feat(v0): add cloud_review policy field for reviewer lanes #37

New issue

Closed

opened 2026-05-26 10:56:17 +02:00 by codex · 0 comments

codex commented 2026-05-26 10:56:17 +02:00

Collaborator

Copy link

Context

Patchwarden roadmap mentions G9: add cloud_review schema field before LLM reviewer lanes. Oracle consult confirmed the smallest useful next step is one required repo-pattern/anti-slop sanity lane for boring PRs, with Patchwarden as verdict authority.

Scope

Extend reviewer lane configuration/policy bundle shape with a minimal field:

cloud_review = "allowed" # allowed | forbidden | required-with-redaction

and define the initial low-risk lane concept:

[review_lanes.repo_pattern_sanity]
enabled = true
required_for = ["safe_docs_status"]
cloud_review = "allowed"
provider = "ollama"
model = "kimi-k2.6:cloud"
fallback_model = "gemma4:31b-cloud"
timeout_seconds = 90
fail_on_missing = true
fail_on_unparseable = true

Model choice is configuration seed, not permanent policy. DeepSeek v4 Pro should remain optional/manual deep lane until reliability/cost telemetry exists.

Acceptance criteria

• Policy/lane config parser accepts cloud_review with allowed values only.
• Sensitive/manual classes force cloud_review=forbidden or needs_human regardless of lane config.
• Missing/stale/unparseable required lane artifacts fail closed.
• Optional lane failure does not block unless configured required.
• Tests cover at least: safe docs allowed, workflow/runtime/secrets forbidden, invalid enum rejected.
• No real model calls in this issue unless already explicitly scoped by #29/#30 sequencing.

Out of scope

• Webhook service mode.
• Calling Ollama Cloud.
• Posting Forgejo reviews.
• Merge automation expansion.
• Cloud credentials/secrets.

Trace

• Oracle consult: patchwarde-auditlm-boundary, 2026-05-26.
• Roadmap: G9 cloud_review schema field.
• Related issues: #28 reviewer lane config loader, #29 prompt rendering, #30 finding comments, #33 boring PR lifecycle fixture.

## Context Patchwarden roadmap mentions G9: add `cloud_review` schema field before LLM reviewer lanes. Oracle consult confirmed the smallest useful next step is one required repo-pattern/anti-slop sanity lane for boring PRs, with Patchwarden as verdict authority. ## Scope Extend reviewer lane configuration/policy bundle shape with a minimal field: ```toml cloud_review = "allowed" # allowed | forbidden | required-with-redaction ``` and define the initial low-risk lane concept: ```toml [review_lanes.repo_pattern_sanity] enabled = true required_for = ["safe_docs_status"] cloud_review = "allowed" provider = "ollama" model = "kimi-k2.6:cloud" fallback_model = "gemma4:31b-cloud" timeout_seconds = 90 fail_on_missing = true fail_on_unparseable = true ``` Model choice is configuration seed, not permanent policy. DeepSeek v4 Pro should remain optional/manual deep lane until reliability/cost telemetry exists. ## Acceptance criteria - [ ] Policy/lane config parser accepts `cloud_review` with allowed values only. - [ ] Sensitive/manual classes force `cloud_review=forbidden` or `needs_human` regardless of lane config. - [ ] Missing/stale/unparseable required lane artifacts fail closed. - [ ] Optional lane failure does not block unless configured required. - [ ] Tests cover at least: safe docs allowed, workflow/runtime/secrets forbidden, invalid enum rejected. - [ ] No real model calls in this issue unless already explicitly scoped by #29/#30 sequencing. ## Out of scope - Webhook service mode. - Calling Ollama Cloud. - Posting Forgejo reviews. - Merge automation expansion. - Cloud credentials/secrets. ## Trace - Oracle consult: `patchwarde-auditlm-boundary`, 2026-05-26. - Roadmap: G9 `cloud_review` schema field. - Related issues: #28 reviewer lane config loader, #29 prompt rendering, #30 finding comments, #33 boring PR lifecycle fixture.

