Skip to content

feat(tier4): settle_tier4_pr.py — one-command --settle-apply + receipt-backed preapproval gate#8382

Closed
an0mium wants to merge 38 commits into
mainfrom
claude/busy-goldberg-2khm5j
Closed

feat(tier4): settle_tier4_pr.py — one-command --settle-apply + receipt-backed preapproval gate#8382
an0mium wants to merge 38 commits into
mainfrom
claude/busy-goldberg-2khm5j

Conversation

@an0mium

@an0mium an0mium commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator

Problem

Settling a Tier 4 PR currently means running a fragile multi-step dance per PR, as the active scarmani identity:

  1. review-queue record-settlement --head-sha <HEAD> --action approve --reason ... --json
  2. gh api --method POST repos/synaptent/aragora/statuses/<HEAD> -f state=success -f context=aragora/human-settlement ...
  3. find the failed aragora-merge-quorum run id by hand from the check-runs URL
  4. gh run rerun <RUN_ID> --failed

Step 3 is the error-prone one — pasting a <RUN_ID> placeholder verbatim fails, and the per-PR repetition adds real operator toil while draining the ODR settlement queue.

Change (commit 1 — --settle-apply)

Adds a --settle-apply mode to scripts/settle_tier4_pr.py that chains all four steps in one gated command:

python3 scripts/settle_tier4_pr.py --settle-apply --pr <PR> --head <HEAD> --trusted-operator-login scarmani
  • Reuses the existing --settle-only trusted-invoker gate (two-pass evaluate_tier4_settlement_preconditions): refuses unless the live gh login is in the trusted operator allowlist. It never merges and never elevates privilege.
  • Records the durable external-settlement receipt via review-queue record-settlement (reason templated, overridable with --reason).
  • Posts the exact-head settlement comment/status, idempotently — skipped when aragora/human-settlement is already success at the head.
  • Reruns only the failed aragora-merge-quorum jobs, looking up the run id automatically from the head's check-runs. No-op when there is no failed run.

The tested --settle-only and --merge-apply paths are left byte-for-byte unchanged.

Change (commit 2 — receipt-backed preapproval gate)

Closes a real divergence between the two Tier-4 settlement tools. settle_tier4_pr.py --check accepted a Tier-4 PR on the strength of the repo-visible settlement comment + aragora/human-settlement status alone, while review_queue's merge-packet correctly requires those signals to be backed by a local, operator-controlled human-risk receipt (human_preapproval_recorded). Because the settle helper's own --settle-only path posts the status without writing that receipt, the two tools diverged: --check would authorize a PR that merge-packet still blocks, and a receipt-less automated settlement could self-clear Tier-4.

This tightens the lax checker to match the strict gate: --check now refuses when merge-packet reports requires_human_preapproval=true and human_preapproval_recorded=false, and points the operator at the existing atomic writer (review-queue record-settlement --action approve --post-github-status, which writes the receipt and status together so a green status can never exist without its backing receipt). This preserves the local receipt as the one signal automation cannot forge from GitHub comments/status alone.

Relationship to #8406

#8406 fixes the same divergence in the opposite direction — it loosens review_queue merge-packet so the repo-visible comment+status pair alone clears human_preapproval_recorded, dropping the local-receipt requirement. That defeats the documented intent of the receipt (review_queue.py:_has_recorded_human_risk_settlement: "must not infer approval from GitHub comments alone") and lets a receipt-less automated settlement self-clear Tier-4. This PR's commit 2 is the safer resolution (raise the lax tool to the strict requirement, not lower the strict tool to the lax one). Recommend dropping #8406's review_queue.py preapproval hunk while keeping its genuinely-good REST-fallback / strict-branch-protection fail-closed parts.

Validation

  • pytest tests/scripts/test_settle_tier4_pr.py → 64 passed (+12 total new across both commits), 1 pre-existing environmental failure (test_untrusted_member_comment_does_not_authorize shells out to a real gh binary not present in the sandbox; fails identically on unmodified main).
  • New preapproval tests: unrecorded receipt blocks --check with the receipt blocker and yields no authorized actions; recorded receipt clears it; helper truth-table (requires/recorded, non-preapproval PR, unknown PR).
  • ruff check + ruff format --check clean on both files.

Tier

Touches scripts/settle_tier4_pr.py, a Tier 4 merge-authority surface — so this PR will itself require Tier 4 settlement.


Generated by Claude Code

@an0mium an0mium force-pushed the claude/busy-goldberg-2khm5j branch 2 times, most recently from 2cad937 to 7d50312 Compare June 14, 2026 02:44
Collapses the manual per-PR Tier 4 settlement dance (record-settlement →
post aragora/human-settlement status → look up failed quorum run id →
rerun) into a single gated command, eliminating the error-prone run-id
substitution step.

`--settle-apply --pr N --head <sha>`:
- reuses the existing --settle-only trusted-invoker gate (two-pass
  evaluate_tier4_settlement_preconditions; refuses unless the live gh
  login is in the trusted operator allowlist), so it never merges and
  never elevates privilege;
- writes the durable external-settlement receipt via
  `review-queue record-settlement` (reason templated, overridable with
  --reason);
- posts the exact-head settlement comment/status (idempotent: skipped
  when aragora/human-settlement is already success at head);
- reruns only the failed aragora-merge-quorum jobs, looking up the run
  id automatically from the head's check-runs (no-op when there is no
  failed run — the gate re-evaluates on its own).

The tested --settle-only and --merge-apply paths are left byte-for-byte
unchanged; --settle-apply is a new mutually-exclusive mode with its own
main() branch. Adds 9 unit tests (url/run-id parsing, rerun targeting,
happy path, idempotent skip, untrusted-invoker refusal).

Part of the Tier 4 settlement ergonomics; reduces operator toil draining
the ODR settlement queue.

https://claude.ai/code/session_018jfJj5gb9VoLs6VBMnzhrP
settle_tier4_pr.py --check accepted a Tier-4 PR on the strength of the
repo-visible settlement comment + aragora/human-settlement status alone,
while review_queue's merge-packet correctly requires those signals to be
backed by a local, operator-controlled human-risk receipt
(human_preapproval_recorded). Because the settle helper's own --settle-only
path posts the status WITHOUT writing that receipt, the two tools diverged:
--check authorized PRs that merge-packet still blocked, and a receipt-less
automated settlement could self-clear Tier-4.

Tighten the lax checker to match the strict gate: --check now refuses when
merge-packet reports requires_human_preapproval=true and
human_preapproval_recorded=false, pointing at the existing atomic writer
(review-queue record-settlement --action approve --post-github-status). This
preserves the local receipt as the one signal automation cannot forge from
GitHub comments/status alone, and keeps settle_tier4_pr.py --check in
agreement with merge-packet.

https://claude.ai/code/session_018jfJj5gb9VoLs6VBMnzhrP
@an0mium an0mium changed the title feat(tier4): one-command --settle-apply for settle_tier4_pr.py feat(tier4): settle_tier4_pr.py — one-command --settle-apply + receipt-backed preapproval gate Jun 15, 2026
@scarmani

Copy link
Copy Markdown
Collaborator

Grok independent model review

Reviewer: grok (xai) - independent adversarial model review via the Aragora Grok reviewer, grounded on the exact PR head.
Head: 70f2694 (70f2694), committed 2026-06-15T03:05:40Z.
PR: #8382.
Model family: grok
Model id: grok-4-latest
Receipt artifact: collect_quorum_evidence.py dry-run stdout in Codex Desktop session for PR #8382 at 2026-06-15T03:12Z

Verdict: PASS

  • No blocking issues found. The added human-preapproval receipt gate (_packet_requires_unrecorded_human_preapproval + checks in evaluate_tier4_gate/_operator_authorized_actions) correctly enforces the two-signal invariant and matches review-queue behavior.
  • --settle-apply path safely re-uses the existing trusted-operator + precondition machinery (double evaluate call with require_trusted_invoker); _record_settlement + _apply_settlement_signal + _rerun_failed_quorum are isolated and idempotent when status already present.
  • URL parsing (_run_id_from_url), quorum filtering, and error paths have no injection/command risks; all new commands are static lists with validated args.
  • Test coverage is thorough for the new paths and edge cases (unrecorded/recorded, untrusted invoker, no-op reruns). No regressions to prior --check/--settle-only flows.

