Skip to content

Plan WS-POL-002 post-submit checker foundation#85

Merged
abiorh-claw merged 4 commits into
mainfrom
codex/ws-pol-002-post-submit-checker-planning
Jul 9, 2026
Merged

Plan WS-POL-002 post-submit checker foundation#85
abiorh-claw merged 4 commits into
mainfrom
codex/ws-pol-002-post-submit-checker-planning

Conversation

@Abiorh001

@Abiorh001 Abiorh001 commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

PR Trust Bundle

Chunk

WS-POL-002-PLAN - Post-Submit Checker Foundation Planning

Goal

Close the previous WS-POL-001 loop state and create the reviewed planning
foundation for project-guide-derived post-submit checker setup.

Human-approved intent

  • Intent: .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/INTENT.md
  • Plan: .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/PLAN.md
  • Chunk contract: .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-PLAN-post-submit-checker-planning.md

What changed

  • Closed stale WS-POL-001-16 loop state after PR WS-POL-001-16 Terminal Benchmark live API drill #84 merged.
  • Added WS-POL-002 intent, discovery, plan, decisions, risks, status, chunk map,
    and six chunk contracts.
  • Normalized every WS-POL-002 chunk contract with approved-plan reference, risk
    class, SLA, allowed files, not-allowed changes, acceptance criteria,
    verification commands, reviewer set, human review focus, and stop conditions.
  • Added external review response and refreshed internal review evidence.

Why it changed

Post-submit checker setup needs the same discipline as pre-submit: setup-time
derivation, trusted compilation, project-scoped policy, deterministic runtime,
and no manual guide request-body checker payloads.

Design chosen

The plan keeps PostSubmitCheckerPolicy project-scoped. An agent may derive a
constrained setup specification from approved project guide/source context, but
Workstream compiles deterministic checker policy and runtime executes only the
locked compiled policy.

Alternatives rejected

  • Per-task checker generation: rejected because tasks should lock references to
    the project policy/checker context, not compile their own checkers.
  • Runtime agent judgment: rejected because submission checks must be
    deterministic and auditable.
  • Manual guide payloads for post-submit policy: rejected because policy setup is
    server-owned.

Scope control

Allowed files changed

  • .agent-loop/LOOP_STATE.md
  • .agent-loop/WORK_QUEUE.md
  • .agent-loop/REVIEW_LOG.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/**
  • docs/roadmap_status.md

Files outside scope

  • None.

Product Behavior

  • No Workstream product runtime behavior changed.
  • Product behavior changed and is explained here:

Acceptance criteria proof

  • WS-POL-001 loop memory closed - LOOP_STATE.md, WORK_QUEUE.md,
    REVIEW_LOG.md, and WS-POL-001 status updated.
  • WS-POL-002 planning artifacts created - intent, discovery, plan, decisions,
    risks, status, chunk map, and chunk contracts added.
  • Project-scoped post-submit policy preserved - plan and chunks reject
    per-task checker generation.
  • External review findings handled - see
    .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/reviews/WS-POL-002-PLAN-external-review-response.md.
  • Internal review evidence refreshed - see
    .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/reviews/WS-POL-002-PLAN-internal-review-evidence.md.

Tests/checks run

python3 scripts/check_stale_workstream_wording.py
python3 scripts/check_markdown_links.py
python3 scripts/check_internal_review_evidence.py
git diff --check
for f in .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/*.md; do rg -n "^## (Approved Plan Reference|Risk class|SLA|Stop conditions)$" "$f"; done

Result summary:

Local stale wording, Markdown links, internal review evidence, chunk metadata
scan, and diff whitespace checks passed after the review-artifact update.

Test delta

Tests added

  • None.

Tests modified

  • None.

Tests removed/skipped

  • None.

CI integrity

  • Coverage threshold unchanged
  • Lint unchanged
  • Typecheck unchanged
  • No workflow weakening
  • No package script weakening
  • No unpinned new GitHub Action
  • Checkout credential persistence unchanged

External review

External review response file:

  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/reviews/WS-POL-002-PLAN-external-review-response.md
Source Status Notes
CodeRabbit Fixed locally Title, risk class, privacy wording, and PR-description structure addressed.
GitHub checks Fixed locally Evidence provenance updated; checks must rerun on pushed head.

