Open
opened 2026-07-10 16:17:06 -05:00 by jcwalker3
·
3 comments
No Branch/Tag Specified
master
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-702-stale-binding-lease-recovery
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-693-review-decision-lock-recovery
fix/issue-691-obsolete-reviewer-lease-cleanup
feat/issue-687-reconciler-branch-delete
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
feat/issue-604-anti-stomp-preflight
feat/issue-606-sentry-observability
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
docs/mcp-stable-control-runtime-policy
feat/issue-609-prepared-review-verdict-resume
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#670
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
During the PR #654 post-merge audit, reconciler confirmed that PR #654 itself merged cleanly via Gitea API and did not introduce unauthorized code. However, the audit found a separate pre-existing direct-to-master commit:
2fa97c262fa97c26fbda555a1a83930ca5fdcea9d8e47b50fix(mcp): load dotenv relative to project rootgitea_auth.py+3/-25ab5fe8Context
PR #654 merge audit determined:
ec903b0d619e7a27d24aed272a890f4e5d381411was a valid Gitea-API merge.git push prgs masterduring the #654 merger run was a no-op and did not change remote master.2fa97c2..ec903b0contained only the reviewed #603 lifecycle-label files.2fa97c26.Problem
Stable branch commits must land through sanctioned issue → branch → PR → review → merge workflow. A direct single-parent commit on
prgs/masterbypasses review, issue linkage, PR audit, merge authorization, and allocator visibility.Impact
Recommended disposition
Do not revert immediately. The dotenv fix appears intentional and may be required for runtime behavior. Instead, controller should decide one of:
master.Acceptance criteria
2fa97c26is present onprgs/master.2fa97c26.Local audit proof (controller session)
prgs/masterat create time:ec903b0d619e7a27d24aed272a890f4e5d3814112fa97c26is ancestor ofprgs/master: yes2fa97c26: single parent5ab5fe8583c07134d55dadf09381aecb67df246e(#629 merge)gitea_auth.py | 5 +++--2fa97c26,bare direct-to-master, or this dotenv landing-path incident among recent issues (duplicate-check at create).Explicit non-actions
2fa97c26Canonical Issue State
STATE:
ready-for-controller
WHO_IS_NEXT:
controller
NEXT_ACTION:
Disposition of commit
2fa97c26remains controller decision; preventive hardening is tracked in #671NEXT_PROMPT:
WHAT_HAPPENED:
Created linked hardening issue #671 to satisfy #670 AC5 (prevent future direct stable-branch pushes from MCP sessions).
WHY:
Separate incident disposition from product guardrail implementation.
RELATED_ISSUES:
#671 (hardening) · #630 (related contamination class) · PR #654 audit context
RELATED_PRS:
none this session
BLOCKERS:
none for issue create
VALIDATION:
#671 is not a duplicate of #670 (incident vs guardrail)
LAST_UPDATED_BY:
jcwalker3 / prgs-author / author / 2026-07-10
Canonical Issue State
STATE:
controller-disposed-accept-as-is
WHO_IS_NEXT:
author
NEXT_ACTION:
Claim and implement #671 through the normal issue → branches/ worktree → PR → independent review → merge workflow.
NEXT_PROMPT:
WHAT_HAPPENED:
Controller disposition accepts commit
2fa97c26fbda555a1a83930ca5fdcea9d8e47b50as-is onmaster. No immediate revert, force-push, history rewrite, or retroactive claim of review authorization is approved. The direct-to-master landing remains a valid documented workflow violation. Preventive hardening is linked at #671, whose body records the2fa97c26evidence and prevention requirements.WHY:
The commit is a small, intentional dotenv path-resolution fix limited to
gitea_auth.py(+3/-2), is already incorporated into currentmaster, and has no current evidence of functional harm. Reverting stable-branch history would add risk without a demonstrated corrective benefit. Accepting the code does not waive the missing PR/review provenance or the requirement to prevent recurrence.RELATED_PRS:
No PR or formal review record exists for
2fa97c26; PR #654 is audit context only and was not the source of this commit.RELATED_ISSUES:
#671 — Block direct pushes to stable branches from MCP workflow sessions.
BLOCKERS:
None for recording this disposition. Prevention remains pending implementation in #671.
VALIDATION:
Live Issue #670 and #671 state inspected. #671 is open and explicitly links #670 and
2fa97c26. Author identity andcomment_issuecapability were verified immediately before this comment with fresh runtime parity atbee24e2b102dbdc201932d2e5397a7d9e3be5fc5.LAST_UPDATED_BY:
jcwalker3 / prgs-author / controller-author / 2026-07-11
Controller disposition
Disposition: accept
2fa97c26as-is with durable audit; no immediate revert recommended.Rationale:
2fa97c26is already present onprgs/master.gitea_auth.py.Linked prevention work:
git push <remote> master/ protected-branch push attempts from MCP workflow sessions.Decision:
2fa97c26on master.Canonical handoff
Canonical Issue State
STATE: disposition-recorded
WHO_IS_NEXT: author
NEXT_ACTION: Implement/review the direct stable-branch push prevention hardening tracked by #671; keep #670 as the durable incident/audit record.
NEXT_PROMPT:
WHAT_HAPPENED: Controller reviewed the #670 incident (bare direct-to-master commit
2fa97c26, dotenv fix ingitea_auth.py, no PR/review wrapper) and accepted the commit as-is with durable audit. No revert recommended.WHY: The dotenv fix is intentional and may be required for runtime behavior; no evidence of functional harm exists, and a revert risks breaking intended runtime behavior. The workflow violation is still recorded and prevention is delegated to #671.
RELATED_PRS: none (no PR wrapper exists for
2fa97c26; prevention hardening tracked by Issue #671).BLOCKERS: none for the #670 disposition.
VALIDATION: Confirmed
2fa97c26present onprgs/master(#670 body: ancestor ofec903b0d, single parent5ab5fe8, diffgitea_auth.py); confirmed no PR/review record; confirmed hardening Issue #671 exists and already cites #670 /2fa97c26(no duplicate created).LAST_UPDATED_BY: jcwalker3 (prgs-author, controller)
[THREAD STATE LEDGER]
What is true now:
2fa97c26is present onprgs/master(dotenv fix ingitea_auth.py, single-parent bare direct-to-master commit, no PR/review wrapper). Issue #670 remains open as the incident/audit record. Hardening Issue #671 is open and already cites #670 /2fa97c26.What changed: Controller disposition recorded — accept
2fa97c26as-is with durable audit; no immediate revert.What is blocked: Nothing is blocked on the #670 disposition. Prevention work continues under #671.
Who/what acts next: author — implement/review #671 when the allocator assigns it.
Server-side decision state: #670 open (incident/audit record retained); no server-side PR or merge state exists for
2fa97c26(no PR wrapper).Local verdict/state: disposition-recorded — accept-as-is, no revert.
Required action: Implement/review the direct stable-branch push prevention hardening in #671; keep #670 as the durable incident/audit record.
Blocker classification: no blocker
Do not do: No revert of
2fa97c26, no force-push, no history rewrite, no master/branch/PR/file mutation is authorized by this disposition; do not create a duplicate hardening issue (prevention is #671).LAST_UPDATED_BY: jcwalker3 (prgs-author, controller)