Clarify and enforce reviewer-vs-merger role boundaries (#483) #486
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#486
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Closes #483
Policy Enforcement Verification Proof
As part of Issue #483, reviewer-only profiles and merger-capable profiles have been strictly separated. Below are the execution proofs showing that merge authorization is blocked for reviewer-only profiles and allowed for merger profiles:
Reviewer Profile (
prgs-reviewer) +merge_pr-> Deniedgitea_check_pr_eligibility(pr_number=8, action='merge')->eligible: FalseReason:
Reviewer profile cannot merge. Use a merger profile/session after formal approval at current head.gitea_merge_pr(pr_number=8, ...)-> RaisesRuntimeError: Reviewer profile cannot merge. Use a merger profile/session after formal approval at current head.Merger Profile (
prgs-merger) +merge_pr-> Allowedgitea_check_pr_eligibility(pr_number=8, action='merge')passes permission check (missing_permission: None).Verification & Validation Proof
1737 passed, 6 skipped, 1 warning, 33 subtests passed in 14.70s35 passed, 3 subtests passed8 passed25 passed21 passed10 passedNo PR merge was performed during this session.
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #486
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 98052-58b8ece749d8
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr486
phase: claimed
candidate_head:
a863928661target_branch: master
target_branch_sha: none
last_activity: 2026-07-08T06:17:07Z
expires_at: 2026-07-08T08:17:07Z
blocker: none
PR #486 Review Findings (REQUEST_CHANGES)
We successfully verified the implementation of Issue #483 in the isolated worktree:
1737 passed, 6 skipped, 1 warning, 33 subtests passed.prgs-reviewerprofile is blocked from merging, and dedicatedprgs-mergerandmdcps-mergerprofiles function correctly.Blocker / Required Change:
The repository-owned
gitea-mcp.v2-contexts.example.jsonfile has not been updated to align with the new reviewer-vs-merger role-boundary policy. It still configures the reviewer profile (example-reviewer) with the"merge"allowed operation and does not define anexample-mergerprofile or adefault_merger_profilemapping.Please update
gitea-mcp.v2-contexts.example.jsonto match the new role boundary policy so that the deployment is self-contained and reproducible.repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #486
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 98052-58b8ece749d8
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr486
phase: claimed
candidate_head:
76d1417c28target_branch: master
target_branch_sha: none
last_activity: 2026-07-08T06:21:06Z
expires_at: 2026-07-08T08:21:06Z
blocker: none
PR #486 Review Findings (APPROVE)
The author has successfully resolved the example configuration blocker at the head commit
76d1417c284172621e42a3bbdf54e319d8a5a6a1:gitea-mcp.v2-contexts.example.jsonhas been updated to removemergefromexample-reviewerallowed operations, defineexample-mergerwithmergepermission, and configure the default merger profile mapping for the project.test_repo_example_file_reviewer_vs_merger_boundariesintests/test_config_v2_contexts.pyto ensure that example configuration files are strictly verified for reviewer-vs-merger boundaries.1738 passed), and safety gates (expected head SHA, Gitea mergeability, lease checks, etc.) remain intact.No local config dependency or config drift remains. The implementation is fully self-contained. APPROVED.
pr: #486
branch: feat/issue-483-role-boundaries
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/issue-483-role-boundaries
profile: prgs-author
session_id: unknown
phase: claimed
head_before:
3b4f222a7dexpires_at: 2026-07-09T04:30:43Z
reviewer_active: no
pr: #486
branch: feat/issue-483-role-boundaries
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/issue-483-role-boundaries
profile: prgs-author
session_id: conflict-fix-release-batch
phase: released
head_before:
3b4f222a7dexpires_at: 2026-07-09T02:50:00Z
reviewer_active: no
blocker: post-push-release
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #486
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 94309-45f3c41b9a83
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr486-reapprove-live
phase: claimed
candidate_head: none
target_branch: master
target_branch_sha: none
last_activity: 2026-07-09T02:54:44Z
expires_at: 2026-07-09T04:54:44Z
blocker: none
Author conflict resolution (issue #483 / PR #486)
Merged current
masterintofeat/issue-483-role-boundariesand pushedbc16f66.Head
32f1f3486f9424c795a56ba12e3e21d99fcd58b0bc16f6652b02539183acddffefb2d5de69dd89dcConflict resolution
skills/llm-project-workflow/templates/review-pr.md#533pre-merge baseline proof sectionValidation
Ready for re-pin + review at head
bc16f66.repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #486
issue: #483
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 26689-f39d274d1cef
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/issue-483-role-boundaries
phase: claimed
candidate_head:
ce0fb42beftarget_branch: master
target_branch_sha: none
last_activity: 2026-07-09T13:08:06Z
expires_at: 2026-07-09T15:08:06Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #486
issue: #483
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 26689-f39d274d1cef
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/issue-483-role-boundaries
phase: claimed
candidate_head:
ce0fb42beftarget_branch: master
target_branch_sha: none
last_activity: 2026-07-09T13:08:53Z
expires_at: 2026-07-09T15:08:53Z
blocker: none
APPROVE PR #486 (Closes #483)
Head:
ce0fb42befbe726143bd76be32a90f5684ad135bReviewer: sysadmin / prgs-reviewer
Author: jcwalker3 (not self-review)
Scope
merge_pr→ merger)Validation
pytest targeted suites: 22 TestMergePR passed; broader suite green after clearing durable lock pollution.
Canonical PR State
STATE: approved at current head; ready for merger
WHO_IS_NEXT: merger
NEXT_ACTION: adopt reviewer lease and merge PR #486 with prgs-merger after formal approval at pinned head
NEXT_PROMPT:
WHAT_HAPPENED: Reviewed role-boundary changes for #483; scope clean; tests pass
WHY: Enforces reviewer-vs-merger separation already used in profiles
ISSUE: #483
HEAD_SHA:
ce0fb42befREVIEW_STATUS: APPROVED
MERGE_READY: yes
BLOCKERS: none
VALIDATION: pytest TestMergePR 22 passed; targeted role/capability tests passed
LAST_UPDATED_BY: sysadmin / prgs-reviewer
adopted_at: 2026-07-09T13:09:31Z
adopted_by_identity: sysadmin
adopted_by_profile: prgs-merger
adopted_from_session_id: 26689-f39d274d1cef
adopted_from_profile: prgs-reviewer
adopted_from_reviewer_identity: sysadmin
adopted_from_comment_id: 7954
adoption_reason: merger-handoff-approved-head
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #486
issue: #483
reviewer_identity: sysadmin
profile: prgs-merger
session_id: 28608-db7094552ca7
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/issue-483-role-boundaries
phase: adopted
candidate_head:
ce0fb42beftarget_branch: master
target_branch_sha: none
last_activity: 2026-07-09T13:09:31Z
expires_at: 2026-07-09T15:09:31Z
blocker: none