readyblockedneeds helpallepicskb

Add shell-level build verification gate before dev auto-promotes to review

t-587.3·WorkTask·
·
·
·Omni/Ide.hs
Parent:t-587·Created1 week ago·Updated1 week ago

Description

Edit

Add shell-level build verification gate before dev auto-promotes to review.

Problem: Currently run_single_task promotes dev → review purely based on "a new commit SHA appeared." But the dev agent might have committed code that doesn't build. The dev workflow markdown tells the agent to verify, but there's no enforcement at the shell level.

Implement: 1. After the agentd dev run completes successfully AND a new commit exists, run a verification step in the shell script before promoting. 2. Extract the namespace from the task JSON (taskNamespace field). 3. If namespace is set, run bild <namespace> in the workspace and check exit code. 4. Only promote to review if bild passes. 5. If bild fails, add a task comment with the failure output and leave status as in-progress (let the retry loop handle it). 6. If namespace is not set, skip verification (or try to infer from changed files).

Files: Omni/Ide/dev-review-release.sh

Timeline (13)

🔄[human]Open → InProgress1 week ago
💬[human]1 week ago

Implemented build verification gate in dev-review-release.sh:

Changes:

  • After dev agent produces a new commit, now extracts taskNamespace from task JSON
  • If namespace is set, runs bild <namespace> in the workspace
  • Only promotes to review if build passes
  • On build failure, adds task comment with build output and leaves status as in-progress for retry
  • If namespace not set, skips verification with log message

Verification:

  • Syntax-checked shell script structure
  • Modified promotion logic at lines 629-671
  • One commit on branch t-587.3

Files changed:

  • Omni/Ide/dev-review-release.sh (+35, -4 lines)

Commit: 13a7ccf6765288ac4e1a2767cb3f250ac1a485e0

🔄[human]InProgress → Review1 week ago
💬[human]1 week ago

Review (patchset 1): Code review complete. The change is clean and well-structured.

What it does: Inserts a build verification gate (bild <namespace>) between 'dev agent produced a commit' and 'promote to review status'. If build fails, it leaves status as-is and comments the failure output. If namespace is unset, it skips verification (safe fallback).

Verified:

  • bash -n syntax check passes
  • Single file changed (Omni/Ide/dev-review-release.sh), 35 insertions / 4 deletions
  • Exactly 1 commit on branch relative to live
  • Task-Id trailer present
  • Logic is correct: namespace extraction, conditional build, gated promotion, failure comment with output
  • Consistent with existing patterns (log, task comment, jq usage)

Minor notes (non-blocking):

  • Two lines have trailing whitespace (lines 635, 657 in the diff) - cosmetic only
  • On build failure, record_retry_attempt is NOT called, meaning the retry/backoff counter won't increment for build failures specifically. The description says 'let the retry loop handle it' which will re-run the whole dev agent, so this is acceptable behavior - the dev agent itself will produce a new run that can fail and record retries. This is a design choice, not a bug.

Approving.

🔄[human]Review → Approved1 week ago
💬[human]1 week ago

Integration FAILED. Build verification failed with error: 'parsing Int failed, expected Number, but encountered String'

The commit cherry-picked cleanly onto live, but bild Omni/Ide.hs failed. This is a pre-existing issue with the build system, NOT caused by the changes in this task (the modified file is a shell script, not Haskell).

The sh -n syntax check also reported 'line 208: syntax error: unexpected redirection' but this appears to be a limitation of sh vs bash - line 208 uses the here-string syntax (<<<) which is valid in bash (the file's shebang) but not in plain sh.

Setting status back to open. The build failure needs investigation - the namespace Omni/Ide.hs may not be buildable or may have configuration issues.

🔄[human]Approved → Open1 week ago
💬[human]1 week ago

Integrated commit 13a7ccf6 onto live as 2ce42f8e manually. Original integrator run blocked due inconsistent container bild namespace error (tracked in t-589). Change itself is shell-level gate logic in dev-review-release.sh and cherry-picks cleanly.

🔄[human]Open → Done1 week ago