Reviewer results

Reviewed code SHA: f071601

Reviewed at: 2026-07-09T08:46:42Z

Reviewer run IDs: senior-engineering=019f4607-7d3d-75f1-9f95-1c97e6a754ed; QA/test=019f4607-9e65-7dd3-a4a1-e5902738c7ae; security/auth=019f4607-c400-7d70-ba90-d3a864da5619; product/ops=019f4607-e130-7183-935e-399d7c0da675; architecture=019f4608-0acf-72a0-a876-f9e0b2d1f8c6; docs=019f4609-1043-76f0-9474-7a0ecb9d43eb; CI-integrity=019f4610-a68c-7742-bff9-6b89fa3931c9

Reviewer Result Blocking findings Notes
senior engineering PASS AFTER FIXES None Evidence provenance and push findings addressed by follow-up review artifact/push.
QA/test PASS WITH LOW RISKS None Remote push was the only remaining low note.
security/auth PASS None Privacy and redaction contract passed.
product/ops PASS AFTER FIXES None Trust bundle and evidence findings addressed by this artifact.
architecture PASS WITH LOW RISKS None Broad future runtime globs accepted as low risk.
docs PASS AFTER FIXES None External response/trust-bundle findings addressed by this artifact.
CI integrity PASS None Confirmed no workflow, script, package, or CI configuration changes; local evidence gate passes and artifacts do not overclaim remote checks.

Remaining risks

  • WS-POL-002-04 still allows broad future runtime globs. Architecture accepted
    this as low risk because the acceptance criteria constrain the allowed work to
    generated-policy runtime deltas.
  • GitHub checks must rerun on the pushed PR head before merge.

Follow-up work

Start WS-POL-002-01 only after this planning PR is reviewed, merged by the
user, and the user explicitly starts the implementation chunk.

Human review focus

Please inspect:

  • the project-scoped post-submit checker setup direction
  • the setup-time derivation versus deterministic runtime boundary
  • the v0.1 setup authorization boundary
  • the WS-POL-002 chunk sequence and stop condition before implementation starts

Human ownership

  • I can explain what changed.
  • I can explain why it changed.
  • I know what could break.
  • I accept the remaining risks.
  • The user explicitly approved this specific PR for merge.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR closes out WS-POL-001-16 (merged via PR #84) in agent-loop coordination docs (LOOP_STATE, REVIEW_LOG, WORK_QUEUE, WS-POL-001 STATUS) and adds a complete WS-POL-002 planning documentation set: DISCOVERY, INTENT, PLAN, DECISIONS, RISKS, STATUS, CHUNK_MAP, five chunk contracts, a planning chunk contract, internal review evidence, and a roadmap status update.

Changes

WS-POL-001 close-out and WS-POL-002 planning

Layer / File(s) Summary
Agent-loop state and gating transition
.agent-loop/LOOP_STATE.md, .agent-loop/REVIEW_LOG.md, .agent-loop/WORK_QUEUE.md
Loop state, review log, and work queue are updated to record PR #84 merge for WS-POL-001-16 and gate the schedule toward WS-POL-002-PLAN, with WS-POL-002-01 remaining inactive until explicitly started.
WS-POL-001 initiative closure
.agent-loop/initiatives/WS-POL-001-.../STATUS.md
Status doc marks WS-POL-001 complete through chunk 16, clears the active chunk, and records PR #84/merge commit in the chunk table.
WS-POL-002 discovery and intent
.agent-loop/initiatives/WS-POL-002-.../DISCOVERY.md, INTENT.md
New docs capture the current post-submit checker runtime, key modules, default checkers, policy shape, gaps, and target intent for setup-time derivation/compilation.
WS-POL-002 plan, decisions, and risks
PLAN.md, DECISIONS.md, RISKS.md
New docs define the two-phase setup pipeline, agent/compiler contracts, D1–D8 binding decisions, and a risk register.
WS-POL-002 chunk map and status
CHUNK_MAP.md, STATUS.md
New docs enumerate five proposed implementation chunks, dependency order, activation constraints, and current planning status.
WS-POL-002 chunk contracts
chunks/WS-POL-002-01...05*.md, chunks/WS-POL-002-PLAN-*.md
New chunk contract documents specify target behavior, acceptance criteria, allowed/disallowed files, verification commands, and reviewer focus for each proposed chunk.
Review evidence and roadmap update
reviews/WS-POL-002-PLAN-internal-review-evidence.md, docs/roadmap_status.md
Internal review evidence records reviewer results, addressed findings, commands run, residual risks, and stop condition; roadmap status doc reflects chunk 16 completion and WS-POL-002 planning alignment.