codex added the

area:v0-core

ready-for-agent

kind:implementation

labels 2026-05-26 10:56:17 +02:00

claude referenced this issue 2026-05-26 14:34:57 +02:00

docs(v0): record D20 hybrid review authority boundary (closes #36) #43

codex referenced this issue from a commit 2026-05-26 14:38:42 +02:00

feat(v0): add cloud_review policy field + ReviewerLane + D20 force-forbidden enforcement (closes #37)

claude referenced this issue from a pull request that will close it, 2026-05-26 14:39:28 +02:00

feat(v0): add cloud_review policy field + ReviewerLane + D20 force-forbidden enforcement (closes #37) #44

codex closed this issue 2026-05-26 15:32:51 +02:00

ollama referenced this issue from a commit 2026-06-22 23:12:12 +02:00

feat(status): operator-status SSoT (patchwarden status + status.html) + auto-heal + drift-guard

claude referenced this issue 2026-06-22 23:13:03 +02:00

feat(status): operator-status SSoT (patchwarden status + status.html) + auto-heal + drift-guard #97

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

codex/operator-status-layer-catalogs

codex/cli-external-contracts-registration

codex/cli-policy-check-registration

codex/cli-module-registration

claude/decisions-d29-modular-monolith

codex/platform-adr0002-canary-policy

codex/platform-vistula-label-policy

codex/pr-sanity-automerge-eligibility

codex/pr-sanity-approval-handoff

codex/status-after-iskra-507

codex/dogfood-status-wedge

codex/controller-comment-renderer

codex/pr-sanity-comment-renderer

codex/dogfood-approval-handoff-order

codex/status-dogfood-queue-endpoint

codex/dogfood-loop-queue

codex/dogfood-loop-controller-plan

codex/dogfood-loop-verdict

codex/artifact-index-root-labels

codex/status-workflow-artifact-index

codex/status-workflow-operator-artifacts

codex/status-drift-artifact-root-manifest

codex/fallow-artifact-root-manifest

codex/patchwarden-contract-artifact-manifest

codex/patchwarden-contract-pr-concurrency

codex/patchwarden-self-vistula-policy

codex/patchwarden-self-contract-pr

codex/artifact-root-manifest-plan

codex/status-serve-root-manifest-endpoint

codex/status-serve-freshness-endpoint

codex/artifact-index-freshness-check

codex/artifact-root-manifest-check

codex/artifact-root-handoff

codex/artifact-root-manifest

codex/local-artifact-index

codex/status-artifact-drilldowns

codex/status-dashboard-server

codex/status-drift-workflow

codex/status-drift-check

codex/evidence-bundle-action-receipt

codex/require-live-merge-receipts

codex/follow-up-action-receipt

codex/redrive-attempt-budget

codex/trust-state-action-receipt

codex/post-merge-feedback-controller-receipts

codex/controller-dry-run-receipt

codex/controller-dry-run-rehearsal

codex/merge-frontier-dry-run

codex/executor-action-receipt

codex/controller-bundle-staged-action

codex/controller-bundle-review-publication

codex/controller-review-publication-plan

codex/merge-frontier-decision-gate

codex/controller-actuation-bundle

codex/merge-actuation-preflight

codex/repair-packet-job-plan

codex/evidence-request-plan

codex/simplicity-review-lane

codex/ponytail-simplicity-decision

codex/structural-code-artifact-gate

codex/status-nullsec-ledger-sync

claude/autoheal-evidence-bundle-spec

claude/security-hardening-wave

claude/decisions-d22-v4-reconcile

codex/contract-pr-current-statuses

claude/docs-wave-evidence-confirmed

claude/feat-cloud-ollama-auth

claude/patchwarden-pyfallow-integration-plan

claude/patchwarden-dogfood-actual-vs-mental-model

claude/patchwarden-decisions-d21-m2-amendment

claude/patchwarden-dogfood-known-limits

claude/patchwarden-d20-architectural-lint

claude/patchwarden-resolver-soft-fail-detection

claude/patchwarden-crosscheck-snapshot-2026-05-27

claude/patchwarden-boring-pr-lifecycle-fixture

claude/patchwarden-platform-dogfood-playbook

claude/patchwarden-post-findings-execute

claude/patchwarden-review-run-invokes-ollama

claude/patchwarden-ollama-client

claude/patchwarden-render-review-prompt

claude/patchwarden-offline-pipeline-metadata

codex/reviewer-lane-config

claude/patchwarden-cloud-review-policy

claude/patchwarden-hybrid-review-authority

claude/patchwarden-decisions-batch

