Skip to content

[codex] Sync OpenCode and Strix review gates#15

Merged
seonghobae merged 8 commits into
mainfrom
codex/opencode-agent-resilience-20260622
Jun 22, 2026
Merged

[codex] Sync OpenCode and Strix review gates#15
seonghobae merged 8 commits into
mainfrom
codex/opencode-agent-resilience-20260622

Conversation

@seonghobae

Copy link
Copy Markdown
Contributor

Summary

  • sync the canonical OpenCode review gate with GPT-5, DeepSeek R1, and DeepSeek V3 fallback coverage
  • add CodeGraph-backed structural review requirements, failed-check diagnosis, inline review fallback handling, and deterministic low-risk fallback limits
  • sync the Strix gate, model utilities, hashed CI requirements, and self-test coverage, including main, develop, and master push coverage

Validation

  • git diff --check
  • actionlint -shellcheck= -pyflakes= .github/workflows/opencode-review.yml .github/workflows/strix.yml
  • bash -n on synced shell scripts
  • python3 -m py_compile scripts/ci/opencode_review_normalize_output.py

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode model attempts did not produce a usable control block for this run. The trusted gate verified the current-head peer GitHub Checks and human review threads, but it will not approve without source-backed current-head review evidence.

Findings

1. MEDIUM Review Evidence Missing - Rerun OpenCode with usable current-head evidence

  • Problem: OpenCode did not return a valid control block that can be tied to the changed files for head c85f8b074ae18673cc6bd18de117d5918faa9d30.
  • Root cause: The model attempts ended with outcomes primary=failed, fallback=failed, second_fallback=failed; the workflow cannot distinguish a real clean review from invalid or unsupported model output.
  • Fix: Rerun or repair the OpenCode review path until the review names the changed-file evidence it inspected, then let the trusted gate evaluate that valid output.
  • Regression test: Keep invalid OpenCode model output on the request-changes path even when same-head peer checks are otherwise clean.

Summary

All same-head peer GitHub Checks completed without failed or pending contexts, and no unresolved human review threads remained. Approval still requires a valid current-head review summary that names changed-file evidence. Invalid model output is treated as review tooling instability, not as a source-code defect.

  • Result: REQUEST_CHANGES
  • Reason: OpenCode action outcomes were primary=failed, fallback=failed, second_fallback=failed; no valid source-backed review output was available for current head c85f8b074ae18673cc6bd18de117d5918faa9d30.
  • Head SHA: c85f8b074ae18673cc6bd18de117d5918faa9d30
  • Workflow run: 27931553413
  • Workflow attempt: 1

@opencode-agent

opencode-agent Bot commented Jun 22, 2026

Copy link
Copy Markdown

OpenCode Review Overview

  • Head SHA: 328ac3cb49bb3397bef5f6b9f88b1cb567e2b403
  • Workflow run: 27934279524
  • Workflow attempt: 1
  • Gate result: APPROVE (approval step)

Pull request overview

OpenCode model attempts did not produce a usable control block, but the trusted gate verified that this PR has no failed peer GitHub Checks, no pending peer GitHub Checks, no unresolved human review threads, and no merge conflict.

Findings

No blocking findings.

Summary

Deterministic review-tooling bootstrap fallback approval was used because every changed file is limited to OpenCode/Strix review infrastructure and the trusted gate ran bootstrap static validation on the PR-head worktree:

  • .github/workflows/opencode-review.yml
  • .github/workflows/strix.yml
  • requirements-strix-ci-hashes.txt
  • requirements-strix-ci.txt
  • scripts/ci/collect_failed_check_evidence.sh
  • scripts/ci/emit_opencode_failed_check_fallback_findings.sh
  • scripts/ci/opencode_review_approve_gate.sh
  • scripts/ci/strix_model_utils.sh
  • scripts/ci/strix_quick_gate.sh
  • scripts/ci/test_strix_quick_gate.sh
  • scripts/ci/validate_opencode_failed_check_review.sh

Validation performed: optional actionlint when installed, bash syntax checks for review shell scripts, and Python bytecode compilation for the OpenCode normalizer when present.

Validation output:

actionlint unavailable; skipped workflow schema validation.

This fallback is not used for product source, application configuration, dependency lockfiles outside the Strix review bundle, or infrastructure outside the OpenCode/Strix review-tooling allowlist.

