Define bootstrap review path for self-hosted MCP workflow fixes #557

Closed
opened 2026-07-08 15:03:47 -05:00 by jcwalker3 · 2 comments
Owner

Problem Description

PR #553 fixes the reviewer preflight capability/lease token deadlock (Issue #546). However, because the live MCP daemon processes run the unpatched codebase from master, attempting to canonically review PR #553 hits the deadlock itself. This is a classic bootstrap deadlock: self-hosted MCP workflow fixes cannot be canonically approved/reviewed by the broken live MCP runtime.

During debugging/attempts to resolve this deadlock, several workflow-contaminated comments were posted on PR #553:

  • Comment #7247: test comment (workflow-contaminated, raw curl/API fallback).
  • Comment #7251: reviewer lease acquisition metadata (workflow-contaminated, raw curl/API fallback).
  • Comment #7252: reviewer lease acquisition metadata (workflow-contaminated, direct Python import/execution).
  • Comment #7265: reviewer lease acquisition metadata (workflow-clean, posted canonically using MCP reviewer tools).

The PR #553 branch source code remains completely clean, verified, and technically reviewable (all tests pass).

Required Resolution

Define a narrow bootstrap review path for Gitea MCP workflow fixes that cannot be reviewed by the broken live MCP runtime:

  1. Durable Authorization: No manual remote merge of the PR branch is allowed unless explicitly authorized by a controller-approved bootstrap decision record on Gitea (either a specific issue or PR thread comment).
  2. Review Gates & Proof: The bootstrap authorization must present:
    • Valid validation evidence (diff check clean, tests passing).
    • Duplicate-PR audit.
    • Mutation ledger audit.
    • Contamination audit of any comments/leases.
  3. Allowed & Forbidden Actions: Explicitly list what tools and scripts are allowed to establish verification facts (e.g. read-only isolated worktree runs) and what is forbidden (bypassing state or editing control checkout).
  4. Post-Bootstrap Steps:
    • Define how to restart/reconnect the live MCP daemon processes to pick up the landed patch.
    • Define how to verify PR #550's lease release after PR #553 lands using canonical tools.
  5. No General Gate Weakening: This must remain a narrow, one-off exception for bootstrap deadlocks and must not weaken normal PR review/merger gates.
### Problem Description PR #553 fixes the reviewer preflight capability/lease token deadlock (Issue #546). However, because the live MCP daemon processes run the unpatched codebase from `master`, attempting to canonically review PR #553 hits the deadlock itself. This is a classic bootstrap deadlock: self-hosted MCP workflow fixes cannot be canonically approved/reviewed by the broken live MCP runtime. During debugging/attempts to resolve this deadlock, several workflow-contaminated comments were posted on PR #553: - Comment #7247: test comment (workflow-contaminated, raw curl/API fallback). - Comment #7251: reviewer lease acquisition metadata (workflow-contaminated, raw curl/API fallback). - Comment #7252: reviewer lease acquisition metadata (workflow-contaminated, direct Python import/execution). - Comment #7265: reviewer lease acquisition metadata (workflow-clean, posted canonically using MCP reviewer tools). The PR #553 branch source code remains completely clean, verified, and technically reviewable (all tests pass). ### Required Resolution Define a narrow bootstrap review path for Gitea MCP workflow fixes that cannot be reviewed by the broken live MCP runtime: 1. **Durable Authorization:** No manual remote merge of the PR branch is allowed unless explicitly authorized by a controller-approved bootstrap decision record on Gitea (either a specific issue or PR thread comment). 2. **Review Gates & Proof:** The bootstrap authorization must present: - Valid validation evidence (diff check clean, tests passing). - Duplicate-PR audit. - Mutation ledger audit. - Contamination audit of any comments/leases. 3. **Allowed & Forbidden Actions:** Explicitly list what tools and scripts are allowed to establish verification facts (e.g. read-only isolated worktree runs) and what is forbidden (bypassing state or editing control checkout). 4. **Post-Bootstrap Steps:** - Define how to restart/reconnect the live MCP daemon processes to pick up the landed patch. - Define how to verify PR #550's lease release after PR #553 lands using canonical tools. 5. **No General Gate Weakening:** This must remain a narrow, one-off exception for bootstrap deadlocks and must not weaken normal PR review/merger gates.
Author
Owner

