Harden workflow: block unattributed root WIP and pytest-disabled production guards #683
Closed
opened 2026-07-12 12:04:11 -05:00 by jcwalker3
·
7 comments
No Branch/Tag Specified
master
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-702-stale-binding-lease-recovery
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-693-review-decision-lock-recovery
fix/issue-691-obsolete-reviewer-lease-cleanup
feat/issue-687-reconciler-branch-delete
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
feat/issue-604-anti-stomp-preflight
feat/issue-606-sentry-observability
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
docs/mcp-stable-control-runtime-policy
feat/issue-609-prepared-review-verdict-resume
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#683
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Context
Spawned from preservation issue #681 (dirty control-checkout WIP left by the PR #680 / issue #604 review session).
A reviewer session investigating anti-stomp / preflight behavior under pytest edited production modules on the root control checkout without an owning issue-backed
branches/worktree. The WIP was later preserved only (not endorsed) as:chore/issue-681-preserve-review-session-wip300a4ca08fee3a195efa723d17eb6c64a3ef7a4f300a4cais evidence, not merge-ready code. Do not cherry-pick it wholesale. Do not merge the preservation branch.Root cause (process)
branches/.*.py; broad patches of root/branches guards) rather than proving production entrypoints remain fail-closed under pytest.Related but not owners of this work:
Controller disposition of preserved hunks (
300a4ca)gitea_mcp_server.py— early-return in_verify_role_mutation_workspacewhen_preflight_in_test_mode()issue_lock_worktree.py— strip porcelain lines ending in.pyunder pytest/unittesttests/test_preflight_read_survival.py— patch_enforce_branches_only_author_mutation+_enforce_root_checkout_guardNo separate product issue is opened to reimplement the rejected production bypasses. Valid implementable work is this hardening issue (process + regression proof).
Acceptance criteria (required)
branches/before mutation._verify_role_mutation_workspace/ root / branches enforcement solely because tests are running).*.pyfiltering inread_worktree_git_stateor equivalents).GITEA_TEST_FORCE_ANTI_STOMP=1where applicable).Required regression tests
_verify_role_mutation_workspace(or successor) does not short-circuit solely via_preflight_in_test_mode()in a way that skips root/workspace binding when forced-on flags request production behavior.read_worktree_git_state/ porcelain consumers still surface dirty*.pyfiles under pytest.comment_issueorcreate_issue) fails closed on dirty root / missing branches worktree withblocker_kind+exact_next_actionwhile pytest is running.300a4capatterns must fail (or not exist as product code).Explicit non-goals
chore/issue-681-preserve-review-session-wipor any alleged scope-hardening branch as a product fix.300a4ca.Implementation direction
GITEA_TEST_PORCELAIN, forced-on flags) and test-local mocks — never by filtering porcelain in production readers.branches/issue-NNN-*first and claim the issue.Handoff
WHO_IS_NEXT: author
STATE: ready-for-author
See issue comment for the ready-to-run AUTHOR prompt.
Canonical Issue State
STATE:
ready-for-author
WHO_IS_NEXT:
author
NEXT_ACTION:
Bind issue-backed worktree under branches/; implement ACs from clean master; open linked PR Closes #683; stop for independent review
NEXT_PROMPT:
WHAT_HAPPENED:
CONTROLLER created this issue as durable owner of process + regression hardening after classifying #681 preserved commit
300a4ca. Rejected production bypass hunks; no second issue opened to reimplement those bypasses. Posted classification on #681.WHY:
Unattributed root WIP and pytest-disabled production guards are a workflow-hardening failure distinct from #681 preservation and from #604/#680 product anti-stomp. Without durable ownership, rejected evidence can be smuggled into unrelated PRs.
