Slipstream/auto_review
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 27 Packages Activity Actions

fix(opencode): require delegated RGR RED approval #283

Merged
jwilger merged 4 commits from fix/rgr-approval-guardrails into main 2026-05-20 16:16:24 -07:00
Conversation 1 Commits 4 Files changed 4 +218 -27
jwilger commented 2026-05-20 16:11:29 -07:00
Owner
Copy link

Why:

  • Direct orchestrator RED approval could bypass the test-reviewer veto path, making RGR approval advisory instead of deterministic.
  • Delegated rgr-test-reviewer sessions also lacked recorded parent RED context, which explained why the reviewer could report that RED had not been recorded after the orchestrator had called rgr_record_red.

What:

  • Require rgr_approve_red to be called by an explicitly delegated rgr-test-reviewer session.
  • Inject the parent RGR RED command/output into delegated rgr-test-reviewer task prompts.
  • Update the reviewer agent contract to explicitly call rgr_approve_red when approving valid RED evidence.
  • Migrate RGR plugin tests to the delegated reviewer approval helper.

Validation:

  • rtk node --test --test-name-pattern "requires delegated reviewer approval and propagates parent RED context to rgr-test-reviewer" .opencode/plugin-tests/auto-review-discipline-rgr.test.ts
  • rtk node --test .opencode/plugin-tests/auto-review-discipline-rgr.test.ts
  • rtk node --test .opencode/plugin-tests/auto-review-config.test.ts --test-name-pattern "only rgr-test-reviewer is instructed to invoke RED approval"
  • rtk just opencode-test

Note:

  • opencode config/plugin/agent changes require restarting opencode for the running session to load the new guardrails.
Why: - Direct orchestrator RED approval could bypass the test-reviewer veto path, making RGR approval advisory instead of deterministic. - Delegated `rgr-test-reviewer` sessions also lacked recorded parent RED context, which explained why the reviewer could report that RED had not been recorded after the orchestrator had called `rgr_record_red`. What: - Require `rgr_approve_red` to be called by an explicitly delegated `rgr-test-reviewer` session. - Inject the parent RGR RED command/output into delegated `rgr-test-reviewer` task prompts. - Update the reviewer agent contract to explicitly call `rgr_approve_red` when approving valid RED evidence. - Migrate RGR plugin tests to the delegated reviewer approval helper. Validation: - `rtk node --test --test-name-pattern "requires delegated reviewer approval and propagates parent RED context to rgr-test-reviewer" .opencode/plugin-tests/auto-review-discipline-rgr.test.ts` - `rtk node --test .opencode/plugin-tests/auto-review-discipline-rgr.test.ts` - `rtk node --test .opencode/plugin-tests/auto-review-config.test.ts --test-name-pattern "only rgr-test-reviewer is instructed to invoke RED approval"` - `rtk just opencode-test` Note: - opencode config/plugin/agent changes require restarting opencode for the running session to load the new guardrails.
Why:
- Direct orchestrator RED approval bypassed the reviewer veto path and made RGR discipline advisory instead of deterministic.
- Reviewer subagents also lacked parent RED context, causing false vetoes after RED had already been recorded.

What:
- Gate rgr_approve_red through delegated rgr-test-reviewer sessions.
- Inject recorded parent RED command/output into rgr-test-reviewer task prompts.
- Add a focused regression test covering parent blocking, unrelated-session blocking, delegated approval, and RED context propagation.

Validation:
- rtk node --test --test-name-pattern "requires delegated reviewer approval and propagates parent RED context to rgr-test-reviewer" .opencode/plugin-tests/auto-review-discipline-rgr.test.ts
Why:
- RGR plugin tests must follow the same delegated reviewer approval path now enforced by the guardrail.

What:
- Add a focused test helper that delegates to rgr-test-reviewer before approving RED.
- Migrate the first failing plugin test setup to the helper.

Validation:
- rtk node --test --test-name-pattern "blocks production Rust edit tool changes on main after RED approval" .opencode/plugin-tests/auto-review-discipline-rgr.test.ts
Why:
- Existing RGR plugin tests must exercise the delegated reviewer approval flow enforced by the guardrail.

What:
- Replace direct parent RED approvals in the RGR plugin suite with the delegated reviewer helper.

