idd-implement PR body template: anti-trailer warning text triggers auto-close (recursion trap)

[kiki830621]

Problem

IDD idd-implement skill 的 PR body template 含 anti-trailer warning text:

**Do NOT add 'Closes #${NUMBER}'** — IDD discipline requires manual /idd-close
after merge to enforce checklist gate + closing summary.

但 GitHub auto-close regex(\b(closes|fixes|resolves) #(\d+)\b)不識別 context — markdown bold、quotes、「Do NOT」前綴都 ignore,literal substring match → 警告文字本身觸發它警告的行為。

→ 結果:warning 自我打臉,PR merge 時 GitHub literal-match Closes #${NUMBER} 並 auto-close issue,/idd-close 的 checklist gate + closing summary 被 bypass。

Reproduction

實測:

1. /idd-implement 生成 PR body 含 **Do NOT add 'Closes #73'**(literal substring)
2. PR idd-implement PR body template: anti-trailer warning text triggers auto-close (recursion trap) #74 merged 時間 2026-05-11T23:03:27Z
3. Issue feat: idd-verify orchestration playbook (5 Agents + Recovery Protocol) #73 auto-closed 時間 2026-05-11T23:03:28Z(1 秒後)
4. gh api /repos/.../issues/73/timeline 顯示 event: closed by kiki830621(actor 是 GitHub bot 走 user identity)
5. /idd-close 才被 invoke 時,checklist gate 已 bypass,只能 post retroactive closing summary

也曾在 PsychQuant/che-apple-mail-mcp#76 PR #61 出現同 text,但因為 cross-repo(PR 在 plugin shell repo,issue 在 binary repo)GitHub auto-close 不 trigger cross-repo,該次沒踩到。Same-repo 情境必踩。

Expected

idd-implement skill 的 PR body template 改用 indirect phrasing 避免 literal Closes #N substring:

- **Do NOT add 'Closes #${NUMBER}'** — IDD discipline requires manual /idd-close
+ **Do NOT add auto-close trailers** (`Closes-trailer` / `Fixes-trailer` / `Resolves-trailer`) — IDD discipline requires manual /idd-close

或 break up the substring:

**Do NOT add 'Cl''oses #${NUMBER}'** ...

(literal ' 把 Closes 拆掉,不過讀起來醜)

或 indirect by reference:

**Do NOT add the GitHub auto-close keywords with this issue number** — see
references/pr-flow.md § Auto-close trap recursion (#${NUMBER}).

Actual

idd-implement/SKILL.md 目前的 template 直接含 **Do NOT add 'Closes #${NUMBER}'**,literal substring 一直在 anti-pattern。

Type

bug(discipline self-defeating;skill template recursion trap)

Impact

中 — same-repo PR merge auto-close 必踩;每次 bypass 都讓 /idd-close 的 checklist gate + closing summary 失效,降到 retroactive mode(audit trail 有 gap)。Cross-repo PR(submodule fix-on-shell pattern)倖免,但 same-repo 是大宗。

Strategy

1. 改 idd-implement/SKILL.md Step 5.5 PR body template 的 anti-trailer warning text
2. 改 references/pr-flow.md 同一段 reference(若有)
3. 加 idd-verify Step 1.7 或類似的 gate:gh pr view --json body | grep -E 'closes|fixes|resolves' #N literal substring → warn user
4. 補 test:用 mock template 驗證 generated PR body 不含 literal Closes #N

Source

Surfaced retroactively during /idd-close #73 after PR #74 auto-closed the issue 1 second post-merge via the trap pattern. See #73 closing summary's Trap meta-note section for full forensic.

Related

• #73 — incident that surfaced this
• idd-implement skill PR body template(IDD plugin source)
• IDD Refs #N vs Closes #N discipline doc:plugins/issue-driven-dev/skills/idd-implement/SKILL.md "禁止用 Closes / Fixes / Resolves trailer" section

Current Status

Phase: closed
Last updated: 2026-05-19 by idd-close

Complexity

Plan — re-routed from Simple after the idd-verify preventive PR-body scan gate was bundled into the cluster (user decision 2026-05-19).

Cluster

Part of the #87 / #74 auto-close-trap cluster (IDD PR-body templates embed literal Closes #<n> that GitHub auto-close matches context-blind). #89 closed as duplicate of #74.

Next

Closed via PR #94 (squash d2125fe).
Closing summary: #74 (comment)

[kiki830621]

Diagnosis

Type

bug — skill template self-defeat (auto-close recursion trap)

Root Cause / Analysis

idd-implement/SKILL.md:487 Step 5.5 PR-body heredoc emits:

Generated by /idd-implement on PR path. **Do NOT add 'Closes #${NUMBER}'** — IDD discipline requires manual /idd-close after merge to enforce checklist gate + closing summary.

${NUMBER} is substituted inside the heredoc → the rendered PR body contains a real Closes #99. GitHub's auto-close parser matches \b(close[sd]?|fix(e[sd])?|resolve[sd]?)\b\s+#[0-9]+ case-insensitively and context-blind — the "Do NOT" negation, markdown bold, and single quotes are all ignored. At PR merge GitHub fires the close event, bypassing /idd-close's checklist gate + closing summary.

Confirmed incidents:

• che-apple-mail-mcp#99 auto-closed by PR #121 (closingIssuesReferences: [99]) — this issue's repro.
• feat: idd-verify orchestration playbook (5 Agents + Recovery Protocol) #73 auto-closed by PR idd-implement PR body template: anti-trailer warning text triggers auto-close (recursion trap) #74, 1 second post-merge (this issue's original surfacing).
• This session, 2026-05-18: PR feat(spectra-archive): auto-post Implementation Complete to linked GitHub issue (#56) #92 (created by idd-implement Step 5.5) carried **Do NOT add 'Closes #56'** → feature: spectra-apply auto-post Implementation Complete to GitHub issue (resolve /idd-close supersession friction) #56 auto-closed COMPLETED at merge time — the closing summary had to be posted to an already-closed issue.

Duplicate note

#89 is a duplicate of this issue — same file (idd-implement/SKILL.md), same line (487), same Do NOT add 'Closes #${NUMBER}' template, same bug. #74 (this issue, filed 2026-05-11) is the canonical tracker; #89 (filed 2026-05-18) re-discovered it independently. #89's "Option 3 — drop #${NUMBER} from the warning entirely" is adopted as the fix below. Recommend closing #89 as duplicate of #74.

Cluster context

Same root cause across 4 PR-body template sites:

Site	Form	Triggers?
idd-implement/SKILL.md:487	Closes #${NUMBER} (substituted)	🔴 YES — this issue + #89
idd-all/SKILL.md:752	Closes #${N} (substituted)	🔴 YES — #87
references/pr-flow.md:117	Closes #${N} (canonical template doc)	⚠️ propagation source
idd-all-chain/SKILL.md:557	Closes #N (literal letter, not ${N})	✅ safe — but style-inconsistent

Handled as a cluster with #87 (the idd-all instance).

Impact

• File: plugins/issue-driven-dev/skills/idd-implement/SKILL.md:487
• Every same-repo PR generated by idd-implement PR path silently bypasses the close gate. Cross-repo PRs (submodule fix-on-shell) escape because GitHub does not auto-close cross-repo — but same-repo is the common case.
• Propagation source pr-flow.md:117 must be fixed too.

Strategy

Drop the #<number> from the warning so no <keyword> #<digits> substring exists (#89 Option 3). The PR title + Refs #${NUMBER} at the body top already establish the issue link.

• idd-implement/SKILL.md:487 — reword: drop #${NUMBER}, e.g. **Do NOT add a GitHub close trailer** (Closes/Fixes/Resolves) — IDD discipline requires manual /idd-close after merge…
• references/pr-flow.md:117 — same reword (canonical template; fix at source)
• idd-all-chain/SKILL.md:557 — align wording for consistency (already safe)
• idd-verify — add a preventive PR-body scan gate: in PR mode, gh pr view --json body and grep for (closes|fixes|resolves) #[0-9]+; warn if found (defence-in-depth — catches a future template regression at verify time even if a reword slips). This is idd-implement PR body template: anti-trailer warning text triggers auto-close (recursion trap) #74's original Strategy step 3; bundled into the cluster per user decision 2026-05-19.
• Cluster sibling: idd-all/SKILL.md:752 ([bug] /idd-all PR template contains literal 'Closes #N' that triggers GitHub auto-close — defeats IDD close-gate discipline #87)
• Close [bug] idd-implement Step 5.5 PR body template's "Do NOT add 'Closes #N'" warning literally contains the auto-close trigger #89 as duplicate of idd-implement PR body template: anti-trailer warning text triggers auto-close (recursion trap) #74

Complexity

Plan

Originally assessed Simple (mechanical template rewords). Re-routed to Plan after the user opted to bundle the preventive idd-verify PR-body scan gate (#74's original Strategy step 3) into the same cluster (decision 2026-05-19). Layer P signals now hit:

• Decision-heavy — where the new gate lives in idd-verify (a new Step vs extending an existing one), warn-only vs block, exactly what it scans.
• Risk-sensitive boundary — the gate is itself a discipline-enforcement mechanism; a false-negative regex or wrong placement silently re-permits the bug class.
• Cross-file — 5 files: idd-implement, idd-all, idd-all-chain, pr-flow.md, idd-verify SKILLs.

