pdurlej/patchwarden

Fork 0

Implement Patchwarden June vision slices #111

Merged

pdurlej merged 113 commits from codex/patchwarden-pr86-90-integration-smoke into main

2026-06-23 15:14:19 +02:00

codex commented

2026-06-23 09:16:45 +02:00

Collaborator

Summary

Adds the June 2026 Patchwarden vision/status layer, including static status, QA workbook, and gap disposition docs for issues #103-#109.
Adds first read-only slices for Vistula shape, generated-artifact sensing, security-sensitive path sensing, reviewer quorum, PR-class evidence, Sense/trust, controller intake, feedback intake, and deterministic job plans.
Strengthens patchwarden.pr.vistula_shape so the opt-in Vistula gate now requires title, label, issue linkage, and explicit value, effort, and lead-time metadata, accepted from PR labels or body fields.
Adds forgejo-event, an offline Forgejo pull_request event fixture parser for #31 that emits normalized PR metadata for pipeline --metadata-file and contract-pr --metadata-file without adding a listener or network fetches.
Advances Slice E for #102: a real sanitized iskra-runtime-repair-gate.service bundle/verdict pair is replay-tested, and optional rich artifact/payload evidence envelopes now fail closed on missing sub-fields, stale artifact target_sha, and red rich statuses.
Adds vision_gap_ledger.py, a durable read-only PW-G001..PW-G018 ledger consumed by patchwarden status, so the June vision backlog is no longer prose-only in operator_status.py.
Maps every PW-G row to tracking issue refs in the ledger and text/JSON status output, making the Claude-created issue wave auditable from patchwarden status.
Adds patchwarden.pr.security_path_sensor, an opt-in deterministic Core module that blocks local secret config, credential, private-key, certificate, and secrets-directory paths before low-friction review lanes. Refs #67 and advances PW-G002/#104.
Wires external evidence/sense/review-quorum verdict artifacts into exact-head Contract Run and contract-pr as Core modules.
Integrates current main docs-maturity work, including cloud-review fail-closed enforcement, Fallow/doc drift guards, auto-heal live status, and schema example drift guards.
Pins ClawSweeper as a reference source without vendoring it as a runtime dependency.

Issue Closure

Closes #31.
Closes #103.
Closes #104.
Closes #105.
Closes #106.
Closes #107.
Closes #108.
Closes #109.

Refs #67: the first Patchwarden-native security module is now an opt-in path sensor. This does not vendor nullsec-s1 or claim the broader security-module backlog is done; it makes the next security layer concrete inside Patchwarden Core.

Refs #102: Codex-side fixture export and the first rich evidence sub-field validator are addressed by tests/fixtures/iskra-evidence/, runtime_repair.py, schema/docs updates, and the rich-evidence tests in tests/test_runtime_repair.py. This PR still does not close #102 because the remaining Slice E work is to capture/replace the contract-test rich fixture with additional live rich artifact shapes as Iskra exports them.

Close basis for #103-#109: docs/operations/vision-gap-issue-disposition.md. These close as Patchwarden-side read-only contract slices plus captured PW-G backlog, not as a claim that external controller execution, live dashboard, redrive, issue writers, or merge actuation are already complete. #103 now has first-class Vistula metadata presence checks; repo-specific value/effort/lead-time vocabularies remain backlog. #109/G015 now has a concrete read-only ledger module rather than only status prose, and every PW-G row carries explicit tracking issue refs.

Close basis for #31: offline event-fixture parsing is implemented and tested. HTTP listener and signature verification remain separate future service-mode work.

