Capability map, resolver, and router can disagree on review-task roles; role-stamp mismatch escapes as unhandled internal_error in submit path #723
Open
opened 2026-07-16 17:32:11 -05:00 by jcwalker3
·
2 comments
No Branch/Tag Specified
master
issue-718-fix-merger-lease
issue-723-role-poisoning
fix/issue-723-capability-role-invariants
fix/issue-702-stale-binding-lease-recovery
fix/issue-685-side-effect-free-resolver
fix/issue-720-expired-decision-lock
docs/mcp-stable-control-runtime-policy
feat/issue-687-reconciler-branch-delete
fix/issue-714-session-context-immutability
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-693-review-decision-lock-recovery
fix/issue-691-obsolete-reviewer-lease-cleanup
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
feat/issue-604-anti-stomp-preflight
feat/issue-606-sentry-observability
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
feat/issue-609-prepared-review-verdict-resume
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#723
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Product defects exposed by incident #722
Two distinct code defects allowed commit
970e68bto strand formal reviews and to fail with an unactionable error. The break-glass repair for #722 restores the mappings and adds first-line invariant tests; the defects below need their own reviewed fixes.Defect A — no invariant ties the capability map to configured profiles or the router
task_capability_map.pyis documented as "the single source of truth; regression tests assert tool gates cannot drift from it", but nothing asserts:970e68b,review_pr/approve_pr/request_changes_prrequiredrole=mergerwhile every merger profile forbids the review permissions →matching_configured_profile: []and a repository-wide review lockout that no test named directly.role_session_router.REVIEWER_TASKSstill saidreviewerwhile the map saidmerger. Two authorities, no consistency test._build_runtime_task_capabilitiesreports permission-onlyallowed_in_current_session/matching_configured_profiles(no role-exclusive filter), sogitea_get_runtime_contextreportedreview_pras allowed whilegitea_resolve_task_capabilityfail-closed the same task in the same session.Defect B — capability/preflight disagreement surfaces as generic
internal_errorObserved on PR #721 (reviewer session, prgs-reviewer):
gitea_resolve_task_capability("review_pr")stamps_preflight_resolved_roleviarecord_preflight_check(...)before computing/denyingallowed_in_current_session, so a denied resolve still poisons the session role stamp (here:merger).gitea_mark_final_review_decisionhas no role-kind gate in its chain (daemon guard → decision lock → session → workflow load → head → eligibility action "review" is permission-only) → it succeeded and persisted a durable ready-APPROVE decision lock.gitea_submit_pr_review→_evaluate_pr_review_submission→_verify_role_mutation_workspace→_effective_workspace_role()returns the stampedmerger→nwb.assess_namespace_mutation_workspace(role_kind="merger", ...)blocks against the reviewer session →raise RuntimeError(...)escapes the tool uncaught → the client sees a genericinternal_errorinstead of a structured fail-closed result with reasons.Net effect: mark/submit half-completed states with no actionable error. Compare #718 (same generic-
internal_errorpattern in the adopt-lease tool).Suggested acceptance criteria
REVIEWER_TASKShasrequired_role(task) != "reviewer"(and equivalents forMERGER_TASKS).record_preflight_checkmust not stamp a resolved role for a task the resolve denied (or the stamp must carry the denial), so a later mutation preflight fails closed with structured reasons instead of raising._evaluate_pr_review_submissionconverts workspace/role-binding failures intoresult["reasons"](fail closed) rather than propagating exceptions asinternal_error.gitea_get_runtime_contexttask capabilities apply the same role-exclusive filter as the resolver, or explicitly label their view as permission-only.References
970e68bddb510aef1b2c4de58981f03ed570e98e80f59b334e6671b08006725292c08a8e8b6c823f, comments 11891/11893/11895Author claim — issue #723 (comment-based; label tools degraded)
Claiming this issue for implementation.
gitea_mark_issue/gitea_set_issue_labelscurrently returninternal_error(daemon subprocess spawn failure pergitea_diagnose_terminal), so this comment is the durable claim signal; thestatus:in-progresslabel will be reconciled when the label path recovers.Branch:
fix/issue-723-capability-role-invariantsWorktree:
branches/fix-issue-723-capability-role-invariants(fresh from master67e4a2b5e96b680a1dcb90a20c2ebf87357a3b1f, clean)Live corroboration of Defect B this session (2026-07-17 ~04:30Z):
gitea_acquire_reviewer_pr_lease,gitea_mark_issue, andgitea_set_issue_labelsall surfaced genericinternal_errorwhile an underlying subprocess spawn failure was the real cause — the same unactionable-error pattern this issue names in AC4.Canonical Issue State
STATE: claimed for implementation by prgs-author at master
67e4a2b5e9WHO_IS_NEXT: author
NEXT_ACTION: implement AC1-AC5 with tests in branches/fix-issue-723-capability-role-invariants, run full suite, open the implementing PR
NEXT_PROMPT:
WHAT_HAPPENED: author picked up the issue after reproducing the Defect B internal_error pattern live; existing first-line invariant tests from the #722 break-glass repair (tests/test_task_capability_role_invariants.py at
ba79154) will be extended rather than duplicatedWHY: two authorities (capability map, router) plus permission-only runtime reporting can silently disagree, and role-stamp mismatches escape as unactionable internal_error; fail-closed structured reasons are required
RELATED_PRS: implementing PR to follow from branch fix/issue-723-capability-role-invariants
BLOCKERS: none for implementation; label-claim tooling degraded (internal_error) documented above
VALIDATION: pending — focused invariant/resolver/submission suites plus full suite will be recorded in the PR
LAST_UPDATED_BY: prgs-author (jcwalker3), 2026-07-17
[THREAD STATE LEDGER]
what is true now: issue #723 remains open and is claimed by prgs-author via this comment; worktree branches/fix-issue-723-capability-role-invariants exists clean at master
67e4a2b5.what changed: author claim recorded; live Defect B corroboration captured from this session's tool failures.