This is review evidence only; it is not merge authorization and not Tier 4 settlement/preapproval authorization.

dogfood: yes

@scarmani

Copy link
Copy Markdown
Collaborator

Claude independent model review

Reviewer: claude (anthropic) - independent adversarial model review via the Aragora Claude reviewer, grounded on the exact PR head.
Head: 70f2694 (70f2694), committed 2026-06-15T03:05:40Z.
PR: #8382.
Model family: claude
Model id: claude-opus-4-8
Receipt artifact: collect_quorum_evidence.py dry-run stdout in Codex Desktop session for PR #8382 at 2026-06-15T03:22Z

Verdict: PASS

No blocking issues found. The change is well-structured, the new receipt-backed blocker correctly mirrors review_queue's strict two-signal gate, and --settle-apply properly re-runs preconditions with require_trusted_invoker=True before any side effects.

Minor observations (non-blocking):

  • [P3] scripts/settle_tier4_pr.py:_quorum_run_ids (~L1480): ?per_page=100 without pagination - silently misses older runs on commits with >100 check-runs. Vanishingly rare for a single SHA, and the helper already short-circuits to a no-op if no failed run is found, so behavior degrades safely.
  • [P3] scripts/settle_tier4_pr.py:main --settle-apply branch (~L1750): preconditions evaluated twice (once without invoker, once with require_trusted_invoker=True); the first call's result is discarded. Wasteful but correct; second call is the authoritative gate.
  • [P3] scripts/settle_tier4_pr.py (~L1671): --reason is added at the top-level parser, so it is silently accepted by --check, --apply, --settle-only even though only --settle-apply consumes it. Cosmetic.
  • [P3] _rerun_failed_quorum (~L1520): if multiple aragora-merge-quorum runs share a failure conclusion at the same head, only the first is rerun. GitHub aggregates by latest, so the gate still re-evaluates correctly once any rerun completes.

Security/regression checks I specifically looked for and cleared:

  • Receipt recording uses list-form argv, not shell - no injection via --reason/--head.
  • _record_settlement is unreachable until the trusted-invoker gate passes; the untrusted-invoker test exercises the refuse path with an AssertionError sentinel.
  • New HUMAN_PREAPPROVAL_RECEIPT_BLOCKER is only injected into evaluate_tier4_gate and _operator_authorized_actions, not into evaluate_tier4_settlement_preconditions - so --settle-apply can still proceed to write the receipt without bootstrap deadlock.
  • _record_settlement runs before the comment/status post; on partial failure (receipt written, status not posted), retry is safe - the receipt is idempotent and the status post is gated on _human_settlement_status_is_success.
  • Conclusion lowercased and None-safe; pending/in-progress quorum runs correctly skipped.

This is review evidence only; it is not merge authorization and not Tier 4 settlement/preapproval authorization.

dogfood: yes

@scarmani scarmani marked this pull request as ready for review June 15, 2026 13:30
@scarmani scarmani self-requested a review as a code owner June 15, 2026 13:30
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Aragora Code Review

Advisory-only review. No issues found.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
@scarmani

Copy link
Copy Markdown
Collaborator

Codex/OpenAI current-head review

Reviewer: codex (openai) - independent current-head review from Codex Desktop, grounded on the exact PR head after the merge-conflict repair.
Head: d892247, committed 2026-06-15T08:51:01-05:00.
PR: #8382.
Model family: openai
Model id: gpt-5
Receipt artifact: Codex Desktop evidence pass in /Users/armand/Development/aragora for PR #8382 at 2026-06-15T14:15Z; live gates checked with gh pr view/checks, branch-protection contexts, and review-queue merge-packet at exact head d892247.

Verdict: CHANGES-REQUESTED

Files reviewed:

  • scripts/settle_tier4_pr.py
  • tests/scripts/test_settle_tier4_pr.py

Findings:

  • [P1] --settle-apply does not enforce the same live admin/OWNER permission check as --settle-only before recording the Tier 4 receipt and posting/rerunning settlement signals. The --settle-only path computes invoker_has_admin_permission and calls evaluate_tier4_settlement_preconditions(..., require_trusted_invoker=True, require_invoker_admin_permission=True), but the --settle-apply path only passes require_trusted_invoker=True. That means an allowlisted login that no longer has live admin/OWNER permission can still drive the one-command settlement receipt/status/rerun path, even though this Tier 4 helper is supposed to be at least as strict as --settle-only. This weakens the exact-head human settlement gate on the highest-risk path. Fix by mirroring the --settle-only permission check in --settle-apply and adding a regression test for an allowlisted non-admin invoker.

