feat(agent-tasks): daily-ticket-status-drafts A/B harness (v0)#42
Open
alycda wants to merge 6 commits into
Open
feat(agent-tasks): daily-ticket-status-drafts A/B harness (v0)#42alycda wants to merge 6 commits into
alycda wants to merge 6 commits into
Conversation
…contract, supersede, red taxonomy
…idempotent poster, lazy expiry
…icket-drafts-review
…e (probe, deny-hook)
…mktemp, stranded-approved retry, injection guard, provenance state file
Confirmed bugs fixed: bash ${2:-{}} expansion corrupted every Linear GraphQL
call; GNU mktemp -t dies under the nix-deployed coreutils PATH; records stuck
in state=approved after an interrupt/decline were invisible to review; invalid
ticket-id drafts were dropped while still reporting green with the full count;
success-path stderr chatter could fabricate rate-limit reds; unquoted {{TICKET}}
allowed shell injection via just; dry-run spikes polluted decisions.jsonl; UTC
createdAt vs local-date prefix missed evening duplicates (now a 24h window);
hook_gate_active provenance now reads a state file the probe flow writes;
--repo now outranks the deployed schema copy; checkout scripts outrank stale
PATH copies in the just recipes.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
First Cowork scheduled task migrated to a runtime-agnostic harness, for an A/B quality comparison against the still-enabled Cowork incumbent (through 2026-09-01). Plan/requirements/ideation live in the private migration corpus (
~/agentic-migration/docs/).What
tools/agents/tasks/daily-ticket-status-drafts/— task bundle: README, codex--output-schemacontract (drafts XOR evidence-carrying skip, per-ticket dispositions,completeattestation), and the PreToolUse hook gate (hooks/never-post-linear.json: probe + deny-hook, hash-trusted install).tools/agents/bin/ticket-drafts-run— drafting arm wrapper. Default-red: green requires pending drafts or an evidence-carrying skip. Distinct red taxonomy (auth | connector | rate-limit | timeout | malformed-output | incomplete | evidence-free-skip | placeholder-secret) so arm-unavailable days never count as quality data. Codex runs read-only sandbox; the wrapper owns all outbox writes; records named<date>-<ticket>-<runid>.jsonwith supersede-by-state-transition (never overwrite). Sentinel refusal prevents drafting from the committed placeholder prompt.tools/agents/bin/ticket-drafts-review— the only posting path (holds the Linear key). Per-draft approve / edit-then-approve / deny; approval freezes final text; posting is idempotent (attempt marker + frozen-body match on retry; editing a failed post revokes approval). Lazy calendar-date expiry withpost_failed/approvedexempt and resurfaced first. Cross-arm duplicate warning (24h window vs UTC-safe timestamps). Every decision →decisions.jsonl(the A/B dataset). Key passed to curl via fd, never argv.home-manager/modules/tools/agent-tasks.nix— work-scoped,mkIf isDarwin-guarded (work.nix also backs thealyssa@work-devLinux devcontainer — verified the guard: Linux config gains no secrets). Deploys scripts viawriteShellApplication(shellcheck at build; jq/curl/rage/coreutils pinned) and the bundle to~/.agents/tasks/.ticket-drafts,ticket-drafts-one TICKET(injection-safe viaquote()),ticket-drafts-review. Checkout scripts outrank stale PATH copies; everything works pre-activation via rage-direct secret fallback.Verification
just ciclean; both script derivations build (shellcheck green).darwin-rebuild switchon the dotfiles-ci tart VM: exit 0; scripts on PATH; bundle deployed; both secrets decrypt at 0400; expected-red--dry-run(auth, codex absent) writes its run record — default-red proven.post_failed/approvedmidnight exemption + resurface, dry-run spikes excluded from decisions.jsonl, injection attempt reds at the wrapper.${2:-{}}expansion bug that would have broken every Linear GraphQL call, and GNU-mktemp incompatibility on the nix-deployed path.Before first real run (user actions)
agenix -e secrets/personal/ticket-drafts-prompt.age— real prompt (adapted Cowork SKILL.md + comment-patterns.md).agenix -e secrets/personal/linear-api-key.age.hooks/never-post-linear.json, thenecho true|false > ~/.agents/tasks/daily-ticket-status-drafts/hook-gate-state.Known residuals
issue(id:)accepting identifiers,user.isMe,commentCreateclient-ID support) are unverifiable until the key exists —ticket-drafts-reviewisolates them in one documented integration point.codex login statusexit code (probed on 0.143.0).🤖 Generated with Claude Code