  • Result: APPROVE
  • Reason: OpenCode model output was unavailable, but the review-tooling bootstrap allowlist, static validation, peer checks, human thread check, and mergeability gate passed for current head 328ac3cb49bb3397bef5f6b9f88b1cb567e2b403.
  • Head SHA: 328ac3cb49bb3397bef5f6b9f88b1cb567e2b403
  • Workflow run: 27934279524
  • Workflow attempt: 1

Risk Graph

flowchart LR
  Change[Changed surface] --> Risk[Main risk]
  Risk --> Fix[Smallest fix]
  Fix --> Verify[Verification]
Loading

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head evidence but could not verify peer GitHub Checks before approval.

Findings

1. HIGH .github/workflows/opencode-review.yml:1 - GitHub Checks statusCheckRollup could not be read before approval

  • Problem: GitHub Checks statusCheckRollup could not be read for the current head.

  • Root cause: OpenCode cannot safely approve without verifying the same-head check rollup.

  • Fix: Re-run OpenCode after GitHub statusCheckRollup is readable.

  • Regression test: Keep the approval gate failing closed when check rollup lookup fails.

  • Result: REQUEST_CHANGES

  • Reason: GitHub Checks statusCheckRollup could not be read for current head 8352e40f35a598bd434c9dede7c205305b5c82e4.

  • Head SHA: 8352e40f35a598bd434c9dede7c205305b5c82e4

  • Workflow run: 27932181415

  • Workflow attempt: 1

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode model attempts did not produce a usable control block for this run. The trusted gate verified the current-head peer GitHub Checks and human review threads, but it will not approve without source-backed current-head review evidence.

Findings

1. MEDIUM Review Evidence Missing - Rerun OpenCode with usable current-head evidence

  • Problem: OpenCode did not return a valid control block that can be tied to the changed files for head b11ac2fc6852c34d247525da757d500036d02ceb.
  • Root cause: The model attempts ended with outcomes primary=failed, fallback=failed, second_fallback=failed; the workflow cannot distinguish a real clean review from invalid or unsupported model output.
  • Fix: Rerun or repair the OpenCode review path until the review names the changed-file evidence it inspected, then let the trusted gate evaluate that valid output.
  • Regression test: Keep invalid OpenCode model output on the request-changes path even when same-head peer checks are otherwise clean.

Summary

All same-head peer GitHub Checks completed without failed or pending contexts, and no unresolved human review threads remained. Approval still requires a valid current-head review summary that names changed-file evidence. Invalid model output is treated as review tooling instability, not as a source-code defect.

  • Result: REQUEST_CHANGES
  • Reason: OpenCode action outcomes were primary=failed, fallback=failed, second_fallback=failed; no valid source-backed review output was available for current head b11ac2fc6852c34d247525da757d500036d02ceb.
  • Head SHA: b11ac2fc6852c34d247525da757d500036d02ceb
  • Workflow run: 27933069023
  • Workflow attempt: 1

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode model attempts did not produce a usable control block, but the trusted gate verified that this PR has no failed peer GitHub Checks, no pending peer GitHub Checks, no unresolved human review threads, and no merge conflict.

Findings

No blocking findings.

Summary

Deterministic review-tooling bootstrap fallback approval was used because every changed file is limited to OpenCode/Strix review infrastructure and the trusted gate ran bootstrap static validation on the PR-head worktree:

  • .github/workflows/opencode-review.yml
  • .github/workflows/strix.yml
  • requirements-strix-ci-hashes.txt
  • requirements-strix-ci.txt
  • scripts/ci/collect_failed_check_evidence.sh
  • scripts/ci/emit_opencode_failed_check_fallback_findings.sh
  • scripts/ci/opencode_review_approve_gate.sh
  • scripts/ci/strix_model_utils.sh
  • scripts/ci/strix_quick_gate.sh
  • scripts/ci/test_strix_quick_gate.sh
  • scripts/ci/validate_opencode_failed_check_review.sh

Validation performed: optional actionlint when installed, bash syntax checks for review shell scripts, and Python bytecode compilation for the OpenCode normalizer when present.

Validation output:

actionlint unavailable; skipped workflow schema validation.

This fallback is not used for product source, application configuration, dependency lockfiles outside the Strix review bundle, or infrastructure outside the OpenCode/Strix review-tooling allowlist.

  • Result: APPROVE
  • Reason: OpenCode model output was unavailable, but the review-tooling bootstrap allowlist, static validation, peer checks, human thread check, and mergeability gate passed for current head 328ac3cb49bb3397bef5f6b9f88b1cb567e2b403.
  • Head SHA: 328ac3cb49bb3397bef5f6b9f88b1cb567e2b403
  • Workflow run: 27934279524
  • Workflow attempt: 1

@seonghobae seonghobae merged commit a23e992 into main Jun 22, 2026
4 checks passed
@seonghobae seonghobae deleted the codex/opencode-agent-resilience-20260622 branch June 22, 2026 06:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant