Closed
opened 2026-07-05 14:15:29 -05:00 by jcwalker3
·
4 comments
No Branch/Tag Specified
master
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-702-stale-binding-lease-recovery
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-693-review-decision-lock-recovery
fix/issue-691-obsolete-reviewer-lease-cleanup
feat/issue-687-reconciler-branch-delete
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
feat/issue-604-anti-stomp-preflight
feat/issue-606-sentry-observability
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
docs/mcp-stable-control-runtime-policy
feat/issue-609-prepared-review-verdict-resume
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#179
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Context:
PR #176 closed issue #173 and significantly improved blind PR queue review proofs. A later reviewer run successfully found and merged PR #176 after checking both configured repos. The run was strong, but it exposed a few remaining proof/reporting gaps that should become durable harness requirements.
Positive evidence from the run:
sysadmin / prgs-reviewerScaled-Tech-Consulting/Gitea-Tools: PR #176 open and selectedScaled-Tech-Consulting/mcp-control-plane: PR #79 open and left for future reviewccc5ef79dfe629853e144763238593bd808d57e0HEADmatched the pinned SHAPYTHONPATH=. ./venv/bin/pytest tests/test_review_proofs.py→35/35 passedPYTHONPATH=. ./venv/bin/pytest tests/ --ignore=branches→681 passed, 0 failures, 6 skippedpython3 -m py_compile review_proofs.py tests/test_review_proofs.py→ passedgit diff --check prgs/master...HEAD→ passedRemaining proof gaps:
Capability proof must be explicit.
The final report claimed
review_prandmerge_prcapability checks passed, but the visible tool log did not clearly showgitea_resolve_task_capabilitycalls. A-level reports should cite the exact capability proof source.Secret/provenance sweep must be exact.
"Checked diff for raw credentials or production service endpoints" is too vague. Reports should include the command, script, grep pattern, or named sweep method used.
Final live-state recheck must be explicit.
Before submitting review or merge, the workflow should explicitly re-read live PR state/head and confirm:
Reviewer flows should avoid unnecessary author namespace calls.
The run used
gitea-authorfor initial identity/runtime checks even though it was a reviewer task. This was not unsafe, but reviewer workflows should stay ingitea-reviewerunless author namespace use is explicitly justified.Required behavior:
gitea_resolve_task_capabilityor equivalent runtime context.Tests/harness assertions:
Acceptance criteria:
A blind PR review earns a full A only when it proves capability, complete inventory, pinned checkout, exact validation, exact secret/provenance sweep, final live-state recheck, and clean reviewer-only role boundaries before mutation.
Related:
PR #79 Reviewer Run Evidence
A reviewer run successfully reviewed and merged
mcp-control-planePR #79 for Issue #78.Observed Positive Behavior:
sysadmin / prgs-reviewer.Scaled-Tech-Consulting/Gitea-Tools: PR #180 and PR #181 open.Scaled-Tech-Consulting/mcp-control-plane: PR #79 open and selected.e3b1b66a764a4d3a68565482e9268617e20b682e.HEADmatched the pinned SHA../venv/bin/pytest tests/test_controller_capabilities.py tests/test_controller_reports.py tests/test_issue_escalation.py→31/31 passed./venv/bin/pytest→431 passed, 0 failures, 13 skippedpython3 -m py_compile→ passedgit diff --check prgs/master...HEAD→ passedRemaining gaps:
Controller Handoff.review_prandmerge_prcapability checks passed, but the visible tool log did not clearly showgitea_resolve_task_capabilitycalls. Runtime context is useful, but A-level reports should include exact capability proof.Claimed for author implementation. Branch:
feat/issue-179-reviewer-proof-tightening. Worktree:branches/feat-issue-179-reviewer-proof-tightening.Note on claim mechanics:
gitea_resolve_task_capabilityreturnsUnknown task/action: 'mark_issue' (fail closed)underprgs-author, so per the #183 rule (unknown mutation capability must not be treated as allowed) this claim is recorded via the exactly-provengitea.issue.commentoperation instead of thestatus:in-progresslabel toggle. Resolver coverage for issue-claim operations is #183's scope.Plan: extend
review_proofs.pywith the four #179 proofs — exact capability evidence, exact secret/provenance sweep evidence, pre-mutation live-state recheck (open + live head == pinned + base unchanged + no unresolved blocking reviews), and reviewer role-boundary (author-namespace use requires justification) — raisebuild_final_report's A bar to require them, update tests, and wire the requirements into SKILL.md §F/§G and the review/merge templates.Codex queue-selection example: correct PR-first instinct, incomplete queue execution
Observed behavior:
Codex correctly concluded that the best next work is PR review, not more author implementation, because
Gitea-Toolshad 6 open mergeable PRs andmcp-control-planehad no open PRs. It proposed this order:Positive behavior:
Remaining workflow gaps:
Required behavior:
continue the queuetasks.Acceptance criteria addition:
A reviewer queue run earns an A only when it performs live inventory, proves eligibility/staleness/mergeability, selects exactly one eligible PR, and proceeds to review or stops with evidence. A ranked list alone is not sufficient.
Additional observed failure:
A run executed the full test suite and got a failure:
TestAuthorProofs.test_runexpectedno_local_workbut gotorder_violation.The run then continued to produce a final PR-inventory report instead of treating the failing validation as a blocker.
Required behavior:
Any failed validation command must be reported as a blocker.
A final report must not summarize the run as clean if tests failed.
If a test failure occurs during a reviewer/inventory task, the report must explicitly separate:
If the active branch is unrelated to the target repo or review task, that must be disclosed.