Verification

PYTHONPATH=src:. python3 -m unittest discover -s tests -> Ran 516 tests ... OK
PYTHONPATH=src:. python3 -m unittest tests.test_contract_run tests.test_cli_evaluate tests.test_contract_pipeline tests.test_core_module_registry tests.test_status_html tests.test_cli_status tests.test_vision_gap_ledger -> Ran 92 tests ... OK
CLI security sensor smoke: .env.production -> fail with blocking module patchwarden.pr.security_path_sensor; docs/.env.example -> pass with empty security evidence.
PYTHONPATH=src:. python3 -m unittest tests.test_runtime_repair tests.test_artifact_schema_contract tests.test_cli_status tests.test_status_html -> Ran 83 tests ... OK
PYTHONPATH=src:. python3 -m patchwarden.cli forgejo-event --event-file tests/fixtures/forgejo-events/pull_request.opened.json --output /tmp/patchwarden-forgejo-event-metadata.json
PYTHONPATH=src:. python3 -m patchwarden.cli pipeline --repo-host git.example.test --repo-owner pdurlej --repo-name platform --repo-profile platform --pr-number 470 --skip-post --metadata-file /tmp/patchwarden-forgejo-event-metadata.json -> eligible_clean
PYTHONPATH=src:. python3 -m patchwarden.cli status --format json
QA workbook verifier: 48 tracked rows, 30 implemented surfaces, 18 vision gaps.
git diff --check / git diff --cached --check clean during the latest slices.

Boundaries

Patchwarden remains the policy engine. Controller execution, external evidence production, live dashboard, redrive, OpenClaw approval consumption, HTTP webhook listener/signature verification, additional live rich artifact capture, external issue/job writing, and merge actuation remain explicit future work rather than claimed completed behavior.