claude/patchwarden-external-framing

claude/patchwarden-tactical-updates

claude/patchwarden-decisions-d13-d14

claude/patchwarden-product-readme-m1-close-prep

claude/patchwarden-roadmap-update

codex/patchwarden-pipeline-policy-bundle

codex/patchwarden-policy-bundle

codex/patchwarden-pipeline

codex/patchwarden-forgejo-client

codex/patchwarden-dev-extras-fail-closed-docs

codex/patchwarden-findings-comments-dry-run

codex/patchwarden-v0-resolve-findings

codex/patchwarden-v0-review-run

codex/patchwarden-v0-pr-check

codex/patchwarden-v0-issue-check

codex/patchwarden-v0-schemas

codex/patchwarden-v0-foundation

claude/docs/cousin-onboarding-pointer

No results found.

Labels

Clear labels   

agent/claude-code

Vistula actor: Claude Code.

  

agent/codex

Vistula actor: Codex.

  

agent/gemini

Vistula actor: Gemini (incl. Claude Opus via Antigravity that commits under the `gemini` identity).

  

agent/hermes

Vistula actor: Hermes Upstream.

  

agent/iskra

Vistula actor: Iskra.

  

agent/ollama

Vistula actor: Ollama or compatible model.

  

agent/patchwarden

Vistula actor: Patchwarden.

  

area:business-model

Pricing, unit economics, revenue, TAM/SAM/SOM

  

area:competitive

Competitive landscape, positioning, category

  

area:discovery

Customer discovery, JTBD, interviews

  

area:forgejo

Forgejo API, workflow, or event integration.

  

area:metrics

KPI tree, OKRs, outcomes, kill criteria

  

area:product-strategy

Vision, strategy, principles — top-level direction

  

area:v0-core

Patchwarden v0 core CLI / policy / artifacts.

  

cagan-grade-approved

Artifact passed operator quality-bar review and is canonical. Set on close per Cagan Package status flow.

  

client:platform

pdurlej/platform first-client integration.

  

dependency/blocked

Vistula dependency state: blocked.

  

dependency/blocks-others

Vistula dependency state: blocks other work.

  

dependency/cross-repo

Vistula dependency scope: cross-repository.

  

dependency/needs-confirmation

Vistula dependency state: needs confirmation.

  

domain:agents

Agent identity, delegation, subagents, routing, or workflows.

  

domain:ci

CI, checks, Actions, runners, or release automation.

  

domain:docs

Documentation, packets, practices, or source-of-truth text.

  

domain:forgejo

Forgejo issues, PRs, labels, repo settings, or identity.

  

domain:infra

Infrastructure, storage, backup, DNS, network, or host substrate.

  

domain:memory

Memory, recall, write gates, salience, or Honcho-adjacent behavior.

  

domain:runtime

Runtime services, deploys, daemons, timers, or live behavior.

  

domain:signal

Signal UX, delivery, context, or outbound behavior.

  

domain:ux

Product UX, operator experience, or conversation ergonomics.

  

flow/architecture

Vistula lifecycle: architecture phase in progress.

  

flow/blocked

Vistula lifecycle: blocked on dependency or decision.

  

flow/deployed

Vistula lifecycle: deployed to runtime where applicable.

  

flow/done

Vistula lifecycle: work merged or otherwise done.

  

flow/implementation

Vistula lifecycle: implementation phase in progress.

  

flow/intake

Vistula lifecycle: incoming signal not refined yet.

  

flow/maintained

Vistula lifecycle: maintained/steady state.

  

flow/observed

Vistula lifecycle: observed after delivery.

  

flow/ready

Vistula lifecycle: ready for architecture or implementation.

  

flow/refining

Vistula lifecycle: Hermes/spec refinement in progress.

  

flow/retired

Vistula lifecycle: retired or intentionally closed.

  

flow/review

Vistula lifecycle: review phase in progress.

  

judge/codex-candidate

Candidate for Codex implementation.

  

judge/hermes-candidate

Candidate for Hermes discovery/research.

  

judge/low-confidence

Judgment confidence is low.

  

judge/needs-refinement

Needs clearer evidence or scope.

  

judge/operator-needed

Needs Piotr decision or input.

  

judge/p0

Urgent, operator attention or unblock now.

  

judge/p1

High value, schedule soon.

  

judge/p2

Useful, normal queue.

  

judge/p3

Low priority, keep but do not chase.

  

judge/park

Parked from current attention.

