Commit Graph
14 Commits
Author SHA1 Message Date
sysadmin dfb5ebd0af Fix #723: Prevent poisoned role stamp during task capability denial
This fixes #723 Defect B where attempting to acquire a reviewer lease from a merger session caused the session role to be incorrectly stamped as 'reviewer', leading to downstream workspace binding exceptions.

This commit moves the preflight capability recording to only apply when the task is allowed, and adds a try/except downstream to correctly fail-closed instead of throwing RuntimeError.
2026-07-17 01:13:55 -04:00
sysadmin 2941ec529c fix: enforce merger role boundaries (Closes #539) 2026-07-09 15:41:07 -04:00
sysadmin 223cde1b94 feat: terminal launcher diagnostics and mutation preflight (Closes #556)
Add categorize-and-probe helpers for shell spawn failures, expose
gitea_diagnose_terminal, and fail closed on mutation capability resolve
when the terminal launcher is unhealthy (BLOCKED + DIAGNOSE). Document
the operator path in the workflow runbooks.
2026-07-09 10:29:03 -04:00
sysadmin a863928661 Clarify and enforce reviewer-vs-merger role boundaries (#483) 2026-07-08 02:12:26 -04:00
sysadmin 10e64f6683 fix: resolve conflicts for PR #385
Merge prgs/master; keep work-issue author routing (#139) alongside
reconciler task entries from master (#309/#310).
2026-07-07 10:34:23 -04:00
sysadmin 167257b8a3 Merge commit 'b5ee6567aade4fdce4c57d826184bfd01ebb522e' into HEAD
# Conflicts:
#	tests/test_resolve_task_capability.py
2026-07-07 10:18:20 -04:00
sysadminandClaude Opus 4.8 91c67930ec feat: add PR-only queue cleanup mode with per-PR dispatch gates (Closes #390)
Adds canonical pr-queue-cleanup workflow, report verifier, reviewer-only task
routing, and runbook guidance so operators can drain open PRs one canonical
review at a time with fail-closed boundaries on batching and unauthorized merges.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 10:02:49 -04:00
sysadminandClaude Opus 4.8 c260ef15fb feat: register work-issue task routing for role-aware MCP (#139)
- Map work_issue/work-issue to author role and gitea.pr.create in resolver
- Route work-issue sessions through role_session_router before mutations
- Expose work_issue in runtime context task capabilities
- Add work-issue workflow source verifier and canonical routing docs
- Tests for resolver, router, and final-report verifier

Closes #139

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-07 09:30:38 -04:00
sysadmin 9cf1b41b77 feat: add prgs-reconciler profile and gated already-landed PR close (Closes #310)
Introduce a dedicated reconciler role with gitea_reconcile_already_landed_pr,
which closes open PRs only after live fetch and ancestor proof against a fresh
target branch. Document the gitea-reconciler namespace and extend task routing.
2026-07-07 09:20:50 -04:00
sysadminandClaude Opus 4.8 5e64c96851 feat: align claim/lock gates with branches-only worktrees (#275)
Allow issue lock from base-equivalent branches/ worktrees instead of
requiring the literal master/main branch name. Runtime preflight and
mark_issue/lock_issue now inspect the declared active task workspace so
dirty control-checkout state does not block clean task worktrees.

Closes #275

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 14:49:39 -04:00
sysadmin 5229dedb03 feat(author): harden reporting and claim capability per #183
- Add 'mark_issue' to TASK_MAP in resolve_task_capability for exact mutation proof (closes gap on unknown treated as allowed).
- Add assess_controller_handoff and integrate into build_final_report (downgrades missing handoff).
- Add tests for handoff and update existing.
- Update SKILL.md and review-pr.md to mandate exact 'Controller Handoff' section, exact sweep evidence, PR head SHA in reports.
- Author profile used throughout; no review/merge.

Refs #183
2026-07-05 20:41:34 -04:00
sysadminandClaude Fable 5 484873ed73 Add explicit close_pr capability resolution and gated PR close path (Issue #216)
PR closure had no first-class capability: agents could close PRs through
gitea_edit_pr(state=closed) with no close-specific capability proof, and
gitea_resolve_task_capability(close_pr) failed as unknown, leaving the
broad edit path as an untracked close fallback.

Add close_pr to the resolver TASK_MAP (gitea.pr.close, author-side) and
gate gitea_edit_pr(state=closed) on the same operation: without it the
close fails closed before any auth or API call, with reasons and a
structured permission_report; with it the close proceeds and is audited
as a distinct close_pr action carrying the required capability. Reject
invalid state values outright so case variants cannot bypass the gate.
Generalize the profile gate helper (_profile_operation_gate) and document
the PR comment / PR edit / PR close capability split.

Co-Authored-By: Claude Fable 5 <[email protected]>
2026-07-05 17:18:48 -04:00
sysadmin 575da17156 test: add task-routing and permission-boundary regression tests (#145)
- Add 5 new tests covering AC from #145:
  - issue.comment does not imply close_issue
  - pr.comment does not imply issue.comment (via explicit forbidden)
  - reviewer profile cannot push_branch
  - structured guidance for missing merge permission
  - self-approve (self-review gate) blocked with reasons
- Tests are fully synthetic (patches, no live Gitea)
- Updated file docstring
- All 10 tests pass; no behavior changes to prod code

Closes #145
2026-07-05 03:36:47 -04:00
sysadmin 8ef9129e44 feat: add read-only Gitea task capability resolver tool (#141) 2026-07-05 03:21:51 -04:00