feat: add worktree cleanup audit integrity (Closes #404) #417
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#417
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Summary
Closes #404.
Adds auditable before/after reconciliation for bulk branches/ cleanup so
preserved worktrees cannot disappear without removal logs or explained transitions.
Changes
Validation
venv/bin/python -m pytest tests/test_worktree_cleanup_audit.py -q— 11 passedWorktree
branches/issue-404-worktree-cleanup-auditpr: #417
branch: feat/issue-404-worktree-cleanup-audit
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/fix-pr417-conflicts
profile: prgs-author
session_id: unknown
phase: claimed
head_before:
e4c0a51e5aexpires_at: 2026-07-08T08:20:13Z
reviewer_active: no
bf46648e35toe27b6ddefbDuplicate audit (post-#492 / post-#488) — PR #417 / Issue #404
Canonical dependencies landed
0b62d4e): session-owned TTL audit +gitea_audit_worktree_cleanup2bb45c0): root checkout guardccdff1d): workflow-load foundation (not in scope here)Supersession verdict: NOT superseded — partially overlapping, unique scope retained
PR #492 and PR #417 both touch
worktree_cleanup_audit.py, but they solve different acceptance criteria:gitea_audit_worktree_cleanupgitea_capture_branches_worktree_snapshot+gitea_assess_worktree_cleanup_integrityauthor.worktree_cleanup_audit_prooffinal-report ruleMerging the old branch as-is would have replaced the #401 module with a standalone #404 implementation. That duplicate path is removed.
Rebase actions taken (author/reconciler)
prgs/master(2bb45c0).e4c0a51(#404) and integrated integrity helpers into the landed #401 module (additive merge, not replacement).gitea_audit_worktree_cleanup; added only the #404 snapshot/integrity tools.Retained diff vs
prgs/master(e27b6dd)worktree_cleanup_audit.py— +545 lines (#404 integrity layer atop #401)gitea_mcp_server.py—gitea_capture_branches_worktree_snapshot,gitea_assess_worktree_cleanup_integrityfinal_report_validator.py—author.worktree_cleanup_audit_proofskills/llm-project-workflow/templates/worktree-cleanup.md— bulk audit sectiontests/test_worktree_cleanup_audit.py— +151 lines (#404 cases)Validation
Next actor: reviewer
e27b6ddonfeat/issue-404-worktree-cleanup-audit.repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #417
issue: #404
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 72645-fe1f963ad25d
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417
phase: claimed
candidate_head:
e27b6ddefbtarget_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:25:13Z
expires_at: 2026-07-08T17:25:13Z
blocker: none
Re-audit & Reconciliation Analysis for PR #417 (Closes #404)
Following the landing of PR #492 (Issue #401), we have completed a re-audit of PR #417:
gitea_capture_branches_worktree_snapshotandgitea_assess_worktree_cleanup_integrity).prgs/master(2bb45c0f80c2c7dfac3b784b182acc5ca627d792). Targeted tests (tests/test_worktree_cleanup_audit.py) are fully passing (41 passed).Controller Handoff
Task: Review PR #417 / issue #404.
Repo: Scaled-Tech-Consulting/Gitea-Tools on remote prgs.
Role: prgs-reviewer.
Identity: sysadmin.
Issue/PR: PR #417 / issue #404.
Branch/SHA: feat/issue-404-worktree-cleanup-audit at e27b6ddefb7e24c4c850cc2bb6f6cba0c5ab676d; base master at
2bb45c0f80.Files changed: final_report_validator.py, gitea_mcp_server.py, skills/llm-project-workflow/templates/worktree-cleanup.md, tests/test_worktree_cleanup_audit.py, worktree_cleanup_audit.py.
Validation: pass with baseline-proven unrelated full-suite failures. Targeted command /Users/jasonwalker/Development/Gitea-Tools/venv/bin/python -m pytest tests/test_worktree_cleanup_audit.py tests/test_final_report_validator.py -q. CWD: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417. Output read: yes. Exit status: 0. Result: 74 passed, 3 subtests passed. py_compile on changed Python files exit status 0. git diff --check prgs/master...HEAD exit status 0. Full-suite command /Users/jasonwalker/Development/Gitea-Tools/venv/bin/python -m pytest -q. CWD: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417. Output read: yes. Exit status: 1. Result: 3 failed, 1906 passed, 6 skipped, 33 subtests passed. Baseline worktree path: /Users/jasonwalker/Development/Gitea-Tools/branches/baseline-pr417-master at prgs/master 2bb45c0f80c2c7dfac3b784b182acc5ca627d792; rerunning the same three failing selectors there also exited 1 with the same failures.
