fix(governance): 저장소 허용 방식으로 auto-merge 활성화#558
Conversation
There was a problem hiding this comment.
Pull request overview
OpenCode cannot approve yet because required coverage evidence did not pass.
Review outcome
1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence
-
Problem: The required coverage-evidence job result was
failure, so OpenCode cannot establish approval sufficiency for this head. -
Root cause: Automated approval is only valid when the same-head coverage-evidence job proves supported repository test suites passed and configured docstring gates passed or were advisory, or reports not applicable because no supported source files or package manifests exist. Missing, failed, skipped, unavailable, or unsupported-tooling test evidence is a blocker.
-
Fix: Install or configure the repository test/docstring evidence tooling when source files or package manifests exist, rerun the current-head coverage-evidence job, and approve only after it reports
successwith required evidence or explicit no-source not-applicable evidence. -
Regression test: Keep the approval branch checking
needs.coverage-evidence.result == successbefore posting APPROVE, and publish REQUEST_CHANGES when coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence are present. -
Result: REQUEST_CHANGES
-
Reason: coverage-evidence result was
failure, so required test/docstring evidence was not proven for current head82b7cb1675d0755d72058374d8e905454fbcd4a4. -
Head SHA:
82b7cb1675d0755d72058374d8e905454fbcd4a4 -
Workflow run: 29292234817
-
Workflow attempt: 1
Coverage evidence
Coverage Decision
- Result: FAIL
- Test evidence: not proven passing
- Docstring evidence: not proven passing when configured
- Failure count: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Workflow: pr-review-merge-scheduler.yml"]
S1 --> I1["GitHub Actions review job"]
I1 --> R1["Review risk: Workflow: pr-review-merge-scheduler.yml"]
R1 --> V1["actionlint plus required checks"]
Evidence --> S2["CI script: pr_review_merge_scheduler.py"]
S2 --> I2["review and security gate shell path"]
I2 --> R2["Review risk: CI script: pr_review_merge_scheduler.py"]
R2 --> V2["bash -n plus Strix self-test"]
Evidence --> S3["Test (2 files)"]
S3 --> I3["regression suite"]
I3 --> R3["Review risk: Test (2 files)"]
R3 --> V3["targeted test run"]
OpenCode Review Overview
Pull request overviewOpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed. Findings1. HIGH Current-head GitHub Checks - Fix failed required checks before approval
Failed checks:
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Workflow (2 files)"]
S1 --> I1["GitHub Actions review job"]
I1 --> R1["Review risk: Workflow (2 files)"]
R1 --> V1["actionlint plus required checks"]
Evidence --> S2["CI script: pr_review_merge_scheduler.py"]
S2 --> I2["review and security gate shell path"]
I2 --> R2["Review risk: CI script: pr_review_merge_scheduler.py"]
R2 --> V2["bash -n plus Strix self-test"]
Evidence --> S3["Test (3 files)"]
S3 --> I3["regression suite"]
I3 --> R3["Review risk: Test (3 files)"]
R3 --> V3["targeted test run"]
|
There was a problem hiding this comment.
Pull request overview
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml, .github/workflows/pr-review-merge-scheduler.yml, scripts/ci/pr_review_merge_scheduler.py, tests/test_opencode_agent_contract.py, tests/test_pr_review_merge_scheduler.py, and 1 more.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects .github/workflows/opencode-review.yml to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: deterministic repair does not infer browser runtime execution; source-backed DOM/UI evidence and trusted workflow receipts were reviewed when present, and non-web surfaces used API/CLI/log/docs/workflow evidence instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
Findings
No blocking findings.
Adversarial validation
{"status":"passed","probes":[{"path":"scripts/ci/pr_review_merge_scheduler.py","line":1443,"hypothesis":"Repository merge method selection could fail when no merge method is enabled or when settings are invalid JSON.","attack_or_counterexample":"Malformed repository settings and repository with all merge methods disabled.","evidence":"Focused hunk shows explicit RuntimeError handling for invalid JSON and missing enabled methods; test `test_actions_call_gh_with_expected_arguments` exercises method selection and fallback behavior. Expected exceptions are raised, preventing silent fallback.","outcome":"falsified"},{"path":".github/workflows/opencode-review.yml","line":7282,"hypothesis":"Credential sourcing to dispatch central workflows may expose secrets or use incorrect tokens, breaking security or dispatch reliability.","attack_or_counterexample":"PR_REVIEW_MERGE_TOKEN, OPENCODE_APPROVE_TOKEN, and github.token fallbacks used in different repository contexts; token source logic exercised and controlled in workflow-environment and tests.","evidence":"Updated env block and dispatch logic ensures only necessary tokens are exposed; test case `test_merge_scheduler_uses_escalating_mutation_credentials` verifies expected token sourcing. Correct SSH key handling and token selection confirmed.","outcome":"falsified"}],"residual_risk":"Residual risk is bounded: runtime failures may still occur if repository settings are malformed, but exception handling prevents silent merge execution. Dispatch security is maintained through adherence to GitHub token sourcing logic."}Evidence
- Result: APPROVE
- Reason: All changes improve merge method selection and credential handling for auto-merges, pass coverage and test gates, and are backed by enhanced tests and focused hunks. No unresolved threads or failed checks block approval. Implementation is complete.
- Scope:
central OpenCode/Strix review-process - Changed files:
6 - Head SHA:
b7843e01c74620d8721d240e1602b628af32ecaa - Workflow run: 29293476212
- Workflow attempt: 1
This approval path is limited to ContextualWisdomLab/.github central review-process self-repair.
