Skip to content

Merged-change revert guard is INCONCLUSIVE on every run: agent sandbox has no git credentials and 'failing closed' is only an echo #331

Description

@norrietaylor

Summary

The merged-change revert guard (#287's fix, PR #288) cannot reach a conclusive answer in the environment it runs in: the sandboxed execute agent's checkout has no git credentials, so every history-deepening fetch in the guard fails, merge-base returns nothing, and the guard prints INCONCLUSIVE … failing closed — which, because the guard is prompt-embedded bash whose "fail closed" is an echo, blocks nothing. On the evaluated pilot run the guard was inconclusive on every invocation while two live #326-class incidents merged (one deleted doc never restored). The suite's only dedicated anti-revert control is inoperative in production.

Evidence

Guard source: .github/workflows/sdd-execute-sonnet.md:683 (same block in the opus/haiku variants) — the fetch ladder:

git fetch --no-tags --unshallow origin ... \
  || git fetch --no-tags --deepen=500 origin ... \
  || git fetch --no-tags origin ...

From a pilot execute-run agent transcript (run artifacts; see docs/specs/03-spec-run-evaluation/evidence/_retro-report.md):

fatal: could not read Username for 'https://github.com': No such device or address
revert-guard: INCONCLUSIVE: no merge-base with origin/main; failing closed

All three fetch forms fail identically (no credential helper in the agent sandbox; the checkout token is not persisted for ad-hoc git fetch), so the guard can only ever conclude INCONCLUSIVE on any branch whose shallow checkout lacks the divergence point — i.e. precisely the stale-base branches the guard exists to catch. The run then proceeds: "failing closed" has no enforcement teeth (no exit, no required check; downstream behavior is up to the agent).

Consequences observed in the evaluated run (all post-#287-fix): an agent arch PR deleted a 308-line merged spike doc with green checks (never restored); a later PR's initial diff was a five-way stale-base revert bundle that sat warning-only for 13.5 h. The #326 generalization (net-diff-vs-main as a required, re-run-on-push check) remains the real fix; this issue covers making the existing guard operative meanwhile.

Fix

  1. Give the guard a working fetch path: persist credentials for the agent's git (or pre-deepen the checkout in the workflow's deterministic setup steps, before the agent runs — fetch-depth: 0 for the base branch ref costs little and removes the credential dependence entirely).
  2. Give "failing closed" teeth: run the guard as a deterministic step whose non-zero exit blocks PR creation/update, not as prompt bash — INCONCLUSIVE and REVERT-RISK should both be blocking outcomes with a needs-human hand-off, per the guard's own comment.
  3. Assert non-shallow before scanning and report a guard-self-failure distinctly from a clean pass (the run-evaluation spec's collector treats "the scan itself failed" as its own signal).

Related

#287 (origin incident + point fix), #317 (spec-side variant), #326 (open generalization this does not replace).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions