorized on review correction; allow re-mark after correction.
- Validate remote/org/repo on mark and submit; wire review mutation proof into build_final_report.
- Add security regression tests for spoofed locks, correction flow, and CLI bypass.

Refs #211
2026-07-05 20:16:04 -04:00
sysadmin 7489107768 feat(review-workflow): enforce single terminal review decision per review run (#211) 2026-07-05 17:43:50 -04:00
sysadmin 880fca81da Enforce single terminal review decision per PR review run (Issue #211)
Reviewer agents could post probe APPROVE/REQUEST_CHANGES reviews while
testing lock paths, polluting PR audit trails. Add a review decision lock
seeded by gitea_resolve_task_capability(review_pr) that requires
gitea_mark_final_review_decision and final_review_decision_ready=True
before gitea_submit_pr_review performs a live mutation.

Add gitea_dry_run_pr_review for read-only submission validation,
gitea_authorize_review_correction for operator-approved fixes, and
assess_review_mutation_final_report for final-report proof. One live
review mutation per run unless correction is explicitly authorized.
2026-07-05 17:43:36 -04:00
8ec69cdd35 feat(author-workflow): enforce exact issue lock before branch/commit/push/PR (Issue #204)
Recreation of the #204 work from closed PR #205 (invalid provenance), rebuilt
cleanly on master under the prgs author identity with no PR #203 content:

- Add gitea_lock_issue MCP tool: locks exactly one issue to its branch name,
  fails closed on branch/issue-number mismatch and on issues already tied to
  an open PR (by head branch or Closes/Fixes reference).
- gitea_create_pr now requires the issue lock: head must match the locked
  branch, title/body must contain Closes/Fixes #<locked issue> exactly, and
  ambiguous references (equivalent / related / same as) are rejected.
- scripts/worktree-start refuses to create an issue-linked worktree unless the
  lock file exists and matches the requested branch.
- assess_controller_handoff rejects handoffs whose selected issue / opened PR
  fields carry multiple numbers or fuzzy equivalence wording.
- Tests: TestIssueLocking (lock + create_pr gates), handoff exact-reference
  tests, worktree-start lock coverage.

Closes #204

Co-Authored-By: Claude Fable 5 <[email protected]>
2026-07-05 17:41:50 -04:00
sysadminandClaude Opus 4.8 75c176991e feat(issue-filing): enforce pre-create duplicate title gate (#207)
Add server-side duplicate detection in gitea_create_issue that re-queries
open and recently closed issues at mutation time, blocks normalized title
matches unless the operator explicitly approves a split, and validates LLM
duplicate-search summaries via review_proofs.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-05 17:24:15 -04:00
sysadmin 5a1db875bc Merge pull request 'feat(workflow): pre-task role/session router blocks reviewer tasks in author sessions (Issue #206)' (#217) from feat/issue-206-role-session-router into master 2026-07-05 16:20:29 -05:00
sysadminandClaude Opus 4.8 a256caaae7 feat: add pre-task role/session router for reviewer tasks (Issue #206)
Add gitea_route_task_session and role_session_router to fail closed when
reviewer tasks start under author-bound MCP sessions. Block author-side
issue creation fallback after wrong_role_stop. Add handoff proof helper and
tests.

Closes #206

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-05 17:13:18 -04:00