Bootstrap merge preflight for PR #553 (Issue #546)

Durable authorization search (Gitea only):

  • Viewed #557 (body defines policy for bootstrap path and requires "explicitly authorized by a controller-approved bootstrap decision record on Gitea").
  • Listed comments on #557: none.
  • Listed comments on #553: update comment, "test comment", lease metadata (#7247, #7251, #7252 workflow-contaminated per query; #7265 workflow-clean). No authorization for bootstrap merge of #553.
  • No explicit controller record authorizing one-off bootstrap merge of PR #553 at head 535da1b... found in Gitea on #557 or #553.

PR #553 status:

  • State: open
  • Head SHA (from list_prs): 535da1bc5a (matches required)
  • Base: master
  • Mergeable: true
  • No newer commits (head matches)

Changed files (from PR body): gitea_mcp_server.py, tests/test_mcp_server.py (matches limited set).

Contaminated comments noted: as listed in query; not treated as clean review proof.

Verification from worktree: Could not re-run git diff --check, pytest etc. because run_terminal_command still fails with "Terminal error: IO Error: No such file or directory (os error 2)" (same as #556). Used MCP for PR state only. No isolated worktree commands executed successfully.

Authorization not durably recorded in Gitea (only policy definition in #557 body; no decision record). Per query and policy: do not merge.

No merge performed. No other mutations.

Single next action: Record explicit durable authorization in Gitea (e.g. post on #557 or #553: "Controller authorizes narrow one-off bootstrap merge of PR #553 at exact head 535da1bc5a after evidence verification. Use gitea_merge_pr with confirmation='MERGE PR 553', expected_head_sha='535da1bc5afb273296275bc6cf470ce5f4380232'. Narrow exception only."). Fix terminal launcher (#556). Then re-run this bootstrap task.

## Bootstrap merge preflight for PR #553 (Issue #546) **Durable authorization search (Gitea only):** - Viewed #557 (body defines policy for bootstrap path and requires "explicitly authorized by a controller-approved bootstrap decision record on Gitea"). - Listed comments on #557: none. - Listed comments on #553: update comment, "test comment", lease metadata (#7247, #7251, #7252 workflow-contaminated per query; #7265 workflow-clean). No authorization for bootstrap merge of #553. - No explicit controller record authorizing one-off bootstrap merge of PR #553 at head 535da1b... found in Gitea on #557 or #553. **PR #553 status:** - State: open - Head SHA (from list_prs): 535da1bc5afb273296275bc6cf470ce5f4380232 (matches required) - Base: master - Mergeable: true - No newer commits (head matches) **Changed files (from PR body):** gitea_mcp_server.py, tests/test_mcp_server.py (matches limited set). **Contaminated comments noted:** as listed in query; not treated as clean review proof. **Verification from worktree:** Could not re-run `git diff --check`, pytest etc. because `run_terminal_command` still fails with "Terminal error: IO Error: No such file or directory (os error 2)" (same as #556). Used MCP for PR state only. No isolated worktree commands executed successfully. **Authorization not durably recorded in Gitea** (only policy definition in #557 body; no decision record). Per query and policy: **do not merge**. **No merge performed.** No other mutations. **Single next action:** Record explicit durable authorization in Gitea (e.g. post on #557 or #553: "Controller authorizes narrow one-off bootstrap merge of PR #553 at exact head 535da1bc5afb273296275bc6cf470ce5f4380232 after evidence verification. Use gitea_merge_pr with confirmation='MERGE PR 553', expected_head_sha='535da1bc5afb273296275bc6cf470ce5f4380232'. Narrow exception only."). Fix terminal launcher (#556). Then re-run this bootstrap task.
jcwalker3 added the status:in-progress label 2026-07-08 21:34:45 -05:00
Author
Owner

Issue claim heartbeat

<!-- gitea-issue-claim-heartbeat:v1 --> **Issue claim heartbeat** - kind: claim - issue: #557 - branch: docs/issue-557-bootstrap-review-path - phase: claimed - profile: prgs-author - pr: none - blocker: none - next_action: create worktree and begin implementation
sysadmin removed the status:in-progress label 2026-07-08 21:52:45 -05:00
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#557