fix(#158): add S10 invariant to spec, fix enforcement wording in §8
PR Ready Gate / clear-labels (pull_request) Successful in 1s
CI / test (pull_request) Successful in 17s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 23s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 26s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 49s
PR Ready Gate / clear-labels (pull_request) Successful in 1s
CI / test (pull_request) Successful in 17s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 23s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 26s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 49s
Address MINOR and NIT findings from Sonnet and GPT review of PR #158. MINOR (Sonnet + GPT): No static invariant for 'no close-PR in worker templates'. - Add S10 to §6 Safety Invariants table: checks that no worker template contains close-PR API calls AND every template contains NEVER-close constraint text. - Symmetric to S8 (no merge in worker templates) and S9 (no close in dispatch). NIT (GPT): Enforcement mapping sentence in §8 was ambiguous. - Rewrite to explicitly map: S1+S9 cover dispatch; S8+S10 cover worker templates. NIT (Sonnet): The 'all 7 templates contain NEVER-close text' claim is now verified by S10 (grep-based), not just prose. Implementation: S10 added to check-invariants.sh + Bug-157-S10 regression tests added to dispatch.bats (in rodin/workspace). All 11 invariants pass.
This commit is contained in:
Rodin
@@ -232,6 +232,7 @@ These are statically checked by `~/.openclaw/workspace/scripts/test/check-invari
|
||||
| S7 | SPAWN:impl guarded by `ACTIVE_WIP == 0` check |
|
||||
| S8 | No merge calls in any worker template |
|
||||
| S9 | Zero close-PR API calls in dispatch script (`state=closed` does not appear) |
|
||||
| S10 | No close-PR API calls in any worker template; every worker template contains `NEVER close a PR` |
|
||||
|
||||
---
|
||||
|
||||
@@ -273,7 +274,7 @@ Every worker template begins with an `⛔ ABSOLUTE CONSTRAINTS` section containi
|
||||
- **NEVER use the gitea-aweiker token.** All API calls use the gitea-rodin token only.
|
||||
- **NEVER act on a PR with active REQUEST_CHANGES.** Fix the findings first.
|
||||
|
||||
These constraints are enforced by S1, S8, and S9 in `check-invariants.sh` (for the dispatch script) and by the template text itself (for workers).
|
||||
These constraints are statically enforced by `check-invariants.sh`: S1 and S9 cover the dispatch script (no merge, no close); S8 and S10 cover worker templates (no merge calls, no close calls, and NEVER-close text present in each).
|
||||
|
||||
---
|
||||
|
||||
@@ -294,5 +295,6 @@ Worker templates were missing an explicit constraint against closing PRs. The di
|
||||
script never had a close call, but workers could reason their way into calling
|
||||
`PATCH /pulls/{id}` with `state=closed`. All worker templates now include
|
||||
`NEVER close a PR` in their ABSOLUTE CONSTRAINTS section. Invariant S9 verifies
|
||||
the dispatch script contains no close calls. The regression test in `dispatch.bats`
|
||||
verifies the same statically.
|
||||
the dispatch script contains no close calls. Invariant S10 verifies
|
||||
worker templates contain no close calls and each contains the NEVER-close text. Regression
|
||||
tests in `dispatch.bats` verify all of this statically.
|
||||
|
||||
Reference in New Issue
Block a user