Integration: Validation pipeline, validation-gated apply, diff review, DoD gating, error recovery, and security hardening #417

Merged

CoreRasurae merged 14 commits from develop-luis-2 into master 2026-02-25 14:29:09 +00:00

Conversation 3 Commits 14 Files changed 87 +16956 -146

CoreRasurae commented 2026-02-24 16:00:34 +00:00

Member

Copy link

Summary

Integration branch combining 8 features across milestones v3.0.0, v3.2.0, and v3.3.0, all on the develop-luis-2 branch rebased on master.

Included Features (by commit)

1. feat(apply): add validation-gated apply pipeline (Closes #155, v3.0.0)

   • Core plan apply service: diff review, artifact output, apply summary persistence, merge-failure handling, empty ChangeSet guard, and terminal state transitions

2. feat(validation): add validation pipeline and results model (Closes #175, v3.2.0)

   • Validation pipeline with rule-based checks, severity levels, result aggregation, and gate enforcement

3. feat(apply): add validation-gated apply pipeline + feat(apply): run validation attachments (Closes #176, v3.2.0)

   • Apply pipeline gated by validation results, attachment handling during apply phase

4. feat(change): add diff review artifacts (Closes #303, v3.2.0)

   • Diff review artifact model with inline comments, approval status, and plan service integration

5. feat(dod): enforce definition-of-done gating (Closes #178, v3.2.0)

   • Definition-of-done criteria model with completeness checks and gate enforcement

6. feat(plan): add error recovery patterns and CLI hints (Closes #186, v3.3.0)

   • Error recovery patterns (retry, fallback, skip, abort), CLI hint generation, plan executor integration

7. fix(security): harden template rendering (Closes #319, v3.3.0)

   • Secure Jinja2 renderer with sandboxed environment, filesystem access controls, and resource limits

8. fix(security): enforce explicit exception handling (Closes #320, v3.3.0)

   • Explicit exception hierarchy, bare-except prohibition, structured error context, and audit logging

Closes #155, Closes #175, Closes #176, Closes #178, Closes #186, Closes #303, Closes #319, Closes #320

## Summary Integration branch combining 8 features across milestones v3.0.0, v3.2.0, and v3.3.0, all on the `develop-luis-2` branch rebased on master. ### Included Features (by commit) 1. **`feat(apply): add validation-gated apply pipeline`** (Closes #155, v3.0.0) - Core plan apply service: diff review, artifact output, apply summary persistence, merge-failure handling, empty ChangeSet guard, and terminal state transitions 2. **`feat(validation): add validation pipeline and results model`** (Closes #175, v3.2.0) - Validation pipeline with rule-based checks, severity levels, result aggregation, and gate enforcement 3. **`feat(apply): add validation-gated apply pipeline`** + **`feat(apply): run validation attachments`** (Closes #176, v3.2.0) - Apply pipeline gated by validation results, attachment handling during apply phase 4. **`feat(change): add diff review artifacts`** (Closes #303, v3.2.0) - Diff review artifact model with inline comments, approval status, and plan service integration 5. **`feat(dod): enforce definition-of-done gating`** (Closes #178, v3.2.0) - Definition-of-done criteria model with completeness checks and gate enforcement 6. **`feat(plan): add error recovery patterns and CLI hints`** (Closes #186, v3.3.0) - Error recovery patterns (retry, fallback, skip, abort), CLI hint generation, plan executor integration 7. **`fix(security): harden template rendering`** (Closes #319, v3.3.0) - Secure Jinja2 renderer with sandboxed environment, filesystem access controls, and resource limits 8. **`fix(security): enforce explicit exception handling`** (Closes #320, v3.3.0) - Explicit exception hierarchy, bare-except prohibition, structured error context, and audit logging Closes #155, Closes #175, Closes #176, Closes #178, Closes #186, Closes #303, Closes #319, Closes #320

CoreRasurae added 1 commit 2026-02-24 16:00:34 +00:00

feat(apply): add validation-gated apply pipeline 86b263df4c

CoreRasurae requested review from freemo 2026-02-24 17:57:14 +00:00

brent.edwards approved these changes 2026-02-24 19:34:28 +00:00

Dismissed

brent.edwards left a comment

Copy link

Approved, because it passes all tests -- but there are conflicting files.

