From 6cefbb070e3a730d61ceb37858605d27e75e8a81 Mon Sep 17 00:00:00 2001 From: Rodin Date: Fri, 15 May 2026 14:47:54 +0000 Subject: [PATCH] fix(#157): add S9 invariant and never-close constraint to dev-loop spec MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add S9 to §6 Safety Invariants: zero close-PR API calls in dispatch - Document worker ABSOLUTE CONSTRAINTS in §8 Worker Templates - Add §9 entry for Issue #157 explaining the fix All worker templates already contain the NEVER-close constraint from a prior session. This commit makes the spec authoritative. Companion changes in rodin/workspace: - check-invariants.sh: add S9 static check - dispatch.bats: add Bug-157-regression test --- docs/dev-loop-spec.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/dev-loop-spec.md b/docs/dev-loop-spec.md index 226b511..041383a 100644 --- a/docs/dev-loop-spec.md +++ b/docs/dev-loop-spec.md @@ -231,6 +231,7 @@ These are statically checked by `~/.openclaw/workspace/scripts/test/check-invari | S6 | Active WIP does not cause early exit (only sets ACTIVE_WIP flag) | | S7 | SPAWN:impl guarded by `ACTIVE_WIP == 0` check | | S8 | No merge calls in any worker template | +| S9 | Zero close-PR API calls in dispatch script (`state=closed` does not appear) | --- @@ -263,9 +264,20 @@ Each worker receives a precise task description with substituted values: Workers **always** remove the WIP label on completion and reply `NO_REPLY`. +### Worker Absolute Constraints + +Every worker template begins with an `⛔ ABSOLUTE CONSTRAINTS` section containing these rules: + +- **NEVER close a PR.** Never call `PATCH /pulls/{id}` with `state=closed`. Closing a PR requires human action. "Duplicate", "superseded", or "already done" are never a worker's call. +- **NEVER merge a PR.** Never call the merge API. Merging requires human approval. +- **NEVER use the gitea-aweiker token.** All API calls use the gitea-rodin token only. +- **NEVER act on a PR with active REQUEST_CHANGES.** Fix the findings first. + +These constraints are enforced by S1, S8, and S9 in `check-invariants.sh` (for the dispatch script) and by the template text itself (for workers). + --- -## 9. Fixes for Issues #144 and #145 +## 9. Fixes for Issues #144, #145, and #157 **Issue #144** (autonomous merge): The dispatch script contains no merge API calls anywhere. The `~/.openclaw/workspace/scripts/test/check-invariants.sh` @@ -276,3 +288,11 @@ Rule 2 is the **first** rule evaluated per PR. It cannot be skipped, reasoned pa or bypassed. It is checked before CI, before self-review, before handoff. The check uses latest-per-reviewer state, so a reviewer who re-approved after REQUEST_CHANGES is correctly handled. + +**Issue #157** (autonomous PR close): +Worker templates were missing an explicit constraint against closing PRs. The dispatch +script never had a close call, but workers could reason their way into calling +`PATCH /pulls/{id}` with `state=closed`. All worker templates now include +`NEVER close a PR` in their ABSOLUTE CONSTRAINTS section. Invariant S9 verifies +the dispatch script contains no close calls. The regression test in `dispatch.bats` +verifies the same statically.