RELATED_PRS:
#680 (incident parent review; do not absorb WIP); #676 (prior residual isolation; closed; different patterns)
BLOCKERS:
none for author start; must not use
300a4caas implementation baseVALIDATION:
LAST_UPDATED_BY:
jcwalker3 / CONTROLLER / 2026-07-12
Root cause (summary)
Root control-checkout source/test edits during PR #680 review without issue-backed branches/ bind; diagnostic isolation weakened production guards instead of proving entrypoints fail closed under pytest.
Required regression tests (reminder)
_preflight_in_test_mode()when force-on production behavior is required.*.pyunder pytest.blocker_kind+exact_next_actionunder pytest.300a4caproduction patterns must not land.Issue claim heartbeat
Canonical Issue State
STATE:
author-complete — PR open; waiting independent review
WHO_IS_NEXT:
reviewer
NEXT_ACTION:
Independent REVIEWER validates PR #684 against #683 ACs; do not self-review or merge
NEXT_PROMPT:
WHAT_HAPPENED:
AUTHOR claimed #683, bound branches/issue-683-workflow-guard-hardening from clean master, implemented process hardening only (no cherry-pick of 300a4ca; no absorb of #604/PR #680). Opened PR #684 with Closes #683.
Implementation summary:
Exact guard locations/entrypoints:
Proof pytest cannot disable production enforcement:
WHY:
Unattributed root WIP and pytest-disabled production guards are a distinct workflow-hardening failure from #681 preservation and #604/#680 product anti-stomp. #683 owns durable process + regression proof.
RELATED_PRS:
#684 (this author PR; Closes #683); #680 (incident parent anti-stomp — do not absorb); #681 preserve branch evidence only — do not merge
BLOCKERS:
none for reviewer start
VALIDATION:
22698c1throughout; worktree branches/issue-683-workflow-guard-hardening @d302602LAST_UPDATED_BY:
jcwalker3 / prgs-author / 2026-07-12
Issue claim heartbeat
[THREAD STATE LEDGER] Issue #683 — PR #684 carries a formal APPROVE verdict at head d302602; merger workflow is next
What is true now:
d302602567, has_blocking_change_requests=falseWhat changed:
What is blocked:
Who/what acts next:
d302602and the verdict remains visible; do not close #683 before PR #684 lands on master; do not absorb #680/#604 work; do not use the preserved300a4cabranchCanonical Issue State
STATE:
pr-approve-verdict-recorded — PR #684 carries formal APPROVE at head d302602567a1fb7842fe5486fa5a49509506ec8b; awaiting merger workflow
WHO_IS_NEXT:
merger
NEXT_ACTION:
Run canonical merge workflow for PR #684; close #683 via the Closes reference when the merge lands
NEXT_PROMPT:
WHAT_HAPPENED:
Independent reviewer (sysadmin/prgs-reviewer, distinct from author jcwalker3/prgs-author) reviewed PR #684 at pinned head
d302602(evidence comment 10606: scope limited to #683, all eight acceptance criteria verified, rejected300a4capatterns proven absent, full-suite parity). The formal verdict recording was deferred through the #584/#672 transport incident and completed after operator reconnect of the client-managed gitea-reviewer namespace.WHY:
#683's hardening ACs are implemented and verified; the remaining review findings are non-blocking follow-up candidates and do not gate this issue's PR.
RELATED_PRS:
PR #684 (Closes #683 — formal APPROVE at
d302602); #680 separate landing sequence; #681 preserve branch remains evidence onlyBLOCKERS:
none
VALIDATION:
LAST_UPDATED_BY:
sysadmin / prgs-reviewer / 2026-07-12
Canonical Issue State
STATE: closed — satisfied by merged PR #684 on master
WHO_IS_NEXT: reconciler
NEXT_ACTION: Optional label/branch hygiene only: clear stale
status:pr-openif still present on this closed issue; delete PR source branch if still on remote. No further product work on #683. Open defects #685 and #686 remain independent non-blocking follow-ups.NEXT_PROMPT:
WHAT_HAPPENED:
PR #684 (Closes #683) was merged by sysadmin/prgs-merger after independent formal APPROVE by sysadmin/prgs-reviewer at head
d302602567(evidence comment 10606; handoff comments 10676/10683).Authorization: Explicit operator MERGER prompt with confirmation
MERGE PR 684and pinned expected head. Reviewer handoff alone was not treated as merge authorization.Result
56f1230a10a21b16226c792a5bcdc4398c97b09aNon-blocking follow-ups (not merge blockers, not absorbed)
WHY: #683 acceptance criteria were implemented and independently approved; merge gates and operator confirmation were satisfied.