## Summary - Adds the June 2026 Patchwarden vision/status layer, including static status, QA workbook, and gap disposition docs for issues #103-#109. - Adds first read-only slices for Vistula shape, generated-artifact sensing, security-sensitive path sensing, reviewer quorum, PR-class evidence, Sense/trust, controller intake, feedback intake, and deterministic job plans. - Strengthens `patchwarden.pr.vistula_shape` so the opt-in Vistula gate now requires title, label, issue linkage, and explicit value, effort, and lead-time metadata, accepted from PR labels or body fields. - Adds `forgejo-event`, an offline Forgejo `pull_request` event fixture parser for #31 that emits normalized PR metadata for `pipeline --metadata-file` and `contract-pr --metadata-file` without adding a listener or network fetches. - Advances Slice E for #102: a real sanitized `iskra-runtime-repair-gate.service` bundle/verdict pair is replay-tested, and optional rich `artifact`/`payload` evidence envelopes now fail closed on missing sub-fields, stale artifact `target_sha`, and red rich statuses. - Adds `vision_gap_ledger.py`, a durable read-only PW-G001..PW-G018 ledger consumed by `patchwarden status`, so the June vision backlog is no longer prose-only in `operator_status.py`. - Maps every PW-G row to tracking issue refs in the ledger and text/JSON status output, making the Claude-created issue wave auditable from `patchwarden status`. - Adds `patchwarden.pr.security_path_sensor`, an opt-in deterministic Core module that blocks local secret config, credential, private-key, certificate, and secrets-directory paths before low-friction review lanes. Refs #67 and advances PW-G002/#104. - Wires external evidence/sense/review-quorum verdict artifacts into exact-head Contract Run and `contract-pr` as Core modules. - Integrates current `main` docs-maturity work, including cloud-review fail-closed enforcement, Fallow/doc drift guards, auto-heal live status, and schema example drift guards. - Pins ClawSweeper as a reference source without vendoring it as a runtime dependency. ## Issue Closure Closes #31. Closes #103. Closes #104. Closes #105. Closes #106. Closes #107. Closes #108. Closes #109. Refs #67: the first Patchwarden-native security module is now an opt-in path sensor. This does not vendor `nullsec-s1` or claim the broader security-module backlog is done; it makes the next security layer concrete inside Patchwarden Core. Refs #102: Codex-side fixture export and the first rich evidence sub-field validator are addressed by `tests/fixtures/iskra-evidence/`, `runtime_repair.py`, schema/docs updates, and the rich-evidence tests in `tests/test_runtime_repair.py`. This PR still does not close #102 because the remaining Slice E work is to capture/replace the contract-test rich fixture with additional live rich artifact shapes as Iskra exports them. Close basis for #103-#109: `docs/operations/vision-gap-issue-disposition.md`. These close as Patchwarden-side read-only contract slices plus captured PW-G backlog, not as a claim that external controller execution, live dashboard, redrive, issue writers, or merge actuation are already complete. #103 now has first-class Vistula metadata presence checks; repo-specific value/effort/lead-time vocabularies remain backlog. #109/G015 now has a concrete read-only ledger module rather than only status prose, and every PW-G row carries explicit tracking issue refs. Close basis for #31: offline event-fixture parsing is implemented and tested. HTTP listener and signature verification remain separate future service-mode work. ## Verification - `PYTHONPATH=src:. python3 -m unittest discover -s tests` -> `Ran 516 tests ... OK` - `PYTHONPATH=src:. python3 -m unittest tests.test_contract_run tests.test_cli_evaluate tests.test_contract_pipeline tests.test_core_module_registry tests.test_status_html tests.test_cli_status tests.test_vision_gap_ledger` -> `Ran 92 tests ... OK` - CLI security sensor smoke: `.env.production` -> `fail` with blocking module `patchwarden.pr.security_path_sensor`; `docs/.env.example` -> `pass` with empty security evidence. - `PYTHONPATH=src:. python3 -m unittest tests.test_runtime_repair tests.test_artifact_schema_contract tests.test_cli_status tests.test_status_html` -> `Ran 83 tests ... OK` - `PYTHONPATH=src:. python3 -m patchwarden.cli forgejo-event --event-file tests/fixtures/forgejo-events/pull_request.opened.json --output /tmp/patchwarden-forgejo-event-metadata.json` - `PYTHONPATH=src:. python3 -m patchwarden.cli pipeline --repo-host git.example.test --repo-owner pdurlej --repo-name platform --repo-profile platform --pr-number 470 --skip-post --metadata-file /tmp/patchwarden-forgejo-event-metadata.json` -> `eligible_clean` - `PYTHONPATH=src:. python3 -m patchwarden.cli status --format json` - QA workbook verifier: 48 tracked rows, 30 implemented surfaces, 18 vision gaps. - `git diff --check` / `git diff --cached --check` clean during the latest slices. ## Boundaries Patchwarden remains the policy engine. Controller execution, external evidence production, live dashboard, redrive, OpenClaw approval consumption, HTTP webhook listener/signature verification, additional live rich artifact capture, external issue/job writing, and merge actuation remain explicit future work rather than claimed completed behavior.

codex added 109 commits

2026-06-23 09:16:45 +02:00

feat(contract): accept required checks in contract-pr 787424d2e2

Allow contract-pr artifact mode to receive explicit required check inputs so the required_checks expert stays active when client workflows pre-collect PR metadata.

feat(contract): add contract-pr result schema b51c529f07

feat(auto-pr): add proposal eligibility gate 85dda9e7c5

test(auto-pr): avoid schema contract merge collision 34ac5b67be

fix(contract): preserve publication error artifacts e98dc401e4

test(contract): allow publication errors in result schema 1def8e685f

fix(forgejo): use latest commit status per context f6ae3d0871

test(forgejo): cover wrapped status timestamps 93d8ed71e4

docs(contract): clarify current Forgejo status handling 8ccc54c46f

fix(contract): ignore own publication status input 5298e09914

Merge remote-tracking branch 'origin/contract-pr-result-schema' into HEAD c3b5666e4a

Merge remote-tracking branch 'origin/core-module-registry' into HEAD e8cd6e3a00

# Conflicts:
#	README.md
#	src/patchwarden/cli.py
#	src/patchwarden/contract_pipeline.py
#	tests/test_cli_contract_pr.py
#	tests/test_contract_pipeline.py

