mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-08 03:01:47 +00:00
chore: harden blocker packet validator scope
This commit is contained in:
NplusM420
parent
25d371dbe2
commit
25c536c669
3 changed files with 43 additions and 1 deletions
|
|
@ -35,7 +35,7 @@ This starter kit now packages the proof line, not just the kickoff gap, so the s
|
||||||
- `scripts/sync-reviewer-handoff-baseline.sh` — keeps `latest-reviewer-handoff.md` aligned to the live PR head/base before state-change detection; polls GitHub mergeability before writing so the handoff does not regress to first-response `mergeability unknown` noise
|
- `scripts/sync-reviewer-handoff-baseline.sh` — keeps `latest-reviewer-handoff.md` aligned to the live PR head/base before state-change detection; polls GitHub mergeability before writing so the handoff does not regress to first-response `mergeability unknown` noise
|
||||||
- `scripts/refresh-upstream-blocker-packet.sh` — one-command refresh that syncs the reviewer handoff, reruns the state-change detector, PR monitor, CI interpreter, and approval trigger together, then emits a consolidated blocker packet from the same live PR state; prints `UPSTREAM_BLOCKER_PACKET_UNCHANGED` when the blocker signature is materially identical to the previous latest packet so cron can distinguish revalidation from a real transition; unchanged runs restore prior `latest-*` files and delete just-created timestamped component artifacts so approval-wait cron passes do not dirty the workspace with no-movement files
|
- `scripts/refresh-upstream-blocker-packet.sh` — one-command refresh that syncs the reviewer handoff, reruns the state-change detector, PR monitor, CI interpreter, and approval trigger together, then emits a consolidated blocker packet from the same live PR state; prints `UPSTREAM_BLOCKER_PACKET_UNCHANGED` when the blocker signature is materially identical to the previous latest packet so cron can distinguish revalidation from a real transition; unchanged runs restore prior `latest-*` files and delete just-created timestamped component artifacts so approval-wait cron passes do not dirty the workspace with no-movement files
|
||||||
- `scripts/verify-unchanged-refresh-hygiene.sh` — proof harness for the external-wait loop breaker; snapshots canonical `latest-*` hashes and timestamped artifact names, runs the one-command refresh, and proves an unchanged blocker refresh leaves no local artifact churn behind
|
- `scripts/verify-unchanged-refresh-hygiene.sh` — proof harness for the external-wait loop breaker; snapshots canonical `latest-*` hashes and timestamped artifact names, runs the one-command refresh, and proves an unchanged blocker refresh leaves no local artifact churn behind
|
||||||
- `scripts/validate-artifact-consistency.sh` — fail-closed consistency check that requires every canonical blocker artifact to record the same live head/base pair before the packet is trusted
|
- `scripts/validate-artifact-consistency.sh` — fail-closed consistency check that requires the consolidated blocker packet plus every canonical component blocker artifact to record the same live head/base pair before the packet is trusted
|
||||||
- `artifacts/latest-current-gap-report.md` — most recent proof packet emitted by the gap verifier
|
- `artifacts/latest-current-gap-report.md` — most recent proof packet emitted by the gap verifier
|
||||||
- `artifacts/latest-broken-state-roundtrip.md` — canonical blocked-state proof packet with before/after doctor output
|
- `artifacts/latest-broken-state-roundtrip.md` — canonical blocked-state proof packet with before/after doctor output
|
||||||
- `artifacts/latest-pr-review-monitor.md` — canonical live review/merge monitor for PR `#14297`
|
- `artifacts/latest-pr-review-monitor.md` — canonical live review/merge monitor for PR `#14297`
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,41 @@
|
||||||
|
# Delegation Readiness Doctor — Validator Scope Hardening
|
||||||
|
|
||||||
|
Generated: 2026-04-23 21:57 CDT
|
||||||
|
|
||||||
|
## Why this artifact exists
|
||||||
|
The live upstream blocker stayed externally unchanged, so this block did not create another approval-wait status packet or repost the maintainer nudge. Instead, Hermes closed a local trust gap in the blocker-packet validator.
|
||||||
|
|
||||||
|
## Gap found
|
||||||
|
`validate-artifact-consistency.sh` checked the component artifacts but did not check the consolidated packet that recurring momentum blocks actually trust: `artifacts/latest-upstream-blocker-refresh.md`.
|
||||||
|
|
||||||
|
That meant a future drift where the consolidated packet disagreed with the component artifacts could still pass the consistency check.
|
||||||
|
|
||||||
|
## Correction made
|
||||||
|
- Added `latest-upstream-blocker-refresh.md` to the validator's canonical artifact list.
|
||||||
|
- Updated the starter-kit README so the validator contract now explicitly covers the consolidated blocker packet plus every canonical component artifact.
|
||||||
|
|
||||||
|
## Verification
|
||||||
|
Command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
bash -n starter-kits/delegation-readiness-doctor/scripts/validate-artifact-consistency.sh \
|
||||||
|
&& bash starter-kits/delegation-readiness-doctor/scripts/validate-artifact-consistency.sh \
|
||||||
|
&& bash starter-kits/delegation-readiness-doctor/scripts/verify-unchanged-refresh-hygiene.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Result:
|
||||||
|
|
||||||
|
```text
|
||||||
|
- latest-upstream-blocker-refresh.md: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
- latest-workflow-approval-state-change.md: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
- latest-pr-review-monitor.md: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
- latest-ci-result-interpreter.md: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
- latest-workflow-approval-trigger.md: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
- latest-workflow-approval-brief.md: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
|
||||||
|
CONSISTENT: head=25d371dbe2cfe9d466e3b344028265ec36b782c9 | base=6fdbf2f2d76cf37393e657bf37ceda3d84589200
|
||||||
|
UNCHANGED_REFRESH_HYGIENE_PROVED
|
||||||
|
```
|
||||||
|
|
||||||
|
## Current blocker after this correction
|
||||||
|
Maintainer workflow approval / first real upstream CI movement remains the only external blocker for PR `#14297`. The maintainer nudge is already posted and should not be reposted unless the blocker signature changes materially.
|
||||||
|
|
@ -12,6 +12,7 @@ from pathlib import Path
|
||||||
|
|
||||||
artifacts_dir = Path(sys.argv[1])
|
artifacts_dir = Path(sys.argv[1])
|
||||||
artifacts = [
|
artifacts = [
|
||||||
|
'latest-upstream-blocker-refresh.md',
|
||||||
'latest-workflow-approval-state-change.md',
|
'latest-workflow-approval-state-change.md',
|
||||||
'latest-pr-review-monitor.md',
|
'latest-pr-review-monitor.md',
|
||||||
'latest-ci-result-interpreter.md',
|
'latest-ci-result-interpreter.md',
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue