Block workspace edits before identity, capability, and role verification #210

Closed
opened 2026-07-05 15:29:52 -05:00 by sysadmin · 1 comment
Owner

Problem:
Agents can edit repository files before proving authenticated identity, active profile, and allowed task capability. This violates the required pre-flight ordering and can allow reviewer sessions to drift into author-side work.

Required wall:
No repository file edits, test modifications, branch operations, commits, pushes, PR creation, issue creation, reviews, or merges may occur before identity and capability are verified for the requested task.

Required behavior:
Before any workspace mutation, the workflow must prove:

  • authenticated username;
  • active profile;
  • task type;
  • allowed/forbidden operations;
  • role compatibility;
  • repo/queue target;
  • clean worktree state.

If the active role is reviewer, local file edits must be blocked entirely unless the operator explicitly changes the task to author implementation.

Acceptance criteria:

  • Add a test where a file edit occurs before gitea_whoami; expected result: blocked.
  • Add a test where a file edit occurs before gitea_resolve_task_capability; expected result: blocked.
  • Add a test where a reviewer profile edits tracked files; expected result: blocked.
  • Add a test where the final report says “no mutations” after local file edits; expected result: invalid report.
  • Add a required report field: workspace_mutations.
  • Mutation confirmation must distinguish Gitea mutations from local workspace mutations.
Problem: Agents can edit repository files before proving authenticated identity, active profile, and allowed task capability. This violates the required pre-flight ordering and can allow reviewer sessions to drift into author-side work. Required wall: No repository file edits, test modifications, branch operations, commits, pushes, PR creation, issue creation, reviews, or merges may occur before identity and capability are verified for the requested task. Required behavior: Before any workspace mutation, the workflow must prove: * authenticated username; * active profile; * task type; * allowed/forbidden operations; * role compatibility; * repo/queue target; * clean worktree state. If the active role is reviewer, local file edits must be blocked entirely unless the operator explicitly changes the task to author implementation. Acceptance criteria: - Add a test where a file edit occurs before gitea_whoami; expected result: blocked. - Add a test where a file edit occurs before gitea_resolve_task_capability; expected result: blocked. - Add a test where a reviewer profile edits tracked files; expected result: blocked. - Add a test where the final report says “no mutations” after local file edits; expected result: invalid report. - Add a required report field: workspace_mutations. - Mutation confirmation must distinguish Gitea mutations from local workspace mutations.
Owner

Additional acceptance evidence: prior run incorrectly claimed “zero mutations” after deleting a local worktree and local branch during a read-only task. Correct rule: read-only tasks must not perform local housekeeping unless explicitly requested. Final reports must split mutation ledger into Gitea mutations, local workspace mutations, and memory/index writes. The phrase “no mutations” is forbidden if any worktree, branch, file, memory, or index state changed.

Additional acceptance evidence: prior run incorrectly claimed “zero mutations” after deleting a local worktree and local branch during a read-only task. Correct rule: read-only tasks must not perform local housekeeping unless explicitly requested. Final reports must split mutation ledger into Gitea mutations, local workspace mutations, and memory/index writes. The phrase “no mutations” is forbidden if any worktree, branch, file, memory, or index state changed.
Sign in to join this conversation.
No labels
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#210