Merge remote-tracking branch 'origin/auto-pr-proposal-gate' into HEAD 2d2c19ee8a

Merge remote-tracking branch 'origin/contract-pr-publication-error-artifact' into HEAD 57b0b33dc9

Merge remote-tracking branch 'origin/codex/contract-pr-current-statuses' into HEAD e3bb75bc6d

# Conflicts:
#	docs/architecture.md
#	src/patchwarden/contract_pipeline.py
#	tests/test_contract_pipeline.py

docs(contract): record merge queue checkpoint 1f1d20b964

docs(contract): add platform live smoke evidence d0024071a8

docs(contract): map merge queue to product issues 29336c179d

test(auto-pr): enforce read-only proposal gate 40f3c46a6e

test(auto-pr): block Forgejo imports in proposal gate 9e91c6778c

test(contract): validate real publication error artifact fa27672e03

test(auto-pr): prove read-only lint catches writes 95ffe0497a

test(core): keep module registry static e0a5952813

test(contract): reject invalid module stack in contract-pr 40062b545c

test(contract): ignore explicit checks when module disabled 2a9bc9f33a

test(contract): require module stack in contract run schema dd2418ba13

test(core): constrain module stack kinds 71b5afcb72

test(core): add module stack schema example 182389fdf5

test(schema): keep schema catalog complete e99c07e313

docs(core): point schema catalog to core artifacts b3fec0382f

feat(contract): expose module stack in contract-pr result a9d1d26e2f

feat(contract): expose policy in contract-pr result 80f8869d78

test(schema): keep contract-pr summary shapes aligned 8c01da7bac

feat(contract): expose summary in contract-pr result 38b7824d56

test(schema): mirror contract-pr result identity fields e93c819296

test(contract): assert contract-pr cli summary fields 9f487bbb84

test(contract): add contract-pr publication error example a40aaca48d

test(contract): keep publication error summary fields 585f825ff6

test(contract): add contract-pr blocked example 2d3693385e

docs(contract): record platform workflow smoke 89eba9c0a6

docs(contract): point smoke retry at platform workflow fix ccabedd14c

test(schema): validate all contract-pr result examples c5efe76e8c

test(schema): validate public schema examples 1fc954d168

docs(readme): describe contract-pr result surface 19895e737c

docs(schema): catalog public examples 75c97919cf

test(schema): reject stale example paths b0cef4af58

test(schema): align example catalog schemas 0e7c82a990

test(schema): assert example schema versions d57968e412

test(contract): allow empty metadata check snapshots 3ddcabfc45

docs(contract): record platform metadata replay da2e4b4c80

test(contract): add metadata pass example f2859d7c1c

docs(contract): record live execute smoke gate adab38a089

docs(schema): add metadata contract-pr example 209e29b7b7

feat(contract): expose contract-pr blocking reason 178f5870fe

test(schema): require coherent blocking reason b472fc9772

feat(contract): expose blocking core module 21a0c492a1

docs(contract): record second platform smoke 6d7104a90c

feat(contract): expose module results in pr artifact f34a297287

test(schema): keep contract module defs aligned 945298cd3e

test(contract): align module results with selected stack 231b1bb005

test(contract): keep disabled modules out of pr result e53da05ad2

test(contract): bind blocking module to module result 34d6aa67e9

feat(core): declare module safety metadata cce5e0cfd9

feat(core): declare module target applicability 66325cd3d0

feat(core): resolve module stacks by target kind 175584b2a8

fix(core): reject unknown module stack target kinds 8f450ce582

fix(core): reject explicitly enabled inapplicable modules da8a821c69

test(core): guard target kind schema vocabulary cc532c4e44

feat(core): declare module verdict surface 5c08770bdb

feat(core): fingerprint module registry in stacks 647551a839