Mutations: separated below.
Current status: approved for handoff to merger; PR is open and mergeable true.
Blockers: none for PR #417. Full-suite non-zero exit is baseline-proven at the PR base.
Next: merger for PR #417 at
e27b6ddefb.Safety: reviewer identity sysadmin differs from PR author jcwalker3; no code changes, pushes, issue closure, or merge attempted.
Selected PR: #417.
Reviewer eligibility: eligible true for approve; active profile prgs-reviewer; self_author false.
Reviewed head SHA:
e27b6ddefb.Final live head SHA before approval:
e27b6ddefb.Final live head SHA before merge:
e27b6ddefb.Pushes occurred during validation: no.
Worktree path: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417.
Worktree dirty: no.
Unrelated local mutations: root checkout had pre-existing untracked .grok/ ignored; not touched.
Review decision: approve.
Merge result: not attempted.
Linked issue status: issue #404 open, fetched live with gitea_view_issue; labels status:in-progress.
Cleanup status: not performed.
File edits by reviewer: none.
Worktree/index mutations: created detached review worktree /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417 and detached baseline worktree /Users/jasonwalker/Development/Gitea-Tools/branches/baseline-pr417-master; no index edits.
Git ref mutations: none; fetched prgs refs only.
MCP/Gitea mutations: reviewer lease comment #6943 created; final review decision marked approve at expected head; one attempted COMMENT probe failed closed before mutation because final_review_decision_ready was false.
Review mutations: this APPROVE review submission.
Merge mutations: none.
Cleanup mutations: none.
External-state mutations: none beyond MCP review/lease state above.
Read-only diagnostics: gitea_check_pr_eligibility, gitea_view_issue, gitea_list_issue_comments for comment #6917, git diff/stat/status, and baseline test rerun.
Duplicate/supersession analysis: previous PR #492 provided TTL/classification behavior in worktree_cleanup_audit.py and the read-only gitea_audit_worktree_cleanup path. PR #417 preserves DEFAULT_TTL_HOURS, is_ttl_expired, classify_worktree, audit_branches_directory, and gitea_audit_worktree_cleanup compatibility. PR #417 adds the unique #404 layer: before/after branches snapshot capture, cleanup disposition reconciliation, fail-closed integrity assessment, gitea_capture_branches_worktree_snapshot, gitea_assess_worktree_cleanup_integrity, final-report proof rule, template guidance, and tests. No modules from #492/#488/#493 are removed or regressed.
Verdict: APPROVE.
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #417
issue: #404
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 72645-fe1f963ad25d
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417-independent
phase: claimed
candidate_head:
e27b6ddefbtarget_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:51:20Z
expires_at: 2026-07-08T17:51:20Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #417
issue: #404
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 72645-fe1f963ad25d
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417-independent
phase: claimed
candidate_head:
e27b6ddefbtarget_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:52:16Z
expires_at: 2026-07-08T17:52:16Z
blocker: none
Independent review — APPROVE
Fresh
prgs-reviewersession (sysadmin, notjcwalker3). Prior review #329 and direct API comment #6947 are not used.Pinned head:
e27b6ddefb7e24c4c850cc2bb6f6cba0c5ab676dScope (#404 additive to landed #492 / #401)
Adds before/after snapshot reconciliation and cleanup integrity gates.
gitea_audit_worktree_cleanupunchanged.Validation
git diff --checkexit 0;test_worktree_cleanup_audit.py41 passed;test_final_report_validator.py33 passed.Decision: APPROVE at pinned head.
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #417
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 72645-fe1f963ad25d
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417
phase: claimed
candidate_head:
e27b6ddefbtarget_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T16:50:50Z
expires_at: 2026-07-08T18:50:50Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #417
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 72645-fe1f963ad25d
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr417
phase: released
candidate_head:
e27b6ddefbtarget_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T16:51:30Z
expires_at: 2026-07-08T18:51:30Z
blocker: post-merge-moot