RELATED_PRS: PR #684 merged (Closes #683); #685 #686 remain open product defects
BLOCKERS: none for #683. Residual: possible stale
status:pr-openlabel and undeleted source branch (reconciler; merger profile lacks branch.delete).VALIDATION:
d302602is ancestor of prgs/masterLAST_UPDATED_BY: sysadmin / prgs-merger / MERGER / 2026-07-12
Canonical Issue State
STATE:
reconciled — source branch cleanup handed off; issue closed; labels cleaned; residual remote source branch remains pending authorized delete capability
WHO_IS_NEXT:
user
NEXT_ACTION:
No further product work on #683. Operator configures a profile with
gitea.branch.delete(or grants it to reconciler), reconnects client-managed namespace, then runs guardedgitea_cleanup_merged_pr_branchfor PR #684. Do not use raw git branch deletion.NEXT_PROMPT:
WHAT_HAPPENED:
Fresh RECONCILER session (sysadmin / prgs-reconciler) on client-managed
gitea-reconcilerafter operator reconnect from the stale22698c1cohort.Fresh runtime preflight (passed)
prgs-reconcilersysadminprobe_source=client_namespace,ide_namespace_proven=true, healthystartup_head=current_head=56f1230a10a21b16226c792a5bcdc4398c97b09amaster_parity.stale=false,restart_required=false,in_parity=truemaster@56f1230a…22698c1cohort); resolver only after freshness provenCanonical state verification
merge_commit_sha=56f1230a10a21b16226c792a5bcdc4398c97b09ad302602567a1fb7842fe5486fa5a49509506ec8bis ancestor of prgs/master (fully merged)chore/issue-681-preserve-review-session-wipuntouched at300a4ca08fee3a195efa723d17eb6c64a3ef7a4fLabel reconciliation
status:pr-opengitea_set_issue_labelsafter capability resolve — removed onlystatus:pr-openanti-stomp,preflight,safety,type:guardrail,workflow-hardening— nostatus:pr-openSource-branch handling
fix/issue-683-workflow-guard-hardening@d302602567a1fb7842fe5486fa5a49509506ec8bgitea_resolve_task_capability(cleanup_merged_pr_branch): required permissiongitea.branch.delete, role reconciler; no profile configured with that permission (matching_configured_profile: [])gitea.branch.delete→gitea_cleanup_merged_pr_branchonlyCross-client notes (not conflated)
WHY:
#683 product work is complete and closed via merged PR #684. Reconciler completed all authorized hygiene (labels + durable final record). Residual branch delete requires a permission no configured profile currently has.
RELATED_PRS:
PR #684 merged @
56f1230a10a21b16226c792a5bcdc4398c97b09a; #685 #686 remain open; preserve branch evidence onlyBLOCKERS:
none for #683 product closure. Residual hygiene only: remote source branch delete capability missing (
gitea.branch.deletenot configured on any profile). Unblock residual branch cleanup when: operator configuresgitea.branch.deleteon a reconciler (or authorized) profile, reconnects client-managed namespace, and runsgitea_cleanup_merged_pr_branchfor PR #684.VALIDATION:
56f1230a10300a4ca56f1230aLAST_UPDATED_BY:
sysadmin / prgs-reconciler / RECONCILER / 2026-07-12