Validation:
- rtk node --test .opencode/plugin-tests/auto-review-discipline-rgr.test.ts
fix(opencode): document reviewer RED approval
All checks were successful
CI / Classify changed paths (pull_request) Successful in 1s
Details
CI / Clippy (pull_request) Has been skipped
Details
CI / Format check (pull_request) Has been skipped
Details
CI / Test (pull_request) Has been skipped
Details
CI / Dependency policy (pull_request) Has been skipped
Details
CI / Build (pull_request) Has been skipped
Details
CI / Request auto_review semantic review (pull_request) Successful in 1s
Details
CI / opencode plugin tests (pull_request) Successful in 9s
Details
CI / Build PR artifacts (no token) (pull_request) Has been skipped
Details
auto_review auto_review: no findings
77152a4980
 
Why:
- RED approval authority now belongs to delegated rgr-test-reviewer sessions, so the reviewer contract must explicitly name the approval tool.

What:
- Instruct rgr-test-reviewer to call rgr_approve_red when approving valid RED evidence.
- Add a config contract test ensuring non-reviewer RGR agents are not instructed to approve RED.

Validation:
- rtk node --test .opencode/plugin-tests/auto-review-config.test.ts --test-name-pattern "only rgr-test-reviewer is instructed to invoke RED approval"
auto-review approved these changes 2026-05-20 16:11:50 -07:00
auto-review left a comment
Copy link

The PR introduces a requirement for RED approval to be conducted through a delegated rgr-test-reviewer session, enhancing the security and determinism of the approval process. The changes include updates to agent contracts, test cases, and plugin logic to enforce this new workflow. The modifications appear well-structured and safe to merge.

Walkthrough

  • .opencode/agents/rgr-test-reviewer.md:
    • Updated to require rgr_approve_red call for RED approval, ensuring the process is explicit and role-specific.
  • .opencode/plugin-tests/auto-review-config.test.ts:
    • Added a test to verify that only rgr-test-reviewer is instructed to invoke RED approval, ensuring role-specific responsibilities.
  • .opencode/plugin-tests/auto-review-discipline-rgr.test.ts:
    • Introduced approveRedViaDelegatedReviewer function to centralize approval logic.
    • Added a comprehensive test to validate the new approval flow and context propagation.
  • .opencode/plugins/auto-review-discipline.ts:
    • Added isRgrTestReviewerTask function to identify reviewer tasks.
    • Introduced redApprovalReviewerSessions map to track delegated sessions for RED approval.
    • Enhanced logic to inject parent RED context into reviewer task prompts, ensuring context awareness.

LLM usage and cost

The PR introduces a requirement for RED approval to be conducted through a delegated `rgr-test-reviewer` session, enhancing the security and determinism of the approval process. The changes include updates to agent contracts, test cases, and plugin logic to enforce this new workflow. The modifications appear well-structured and safe to merge. ## Walkthrough - **.opencode/agents/rgr-test-reviewer.md**: - Updated to require `rgr_approve_red` call for RED approval, ensuring the process is explicit and role-specific. - **.opencode/plugin-tests/auto-review-config.test.ts**: - Added a test to verify that only `rgr-test-reviewer` is instructed to invoke RED approval, ensuring role-specific responsibilities. - **.opencode/plugin-tests/auto-review-discipline-rgr.test.ts**: - Introduced `approveRedViaDelegatedReviewer` function to centralize approval logic. - Added a comprehensive test to validate the new approval flow and context propagation. - **.opencode/plugins/auto-review-discipline.ts**: - Added `isRgrTestReviewerTask` function to identify reviewer tasks. - Introduced `redApprovalReviewerSessions` map to track delegated sessions for RED approval. - Enhanced logic to inject parent RED context into reviewer task prompts, ensuring context awareness. ## LLM usage and cost - Reasoning (gpt-4o) in=6785 out=825 cost=$0.046300 - Cheap (gpt-4o-mini) in=560 out=44 cost=$0.000110 Estimated total USD: $0.046410 via https://api.openai.com and https://api.openai.com
jwilger deleted branch fix/rgr-approval-guardrails 2026-05-20 16:16:24 -07:00
Sign in to join this conversation.
Reviewers
No reviewers
auto-review
Labels
Clear labels   
bug

   
discussion

   
enhancement
  
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
bug
discussion
enhancement
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Slipstream/auto_review!283
No description provided.