The EnterPlanMode approval checkpoint lets the scope (reword + gate placement/strictness) be reviewed before implementation.

Risks

• A reword that still leaves a <keyword> #<digits> substring silently re-breaks the gate → implement step must grep the rendered template to confirm zero (closes|fixes|resolves) #<digit> matches.
• The idd-all-chain edit is cosmetic-only — must not parameterize #N → #${N} and reintroduce the bug.
• The new idd-verify gate must scan the rendered PR body (gh pr view), not the SKILL template — and should be warn-only, so a PR whose body legitimately quotes the keywords in prose is not blocked.

[kiki830621]

Implementation Plan (Plan tier) — auto-close-trap cluster #87 + #74

Cluster-PR. One feature branch idd/cluster-autoclose-trap, one PR refs both #87 and #74. #89 already closed as duplicate of #74.

Files & Changes

• plugins/issue-driven-dev/skills/idd-implement/SKILL.md:487 — reword the Step 5.5 PR-body anti-trailer warning. Current: **Do NOT add 'Closes #${NUMBER}'** — …. The substituted Closes #<num> is the live bug (idd-implement PR body template: anti-trailer warning text triggers auto-close (recursion trap) #74). New wording drops the # entirely (see Decision D1).
• plugins/issue-driven-dev/skills/idd-all/SKILL.md:752 — same reword for the Phase 5 PR-body warning. Current: **Do NOT add 'Closes #${N}'** — … ([bug] /idd-all PR template contains literal 'Closes #N' that triggers GitHub auto-close — defeats IDD close-gate discipline #87 live bug).
• plugins/issue-driven-dev/references/pr-flow.md:117 — same reword. This is the canonical PR-body template that the two skills copied from — fixing it at source stops future skills re-inheriting the bug. (Note: pr-flow.md:127 "Forbidden in PR body" section already uses literal #N and is safe — left untouched.)
• plugins/issue-driven-dev/skills/idd-all-chain/SKILL.md:557 — already safe (Closes #N, literal letter N, never substituted) but cosmetically inconsistent. Align to the same digit-free wording so all 4 templates read identically and no future edit can re-parameterize it into the bug.
• plugins/issue-driven-dev/skills/idd-verify/SKILL.md — add Step 0.8: PR-body auto-close-trailer scan (PR mode only), placed right after Step 0.7. Also add the matching TaskCreate entry to the Step 0 bootstrap list. Defence-in-depth: catches any PR whose body would auto-close its issue on merge, even if a future template regression slips past review.

Sequencing & Dependencies

No hard ordering — all 5 edits are independent (4 prose rewords + 1 new skill step). Suggested commit grouping for a clean cluster-PR history:

1. Commit 1 — pr-flow.md canonical template reword (Refs #87 #74)
2. Commit 2 — idd-implement + idd-all + idd-all-chain template rewords (Refs #74, Refs #87)
3. Commit 3 — idd-verify Step 0.8 preventive gate (Refs #74 #87)

Each commit references the relevant issue(s) with Refs #N (never Closes).

Decision Points

D1 — reword wording: keep #N literal vs drop # entirely → decision: drop # entirely.
The warning does not need an issue number — the PR title + Refs #${N} at the body top already establish the link. New wording for all 4 sites:

**Do NOT add a GitHub close trailer** (Closes/Fixes/Resolves) — IDD discipline requires manual /idd-close after merge to enforce checklist gate + closing summary.
The keywords are named (so the reader knows what to avoid) but never followed by #<digits>. GitHub's auto-close regex requires <keyword> #<number> — a bare keyword list with ) after never matches. Rejected alternative: keep Closes #N literal (#N = letter, safe today) — but the keyword # adjacency is a latent trap; one careless future edit substituting N→number reintroduces the bug. Digit-free has zero latent risk.

D2 — idd-verify gate placement: new Step 0.8 vs extend Step 0.7 → decision: new Step 0.8.
Step 0.7 enforces PR↔issue correspondence (Refs #N present + matches). The trailer scan is a different check (a dangerous substring is present). Keeping them as separate steps keeps each single-purpose. Step 0.8 reuses the gh pr view --json body Step 0.7 already fetches.

D3 — gate strictness: warn-only vs hard block → decision: warn-only.
A PR body could legitimately quote Closes #N in prose (e.g. this very cluster's diagnosis quotes it). Hard-blocking verify on a substring match is too aggressive and would create friction. The real fix is the templates; the gate is defence-in-depth. Warn-only surfaces the risk at verify time so the user can gh pr edit before merge. (Mirrors idd-close Step 1.6 semantic gate, which is also warn-only.)

D4 — idd-all-chain: touch it or leave it → decision: touch (cosmetic align).
It is already safe, but leaving one template phrased differently from the other three is a refactor hazard. Aligning all four to identical wording makes the safe pattern uniform and self-documenting. The edit is wording-only — must NOT introduce ${N}.

D5 — separate regression test → decision: no standalone test harness.
SKILL.md prose has no executable test harness. The new idd-verify Step 0.8 gate is the permanent runtime guard — and a better one than a static template test, because it scans every PR body, not just the 4 templates. #74's original Strategy step 4 ("test the generated PR body") is satisfied by Step 0.8. The implement step additionally runs a one-time grep assertion (see Test Plan) to confirm the fix landed.

Risks & Mitigations

• Recursion trap on this very PR: the cluster PR is created by the still-buggy idd-implement Step 5.5 (the installed v2.59.0 skill, not the edited repo copy), so its own body may carry Closes #87 / Closes #74 and auto-close both issues on merge. Mitigation: after the PR is opened, gh pr edit <PR> --body … to strip any (closes|fixes|resolves) #<digit> before merge. Bonus dogfood — once Step 0.8 lands, running /idd-verify --pr <PR> on this cluster PR will itself flag the PR's own body, demonstrating the gate works.
• Botched reword still triggers: a reword that leaves any <keyword> #<digit> substring silently re-breaks the gate. Mitigation: implement-step grep assertion (Test Plan) must return zero matches across all 4 templates.
• idd-all-chain reintroduction: the cosmetic edit must not parameterize #N → #${N}. Mitigation: D1 wording has no # at all, so there is nothing to parameterize.
• Regex false-negative in Step 0.8: GitHub's real keyword set is close/closes/closed/fix/fixes/fixed/resolve/resolves/resolved. The gate regex must cover all inflections. Mitigation: use \b(close[sd]?|fix(e[sd])?|resolve[sd]?)\b[[:space:]]+#[0-9]+, case-insensitive — matches the diagnosis's documented GitHub behavior.

Test Plan

No automated harness (SKILL.md is prose). Verification is two-layer:

1. Implement-time grep assertion — after the rewords, run:
   grep -rnEi '(close[sd]?|fix(e[sd])?|resolve[sd]?)[[:space:]]+#(\$\{?(N|NUMBER)\}?|[0-9]+)' plugins/issue-driven-dev/skills/idd-{implement,all,all-chain}/SKILL.md plugins/issue-driven-dev/references/pr-flow.md
   Expected: zero matches in the four anti-trailer warning lines. Any hit = the reword is incomplete.
2. Step 0.8 gate is the living regression guard — once merged, every /idd-verify --pr N scans the rendered PR body for the dangerous pattern. This catches reintroduction at verify time for all future PRs, not just these templates.

RED→GREEN expectation: pre-fix, the grep in (1) matches 3 lines (idd-implement, idd-all, pr-flow — idd-all-chain's #N literal doesn't match the digit/${} alternation); post-fix, zero matches.

Out-of-scope (will NOT be touched)

• Plugin release / marketplace sync — the fix lands in plugins/issue-driven-dev/ source; propagating it to installed users needs a plugin version bump + marketplace sync (per common-release-flow.md). That is a separate post-merge release action, not part of this cluster PR.
• pr-flow.md:127 "Forbidden in PR body" section — already uses literal #N, safe, explanatory — left as-is.
• CLAUDE.md close-trailer table (Closes #NNN rows) — uses literal #NNN, safe, documentation — left as-is.
• Retroactive audit of past auto-closed issues (#559, cluster-PR mode 強制 PR 與 direct-commit path 衝突：override 未文件化且 --no-pr 行為未定義 #99, feat: idd-verify orchestration playbook (5 Agents + Recovery Protocol) #73, feature: spectra-apply auto-post Implementation Complete to GitHub issue (resolve /idd-close supersession friction) #56) — those incidents are closed; no retroactive reopen.

Tangential Observations (filed mid-plan)

none surfaced — planning read the 4 template sites + idd-verify Step 0.7; the two adjacent safe sites (pr-flow.md:127, CLAUDE.md close-trailer table) are categorized in Out-of-scope above, not loose follow-ups.

[kiki830621]

Implementation Complete

Cluster #87 + #74 — one branch idd/cluster-autoclose-trap, one PR (#94). #89 closed earlier as duplicate of #74.

Checklist (synced from TaskList)

• references/pr-flow.md:117 — canonical PR-body template reword (drop #${N}) → 3435367
• idd-implement/SKILL.md:487 — Step 5.5 PR-body template reword → 75bc21f
• idd-all/SKILL.md:752 — Phase 5 PR-body template reword → 75bc21f
• idd-all-chain/SKILL.md:557 — cosmetic align to identical digit-free wording → 75bc21f
• idd-verify/SKILL.md — new Step 0.8 PR-body auto-close-trailer scan gate (warn-only) + Step 0 bootstrap TaskCreate entry → 3ba7435 (+ regex fix 5831128)

Legend: - [x] done · - [~] skipped · - [-] won't fix
idd-close will refuse to close if any - [ ] remains in this checklist.

Changes

• 3435367 fix: drop literal 'Closes #N' from pr-flow.md canonical PR-body template
• 75bc21f fix: drop literal 'Closes #N' from idd-implement/idd-all PR-body templates
• 3ba7435 feat: add idd-verify Step 0.8 PR-body auto-close-trailer scan gate
• 5831128 fix: idd-verify Step 0.8 regex — exclude /idd-close skill-invocation false positive

All 4 anti-trailer warnings now read **Do NOT add a GitHub close trailer** (Closes/Fixes/Resolves) — keywords named but never followed by #<digits>, so GitHub's auto-close regex cannot match.

Files Changed

 plugins/issue-driven-dev/references/pr-flow.md          |  2 +-
 plugins/issue-driven-dev/skills/idd-all-chain/SKILL.md  |  2 +-
 plugins/issue-driven-dev/skills/idd-all/SKILL.md        |  2 +-
 plugins/issue-driven-dev/skills/idd-implement/SKILL.md  |  2 +-
 plugins/issue-driven-dev/skills/idd-verify/SKILL.md     | 29 +++++++++++++++
 5 files changed, 33 insertions(+), 4 deletions(-)

Implement-time findings

• GREEN grep assertion — after the rewords, zero <keyword> #<digit-or-var> in any anti-trailer warning line (pre-fix: 3 — idd-implement, idd-all, pr-flow).
• Step 0.8 gate dogfooded against PR cluster: fix PR-body auto-close trap (#87 #74) #94's own body — the gate immediately caught a false positive: it flagged /idd-close #87 #74 (an IDD skill-invocation instruction) as a trailer. Root cause: the initial \b word boundary matched close inside the hyphenated idd-close. GitHub does not treat /idd-close #N as a close keyword (PR cluster: fix PR-body auto-close trap (#87 #74) #94 closingIssuesReferences: [] confirms). Fixed in 5831128 — the keyword must not be preceded by -///alphanumeric, precisely matching GitHub's behavior while still catching context-blind hits like (Closes #N) / **Closes #N**.

Sister Bugs Filed (mid-impl, Step 5.7)

none surfaced — a repo-wide scan confirmed all 4 real PR-body template sites are covered by this cluster; there are no .agents/ copies of the idd skills; the Closes #N strings in CLAUDE.md and the idd-implement ❌-example block are intentional documentation examples (CLAUDE.md / SKILL.md content is never a PR body or commit message — safe).

Scope Compliance

5 files, all within the #87/#74 cluster scope. The Step 0.8 regex fix (5831128) was an in-scope correction of the very gate being implemented — found by dogfooding, not scope creep.

PR

#94 — #94 (cluster, Refs #87 #74). The PR body was written digit-free by hand; closingIssuesReferences: [] verified — this fix PR will not auto-close its own issues (the recursion trap from the plan's Risks is avoided at source).

Next: verification pending

Run /idd-verify --pr 94 — the new Step 0.8 gate will also self-check this PR's body.

[kiki830621]

Verify (via PR #94)

Result: ⚠️ CONDITIONAL PASS — template rewords fully verified; new idd-verify Step 0.8 gate has a regex-coverage gap (colon form Closes: #87).
Full report: #94 (comment)

Round 2 recommended: redesign Step 0.8 to use closingIssuesReferences (GitHub's authoritative parse) instead of a hand-rolled regex.

[kiki830621]

Verify Round 2 (via PR #94)

Result: ⚠️ CONDITIONAL PASS — R1's colon-form / cross-repo gaps structurally closed by the closingIssuesReferences redesign. One doc regression (orphan "Regex 設計" paragraph) to clean up in Round 3.
Full report: #94 (comment)

[kiki830621]

🔍 /idd-verify R3 — PASS (cluster #87 #74). 6/6 reviewers pass; all R2 findings closed. Master report: #94 (comment)