Validation reviewed:

  • Live required checks are green except aragora-merge-quorum, which failed because current-head model quorum is incomplete.
  • Local diff review was against origin/main...origin/claude/busy-goldberg-2khm5j at head d892247.
  • I did not rerun tests in this evidence pass.

This is review evidence only. It is not merge authorization and not Tier 4 settlement/preapproval authorization.

dogfood: yes

scarmani and others added 3 commits June 15, 2026 11:34
Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
Prefer the Actions details URL when deriving the rerunnable workflow run id for aragora-merge-quorum, and preserve explicit --repo routing for the settlement receipt helper.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
@scarmani

Copy link
Copy Markdown
Collaborator

Grok independent model review

Reviewer: grok (xai) — independent adversarial model review via the Aragora Grok reviewer, grounded on the exact PR head.
Head: 8bb94a4 (8bb94a4), committed 2026-06-15T20:21:30Z.
PR: #8382.
Model family: grok

Verdict: PASS

  • No blocking [P1] correctness, security, or regression issues found in the diff. New human-preapproval receipt gate + --settle-apply flow correctly mirrors review-queue invariants and adds required permission checks.
  • Minor [P3] items only: _run_id_from_url URL parsing is brittle on nonstandard GitHub URLs; FAILED_QUORUM_CONCLUSIONS includes "stale" which may not be a real conclusion value. Both non-blocking.

dogfood: yes

Post the Tier-4 settlement comment before durable settlement recording, delegate the exact-head human-settlement status to the review-queue record-settlement path, reject --reason outside settle-apply, and paginate merge-quorum check-run lookup.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
@scarmani

Copy link
Copy Markdown
Collaborator

Claude independent model review

Reviewer: claude (anthropic) — independent adversarial model review via the Aragora Claude reviewer, grounded on the exact PR head.
Head: 7223fbd (7223fbd), committed 2026-06-15T20:42:05Z.
PR: #8382.
Model family: claude

Verdict: PASS

No blocking issues. The new guard (_packet_requires_unrecorded_human_preapproval) is symmetrically applied in both _operator_authorized_actions and evaluate_tier4_gate, the --settle-apply mode re-checks invoker trust/admin permission with require_trusted_invoker=True, require_invoker_admin_permission=True, the comment-then-receipt ordering is exercised by test_settle_apply_does_not_record_receipt_when_comment_post_fails, and _run_id_from_url validates with isdigit() before shelling out — no injection vector via the gh run rerun path. The pagination loop in _quorum_run_ids short-circuits on < 100 results and is covered by an explicit 100-then-N test.

Minor nits (non-blocking):

  • [P3] scripts/settle_tier4_pr.py --settle-apply branch (lines ~2114-2150): evaluate_tier4_settlement_preconditions is called twice — first without invoker context, then again with require_trusted_invoker=True/require_invoker_admin_permission=True. The second call subsumes the first; the first is redundant work. Consider dropping it (or wire a distinct "precondition-only" error message if the intent was to separate preflight vs. invoker errors — current RuntimeError text doesn't differentiate them).
  • [P3] scripts/settle_tier4_pr.py:_packet_requires_unrecorded_human_preapproval (line ~446): silent backwards-compat — packets emitted before requires_human_preapproval was added will fall through with False, so the new gate is a no-op for those producers. Worth a follow-up issue to ensure the merge-packet emitter populates both fields, otherwise the strict two-signal claim in HUMAN_PREAPPROVAL_RECEIPT_BLOCKER only holds once the producer side ships.
  • [P3] scripts/settle_tier4_pr.py lines ~2154-2167: if _apply_settlement_signal succeeds (comment posted) but _record_settlement then fails, a stray operator-settlement comment remains on the PR with no receipt or status backing it. Tests cover the inverse (comment fails → no receipt) but not this leak. Idempotent retry should clean it up, but consider noting in the docstring or sequencing receipt-first if review-queue can tolerate a comment-less receipt.
  • [P3] scripts/settle_tier4_pr.py --reason parser definition (~line 2018): added as a top-level parser arg, not in the mode mutually-exclusive group; validation lives in main as if args.reason and not args.settle_apply. Acceptable, and the test (test_reason_is_rejected_without_settle_apply) covers it, but moving the check next to other arg-validation/argparse-level would be cleaner.
  • [P3] tests/routing/test_domain_matcher_root.py: making anthropic optional papers over a baseline-collection environment gap. Confirm CI's required lane installs anthropic so the LLM tests actually run there (otherwise the class will silently skip on the lane that's supposed to enforce coverage).

dogfood: yes

Update the human-preapproval receipt blocker to show the actual review-queue record-settlement positional PR syntax, and cover the remediation command text with a focused regression assertion.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
@scarmani

Copy link
Copy Markdown
Collaborator

Grok independent model review

Reviewer: grok (xai) — independent adversarial model review via the Aragora Grok reviewer, grounded on the exact PR head.
Head: 50cd93c (50cd93c), committed 2026-06-15T21:39:02Z.
PR: #8382.
Model family: grok
Model id: grok-4-latest
Receipt artifact: collect_quorum_evidence.py dry-run stdout in Codex Desktop session for PR #8382 at 2026-06-16T01:55Z.

Verdict: PASS

  • No blocking issues found. New preapproval receipt gate (_packet_requires_unrecorded_human_preapproval + HUMAN_PREAPPROVAL_RECEIPT_BLOCKER) correctly mirrors review-queue two-signal requirement and blocks both --check and --settle-only paths; tests cover all cases.
  • --settle-apply correctly enforces trusted+admin, records receipt first, posts comment+status only when needed, and reruns failed quorum (via _rerun_failed_quorum/_quorum_run_ids); idempotency, error ordering, and --reason validation all handled.
  • Minor unrelated test change (anthropic import guard) introduces no risk to settle logic.

This is review evidence only; it is not merge authorization and not Tier 4 settlement/preapproval authorization.

dogfood: yes

@scarmani

Copy link
Copy Markdown
Collaborator

Claude independent model review

Reviewer: claude (anthropic) — independent adversarial model review via the Aragora Claude reviewer, grounded on the exact PR head.
Head: 50cd93c (50cd93c), committed 2026-06-15T21:39:02Z.
PR: #8382.
Model family: claude
Model id: claude-opus-4-8
Receipt artifact: collect_quorum_evidence.py dry-run stdout in Codex Desktop session for PR #8382 at 2026-06-16T02:02Z.

Verdict: PASS

  • [P3] scripts/settle_tier4_pr.py:2008-2114--settle-apply calls evaluate_tier4_settlement_preconditions twice (once without invoker, then again with invoker checks). The first call's blocker list is discarded and replaced by a generic "preconditions are not satisfied" message, while the second call repeats the same precondition work. Collapsing to a single call with invoker args (and surfacing the first blocker list) would be clearer and cheaper, but functionally correct.
  • [P3] scripts/settle_tier4_pr.py:1773-1786 (_run_id_from_url) — matches the first /runs/ segment in either details_url or html_url. For check-run html URLs of the form /<owner>/<repo>/runs/<CHECK_RUN_ID> (legacy shape), this would extract the check-run id rather than the workflow run id. _quorum_run_ids prefers details_url first which mitigates the risk, but if details_url is ever missing/empty in the live API response, gh run rerun would be invoked with a non-workflow id. Consider restricting parsing to /actions/runs/<digits> to be safe.
  • [P3] scripts/settle_tier4_pr.py:1788-1815 (_quorum_run_ids) — termination relies on len(check_runs) < 100. If the check-runs endpoint ever caps per_page below 100 (it currently honors it), the loop would still terminate, so no real bug, but an explicit total_count comparison would be more defensive against runaway pagination.
  • [P3] scripts/settle_tier4_pr.py:2017-2030--reason is attached to the parser (not the mutually-exclusive mode group) and validated post-parse in main. Works, but readers may expect argparse-level coupling; the runtime check is the only thing tying --reason to --settle-apply. Minor ergonomics nit.
  • No blocking correctness/security/regression issues found. The new _packet_requires_unrecorded_human_preapproval gate is appropriately additive (defaults preserve current behavior when fields are absent in the merge packet), --settle-apply correctly refuses untrusted/non-admin invokers, atomic ordering (comment -> receipt+status via review-queue -> quorum rerun) is preserved, the "already-present" idempotency branch is sound, and test coverage is thorough including untrusted invoker, non-admin invoker, failed-comment-no-receipt, and idempotent paths. The tests/routing/test_domain_matcher_root.py change is a benign optional-import guard.

