Require exact capability proof for every mutation in reviewer final reports #405
Closed
opened 2026-07-07 10:10:39 -05:00 by jcwalker3
·
4 comments
No Branch/Tag Specified
master
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-702-stale-binding-lease-recovery
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-693-review-decision-lock-recovery
fix/issue-691-obsolete-reviewer-lease-cleanup
feat/issue-687-reconciler-branch-delete
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
feat/issue-604-anti-stomp-preflight
feat/issue-606-sentry-observability
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
docs/mcp-stable-control-runtime-policy
feat/issue-609-prepared-review-verdict-resume
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#405
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Context:
Recent review-merge reports correctly prove
review_prcapability, but then perform additional mutations such asgitea_merge_prandgitea_delete_branchwithout clearly reporting exact capability proof for those specific operations. Nearby capabilities must not authorize different operations.Problem:
A reviewer final report can show capability proof for
review_prwhile also merging a PR or deleting a remote branch. Merge and branch deletion are separate mutations and require separate exact capability proof.Required behavior:
Every mutation must have exact capability proof before execution and must be listed in the final report.
Acceptance criteria:
gitea_submit_pr_reviewrequires exactreview_prcapability proof.gitea_merge_prrequires exactmerge_prcapability proof.gitea_delete_branchrequires exactdelete_branch/gitea.branch.deletecapability proof.Final report must include a mutation-capability table:
Nearby capabilities do not count.
If exact capability proof is missing, the mutation is skipped or the workflow stops.
Tests prove:
review_prdoes not authorize merge,merge_prdoes not authorize branch deletion,Documentation updates review-merge workflow and handoff template.
Non-goals:
PR #388 is another example where the final report proved
review_prcapability but did not clearly report exactmerge_prcapability beforegitea_merge_pr. The merge outcome appears safe, but the report is missing exact mutation-capability proof.Claiming #405 for implementation (author session,
prgs-author/jcwalker3).Branch:
feat/issue-405-mutation-capability-proof(base master9fde4f3)Planned slice (report-verifier pattern, matching sibling PRs #397/#409/#411/#412):
reviewer_mutation_capability_proof.py—assess_mutation_capability_proof(report_text)requiring a mutation-capability table: each mutating operation (gitea_submit_pr_review,gitea_merge_pr,gitea_delete_branch) paired with its exact resolved task/permission (review_pr/merge_pr/delete_branch+gitea.branch.delete), result, and pre-mutation order. Fail closed on: a merge/delete claim with onlyreview_prproof (nearby capability), missing table, post-hoc proof, or a listed mutation lacking its row.final_report_validator.pyasreviewer.mutation_capability_proof; export wrapper inreview_proofs.py.Scope note: report-layer proof, complementary to server-side gates #392 (#389 load), #410 (#408 delete-branch tool gate) — this issue asserts the report accounts for every mutation's exact proof. Working in
branches/issue-405-mutation-capability-proof.PR #410 appears to have fixed the
gitea_delete_branchtool-entry gate for Issue #408. However, the PR #410 review/merge final report still only clearly reportsreview_prcapability proof while performinggitea_merge_prandgitea_delete_branch.This shows the remaining gap is report-layer enforcement: reviewer final reports need a mutation-capability table proving exact capability for every mutation.
Evidence:
af7131abf16489baab832c4f74f30d19bce1d276gitea_submit_pr_reviewgitea_merge_prgitea_delete_branchreview_pronlymerge_prdelete_branch/gitea.branch.delete#408 fixed the tool-entry gate, but #405 still needs report validation.
PR #410 appears to have fixed the
gitea_delete_branchtool-entry gate for Issue #408, but its review/merge final report still only clearly reportedreview_prcapability while performinggitea_merge_prandgitea_delete_branch.Details:
af7131abf16489baab832c4f74f30d19bce1d2761575 passed, 6 skipped1600 passed, 6 skippedgitea_submit_pr_reviewgitea_merge_prgitea_delete_branchmerge_prdelete_branch/gitea.branch.deleteConclusion:
#408 fixed the tool gate, but #405 still needs report-layer enforcement.