  

judge/patchwarden-candidate

Needs Patchwarden merge-safety attention.

  

judge/stale-priority

Existing priority judgment appears stale.

  

kind/adr

Vistula work kind: architecture decision record.

  

kind/bug

Vistula work kind: bug fix.

  

kind/chore

Vistula work kind: chore.

  

kind/feature

Vistula work kind: feature.

  

kind/infra

Vistula work kind: infrastructure.

  

kind/ops

Vistula work kind: operations.

  

kind/refactor

Vistula work kind: refactor.

  

kind/research

Vistula work kind: research/discovery.

  

kind:artifact

Cagan-grade product artifact (one of 11 in v1.0 package)

  

kind:decision

Operator decision point requiring explicit choice

  

kind:dogfood

Platform-first dogfood / calibration task.

  

kind:epic

Multi-issue epic with checklist of children

  

kind:implementation

Implementation task for Patchwarden v0.

  

kind:research

Discovery or competitive research deliverable

  

merge/auto

Vistula merge mode: automated merge.

  

merge/manual

Vistula merge mode: manual merge.

  

merge/manual-dependency-conflict

Manual merge reason: dependency conflict.

  

merge/manual-failing-tests

Manual merge reason: failing tests.

  

merge/manual-merge-conflict

Manual merge reason: merge conflict.

  

merge/manual-missing-review

Manual merge reason: missing review.

  

merge/manual-operator-preference

Manual merge reason: operator preference.

  

merge/manual-red-zone

Manual merge reason: red-zone risk.

  

merge/manual-security-sensitive

Manual merge reason: security-sensitive work.

  

merge/manual-unclear-scope

Manual merge reason: unclear scope.

  

merge/manual-unknown

Manual merge reason: unknown.

  

mode:operator-only

Apply step requires explicit operator approval.

  

mode:patchwarden-iskra-approved

Work eligible for Patchwarden/Iskra approval inside repo policy.

  

mode:safe-auto

Low-risk work eligible for lightweight autonomous handling.

  

observed/erroring

Vistula observation: erroring.

  

observed/needs-followup

Vistula observation: needs follow-up.

  

observed/pending

Vistula observation: pending.

  

observed/retire-candidate

Vistula observation: retire candidate.

  

observed/unused

Vistula observation: unused.

  

observed/used

Vistula observation: used.

  

priority:p0

Immediate safety, uptime, data, or operator-blocking issue.

  

priority:p1

Important active work; should be pulled soon.

  

priority:p2

Useful normal-priority work.

  

priority:p3

Opportunistic cleanup, research, or backlog work.

  

ready-for-agent

Atomic enough for a cousin agent to pick up.

  

review:claude-reviewed

Reviewed by Claude-family agent.

  

review:codex-reviewed

Reviewed by Codex-family agent.

  

review:dziadek-reviewed

Reviewed by Dziadek pinch-point reviewer.

  

review:needs-human

Needs human review before merge or apply.

  

safety:external-write

May write to external systems, users, rooms, repos, or services.

  

safety:no-prod-mutation

Must not mutate production or live external state.

  

safety:prod-impact

May affect production/runtime behavior.

  

safety:secret-touch

Touches secrets, credentials, auth, or secret-adjacent config.

  

size/large

Vistula size: large.

  

size/medium

Vistula size: medium.

  

size/small

Vistula size: small.

  

size/tiny

Vistula size: tiny.

  

size/unknown

Vistula size: not classified yet.

  

source/adr

Vistula source: ADR.

  

source/agent-generated

Vistula source: agent generated.

  

source/manual

Vistula source: manual entry.

  

source/operator-chat

Vistula source: operator chat.

  

source/voice-note

Vistula source: voice note.

  

status:blocked

Blocked by missing dependency, evidence, access, or operator decision.

  

status:blocked-on-discovery

Blocking on 5-7 discovery interviews completion

  

status:cagan-grade-review-pending

Artifact drafted; awaiting operator quality-bar review before merge

  

status:codex-ready

Ready for a Codex implementation pass.

  

status:merged:pending-evidence

Merged but waiting for live or artifact evidence before closure.

  

status:needs-evidence

Needs proof, logs, tests, or operator-visible evidence.

  

status:needs-operator-decision

Blocking on operator OD answer

  

status:operator-needed

Requires explicit operator input before safe progress.

  

status:parked

Intentionally deferred; not active campaign work.

  

tier:0-anchor

Cagan tier 0 — anchor artifact (vision, strategy, 4-risks, KPI tree, kill criteria); 3-year + leadership-change tests required

  

tier:0-platform-substrate

Data, secrets, backup, storage, or critical platform substrate.

  

tier:1-core

Cagan tier 1 — core artifact (JTBD, positioning, competitive, discovery, business model); numerical anchor + visible asymmetry required

  

tier:1-iskra-value-layer

Iskra/OpenClaw behavior, memory, runtime, or value-layer work.

  

tier:2-supporting

Cagan tier 2 — supporting artifact (operating principles); standard universal checks

  

tier:2-tools-products-modules

Tools, products, modules, experiments, and lower-blast-radius work.

  

type:bug

Incorrect behavior or regression.

  

type:chore

Maintenance, cleanup, metadata, or operational task.

  

type:docs

Documentation-only work.

  

type:feat

New capability or product behavior.

  

type:policy

Governance, protocol, boundary, or decision-contract change.

  

type:research

Investigation, spike, or evidence-gathering task.

  

wave:1-foundation

Wave 1 — Foundation (Vision Narrative + Competitive Deep-Dive, parallel)

  

wave:2-positioning

Wave 2 — Positioning (JTBD → Dunford Canvas, sequential)

  

wave:3-validation

Wave 3 — Risk & Outcome Architecture (4-Risks + KPI Tree, parallel)

  

wave:4-economics

Wave 4 — Discovery & Economics (Continuous Discovery + Business Model, parallel)

  

wave:5-operating

Wave 5 — Synthesis (Strategy → Kill Criteria → Operating Principles, sequential)

No labels

agent/claude-code

agent/codex

agent/gemini

agent/hermes

agent/iskra

agent/ollama

agent/patchwarden

area:business-model

area:competitive

area:discovery

area:forgejo

area:metrics

area:product-strategy

area:v0-core

cagan-grade-approved

client:platform

dependency/blocked

dependency/blocks-others

dependency/cross-repo

dependency/needs-confirmation

domain:agents

domain:ci

domain:docs

domain:forgejo

domain:infra

domain:memory

domain:runtime

domain:signal

domain:ux

flow/architecture

flow/blocked

flow/deployed

flow/done

flow/implementation

flow/intake

flow/maintained

flow/observed

flow/ready

flow/refining

flow/retired

flow/review

judge/codex-candidate

judge/hermes-candidate

judge/low-confidence

judge/needs-refinement

judge/operator-needed

judge/p0

judge/p1

judge/p2

judge/p3

judge/park

judge/patchwarden-candidate

judge/stale-priority

kind/adr

kind/bug

kind/chore

kind/feature

kind/infra

kind/ops

kind/refactor

kind/research

kind:artifact

kind:decision

kind:dogfood

kind:epic

kind:implementation

kind:research

merge/auto

merge/manual

merge/manual-dependency-conflict

merge/manual-failing-tests

merge/manual-merge-conflict

merge/manual-missing-review

merge/manual-operator-preference

merge/manual-red-zone

merge/manual-security-sensitive

merge/manual-unclear-scope

merge/manual-unknown

mode:operator-only

mode:patchwarden-iskra-approved

mode:safe-auto

observed/erroring

observed/needs-followup

observed/pending

observed/retire-candidate

observed/unused

observed/used

priority:p0

priority:p1

priority:p2

priority:p3

ready-for-agent

review:claude-reviewed

review:codex-reviewed

review:dziadek-reviewed

review:needs-human

safety:external-write

safety:no-prod-mutation

safety:prod-impact

safety:secret-touch

size/large

size/medium

size/small

size/tiny

size/unknown

source/adr

source/agent-generated

source/manual

source/operator-chat

source/voice-note

status:blocked

status:blocked-on-discovery

status:cagan-grade-review-pending

status:codex-ready

status:merged:pending-evidence

status:needs-evidence

status:needs-operator-decision

status:operator-needed

status:parked

tier:0-anchor

tier:0-platform-substrate

tier:1-core

tier:1-iskra-value-layer

tier:2-supporting

tier:2-tools-products-modules

type:bug

type:chore

type:docs

type:feat

type:policy

type:research

wave:1-foundation

wave:2-positioning

wave:3-validation

wave:4-economics

wave:5-operating

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pdurlej/patchwarden#37

No description provided.