This is review evidence only; it is not merge authorization and not Tier 4 settlement/preapproval authorization.

dogfood: yes

Ensure --settle-apply posts the exact-head settlement comment when only the human-settlement status already exists, and rerun the newest failed aragora-merge-quorum workflow run instead of the first failed run returned by the API.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
scarmani and others added 2 commits June 17, 2026 12:50
Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
scarmani and others added 6 commits June 21, 2026 13:54
Raise pydantic-settings to the fixed 2.14.2 release so the locked dependency audit no longer reports GHSA-4xgf-cpjx-pc3j.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
Regenerate docs/METRICS.md against the current merge context so metrics validation stays green after resolving PR #8382 against origin/main.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
…2khm5j

# Conflicts:
#	docs/METRICS.md
#	scripts/settle_tier4_pr.py
@scarmani

Copy link
Copy Markdown
Collaborator

Grok independent model review

Reviewer: grok (xai) — independent adversarial model review via Grok Build CLI harness, grounded on the exact PR head.
Head: f5039e0 (f5039e0), committed 2026-06-22T14:40:23Z.
PR: #8382.
Model family: grok

Verdict: PASS

No findings.

dogfood: yes

@scarmani

Copy link
Copy Markdown
Collaborator

Gemini independent model review

Reviewer: gemini (google) — independent adversarial model review via Antigravity CLI harness, grounded on the exact PR head.
Head: 586a4a7 (586a4a7), committed 2026-06-23T00:52:25Z.
PR: #8382.
Model family: gemini

Verdict: PASS

No findings.

dogfood: yes

scarmani and others added 3 commits June 22, 2026 22:42
Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
Ensure --settle-apply does not report success until merge-packet recognizes exact-head Tier 4 preapproval, while preserving receipt-backed diagnostics for recovery. Make quorum rerun selection fall back to numeric check-run/workflow IDs when timestamps are absent.

Co-authored-by: codex[bot] <197425009+codex[bot]@users.noreply.github.com>
@scarmani

Copy link
Copy Markdown
Collaborator

Grok independent model review

Reviewer: grok (xai) — independent adversarial model review via direct Grok CLI harness, grounded on the exact PR head.
Head: 0545f42 (0545f42), committed 2026-06-23T14:42:51Z.
PR: #8382.
Model family: grok
Model id: grok direct CLI
Receipt artifact: direct Grok CLI stdout in Codex Desktop session for PR #8382 at 2026-06-23T15:26Z; live gates checked with gh pr view/checks/comments and review-queue merge-packet at exact head 0545f42.

Verdict: PASS

No findings.

This is review evidence only; it is not merge authorization and not Tier 4 settlement/preapproval authorization.

dogfood: yes

scarmani and others added 4 commits June 23, 2026 16:13
Handle GitHub Actions run URLs with query strings or fragments when resolving failed merge-quorum runs. Add focused regressions for query, fragment, and job URL suffix forms.

Co-authored-by: codex[bot] <codex[bot]@users.noreply.github.com>
@scarmani

Copy link
Copy Markdown
Collaborator

Queue-drain close: freezing this Tier 4 PR instead of continuing settlement/evidence churn.

Reason: exact head ff95d975a1b6cf96e087b89d7c5002ae894b447a is merge-conflicting, still blocked on aragora-merge-quorum, has no recorded Tier 4 human preapproval, and the PR history shows 38 commits plus repeated exact-head model-review attempts across many heads. Under the queue-drain anti-treadmill rule, this is a churner/no-path PR; closing is the reversible terminal action.

No branch was deleted. No Tier 4 settlement, mark-ready, CI rerun, or merge was attempted. Reopen only with explicit human preapproval and a narrower replacement plan for the settlement-tooling surface.

@scarmani

Copy link
Copy Markdown
Collaborator

Queue-recovery re-close.

This PR was already classified as a frozen churner in the drain ledger and was reopened without an operator note rescinding that freeze decision. Re-closing to keep queue pressure durable.

Preserved branch: claude/busy-goldberg-2khm5j
Preserved head: ff95d975a1b6cf96e087b89d7c5002ae894b447a
Reason: Tier 4 churner/no-path: merge-conflicting, no human preapproval, 38 commits and repeated exact-head model-review attempts across many heads; branch preserved

No branch was deleted. This close preserves the remote branch/SHA recovery path; reopen only with an explicit operator note rescinding the frozen-churner classification and naming the new owner/path to green.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants