test(contract): reviewer validate layer must not pass-through on missing artifacts #14

Merged

kaykayyali merged 2 commits from test/reviewer-validate-no-pass-through into main 2026-06-24 14:56:58 +00:00

Conversation 2 Commits 2 Files Changed 2 +53 -2

kaykayyali commented 2026-06-24 09:49:13 +00:00

Owner

Copy Link

Summary

Source-grep contract test that codifies the reviewer-validate Loop-C bug surfaced by tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd on 2026-06-24.

The bug: phases.py:313 and :317 return _verdict("pass", {"note": "...passing through"}) when test_cmd is missing or the worktree is missing. The contract at wiki/concepts/reviewer-contract.md (validate layer hard gate, step 3) requires ## Test Command to actually exit 0 in the worktree before the reviewer returns pass. The early-return bypasses the test, routes the row to merged without running it, defeating the validate layer's defense-in-depth purpose.

Why this PR exists

The reviewer-validate bug is a real Loop-C gap. The previous tick (2026-06-24 09:05) filed:

• Gap note: wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md
• Gitea issue: Reviewer validate layer passes through when worktree is missing — test_reviewer_03 RED (#13)
• E2E test: tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd (currently RED)

Per the operator skill's "describe, don't fix" discipline + the "no in-flight work" recipe, the next concrete unit of work is a contract test that codifies the gap structurally. The actual fix (one of three options in the gap note) needs an LLM session, not a heartbeat tick.

What this PR adds

One new source-grep test function in tests/contract/test_contracts_match_source.py:

def test_reviewer_validate_does_not_pass_through_on_missing_artifacts():
    phases_py = (SRC / "phases.py").read_text()
    assert "passing through" not in phases_py, (...)

46 lines added, 1 file changed.

Test status

• RED on main: 1 failed, 28 passed (the 1 fail is this new test; the other 28 contract+unit pass).
• GREEN on Option A (fail-closed: replace _verdict("pass" with _verdict("tests_failed"). Verified by patching phases.py and rerunning.
• GREEN on Option B (recreate worktree from row's branch field, then validate). Verified the new logic contains no "passing through" literal.
• GREEN on Option C (new validate_skipped typed verdict). Same.

Multi-pattern tolerance: only the exact "passing through" phrase is forbidden. The fix author can phrase the replacement note however they want — no false-positive risk on stylistic choices.

Pattern consistency with PR #10 and PR #12

Same source-grep contract-test idiom:

• PR #10 (test(contract): spec-refiner prompt must inject row's file_scope and budget_cycles) — codifies the spec-refiner prompt gap.
• PR #11 (subsumed by PR #12) — codified the spec-refiner ambiguity routing gap.
• PR #12 (fix(spec): route any non-empty Ambiguities section to awaiting_human) — the mechanical fix for the gap PR #11 codified.
• This PR — codifies the reviewer-validate gap.

All four are the same recipe: source-grep test that REDs on broken code, GREENs on the fix, no runtime changes, no architectural choices, fits in a heartbeat tick.

What this PR is NOT

• Not a fix for the reviewer-validate bug. The fix is Option A/B/C from the gap note; this PR is the structural counterpart that makes the fix visible in CI.
• Not a substitute for the E2E test. test_reviewer_03_validate_layer_runs_test_cmd is the behavioral test; this PR is the structural test. Both go green on the same fix.
• Not a regression. Today's 1 failed, 28 passed is the test doing its job — surfacing a real gap.

Recommendation

Merge this PR as a RED-in-main contract test. Then schedule the fix (Option A, 5-line patch, recommended for fastest unblock) as a follow-up PR.

The fix author should:

1. Branch off main (this PR's test will RED on broken phases.py, GREEN on the fix).
2. Apply Option A (or B/C if Kay picks a different option).
3. Run pytest tests/contract/ tests/unit/ tests/e2e/test_reviewer.py -q — all 30 tests should pass.
4. Self-review and request Kay's merge.

Cross-references

• Gap note: wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md
• Contract: wiki/concepts/reviewer-contract.md
• Gitea issue: Reviewer validate layer passes through when worktree is missing — test_reviewer_03 RED (#13)
• Surfacing E2E test: tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd
• Companion PRs: #10, #12 (same source-grep pattern, different contracts)

## Summary Source-grep contract test that codifies the reviewer-validate Loop-C bug surfaced by `tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd` on 2026-06-24. The bug: `phases.py:313` and `:317` return `_verdict("pass", {"note": "...passing through"})` when `test_cmd` is missing or the worktree is missing. The contract at `wiki/concepts/reviewer-contract.md` (validate layer hard gate, step 3) requires `## Test Command` to actually exit 0 in the worktree before the reviewer returns `pass`. The early-return bypasses the test, routes the row to `merged` without running it, defeating the validate layer's defense-in-depth purpose. ## Why this PR exists The reviewer-validate bug is a real Loop-C gap. The previous tick (2026-06-24 09:05) filed: - **Gap note:** `wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md` - **Gitea issue:** #13 - **E2E test:** `tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd` (currently RED) Per the operator skill's "describe, don't fix" discipline + the "no in-flight work" recipe, the next concrete unit of work is a contract test that codifies the gap structurally. The actual fix (one of three options in the gap note) needs an LLM session, not a heartbeat tick. ## What this PR adds One new source-grep test function in `tests/contract/test_contracts_match_source.py`: ```python def test_reviewer_validate_does_not_pass_through_on_missing_artifacts(): phases_py = (SRC / "phases.py").read_text() assert "passing through" not in phases_py, (...) ``` 46 lines added, 1 file changed. ## Test status - RED on main: `1 failed, 28 passed` (the 1 fail is this new test; the other 28 contract+unit pass). - GREEN on Option A (fail-closed: replace `_verdict("pass"` with `_verdict("tests_failed"`). Verified by patching `phases.py` and rerunning. - GREEN on Option B (recreate worktree from row's `branch` field, then validate). Verified the new logic contains no `"passing through"` literal. - GREEN on Option C (new `validate_skipped` typed verdict). Same. Multi-pattern tolerance: only the exact `"passing through"` phrase is forbidden. The fix author can phrase the replacement note however they want — no false-positive risk on stylistic choices. ## Pattern consistency with PR #10 and PR #12 Same source-grep contract-test idiom: - PR #10 (`test(contract): spec-refiner prompt must inject row's file_scope and budget_cycles`) — codifies the spec-refiner prompt gap. - PR #11 (subsumed by PR #12) — codified the spec-refiner ambiguity routing gap. - PR #12 (`fix(spec): route any non-empty Ambiguities section to awaiting_human`) — the mechanical fix for the gap PR #11 codified. - **This PR** — codifies the reviewer-validate gap. All four are the same recipe: source-grep test that REDs on broken code, GREENs on the fix, no runtime changes, no architectural choices, fits in a heartbeat tick. ## What this PR is NOT - Not a fix for the reviewer-validate bug. The fix is Option A/B/C from the gap note; this PR is the structural counterpart that makes the fix visible in CI. - Not a substitute for the E2E test. `test_reviewer_03_validate_layer_runs_test_cmd` is the behavioral test; this PR is the structural test. Both go green on the same fix. - Not a regression. Today's `1 failed, 28 passed` is the test doing its job — surfacing a real gap. ## Recommendation Merge this PR as a RED-in-main contract test. Then schedule the fix (Option A, 5-line patch, recommended for fastest unblock) as a follow-up PR. The fix author should: 1. Branch off `main` (this PR's test will RED on broken `phases.py`, GREEN on the fix). 2. Apply Option A (or B/C if Kay picks a different option). 3. Run `pytest tests/contract/ tests/unit/ tests/e2e/test_reviewer.py -q` — all 30 tests should pass. 4. Self-review and request Kay's merge. ## Cross-references - Gap note: `wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md` - Contract: `wiki/concepts/reviewer-contract.md` - Gitea issue: #13 - Surfacing E2E test: `tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd` - Companion PRs: #10, #12 (same source-grep pattern, different contracts)

kaykayyali added 1 commit 2026-06-24 09:49:13 +00:00

test(contract): reviewer validate layer must not pass-through on missing artifacts ... 795115b6fa

Companion to PR #10 (spec-refiner file_scope/budget_cycles) and PR #12
(spec-refiner ambiguity routing fix). Source-grep codification of the
reviewer-validate Loop-C bug surfaced by
tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd
on 2026-06-24.

Bug: phases.py:313 and :317 return _verdict('pass') with note
'passing through' when test_cmd is missing or worktree is missing.
The contract at wiki/concepts/reviewer-contract.md (step 3) requires
the actual test_cmd to exit 0 in the worktree before reviewer returns
'pass'. The early-return bypasses the test, routes the row to 'merged',
defeating the validate layer's defense-in-depth purpose.

Fix options (gap note wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md):
- A: 5-line fail-closed (replace pass with tests_failed)
- B: recreate worktree from row.branch then validate
- C: new 'validate_skipped' typed verdict
All three remove the 'passing through' literal; test passes on any.

Multi-pattern tolerance: only the exact 'passing through' phrase is
forbidden; fix author can phrase the replacement note however they want.

RED on main today. GREEN on any of the three fix options.
28/29 contract+unit pass; the 1 fail is this new test.

Refs: wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md,
issue #13, PR #12 (same source-grep pattern, different contract).

kaykayyali commented 2026-06-24 09:49:39 +00:00

Author

Owner

Copy Link

Self-review

Diff walk: 1 file, +46 lines, no source change in src/. One new test function (test_reviewer_validate_does_not_pass_through_on_missing_artifacts) appended to tests/contract/test_contracts_match_source.py. Test source-greps phases.py for the literal "passing through" substring and asserts it is absent.

Contract walk: the test codifies the validate-layer hard-gate contract from wiki/concepts/reviewer-contract.md (step 3: "## Test Command exits 0 in the worktree" is a hard block, not advisory). The contract's hard-gate wording is unambiguous; the code violates it by routing pass (and thus merged) when the gate cannot actually run.

Test walk:

• RED on main: 1 failed, 28 passed — the 1 fail is this new test, exactly as expected.
• GREEN on Option A (fail-closed, 5-line patch). Verified by patching phases.py:313 and :317 to _verdict("tests_failed", ...) and rerunning.
• GREEN on Option B (worktree-recreate then validate). Verified the new logic contains no "passing through" literal.
• GREEN on Option C (new validate_skipped typed verdict). Same.

Multi-pattern tolerance: only the exact phrase "passing through" is forbidden. The fix author can phrase the replacement note however they want — no false-positive risk on stylistic choices. The contract test won't break on a refactor that rewords the failure note.

Pitfalls-avoided:

• re.escape() regex-meta-char gotcha: not applicable here. The contract is a literal substring grep, not a regex pattern. If the bug pattern had been a regex like \?\s*$, I'd need re.escape(). (Verified the inverse in PR #12.)
• In-source-comment false-positive: the test greps phases.py, not the test file itself, and the test docstring does not include the literal "passing through". (Verified: when I wrote a draft that quoted the literal in the docstring, the test would have falsely failed on the fix; rewrote in prose.)
• DAMASCUS_ROOT gotcha: the test reads SRC = ORCH_ROOT / "src" / "damascus", which honors DAMASCUS_ROOT. Default is /root/damascus-orchestrator (the canonical location). When CI sets DAMASCUS_ROOT to the checked-out workspace, the test reads the right file.

Why source-grep and not behavioral: per the operator skill, contract tests codify invariants structurally without runtime cost. The E2E counterpart (tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd) is the behavioral test; both should go green on the same fix.

Companion to PR #10 and PR #12: same source-grep pattern, different contracts. PR #10 codifies the spec-refiner prompt gap. PR #12 fixes the spec-refiner ambiguity routing gap (PR #11 codified it; PR #12 subsumed it). This PR codifies the reviewer-validate gap; the fix is a follow-up.

Recommendation: merge. This is a strict-improvement PR — it adds a RED-in-main contract test that codifies a known gap, no source change, no architectural choice. Kay can merge at any time without coordination. The fix (Option A or B) is a follow-up PR that will go green on the same commit.

Heartbeat cannot self-approve (Gitea rejects tea pulls approve from the same author). Kay's call.

## Self-review **Diff walk:** 1 file, +46 lines, no source change in `src/`. One new test function (`test_reviewer_validate_does_not_pass_through_on_missing_artifacts`) appended to `tests/contract/test_contracts_match_source.py`. Test source-greps `phases.py` for the literal `"passing through"` substring and asserts it is absent. **Contract walk:** the test codifies the validate-layer hard-gate contract from `wiki/concepts/reviewer-contract.md` (step 3: "`## Test Command` exits 0 in the worktree" is a hard block, not advisory). The contract's hard-gate wording is unambiguous; the code violates it by routing `pass` (and thus `merged`) when the gate cannot actually run. **Test walk:** - RED on main: `1 failed, 28 passed` — the 1 fail is this new test, exactly as expected. - GREEN on Option A (fail-closed, 5-line patch). Verified by patching `phases.py:313` and `:317` to `_verdict("tests_failed", ...)` and rerunning. - GREEN on Option B (worktree-recreate then validate). Verified the new logic contains no `"passing through"` literal. - GREEN on Option C (new `validate_skipped` typed verdict). Same. **Multi-pattern tolerance:** only the exact phrase `"passing through"` is forbidden. The fix author can phrase the replacement note however they want — no false-positive risk on stylistic choices. The contract test won't break on a refactor that rewords the failure note. **Pitfalls-avoided:** - **`re.escape()` regex-meta-char gotcha:** not applicable here. The contract is a literal substring grep, not a regex pattern. If the bug pattern had been a regex like `\?\s*$`, I'd need `re.escape()`. (Verified the inverse in PR #12.) - **In-source-comment false-positive:** the test greps `phases.py`, not the test file itself, and the test docstring does not include the literal `"passing through"`. (Verified: when I wrote a draft that quoted the literal in the docstring, the test would have falsely failed on the fix; rewrote in prose.) - **DAMASCUS_ROOT gotcha:** the test reads `SRC = ORCH_ROOT / "src" / "damascus"`, which honors `DAMASCUS_ROOT`. Default is `/root/damascus-orchestrator` (the canonical location). When CI sets `DAMASCUS_ROOT` to the checked-out workspace, the test reads the right file. **Why source-grep and not behavioral:** per the operator skill, contract tests codify invariants structurally without runtime cost. The E2E counterpart (`tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd`) is the behavioral test; both should go green on the same fix. **Companion to PR #10 and PR #12:** same source-grep pattern, different contracts. PR #10 codifies the spec-refiner prompt gap. PR #12 fixes the spec-refiner ambiguity routing gap (PR #11 codified it; PR #12 subsumed it). This PR codifies the reviewer-validate gap; the fix is a follow-up. **Recommendation: merge.** This is a strict-improvement PR — it adds a RED-in-main contract test that codifies a known gap, no source change, no architectural choice. Kay can merge at any time without coordination. The fix (Option A or B) is a follow-up PR that will go green on the same commit. Heartbeat cannot self-approve (Gitea rejects `tea pulls approve` from the same author). Kay's call.

kaykayyali referenced this issue from a commit 2026-06-24 10:34:47 +00:00

fix(phases): reviewer validate layer must fail closed, not pass through

kaykayyali added 1 commit 2026-06-24 10:34:47 +00:00

fix(phases): reviewer validate layer must fail closed, not pass through ... ec27096cb5

Companion to PR #14 (the source-grep contract test). The contract at
wiki/concepts/reviewer-contract.md (step 3) requires that ## Test
Command actually exits 0 in the worktree before the reviewer returns
'pass'. The previous implementation had two early-return pass branches
on missing test_cmd or missing worktree — both bypass the actual test
execution and route the row to merged.

Fix: replace both early-return pass branches with tests_failed verdicts
that carry the reason. The cycle's verdict switch routes tests_failed
back to build (retry path), which is the correct behavior for a row
whose validate layer could not actually validate.

Option A from the gap note
(wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md).
The other options (B: recreate worktree from row.branch, C: typed
validate_skipped verdict) are also valid; this PR picks A for minimum
blast radius. The contract test in PR #14 forbids only the literal
"passing through" phrase, so this fix lands it GREEN.

Verified:
- RED on main: 2 occurrences of "passing through" in phases.py
- GREEN on fix: 0 occurrences after this commit
- contract test on this branch: PASSED (1/1)
- full contract+unit suite: 29/29 pass
- E2E test_reviewer_03: still RED (separate setup bug — manual UPDATE
  does not clear claimed_at, so the second cycle cannot re-claim the
  row; documented in the gap note, out of scope for this fix)

Refs: PR #14, issue #13, gap note above.

Co-Authored-By: Claude <noreply@anthropic.com>

kaykayyali commented 2026-06-24 10:35:30 +00:00

Author

Owner

Copy Link

Self-review: fix commit ec27096 on PR #14

This PR was originally test-only (commit 795115b). This follow-up commit (ec27096) ships the source-grep fix that turns PR #14 from "red-in-main" to "green". Per the tick-after-contract-test recipe in the operator skill: the gap was mechanical (≤50 lines, ≤2 files, no architectural choice), the previous tick shipped the contract test as the structural counterpart, so the fix was the natural next unit of work.

Why this commit ships to PR #14's branch (not a new PR)

Per the cross-tick PR test+fix subsumption pitfall: branching a fix off main would duplicate the test file byte-for-byte (the fix author would copy the test to understand the contract), creating two PRs that can't both merge cleanly. Pushing to PR #14's existing branch means both the test and the fix land in a single PR, no duplication, no merge conflict.

The fix (Option A from the gap note)

Two early-return pass branches in src/damascus/phases.py::review() were bypassing the validate layer's hard gate:

Line	Before	After
313	_verdict("pass", {"note": "no test_cmd recorded; PR exists, passing through"})	_verdict("tests_failed", {"review_test": False, "reason": "no test_cmd recorded; cannot validate", "branch": ..., "story_id": ...})
317	_verdict("pass", {"note": "worktree gone; PR exists, passing through"})	_verdict("tests_failed", {"review_test": False, "reason": "worktree missing; cannot validate", "branch": ..., "story_id": ...})

The cycle's verdict switch (_next_phase_on_verdict in cycle.py) already routes tests_failed from review → build, so a row whose validate layer could not actually validate goes back to retry the build (or, on budget exhaustion, blocked). No cycle changes needed.

Why Option A over B/C

• Option A (this fix): 2 early-return path changes, mechanical, no new functions/imports/verdicts. Smallest blast radius.
• Option B (recreate worktree from row.branch): ~10 lines, reuses the state-resume pattern from PR #9. Defensible but adds a side effect to the reviewer that isn't really the reviewer's job.
• Option C (typed validate_skipped verdict): ~20 lines (new verdict, cycle switch update, typed_verdicts list update). The cleanest semantics, but adds a new verdict and is structurally the biggest change.

All three remove the literal "passing through" text that PR #14's contract test forbids, so all three would land the contract test green. A picks the one with the least new surface area.

Verification

$ git diff main..HEAD --stat
 src/damascus/phases.py                       | 10 ++++++++--
 tests/contract/test_contracts_match_source.py | 46 +++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 2 deletions(-)

$ python -m pytest tests/contract/test_contracts_match_source.py::test_reviewer_validate_does_not_pass_through_on_missing_artifacts -vv
tests/contract/test_contracts_match_source.py::test_reviewer_validate_does_not_pass_through_on_missing_artifacts PASSED

$ python -m pytest tests/contract/ tests/unit/ -q
29 passed in 3.17s

RED-on-broken / GREEN-on-fixed simulation (per the contract test verification recipe):

import re
src_main = open("src/damascus/phases.py").read()
print("RED on main (has bug):", "passing through" in src_main)
# → True (2 occurrences)

src_fixed = src_main.replace(
    'return _verdict("pass", {"note": "no test_cmd recorded; PR exists, passing through"})',
    'return _verdict("tests_failed", {"review_test": False, "reason": "no test_cmd recorded; cannot validate", ...})',
).replace(
    'return _verdict("pass", {"note": "worktree gone; PR exists, passing through"})',
    'return _verdict("tests_failed", {"review_test": False, "reason": "worktree missing; cannot validate", ...})',
)
print("GREEN on Option A fix:", "passing through" not in src_fixed)
# → True (0 occurrences)

Pitfalls avoided

• Cross-tick PR test+fix subsumption: fix ships on the test branch, not a new branch off main. Single PR, no test-file duplication.
• re.escape() on the contract pattern: PR #14's test already uses literal-string assertion (assert "passing through" not in phases_py), not a regex. No escape issues.
• In-source-comment false-positive: the commit message and the gap note both describe the bug in plain English; the source change itself is a string-replace, no comment added inside phases.py that would re-trigger the contract test.
• git push --force blocked: no force-push needed; the new commit is a clean fast-forward from the existing branch tip.

Out of scope (filed separately)

• tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd is still RED. Diagnosed but not fixed: the test setup manually UPDATE phase='review' after a spec cycle but does not clear claimed_at, so the second run_cycle_in_container() cannot re-claim the row (stale-claim filter blocks it; claimed_at is < 30 min old). This is a test setup bug, not a source bug — the fix in this PR is correct. A separate PR can either (a) add claimed_at=NULL to the manual UPDATE in the test, or (b) update the test to use STALE_CLAIM_MINUTES=0 via env. Logged in the existing gap note wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md as a separate item; not blocking this PR.
• Options B and C from the gap note are still on the table if Kay prefers them. This PR picks A for minimum blast radius and keeps the door open.

Heartbeat cannot self-approve

Per the operator skill: heartbeat agents cannot tea pulls approve on their own PRs (Gitea rejects with Error: approve your own pull is not allowed). This comment is the self-review; Kay's call to merge.

Refs: PR #14, issue #13, gap note wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md, skill entry "tick-after-contract-test exception."

## Self-review: fix commit `ec27096` on PR #14 This PR was originally test-only (commit `795115b`). This follow-up commit (`ec27096`) ships the source-grep fix that turns PR #14 from "red-in-main" to "green". Per the **tick-after-contract-test** recipe in the operator skill: the gap was mechanical (≤50 lines, ≤2 files, no architectural choice), the previous tick shipped the contract test as the structural counterpart, so the fix was the natural next unit of work. ### Why this commit ships to PR #14's branch (not a new PR) Per the **cross-tick PR test+fix subsumption** pitfall: branching a fix off `main` would duplicate the test file byte-for-byte (the fix author would copy the test to understand the contract), creating two PRs that can't both merge cleanly. Pushing to PR #14's existing branch means both the test and the fix land in a single PR, no duplication, no merge conflict. ### The fix (Option A from the gap note) Two early-return `pass` branches in `src/damascus/phases.py::review()` were bypassing the validate layer's hard gate: | Line | Before | After | |------|--------|-------| | 313 | `_verdict("pass", {"note": "no test_cmd recorded; PR exists, passing through"})` | `_verdict("tests_failed", {"review_test": False, "reason": "no test_cmd recorded; cannot validate", "branch": ..., "story_id": ...})` | | 317 | `_verdict("pass", {"note": "worktree gone; PR exists, passing through"})` | `_verdict("tests_failed", {"review_test": False, "reason": "worktree missing; cannot validate", "branch": ..., "story_id": ...})` | The cycle's verdict switch (`_next_phase_on_verdict` in `cycle.py`) already routes `tests_failed` from `review` → `build`, so a row whose validate layer could not actually validate goes back to retry the build (or, on budget exhaustion, `blocked`). No cycle changes needed. ### Why Option A over B/C - **Option A (this fix):** 2 early-return path changes, mechanical, no new functions/imports/verdicts. Smallest blast radius. - **Option B (recreate worktree from row.branch):** ~10 lines, reuses the state-resume pattern from PR #9. Defensible but adds a side effect to the reviewer that isn't really the reviewer's job. - **Option C (typed `validate_skipped` verdict):** ~20 lines (new verdict, cycle switch update, typed_verdicts list update). The cleanest semantics, but adds a new verdict and is structurally the biggest change. All three remove the literal `"passing through"` text that PR #14's contract test forbids, so all three would land the contract test green. A picks the one with the least new surface area. ### Verification ``` $ git diff main..HEAD --stat src/damascus/phases.py | 10 ++++++++-- tests/contract/test_contracts_match_source.py | 46 +++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 2 deletions(-) $ python -m pytest tests/contract/test_contracts_match_source.py::test_reviewer_validate_does_not_pass_through_on_missing_artifacts -vv tests/contract/test_contracts_match_source.py::test_reviewer_validate_does_not_pass_through_on_missing_artifacts PASSED $ python -m pytest tests/contract/ tests/unit/ -q 29 passed in 3.17s ``` RED-on-broken / GREEN-on-fixed simulation (per the contract test verification recipe): ``` import re src_main = open("src/damascus/phases.py").read() print("RED on main (has bug):", "passing through" in src_main) # → True (2 occurrences) src_fixed = src_main.replace( 'return _verdict("pass", {"note": "no test_cmd recorded; PR exists, passing through"})', 'return _verdict("tests_failed", {"review_test": False, "reason": "no test_cmd recorded; cannot validate", ...})', ).replace( 'return _verdict("pass", {"note": "worktree gone; PR exists, passing through"})', 'return _verdict("tests_failed", {"review_test": False, "reason": "worktree missing; cannot validate", ...})', ) print("GREEN on Option A fix:", "passing through" not in src_fixed) # → True (0 occurrences) ``` ### Pitfalls avoided - **Cross-tick PR test+fix subsumption:** fix ships on the test branch, not a new branch off main. Single PR, no test-file duplication. - **`re.escape()` on the contract pattern:** PR #14's test already uses literal-string assertion (`assert "passing through" not in phases_py`), not a regex. No escape issues. - **In-source-comment false-positive:** the commit message and the gap note both describe the bug in plain English; the source change itself is a string-replace, no comment added inside `phases.py` that would re-trigger the contract test. - **`git push --force` blocked:** no force-push needed; the new commit is a clean fast-forward from the existing branch tip. ### Out of scope (filed separately) - **`tests/e2e/test_reviewer.py::test_reviewer_03_validate_layer_runs_test_cmd`** is still RED. Diagnosed but not fixed: the test setup manually `UPDATE phase='review'` after a spec cycle but does not clear `claimed_at`, so the second `run_cycle_in_container()` cannot re-claim the row (stale-claim filter blocks it; claimed_at is < 30 min old). This is a **test setup bug**, not a source bug — the fix in this PR is correct. A separate PR can either (a) add `claimed_at=NULL` to the manual UPDATE in the test, or (b) update the test to use `STALE_CLAIM_MINUTES=0` via env. Logged in the existing gap note `wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md` as a separate item; **not blocking** this PR. - **Options B and C** from the gap note are still on the table if Kay prefers them. This PR picks A for minimum blast radius and keeps the door open. ### Heartbeat cannot self-approve Per the operator skill: heartbeat agents cannot `tea pulls approve` on their own PRs (Gitea rejects with `Error: approve your own pull is not allowed`). This comment is the self-review; Kay's call to merge. Refs: PR #14, issue #13, gap note `wiki/queries/damascus-orchestrator/reviewer-validates-failing-test-cmd-still-merges-2026-06-24.md`, skill entry "tick-after-contract-test exception."

kaykayyali force-pushed test/reviewer-validate-no-pass-through from ec27096cb5 to 32f5fe212e 2026-06-24 14:56:49 +00:00 Compare

kaykayyali referenced this issue from a commit 2026-06-24 14:56:49 +00:00

fix(phases): reviewer validate layer must fail closed, not pass through

kaykayyali merged commit 18ce2e5c95 into main 2026-06-24 14:56:58 +00:00

kaykayyali referenced this issue from a commit 2026-06-24 14:56:58 +00:00

Merge pull request 'test(contract): reviewer validate layer must not pass-through on missing artifacts' (#14) from test/reviewer-validate-no-pass-through into main

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

kaykayyali

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kaykayyali/damascus-orchestrator#14