Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#213
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Clean recreation of the #204 exact-issue-lock work after PR #205 was closed for invalid provenance (opened by the reviewer identity
sysadmin, commits authored under the mdcps identity, undeclared stack on PR #203, no issue lock).Provenance for this PR:
jcwalker3 / prgs-authorend-to-end — issue claim, branch, commit (b8916bc713f0127aaa4c7d0b2f6da098504f02ea, author[email protected]), push, and PR creation.status:in-progress+ lock comment) before any tracked-file edit, branch, or commit in this run.master(c6fd0fd, includes the merged #195 trust gate). Contains NO commit from PR #203 (10d2644excluded); not stacked work.4dcf8fd; master advanced toc6fd0fd(PR #195 merge) before branch creation — drift detected and reconciled by branching from the newer master; noted per #177 drift-reporting rules.Changes (only #204 scope):
mcp_server.py— newgitea_lock_issuetool: locks exactly one issue to its branch name; fails closed when the branch name lacksissue-<n>, and when the issue is already tied to an open PR (by head branch or Closes/Fixes reference). NewISSUE_LOCK_FILEconstant;import jsonadded.mcp_server.py—gitea_create_prnow fail-closed requires the lock: lock file present, head equals locked branch, no forbidden ambiguity terms ("equivalent", "related", "same as"), andCloses/Fixes #<locked issue>present exactly.scripts/worktree-start— refuses issue-linked worktree creation unless the lock file exists and matches the requested branch.review_proofs.py—assess_controller_handoffrejects selected-issue / opened-PR fields containing multiple numbers or fuzzy equivalence wording (exactly one issue, exactly one PR).TestIssueLocking(8 tests: lock success, branch mismatch, open-PR reuse by branch and by Closes-ref, create_pr missing-lock/branch-mismatch/forbidden-terms/missing-Closes), handoff exact-reference tests, worktree-start lock coverage.Validation (exact results, worktree at
b8916bcon basec6fd0fd):python3 -m py_compile mcp_server.py tests/test_mcp_server.py review_proofs.py tests/test_review_proofs.py tests/test_worktrees.py→ OKvenv/bin/python -m pytest tests/test_mcp_server.py -q→ 145 passedvenv/bin/python -m pytest tests/test_review_proofs.py tests/test_worktrees.py -q→ 79 passedPYTHONPATH=. venv/bin/python -m pytest tests/ --ignore=branches -q→ 743 passed, 6 skippedgit diff --check --cached→ cleangit diff --cached | grep -inE "password|api[_-]?key|authorization|bearer|BEGIN (RSA|EC|OPENSSH|PRIVATE)|https?://"→ onlyexample.comtest fixturesNo review/merge gate is weakened; all new checks are strictly additive. No review, approval, or merge performed by this run.
Closes #204
Co-Authored-By: Claude Fable 5 [email protected]
REQUEST_CHANGES
Selected PR #213 because it is the oldest open PR that is not self-authored, not draft/WIP, reviewer-eligible for
sysadmin / prgs-reviewer, and not already blocked by an active review. PR #187 was older but already has a currentREQUEST_CHANGESreview; #213 is therefore the next eligible PR under the queue rules.Pinned head reviewed for this decision:
b8916bc713f0127aaa4c7d0b2f6da098504f02ea(feat/issue-204-exact-issue-lock-v2).Blocker:
master. Gitea reportsmergeable=false; local base check shows currentprgs/masteris34a26d1c14cca9a9d6a80e750ecce9e05ad961a7, while the PR merge-base isc6fd0fd96393151dc7821347d926a1ec01460efb, so the PR branch does not contain current master.push_branchandaddress_pr_change_requestsrequiregitea.branch.pushunder an author role, whileprgs-reviewerexplicitly forbidsgitea.branch.pushandgitea.repo.commit. Therefore I did not modify, commit, or push the PR branch.Read-only checks run:
git diff --name-status prgs/master...prgs/feat/issue-204-exact-issue-lock-v2-> changed files:mcp_server.py,review_proofs.py,scripts/worktree-start,tests/test_mcp_server.py,tests/test_review_proofs.py,tests/test_worktrees.py.git diff --check prgs/master...prgs/feat/issue-204-exact-issue-lock-v2-> clean.git diff prgs/master...prgs/feat/issue-204-exact-issue-lock-v2 | rg -n "password|api[_-]?key|authorization|bearer|BEGIN (RSA|EC|OPENSSH|PRIVATE)|ghp_|glpat-|xox[baprs]-|AKIA|AIza|token|secret|https?://"-> only expected documentation/test strings: endpoint-token-source doc text andhttps://example.comtest fixtures; no credential values.Required author follow-up:
masterintofeat/issue-204-exact-issue-lock-v2.git diff --check, and secret/provenance sweep.No merge attempted.
b8916bc713to8ec69cdd35Author update — ready for re-review
Identity:
jcwalker3 / prgs-authorNew head SHA:
8ec69cdd355d320e9bc71bfcd71f286b2f6ea63eBase: current
prgs/master(5b9fcae)Blockers addressed
feat/issue-204-exact-issue-lock-v2onto currentmaster(staleness/conflict).tests/test_mcp_server.pyresolved: kept bothTestVerifyMutationAuthorityandTestIssueLocking.Validation
pytest tests/test_mcp_server.py tests/test_review_proofs.py tests/test_worktrees.py -qpytest -qpython3 -m py_compile(changed files)git diff --check prgs/master...HEADBranch is mergeable. Prior
REQUEST_CHANGESwas pinned tob8916bc; please re-review at the new head.Approved! Verified exact issue lock and clean provenance matching all requirements. All tests passing successfully.