Approved, because it passes all tests -- but there are conflicting files.

freemo added the

State

In Progress

Type

Feature

Priority

High

labels 2026-02-24 21:55:13 +00:00

freemo requested changes 2026-02-24 22:26:30 +00:00

Dismissed

freemo left a comment

Copy link

Code Review: PR #417 — Set of 4 features

This PR has multiple critical violations of the project's contributing guidelines and cannot be reviewed in its current form. It requires fundamental restructuring before it can proceed.

Critical Issues

1. Empty PR description (CONTRIBUTING.md §1 — PR Process)
The PR body is completely empty. Per guidelines: "Every PR must include a clear, descriptive body that explains the purpose of the change... PRs submitted without a description or without an issue reference will not be reviewed." At minimum the description must contain:

• A summary of changes and motivation
• An issue reference with a closing keyword (e.g., Closes #XX)
• A dependency link to the issue

2. No milestone assigned (CONTRIBUTING.md §11)
"Every PR must be assigned to the same milestone as its linked issue(s). A PR without a milestone will not be reviewed."

3. No issue reference (CONTRIBUTING.md §1, §4)
There is no linked issue. Per guidelines: "If your change is not associated with an existing issue, create one first." Every commit must also reference issues in its footer.

4. Multiple unrelated features bundled in one PR (CONTRIBUTING.md §2)
This PR bundles at least 4 distinct, independent features: validation pipeline, validation apply gate, diff review artifacts, and validation-gated apply pipeline — plus unrelated tool registry fallback coverage and skill registry documentation changes. Per guidelines: "Each PR must be associated with a single Epic. Do not combine work from multiple unrelated Epics in one PR. If your changes span multiple Epics, split them into separate PRs."

5. Not mergeable
The PR has merge conflicts with master that must be resolved.

6. Non-descriptive title
"Set of 4 features" does not follow the Conventional Changelog format expected for PR titles. It should reflect the specific change being made.

7. Branch naming
Branch develop-luis-2 is a personal development branch name, not a feature branch following project conventions (e.g., feature/m3-validation-pipeline).

Additional Violations

8. No CHANGELOG update (CONTRIBUTING.md §6) — 4 new features with zero changelog entries.

9. No CONTRIBUTORS.md update (CONTRIBUTING.md §8) — Luis Mendes (CoreRasurae) is not listed in CONTRIBUTORS.md.

10. No issue references in commit footers (CONTRIBUTING.md §4) — All 4 commits have empty bodies/footers with no Refs: or Closes: references.

11. Broad exception handling — plan_apply_service.py contains except Exception blocks (around lines 567, 605) that swallow lifecycle errors at DEBUG level, violating the error handling guidelines.

12. Missing input validation — plan_id is not validated in apply_with_validation_gate; DiffBuilder constructor doesn't validate parameters.

Recommended Path Forward

1. Split this PR into 4-5 separate PRs, one per logical feature, each with its own issue, tests, docs, and changelog entry.
2. Create issues for each feature if they don't already exist.
3. Use properly named feature branches (e.g., feature/m3-validation-pipeline).
4. Write complete PR descriptions with issue references.
5. Assign milestones and appropriate labels.
6. Resolve merge conflicts.

This PR should be closed and replaced with properly scoped PRs.

## Code Review: PR #417 — `Set of 4 features` This PR has multiple critical violations of the project's contributing guidelines and cannot be reviewed in its current form. It requires fundamental restructuring before it can proceed. ### Critical Issues **1. Empty PR description (CONTRIBUTING.md §1 — PR Process)** The PR body is completely empty. Per guidelines: "Every PR must include a clear, descriptive body that explains the purpose of the change... PRs submitted without a description or without an issue reference will not be reviewed." At minimum the description must contain: - A summary of changes and motivation - An issue reference with a closing keyword (e.g., `Closes #XX`) - A dependency link to the issue **2. No milestone assigned (CONTRIBUTING.md §11)** "Every PR must be assigned to the same milestone as its linked issue(s). A PR without a milestone will not be reviewed." **3. No issue reference (CONTRIBUTING.md §1, §4)** There is no linked issue. Per guidelines: "If your change is not associated with an existing issue, create one first." Every commit must also reference issues in its footer. **4. Multiple unrelated features bundled in one PR (CONTRIBUTING.md §2)** This PR bundles **at least 4 distinct, independent features**: validation pipeline, validation apply gate, diff review artifacts, and validation-gated apply pipeline — plus unrelated tool registry fallback coverage and skill registry documentation changes. Per guidelines: "Each PR must be associated with a single Epic. Do not combine work from multiple unrelated Epics in one PR. If your changes span multiple Epics, split them into separate PRs." **5. Not mergeable** The PR has merge conflicts with `master` that must be resolved. **6. Non-descriptive title** "Set of 4 features" does not follow the Conventional Changelog format expected for PR titles. It should reflect the specific change being made. **7. Branch naming** Branch `develop-luis-2` is a personal development branch name, not a feature branch following project conventions (e.g., `feature/m3-validation-pipeline`). ### Additional Violations **8. No CHANGELOG update (CONTRIBUTING.md §6)** — 4 new features with zero changelog entries. **9. No CONTRIBUTORS.md update (CONTRIBUTING.md §8)** — Luis Mendes (CoreRasurae) is not listed in CONTRIBUTORS.md. **10. No issue references in commit footers (CONTRIBUTING.md §4)** — All 4 commits have empty bodies/footers with no `Refs:` or `Closes:` references. **11. Broad exception handling** — `plan_apply_service.py` contains `except Exception` blocks (around lines 567, 605) that swallow lifecycle errors at DEBUG level, violating the error handling guidelines. **12. Missing input validation** — `plan_id` is not validated in `apply_with_validation_gate`; `DiffBuilder` constructor doesn't validate parameters. ### Recommended Path Forward 1. **Split this PR into 4-5 separate PRs**, one per logical feature, each with its own issue, tests, docs, and changelog entry. 2. Create issues for each feature if they don't already exist. 3. Use properly named feature branches (e.g., `feature/m3-validation-pipeline`). 4. Write complete PR descriptions with issue references. 5. Assign milestones and appropriate labels. 6. Resolve merge conflicts. This PR should be closed and replaced with properly scoped PRs.

CoreRasurae dismissed brent.edwards's review 2026-02-24 22:33:14 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

CoreRasurae force-pushed develop-luis-2 from 2c6c0ef510 to 9ce0ab3f5f 2026-02-24 22:38:25 +00:00 Compare

freemo dismissed freemo's review 2026-02-24 22:45:45 +00:00

Reason:

dont want hard block

CoreRasurae force-pushed develop-luis-2 from cedacd3741 to d2439f69cf 2026-02-24 23:40:04 +00:00 Compare

CoreRasurae force-pushed develop-luis-2 from bde5e0c108 to a055100953 2026-02-25 00:30:50 +00:00 Compare

CoreRasurae self-assigned this 2026-02-25 01:56:27 +00:00

CoreRasurae requested review from freemo 2026-02-25 01:56:34 +00:00

CoreRasurae added this to the v3.0.0 milestone 2026-02-25 07:37:55 +00:00

CoreRasurae changed title from Set of 4 features to Integration: Validation pipeline, validation-gated apply, diff review, DoD gating, error recovery, and security hardening 2026-02-25 07:40:11 +00:00