Estimated code review effort: 2 (Simple) | ~12 minutes

Possibly related issues

Possibly related PRs

Suggested reviewers: abiorh-claw

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed Concise title accurately summarizes the main change: planning the WS-POL-002 post-submit checker foundation.
Description check ✅ Passed The description covers the required trust-bundle sections and includes goals, scope, evidence, reviewers, risks, and follow-up work.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/ws-pol-002-post-submit-checker-planning

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
.agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/STATUS.md (1)

18-34: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Normalize the first implementation chunk name.

WS-POL-002-01 is described with different titles here and in CHUNK_MAP.md, which makes cross-references brittle.

♻️ Suggested edit
-`WS-POL-002-01` - Post-submit compiler and default policy contract.
+`WS-POL-002-01` - Post-Submit Provenance And Compiler Contract.
@@
-| `WS-POL-002-01` | Proposed | - | - | Post-submit provenance model and compiler contract. |
+| `WS-POL-002-01` | Proposed | - | - | Post-Submit Provenance And Compiler Contract. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/STATUS.md
around lines 18 - 34, The first implementation chunk label is inconsistent
across references, so normalize the title for `WS-POL-002-01` to the same
wording used in `CHUNK_MAP.md`. Update the chunk description in `STATUS.md` so
the identifier `WS-POL-002-01` always maps to one canonical name, and keep the
surrounding chunk table entries unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
@.agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-05-post-submit-live-api-proof.md:
- Around line 1-18: Add the missing explicit risk-class declaration to this
chunk contract and align the document with the required chunk metadata template.
Update the contract text to include the canonical risk class alongside the
existing Goal/Problem sections, and ensure the chunk still clearly states
allowed files, disallowed changes, acceptance criteria, reviewer set, and human
review focus using the current chunk title as the anchor.
- Around line 82-83: Update the privacy scan acceptance criterion in the
post-submit live API proof to explicitly reject raw policy hashes as well as
source hashes, and require both to be redacted using the approved
sha256:<redacted> placeholder. Adjust the wording in the relevant proof/check
section so the validation applies to all committed evidence hashes, not just
source provenance, and keep the terminology aligned with the existing privacy
scan guidance.

---

Nitpick comments:
In @.agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/STATUS.md:
- Around line 18-34: The first implementation chunk label is inconsistent across
references, so normalize the title for `WS-POL-002-01` to the same wording used
in `CHUNK_MAP.md`. Update the chunk description in `STATUS.md` so the identifier
`WS-POL-002-01` always maps to one canonical name, and keep the surrounding
chunk table entries unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d1918572-bf25-4718-8edf-ac7bb74cd18e

📥 Commits

Reviewing files that changed from the base of the PR and between a3d2a3f and 848470c.

📒 Files selected for processing (19)
  • .agent-loop/LOOP_STATE.md
  • .agent-loop/REVIEW_LOG.md
  • .agent-loop/WORK_QUEUE.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/CHUNK_MAP.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/DECISIONS.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/DISCOVERY.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/INTENT.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/PLAN.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/RISKS.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/STATUS.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-01-post-submit-compiler-contract.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-02-post-submit-derivation-agent.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-03-post-submit-policy-approval-visibility.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-04-post-submit-runtime-hardening.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-05-post-submit-live-api-proof.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/chunks/WS-POL-002-PLAN-post-submit-checker-planning.md
  • .agent-loop/initiatives/WS-POL-002-post-submit-checker-foundation/reviews/WS-POL-002-PLAN-internal-review-evidence.md
  • docs/roadmap_status.md

@abiorh-claw abiorh-claw self-requested a review July 9, 2026 11:21
@abiorh-claw abiorh-claw merged commit 3fc1a68 into main Jul 9, 2026
4 checks passed
@abiorh-claw abiorh-claw deleted the codex/ws-pol-002-post-submit-checker-planning branch July 9, 2026 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants