Conversation
guardedClaimFile already returned protected_branch_rejected but the handler fell through and recorded the claim silently. Now checks for that status and returns PROTECTED_BRANCH_CLAIM_REJECTED with a message directing the agent to start a sandbox worktree first. Adds PROTECTED_BRANCH_CLAIM_REJECTED to TASK_THREAD_ERROR_CODES and two integration tests covering the reject and allow paths. Closes planned-work note: project_protected_branch_claim_reject.md CLAUDE.md rule #12 enforcement at the MCP boundary.
3 tasks
NagyVikt
added a commit
that referenced
this pull request
May 8, 2026
The "Storage at rest (per observation)" reference row claimed 1000→300 tokens of compression savings and mapped to live savings_report calls. savings_report emits structured JSON (~3.5k tokens per call) that the caveman compressor leaves byte-for-byte (rule #3: technical tokens preserved). The live comparison projected the row's 1k baseline against ~3.5k actual tokens and reported negative savings like -155% in colony gain. The compression claim itself is real for prose observations, so the row stays in the static reference. But the claim is structural (applies to the storage layer overall), not per-call. Setting `mcp_operations: []` keeps the row in the static catalog and removes the misleading live attribution. savings_report calls now surface in `unmatched_operations` instead. Picks up an automatic biome format fix on apps/mcp-server/test/task-threads.test.ts that #496 left over the column threshold. Verification: - pnpm --filter @colony/core test (230 passed, +1 new regression test) - pnpm typecheck (clean) - pnpm lint (clean) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
task_claim_filenow returnsPROTECTED_BRANCH_CLAIM_REJECTEDwhen the task's branch is a protected base branch (main/master/dev/develop/production/release).guardedClaimFilereturnedprotected_branch_rejected(gated byrejectProtectedBranchClaims: true, the default) but the MCP handler atapps/mcp-server/src/tools/task.tsfell through all status checks and silently recorded the claim anyway. This closes that gap.PROTECTED_BRANCH_CLAIM_REJECTEDadded toTASK_THREAD_ERROR_CODESinpackages/core/src/task-thread.ts.apps/mcp-server/test/task-threads.test.ts(isolateddescribeblock with its own store/server usingrejectProtectedBranchClaims: trueto avoid disturbing the existingfalsefixture setup).Closes
Planned-work memory entry
project_protected_branch_claim_reject.md— MCP-layer guard to block claims on main/dev from primary checkout. CLAUDE.md rule #12 enforcement.Note
The same
guardedClaimFilecall insidetask_plan_claim_subtask(apps/mcp-server/src/tools/plan.ts) has the identical gap. That is intentionally out of scope for this PR.Test plan
pnpm --filter @colony/core typecheck— cleanpnpm --filter @colony/mcp-server typecheck— cleanrejects task_claim_file with PROTECTED_BRANCH_CLAIM_REJECTED when task branch is mainconfirms error code and no claim row writtenallows task_claim_file when task branch is an agent/* branchconfirms success path unaffected🤖 Generated with Claude Code