feat(contract): show core stack in contract comment 3c36586534

feat(contract): show run id in contract comment 0e18e6694c

feat(contract): include module stack in publication artifact e76a425be0

feat(contract): publish module outcomes 30dbec9620

feat(contract): show module outcomes in comment 0f23c38249

feat(contract): show operator action in comment 98dffce2ce

feat(contract): expose operator action in artifacts 1b244861b1

feat(contract): make operator action part of contract run 6298c433d2

test(schema): keep contract artifact defs aligned 1b78efaa4e

feat(contract): make blocking summary part of contract run 87f429ec9f

refactor(contract): publish source blocking summary 03a8e64b19

feat(contract): inspect contract-pr artifacts 7c71bfebef

test(schema): contract-pr inspection artifact ac6b71f5ed

feat(contract): record contract-pr producer fc3c63487f

feat(contract): diagnose contract-pr inspections b5b9a0892d

feat(contract): preserve policy in publications c583659c7d

feat(contract): preserve summary in publications f7362acc70

refactor(contract): share producer metadata 5abf5756cf

feat(contract): record publication producer 93eabbcba3

feat(contract): record contract-run producer 0e600067d0

feat(contract): inspect linked artifact producers ca761ed643

docs(contract): refresh platform smoke checkpoint 4c0228ecb8

test(contract): tighten inspection producer schema 57ec9eef63

feat(core): declare module artifact contracts 28aaca7c98

feat(contract): enforce module evidence contracts 833bb6883e

feat(core): embed module contracts in stack 3f1247fb71

feat(contract): guard publication against stale heads e912197190

feat(contract): add comment marker metadata 0452f609fe

feat(contract): inspect comment marker metadata 95db2de5a5

feat(contract): validate comment marker metadata 5dfc1b62d5

refactor(contract): share comment marker builders a38d890bd6

test(contract): constrain comment marker schema f0eee95466

test(contract): lock publication adapter schemas 84e7031c7b

test(contract): lock publication error schema eec576d3e7

feat(contract): inspect publication errors 11ac707747

feat(contract): summarize publication errors 71b2464d7c

feat(contract): summarize publication guard a7c2a1c781

test(fixtures): add live Iskra runtime repair evidence 61c6af2fbc

Refs #102.

feat: implement patchwarden june vision slices a029ca3b70

ollama added 1 commit

2026-06-23 09:28:25 +02:00

Merge remote-tracking branch 'origin/main' into codex/patchwarden-pr86-90-integration-smoke

fallow-py / fallow-py-advisory (pull_request) Successful in 15s

Details

e5992d20bc

# Conflicts:
#	README.md
#	docs/operations/clawsweeper-pin.md
#	docs/operations/pr-passage-contracts.md
#	docs/product/june-2026-vision.md
#	docs/status.html
#	spec/schemas/examples/contract-pr-result.execute-publication-error.json
#	spec/schemas/examples/core-module-stack.default.json
#	src/patchwarden/cli.py
#	src/patchwarden/contract_pipeline.py
#	src/patchwarden/operator_status.py
#	tests/test_cli_contract_pr.py
#	tests/test_cli_status.py
#	tests/test_contract_pipeline.py
#	tests/test_status_html.py

codex referenced this pull request

2026-06-23 09:37:50 +02:00

feat(gate): PW-G001 — Vistula Check (formal PR-shape gate before deeper review) #103

codex referenced this pull request

2026-06-23 09:37:55 +02:00

feat(core): PW-G002 — expand the deterministic quality-module stack (Swiss-cheese) #104

codex referenced this pull request

2026-06-23 09:37:58 +02:00

feat(reviewer): PW-G003 + PW-G017 — reviewer quorum verdict + idempotent retrigger/redrive #105

codex referenced this pull request

2026-06-23 09:38:04 +02:00

feat(evidence): PW-G005 + PW-G006 — required test + sandbox evidence gates by PR class #106