fix(#158): address NIT feedback — clarify enforcement split, clean §9 prose
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 22s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 24s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m7s
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 22s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 24s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m7s
This commit is contained in:
Rodin
@@ -274,7 +274,7 @@ Every worker template begins with an `⛔ ABSOLUTE CONSTRAINTS` section containi
|
|||||||
- **NEVER use the gitea-aweiker token.** All API calls use the gitea-rodin token only.
|
- **NEVER use the gitea-aweiker token.** All API calls use the gitea-rodin token only.
|
||||||
- **NEVER act on a PR with active REQUEST_CHANGES.** Fix the findings first.
|
- **NEVER act on a PR with active REQUEST_CHANGES.** Fix the findings first.
|
||||||
|
|
||||||
These constraints are statically enforced by `check-invariants.sh`: S1 and S9 cover the dispatch script (no merge, no close); S8 and S10 cover worker templates (no merge calls, no close calls, and NEVER-close text present in each).
|
The first two constraints are statically enforced by `check-invariants.sh`: S1 and S9 cover the dispatch script (no merge, no close); S8 and S10 cover worker templates (no merge calls, no close calls, and NEVER-close text present in each). The remaining two constraints (token usage and REQUEST_CHANGES gate) are enforced by runtime logic.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -296,5 +296,4 @@ script never had a close call, but workers could reason their way into calling
|
|||||||
`PATCH /pulls/{id}` with `state=closed`. All worker templates now include
|
`PATCH /pulls/{id}` with `state=closed`. All worker templates now include
|
||||||
`NEVER close a PR` in their ABSOLUTE CONSTRAINTS section. Invariant S9 verifies
|
`NEVER close a PR` in their ABSOLUTE CONSTRAINTS section. Invariant S9 verifies
|
||||||
the dispatch script contains no close calls. Invariant S10 verifies
|
the dispatch script contains no close calls. Invariant S10 verifies
|
||||||
worker templates contain no close calls and each contains the NEVER-close text. Regression
|
worker templates contain no close calls and each contains the NEVER-close text. Regression tests in `dispatch.bats` statically verify all of these constraints.
|
||||||
tests in `dispatch.bats` verify all of this statically.
|
|
||||||
|
|||||||
Reference in New Issue
Block a user