CoreRasurae modified the milestone from v3.0.0 to v3.2.0 2026-02-25 07:40:11 +00:00

CoreRasurae added

State

In Review

and removed

State

In Progress

Priority

High

labels 2026-02-25 07:40:51 +00:00

CoreRasurae added a new dependency 2026-02-25 07:41:54 +00:00

#175 feat(validation): add validation pipeline and results model

CoreRasurae added a new dependency 2026-02-25 07:42:00 +00:00

#176 feat(validation): add validation runner and apply gating

CoreRasurae added a new dependency 2026-02-25 07:42:00 +00:00

#303 feat(change): add diff review artifacts

CoreRasurae added a new dependency 2026-02-25 07:42:01 +00:00

#178 feat(dod): enforce definition-of-done gating

CoreRasurae added a new dependency 2026-02-25 07:42:01 +00:00

#186 feat(plan): add error recovery patterns and CLI hints

CoreRasurae added a new dependency 2026-02-25 07:42:02 +00:00

#319 fix(security): harden template rendering

CoreRasurae added a new dependency 2026-02-25 07:42:02 +00:00

#320 fix(security): enforce explicit exception handling

CoreRasurae added a new dependency 2026-02-25 07:46:58 +00:00

#155 feat(apply): merge sandbox changes into targets with conflict handling

CoreRasurae force-pushed develop-luis-2 from 58ba40a2f8 to 17ea9c53fb 2026-02-25 10:08:00 +00:00 Compare

aditya approved these changes 2026-02-25 14:27:27 +00:00

CoreRasurae merged commit 17ea9c53fb into master 2026-02-25 14:29:09 +00:00

CoreRasurae deleted branch develop-luis-2 2026-02-25 14:29:11 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

freemo

aditya

Labels

Clear labels   

auto/needs-reevaluation

Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  

controller-managed

Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  

auto/blocked-by-deps

PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  

auto/ci-timeout

Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  

auto/claimed-implementer

Currently being processed by an implementer worker.

  

auto/claimed-merge

Currently being processed by the merge driver.

  

auto/claimed-reviewer

Currently being processed by a reviewer worker.

  

auto/driver-down

Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  

auto/invariant-violation

Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  

auto/last-attempt-tier-0

In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  

auto/last-attempt-tier-1

In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  

auto/last-attempt-tier-2

In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  

auto/last-attempt-tier-min

In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  

Automation Tracking

Tracking issues used by the AI Automation system for agents to communicate and report.

  

auto/needs-conflict-resolution

Rebase conflict needs LLM conflict-resolver.

  

auto/needs-implementer

Failing CI needs implementer attention.

  

auto/postmortem

Documenting a driver incident or rollback.

  

auto/ready-to-merge

Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  

auto/restart-throttled

Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  

auto/revert

Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  

auto/sentinel

Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  

auto/stale-inactivity

No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  

auto/unstable

Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  

Blocked

A ticket in a blocked state and unable to complete until some other task is completed first.

  

Bounty

$100

A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$1000

A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$10000

A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$20

A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$2000

A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$250

A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$50

A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$500

A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$5000

A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$750

A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  

MoSCoW

Could have

Could have feature in order to satisfy the epic/legendary.

  

MoSCoW

Must have

Must have feature in order to satisfy the epic/legendary.

  

MoSCoW

Should have

Should have feature in order to satisfy the epic/legendary.

  

Needs Feedback

There are questions in the ticket that can not be completed until the project owner provides clarity.

  

Points

1

1 man-hours worth of work for an expert with no learning curve.

  

Points

13

13 man-hours worth of work for an expert with no learning curve.

  

Points

2

2 man-hours worth of work for an expert with no learning curve.

  

Points

21

21 man-hours worth of work for an expert with no learning curve.

  

Points

3

3 man-hours worth of work for an expert with no learning curve.

  

Points

34

34 man-hours worth of work for an expert with no learning curve.

  

Points

5

5 man-hours worth of work for an expert with no learning curve.

  

Points

55

55 man-hours worth of work for an expert with no learning curve.

  

Points

8

8 man-hours worth of work for an expert with no learning curve.

  

Points

88

88 man-hours worth of work for an expert with no learning curve.

  

Priority

Backlog

This ticket has backlogged priority and is not to be worked on yet

  

Priority

CI Blocker

Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Signed-off: Owner

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  

Signed-off: Scrum Master

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  

Signed-off: Tech Lead

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  

Spike

A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  

State

Completed

The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  

State

Duplicate

A ticket that represents the same content as an existing ticket.

  

State

In Progress

A ticket that is actively being developed.

  

State

In Review

A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  

State

Paused

This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  

State

Unverified

All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  

State

Verified

The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  

State

Wont Do

This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  

Type

Automation

Any edits or discussion about the AI automated coding system.

  

Type

Bug

Something that doesnt work as intended.

  

Type

Discussion

Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  

Type

Documentation

An error or improvement needed in the documentation.

  

Type

Epic

Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  

Type

Feature

Some new functionality not present.

  

Type

Legendary

A type of Epic which will contain other Epics.

  

Type

Refactor

A code change that restructures existing code without changing its external behavior.

  

Type

Support

Someone needs help using the project.

  

Type

Task

A generic task that doesnt fit into the other type categories.

  

Type

Testing

Work exclusively focusing on fixing or expanding testing.

No labels

auto/needs-reevaluation

controller-managed

auto/blocked-by-deps

auto/ci-timeout

auto/claimed-implementer

auto/claimed-merge

auto/claimed-reviewer

auto/driver-down

auto/invariant-violation

auto/last-attempt-tier-0

auto/last-attempt-tier-1

auto/last-attempt-tier-2

auto/last-attempt-tier-min

Automation Tracking

auto/needs-conflict-resolution

auto/needs-implementer

auto/postmortem

auto/ready-to-merge

auto/restart-throttled

auto/revert

auto/sentinel

auto/stale-inactivity

auto/unstable

Blocked

Bounty

$100

Bounty

$1000

Bounty

$10000

Bounty

$20

Bounty

$2000

Bounty

$250

Bounty

$50

Bounty

$500

Bounty

$5000

Bounty

$750

MoSCoW

Could have

MoSCoW

Must have

MoSCoW

Should have

Needs Feedback

Points

1

Points

13

Points

2

Points

21

Points

3

Points

34

Points

5

Points

55

Points

8

Points

88

Priority

Backlog

Priority

CI Blocker

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Signed-off: Owner

Signed-off: Scrum Master

Signed-off: Tech Lead

Spike

State

Completed

State

Duplicate

State

In Progress

State

In Review

State

Paused

State

Unverified

State

Verified

State

Wont Do

Type

Automation

Type

Bug

Type

Discussion

Type

Documentation

Type

Epic

Type

Feature

Type

Legendary

Type

Refactor

Type

Support

Type

Task

Type

Testing

Milestone

Clear milestone

No items

No milestone

v3.2.0

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

CoreRasurae

4 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks

#155 feat(apply): merge sandbox changes into targets with conflict handling

cleveragents/cleveragents-core

#175 feat(validation): add validation pipeline and results model

cleveragents/cleveragents-core

#176 feat(validation): add validation runner and apply gating

cleveragents/cleveragents-core

#178 feat(dod): enforce definition-of-done gating

cleveragents/cleveragents-core

#186 feat(plan): add error recovery patterns and CLI hints

cleveragents/cleveragents-core

#303 feat(change): add diff review artifacts

cleveragents/cleveragents-core

#319 fix(security): harden template rendering

cleveragents/cleveragents-core

#320 fix(security): enforce explicit exception handling

cleveragents/cleveragents-core

Reference

cleveragents/cleveragents-core!417

No description provided.