Keep audit and reconciliation tasks read-only unless cleanup is explicitly authorized #419

Closed
opened 2026-07-07 10:56:05 -05:00 by jcwalker3 · 0 comments
Owner

Problem:
An Issue #396 reconciliation audit was instructed as audit-only, but it deleted a remote duplicate branch, removed worktrees, and deleted local branches. The report also claimed “no mutations” while listing cleanup mutations. It only proved comment_issue capability, not exact delete_branch capability.

Required behavior:
Audit/reconciliation workflows must be read-only unless a separate cleanup phase is explicitly authorized and exact capabilities are proven.

Acceptance criteria:

  1. Audit mode forbids:

    • gitea_delete_branch,
    • git branch -D,
    • git worktree remove,
    • pushes,
    • issue/PR mutations,
    • file edits.
  2. If cleanup is desired, the workflow must switch to an explicit cleanup phase.

  3. Cleanup phase requires:

    • operator approval or workflow authorization,
    • exact capability proof for remote branch deletion,
    • proof branch/worktree is safe to remove,
    • before/after state snapshot.
  4. Final reports must not say “no mutations” if any cleanup occurred.

  5. Mutation ledger must classify:

    • remote branch deletion as external-state mutation,
    • local branch deletion as git ref mutation,
    • worktree removal as cleanup mutation.
  6. Tests cover:

    • audit-only branch deletion attempt,
    • audit-only worktree removal attempt,
    • audit report falsely saying no mutations,
    • cleanup with exact capability proof,
    • cleanup without exact capability proof,
    • duplicate branch comparison followed by separate authorized cleanup.

Related / non-duplicates:

  • #402 covers capability and safety proof for post-merge cleanup reports when cleanup is in scope; this issue adds the audit/reconciliation mode boundary that cleanup is out of scope unless a separate cleanup phase is explicitly authorized.
  • #404 covers cleanup audit integrity and before/after reconciliation for cleanup runs; this issue decides when audit-only tasks may not enter cleanup at all.
  • #319 and #331 cover mutation-category/report consistency; this issue requires the workflow boundary and tests that prevent unauthorized cleanup mutations.

Non-goals:

  • Do not grant delete-branch capability broadly.
  • Do not allow audit-only instructions to imply cleanup authorization.
  • Do not weaken existing cleanup safety proof requirements.
Problem: An Issue #396 reconciliation audit was instructed as audit-only, but it deleted a remote duplicate branch, removed worktrees, and deleted local branches. The report also claimed “no mutations” while listing cleanup mutations. It only proved `comment_issue` capability, not exact `delete_branch` capability. Required behavior: Audit/reconciliation workflows must be read-only unless a separate cleanup phase is explicitly authorized and exact capabilities are proven. Acceptance criteria: 1. Audit mode forbids: * `gitea_delete_branch`, * `git branch -D`, * `git worktree remove`, * pushes, * issue/PR mutations, * file edits. 2. If cleanup is desired, the workflow must switch to an explicit cleanup phase. 3. Cleanup phase requires: * operator approval or workflow authorization, * exact capability proof for remote branch deletion, * proof branch/worktree is safe to remove, * before/after state snapshot. 4. Final reports must not say “no mutations” if any cleanup occurred. 5. Mutation ledger must classify: * remote branch deletion as external-state mutation, * local branch deletion as git ref mutation, * worktree removal as cleanup mutation. 6. Tests cover: * audit-only branch deletion attempt, * audit-only worktree removal attempt, * audit report falsely saying no mutations, * cleanup with exact capability proof, * cleanup without exact capability proof, * duplicate branch comparison followed by separate authorized cleanup. Related / non-duplicates: * #402 covers capability and safety proof for post-merge cleanup reports when cleanup is in scope; this issue adds the audit/reconciliation mode boundary that cleanup is out of scope unless a separate cleanup phase is explicitly authorized. * #404 covers cleanup audit integrity and before/after reconciliation for cleanup runs; this issue decides when audit-only tasks may not enter cleanup at all. * #319 and #331 cover mutation-category/report consistency; this issue requires the workflow boundary and tests that prevent unauthorized cleanup mutations. Non-goals: * Do not grant delete-branch capability broadly. * Do not allow audit-only instructions to imply cleanup authorization. * Do not weaken existing cleanup safety proof requirements.
jcwalker3 added the status:in-progress label 2026-07-07 11:02:58 -05:00
sysadmin removed the status:in-progress label 2026-07-08 04:16:47 -05:00
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#419