what is blocked: only the label-based claim signal; classification below. Implementation proceeds now.
who/what acts next: author implements AC1-AC5 in the named worktree.
Server-side decision state: no review or merge decision exists for this issue; implementation not yet delivered
Local verdict/state: fresh clean worktree at master head; no local edits yet
Next actor: author
Required action: implement AC1-AC5 with tests, validate, open PR
Blocker classification: environment/tooling blocker
Do not do: do not modify the #722 break-glass invariant tests' intent; do not self-review or merge the eventual PR; do not touch capability behavior beyond the five acceptance criteria
Implementation delivered — PR creation pending tooling recovery
AC1–AC5 are implemented, tested, committed, and pushed.
gitea_lock_issueandgitea_create_prcurrently returninternal_error(same daemon subprocess spawn failure noted in the claim comment), so the pull request itself is not yet open. No raw-API bypass was used.Branch:
fix/issue-723-capability-role-invariantsHead:
bc9366c(pushed to prgs)Worktree:
branches/fix-issue-723-capability-role-invariantsChanges:
task_capability_map.ROLE_EXCLUSIVE_TASKSshared constant; resolver inline copy removed (AC1/AC5 drift surface gone)_preflight_resolved_role; stale stamps cleared via_clear_resolved_capability_stamp_evaluate_pr_review_submissionreturns structuredreasons+blocker_kind=workspace_role_bindinginstead of letting RuntimeError escape as genericinternal_error_build_runtime_task_capabilitiesapplies the resolver's role-exclusive filter (entries labeledrole_filtered/permission_only);matching_configured_profileshonors declared rolestests/test_issue_723_role_stamp_and_submission.py(new) + extensions totests/test_task_capability_role_invariants.pyTest evidence: focused 22 passed (+48 subtests); adjacent suites 72 passed; full suite 2929 passed / 6 skipped / 221 subtests (single pre-existing Starlette warning, #682).
Observed adjacent drift, documented not fixed:
delete_branchmaps to author but only the reconciler holdsgitea.branch.delete; routerRECONCILER_TASKSlistsreconcile-landed-prwhile the map says author;reconcile_already_landedabsent from the map.Canonical Issue State
STATE: implementation complete on pushed branch fix/issue-723-capability-role-invariants at head bc9366c; pull request not yet open because PR-creation tooling returns internal_error
WHO_IS_NEXT: author
NEXT_ACTION: retry gitea_lock_issue + gitea_create_pr for branch fix/issue-723-capability-role-invariants once the MCP daemon subprocess spawn failure clears (client reconnect or daemon restart), then hand off to an independent reviewer
NEXT_PROMPT:
WHAT_HAPPENED: author implemented AC1-AC5 with new and extended tests, ran the full suite green, committed
bc9366c, and pushed the branch; lock/create-PR tools failed with internal_error so the PR remains to be openedWHY: the shared role-exclusive constant plus stamp/structured-error fixes close both defects; the PR step is mechanically prepared and needs only working tooling
RELATED_PRS: implementing PR to be opened from fix/issue-723-capability-role-invariants
BLOCKERS: gitea_lock_issue and gitea_create_pr return internal_error (daemon subprocess spawn failure); comment path unaffected
VALIDATION: full suite 2929 passed / 6 skipped / 221 subtests in the worktree; focused suites recorded above
LAST_UPDATED_BY: prgs-author (jcwalker3), 2026-07-17
[THREAD STATE LEDGER]
what is true now: branch fix/issue-723-capability-role-invariants carries the complete AC1-AC5 implementation at pushed head
bc9366cwith the full test suite green; no pull request exists yet for it.what changed: implementation, tests, commit, and push completed since the claim comment; lock/create-PR attempts recorded internal_error.
what is blocked: only the lock + PR-creation step; classification below.
who/what acts next: author retries lock + create_pr after tooling recovery, then an independent reviewer takes the PR.
Server-side decision state: no review or merge decision exists; no PR is open for this branch
Local verdict/state: worktree clean at bc9366c; all changes committed and pushed
Next actor: author
Required action: retry gitea_lock_issue then gitea_create_pr for the pushed branch after MCP daemon recovery
Blocker classification: environment/tooling blocker
Do not do: do not open the PR via raw API bypass; do not self-review or merge; do not rework the branch while the PR step is pending