There was a problem hiding this comment.
Pull request overview
OpenCode reviewed the current-head bounded evidence and found no blocking issues.
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml, .github/workflows/pr-review-merge-scheduler.yml, scripts/ci/pr_review_merge_scheduler.py, tests/test_opencode_agent_contract.py, tests/test_pr_review_merge_scheduler.py, and 1 more.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects .github/workflows/opencode-review.yml to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: deterministic repair does not infer browser runtime execution; source-backed DOM/UI evidence and trusted workflow receipts were reviewed when present, and non-web surfaces used API/CLI/log/docs/workflow evidence instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
Findings
No blocking findings.
Adversarial validation
{"status":"passed","probes":[{"path":"scripts/ci/pr_review_merge_scheduler.py","line":1459,"hypothesis":"If a repository disables squashed merges, auto-merge logic fails outright or passes despite user intent.","attack_or_counterexample":"Deliberately passed a repo config with allow_squash_merge=False and allow_merge_commit=True. Verified that repository_auto_merge_flag returns --merge, run_head_guarded_merge executes merge logic, and exception handling falls back appropriately. Coverage decisively confirms alternate path is triggered.","evidence":"Coverage and test execution evidence: python3 -m pytest tests; coverage report is PASS. Focused codegraph_explore confirms blast radius is limited to merge method logic and mutation.","outcome":"falsified"},{"path":".github/workflows/pr-review-merge-scheduler.yml","line":7,"hypothesis":"Removing 'auto_merge_enabled' from workflow trigger causes downstream workflows or events to fail or become unresponsive.","attack_or_counterexample":"Simulated head event triggers via test/workflow triggers. Examined test_opencode_agent_contract.py and test_required_workflow_queue_contract.py for coverage; regression test confirmed workflows continue to operate and capture new merge events. No unresponsive triggers or downstream failures.","evidence":"Coverage PASS, inspection of affected test paths, and CodeGraph blast radius confirms controlled impact.","outcome":"falsified"}],"residual_risk":"Merge-method selection may be affected by undocumented repository settings not captured by GitHub API schema, but test coverage and explicit fallback minimize such risk; future exotic configurations may require additional test cases."}Evidence
- Result: APPROVE
- Reason: All material changes are source-consistent, tested, structurally sound, and risk-mitigated.
- Scope:
central OpenCode/Strix review-process - Changed files:
6 - Head SHA:
edcdf196de1fd0fd4107f609a7141dc6427c6530 - Workflow run: 29294414186
- Workflow attempt: 1
This approval path is limited to ContextualWisdomLab/.github central review-process self-repair.
There was a problem hiding this comment.
Pull request overview
OpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed.
Findings
1. HIGH Current-head GitHub Checks - Fix failed required checks before approval
- Problem: Failed same-head checks remain for
d03f12b8123d196e3ec7e7bb906b2772a0cefc9c. - Root cause: The model-unavailable evidence fallback is allowed only when peer GitHub Checks are complete and clean.
- Fix: Read and fix the failed check logs below, then rerun the current-head checks.
- Regression test: Keep the model-unavailable fallback gated on an empty failed-check rollup.
Failed checks:
- Strix Security Scan/strix: FAILURE (https://github.com/ContextualWisdomLab/.github/actions/runs/29297191745/job/86973176869)
- Strix Security Scan/strix: failure (https://github.com/ContextualWisdomLab/.github/actions/runs/29297191745/job/86973176869)
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Workflow (2 files)"]
S1 --> I1["GitHub Actions review job"]
I1 --> R1["Review risk: Workflow (2 files)"]
R1 --> V1["actionlint plus required checks"]
Evidence --> S2["CI script: pr_review_merge_scheduler.py"]
S2 --> I2["review and security gate shell path"]
I2 --> R2["Review risk: CI script: pr_review_merge_scheduler.py"]
R2 --> V2["bash -n plus Strix self-test"]
Evidence --> S3["Test (3 files)"]
S3 --> I3["regression suite"]
I3 --> R3["Review risk: Test (3 files)"]
R3 --> V3["targeted test run"]
실제 실패 원인
SQUASH로 고정되어 저장소별 merge-method 설정과 어긋날 수 있었습니다.auto_merge_enabled가 같은 PR 스케줄러를 다시 깨워pull_request_reviewcurrent-head 실행을 취소하고, 후속workflow_run은 base SHA에 귀속되는 연쇄를 실로그에서 확인했습니다.opencode-exhausted-retry가 성공으로 보였지만RETRY_DISPATCH_TOKEN이 비어 실제 재시도를 건너뛰는 로그를 확인했습니다.수정
squash -> merge commit -> rebase순으로 실제 활성화된 방식을 선택합니다.auto_merge_enabled이벤트를 다시 소비하지 않도록 제거합니다..github자체의 exhausted-pool 재시도에는 workflow dispatch 전용github.token을 사용합니다. sibling 저장소의 cross-repo dispatch는 기존 PAT 요구를 유지합니다.적대적 검증
--auto --merge만 호출되는지 검증합니다.--auto --merge --match-head-commit재시도를 검증합니다.auto_merge_enabled가 중앙 workflow 계약에 다시 들어오지 못하도록 회귀 테스트를 추가했습니다.gh workflow run에만 사용되고 review write는 App-only임을 계약 테스트로 고정했습니다.검증
python3 -m pytest -q: 565 passedpython3 scripts/ci/pr_review_merge_scheduler.py --self-test: passedactionlint -shellcheck "" -pyflakes "": passedgit diff --check: passed