Summary
A configurable contributor blacklist so banned offenders (known plagiarists / farmers) are handled automatically by the converged engine instead of by hand. When a PR's author is on the resolved blacklist, the deterministic gate short-circuits ahead of any merit/CI/AI analysis: apply the slop label, post a sanitized close comment, and close it — idempotent, audit-logged, and honoring agent_paused / agent_dry_run / the kill-switch. No AI call, no merit review.
Design (mirrors the existing deterministic linked-issue hard-rule close)
- Config-driven, never hard-coded. Layered the same as other gate settings:
.gittensory.yml (gate.blacklist / a blacklist: block) > per-repo DB setting > a shared/global list (singleton, like global_agent_controls) > defaults. Resolved once.
- Entry shape: a GitHub
login + optional metadata (reason e.g. plagiarism/farming, evidence PR/issue URLs, addedAt). Logins are public data — no wallets/hotkeys/trust-scores/private values.
- Disposition precedence: a blacklist match wins over normal gate evaluation (a blocked author never gets merit-reviewed or auto-merged). Documented in the disposition matrix.
- Optional org-block hook: only if the App has the permission; otherwise flag for the maintainer (check the manifest, degrade gracefully).
Scope (small stack)
- Config + resolution — per-repo settings field + global singleton list + migration + Drizzle/types + settings resolver + OpenAPI +
.gittensory.yml parity + the pure layered resolver. No behavior change.
- Engine disposition (PRs) — short-circuit in
planAgentMaintenanceActions (label/close/audit, idempotent, dry-run/pause-aware, sanitized comment, no AI) + disposition-matrix doc.
- (follow-up) issue auto-close actuation (new surface), MCP
is-blacklisted read tool, org-block hook.
Acceptance: a repo (or the global list) with a blocked login → any new PR from that login is auto-slop-labeled, sanitized-close-commented, closed, and audit-logged, no AI, no merit review, honoring dry-run/kill-switch — all config-driven.
Part of #1409 (deterministic blacklist is the manual-ban complement to the detection/scoring epic).
Summary
A configurable contributor blacklist so banned offenders (known plagiarists / farmers) are handled automatically by the converged engine instead of by hand. When a PR's author is on the resolved blacklist, the deterministic gate short-circuits ahead of any merit/CI/AI analysis: apply the
sloplabel, post a sanitized close comment, and close it — idempotent, audit-logged, and honoringagent_paused/agent_dry_run/ the kill-switch. No AI call, no merit review.Design (mirrors the existing deterministic
linked-issue hard-ruleclose).gittensory.yml(gate.blacklist/ ablacklist:block) > per-repo DB setting > a shared/global list (singleton, likeglobal_agent_controls) > defaults. Resolved once.login+ optional metadata (reasone.g.plagiarism/farming,evidencePR/issue URLs,addedAt). Logins are public data — no wallets/hotkeys/trust-scores/private values.Scope (small stack)
.gittensory.ymlparity + the pure layered resolver. No behavior change.planAgentMaintenanceActions(label/close/audit, idempotent, dry-run/pause-aware, sanitized comment, no AI) + disposition-matrix doc.is-blacklistedread tool, org-block hook.Acceptance: a repo (or the global list) with a blocked login → any new PR from that login is auto-
slop-labeled, sanitized-close-commented, closed, and audit-logged, no AI, no merit review, honoring dry-run/kill-switch — all config-driven.Part of #1409 (deterministic blacklist is the manual-ban complement to the detection/scoring epic).