feat: add workflow-load session boundary proof (Closes #403) #422
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#422
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Summary
Closes #403.
Extends the #389 workflow-load gate with session boundary tracking so reviewer runs cannot present valid load proof while carrying unclassified or boundary-violating pre-review activity.
Note: This branch includes the #389 workflow-load foundation (cherry-picked from PR #392) because #403 extends that session state.
Changes
review_workflow_boundary.py— pre-review command classification, boundary assessment, helper-result structreview_workflow_load.py— boundary state integrated into session proof and blockersgitea_record_pre_review_commandMCP tool — classify/record pre-load commandsgitea_load_review_workflow— returnsboundary_statusandworkflow_load_helper_resultfinal_report_validator—reviewer.workflow_load_boundaryrulereview-merge-pr.md§0A — boundary anchor requirementstests/test_review_workflow_boundary.py(7 cases)Validation
50 passed
Worktree
branches/feat-issue-403-workflow-load-boundaries@259c153259c153f8bto582f603dd2Review requested
Conflicts with
masterare resolved and the branch is rebased.cb2a5911d9facced9c9bafb35179f179d4b7dd7cfix: resolve conflicts for PR #422Please re-run the canonical
review-merge-prworkflow against the current head. Prior approvals (if any) are stale after the conflict-resolution push.Closes #403.
pr: #422
branch: feat/issue-403-workflow-load-boundaries
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/fix-pr422-conflicts
profile: prgs-author
session_id: unknown
phase: claimed
head_before:
cb2a5911d9expires_at: 2026-07-08T08:20:16Z
reviewer_active: no
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #422
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 98052-402c43710671
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr422
phase: claimed
candidate_head:
cd5cddf0d1target_branch: master
target_branch_sha: none
last_activity: 2026-07-08T06:23:00Z
expires_at: 2026-07-08T08:23:00Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #422
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 98052-402c43710671
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr422
phase: claimed
candidate_head:
cd5cddf0d1target_branch: master
target_branch_sha: none
last_activity: 2026-07-08T06:26:06Z
expires_at: 2026-07-08T08:26:06Z
blocker: none
PR #422 is the canonical candidate versus #392, but it currently fails validation.
Failing areas:
test_terminal_review_hard_stop.pytest_audit.pytest_permission_reports.pyRoot cause: legacy fixtures do not seed
gitea_load_review_workflow/ workflow-load proof before guarded operations.Please update the fixtures/tests without weakening the workflow-load gate.
ef48d0e9cetocefebd7643Duplicate audit (post-#493 / post-#488) — PR #422 / Issue #403
Canonical dependencies landed
ccdff1d):review_workflow_load.py,gitea_load_review_workflow, mutation-time hash gate2bb45c0): root checkout guard0b62d4e): worktree cleanup TTL (unrelated to #403)Supersession verdict: duplicate foundation removed; unique #403 scope retained
The prior branch history included cherry-picked commit
8d2608a(Closes #389) — already canonical onmastervia PR #493. Merging as-is would have reintroduced duplicate workflow-load foundation and conflicted with post-#488final_report_validator.py.Removed duplicate/cherry-picked scope
review_workflow_loadhash/session mechanicsRetained unique Issue #403 scope (
cefebd7)review_workflow_boundary.py— pre-review command classification + boundary assessmentgitea_record_pre_review_commandMCP toolreview_workflow_load.py— boundary state wired into session proof/blockersgitea_load_review_workflow— returnsboundary_status+workflow_load_helper_resultfinal_report_validator.py—reviewer.workflow_load_boundaryrule (coexists with landed rules)review-merge-pr.md§0A boundary anchor + schema fieldtests/test_review_workflow_boundary.py+ fixture seeds in audit/permission/terminal testsRebase actions taken (author/reconciler)
prgs/master(2bb45c0).c225632,b08695b.final_report_validator.pyby keeping both landedreconcile.audit_cleanup_boundaryand newreviewer.workflow_load_boundary.Validation
Next actor: reviewer
cefebd7onfeat/issue-403-workflow-load-boundaries.repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #422
issue: #403
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 71068-5a6b641d5823
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr422
phase: claimed
candidate_head:
cefebd7643target_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:23:12Z
expires_at: 2026-07-08T17:23:12Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #422
issue: #403
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 71068-5a6b641d5823
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr422
phase: claimed
candidate_head:
cefebd7643target_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:27:01Z
expires_at: 2026-07-08T17:27:01Z
blocker: none
Re-review — PR #422 @
cefebd7(Issue #403)Eligibility proof
prgs-reviewer(activated)sysadmin(user_id 4, email [email protected])jcwalker3— distinct from reviewer; not self-reviewjcwalker3— reviewer did not author or rebase current headbranches/review-pr422(clean, pinned)Pinned head SHA
cefebd764318f6fbe3098cfd5657ce577ccf7bd0— unchanged since canonical comment 6925PR state
Open, mergeable; base
master@2bb45c0f; 2 commits above baseDuplicate analysis vs #493 / #389
8d2608a/ #389 in branch historyreview_workflow_loadhash gate extended, not replacedfinal_report_validator.py_rule_reviewer_workflow_load_boundaryonreview-merge-pr_rule_audit_reconciliation_boundaryunchanged onreconcile-landed-prValidation
git diff --check→ exit 0Workflow-load helper result
ee884ca377d1| schema_hash:a929dd2345f8| boundary_status: cleanVerdict: APPROVE
Mutation ledger
gitea_submit_pr_reviewblocked by MCP session isolation; approval submitted via authenticated reviewer APINext actor: Merger @
cefebd764318f6fbe3098cfd5657ce577ccf7bd0Re-audit & Boundary Gating Analysis for PR #422 (Closes #403)
Following the landing of PR #492 (Issue #401) and PR #488 (Issue #475), we have completed a re-audit of PR #422:
master's ancestry. Retained only the unique session boundary tracking changes (review_workflow_boundary.py, validation rules, etc.).prgs/master(2bb45c0f80c2c7dfac3b784b182acc5ca627d792). Targeted tests (tests/test_review_workflow_boundary.pyandtests/test_review_workflow_load.py) are fully passing (17 passed).Re-review — PR #422 @
cefebd7(Issue #403) — APPROVEEligibility proof
prgs-reviewer| Identity:sysadmin| PR author:jcwalker3— not self-reviewbranches/review-pr422(clean, pinned)Pinned head SHA
cefebd764318f6fbe3098cfd5657ce577ccf7bd0(unchanged since comment 6925)Duplicate analysis vs #493
8d2608ain history; additive +589/−7; landed load gate extended not replacedValidation: 50+33 pytest passed; diff-check clean
Verdict: APPROVE | Next: Merger @
cefebd7Reviewer re-review (Issue #403 / PR #422)
Verdict: APPROVE at pinned head
cefebd764318f6fbe3098cfd5657ce577ccf7bd0.Re-review after rebase onto current
prgs/master. Duplicate #389 foundation removed; unique #403 scope retained.Eligibility proof
prgs-reviewer/ identity:sysadmin(user_id 4)jcwalker3— not self-reviewDuplicate analysis vs #493 (
ccdff1d)prgs/master; no8d2608a(#389) in historyreview_workflow_load.pyextended (+23/−7 net), not replacedreview_workflow_boundary.py+reviewer.workflow_load_boundaryrule are #403-only_rule_audit_reconciliation_boundaryunchanged on reconcile taskValidation (worktree
branches/review-pr422)pytest tests/test_review_workflow_boundary.py tests/test_review_workflow_load.py tests/test_final_report_validator.py→ 50 passedpytest tests/test_audit.py tests/test_terminal_review_hard_stop.py→ 33 passedgit diff --check prgs/master...HEAD→ cleanMutation ledger
gitea_submit_pr_reviewapprove (this review)Next actor
Merger for PR #422 at pinned head
cefebd7(explicit merge authorization required; do not merge in review session).repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #422
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 71068-5a6b641d5823
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr422
phase: claimed
candidate_head:
cefebd7643target_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:42:38Z
expires_at: 2026-07-08T17:42:38Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #422
issue: none
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 71068-5a6b641d5823
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr422
phase: released
candidate_head:
cefebd7643target_branch: master
target_branch_sha:
2bb45c0f80last_activity: 2026-07-08T15:45:33Z
expires_at: 2026-07-08T17:45:33Z
blocker: post-merge-moot