Require proof-backed PR review handoff claims #395
Closed
opened 2026-07-07 09:19:35 -05:00 by jcwalker3
·
2 comments
No Branch/Tag Specified
master
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-702-stale-binding-lease-recovery
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-693-review-decision-lock-recovery
fix/issue-691-obsolete-reviewer-lease-cleanup
feat/issue-687-reconciler-branch-delete
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
feat/issue-604-anti-stomp-preflight
feat/issue-606-sentry-observability
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
docs/mcp-stable-control-runtime-policy
feat/issue-609-prepared-review-verdict-resume
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#395
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Problem:
Reviewer final reports can claim workflow proof that is not visibly supported by the action transcript. This makes it difficult for the controller/operator to distinguish actual validation from narrative overclaim.
Observed example:
A PR #383 review/merge report claimed:
The merge outcome appears safe, but the visible command transcript did not clearly show every claimed proof step. Future reports should require explicit proof entries.
Required behavior:
A reviewer final report must not claim proof-sensitive workflow steps unless each claim is backed by explicit command/tool evidence in the transcript or structured MCP result metadata.
Acceptance criteria:
Inventory proof must include explicit pagination metadata:
has_more=falseor equivalent,is_final_page=trueor equivalent,inventory_complete=trueor equivalent,Earlier PR skip proof must include either:
Baseline validation claims must include:
Review worktree master-integration claims must include the exact merge/rebase/simulation command and result.
Cleanup claims must include final
git worktree listor equivalent proof that session-owned worktrees were removed.Reports must distinguish:
Tests cover:
Documentation updates the review-merge handoff template to require proof-backed claims.
Non-goals:
review_prormerge_prcapability checks.Duplicate-implementation reconciliation (author session
prgs-author, 2026-07-07)Two implementations of this issue exist because a work-issue session hit the duplicate-PR gate after pushing its branch:
feat/issue-395-proof-backed-review-handoff, headc1d85b6. Modulereviewer_proof_backed_handoff.pywith structured session cross-checks (action_log,inventory_session,baseline_session,skip_session), page-size-assumption rejection, proof-source labeling enforcement (command/MCP metadata/prior blocker/not checked— rejects unlabeled "live proof"), schema update toschemas/review-merge-final-report.md(the actual handoff template, per criterion 8),build_final_reportdowngrade wiring (hint-gated), 10 tests including all five required scenarios.feat/issue-395-proof-backed-handoff-claims, commite1e76f0. Modulereviewer_proof_backed_claims.py(text-only), 13 tests, full suite green on its base (1501 passed).Recommendation: keep PR #397 as-is and absorb four small deltas from
e1e76f0that #397 lacks:PROOF_PROVENANCE_CLASSESconstant (typed source of truth for the four provenance classes; #397 encodes them only inside a regex).proof_backed_claims_proven/proof_backed_claims_violationsentries in thebuild_final_reportchecks dict (machine-readable surface; #397 adds only downgrade reasons).review-merge-pr.md§30A) cross-referencing the schema requirements, plus its contract-test marker intest_llm_workflow_split.py— #397 updates the schema template but not the workflow rules doc.No second PR was or will be created for this issue; neither branch should be deleted until #397's author absorbs or declines the deltas. Cherry-pick source:
e1e76f0onfeat/issue-395-proof-backed-handoff-claims.Evidence update — PR #374 shows good pagination fields but final reports must preserve raw proof.
The PR #374 report included stronger inventory fields than prior runs:
page=1,per_page=50,returned_count=10,has_more=false,is_final_page=true, andinventory_complete=true.This is the kind of proof the canonical workflow needs. The verifier should require these explicit fields and reject older wording such as “returned fewer than page size, so inventory complete” when
has_more,is_final_page, or total metadata is absent.