Skip to content

fix: doctor stale-tasks must respect scope visibility#189

Open
iret77 wants to merge 3 commits into
mainfrom
fix/doctor-scope-filtering
Open

fix: doctor stale-tasks must respect scope visibility#189
iret77 wants to merge 3 commits into
mainfrom
fix/doctor-scope-filtering

Conversation

@iret77

@iret77 iret77 commented Apr 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • v2.7.3 fix used Store.all_entries_unfiltered() which still bypasses scope filtering
  • Entries with scope: private from a different agent were reported as phantom stale tasks
  • Now uses Store.all_entries() with resolved agent identity — matches exactly what palaia list shows

Test plan

  • 52 tests passing (doctor + scope)
  • Verify palaia doctor no longer reports phantom stale tasks on production instance

🤖 Generated with Claude Code

@iret77 @claude
fix: doctor stale-tasks must respect scope visibility
d50d07a 
The v2.7.3 fix switched from direct file scanning to
Store.all_entries_unfiltered(), but that still bypasses scope filtering.
Entries with scope:private from a different agent were reported as
phantom stale tasks.

Now uses Store.all_entries() with the resolved agent identity, matching
exactly what `palaia list` shows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@iret77

iret77 commented Apr 8, 2026

Copy link
Copy Markdown
Collaborator Author

🤖 Codex Review

OpenAI Codex v0.117.0 (research preview)

workdir: /home/dev/projects/palaia-plugin
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: none
reasoning summaries: none
session id: 019d6c98-9c43-7c91-85d7-7b253dee3767

user
changes against 'origin/main'
→ Inspect diff against merge base
• Analyze changed files for actionable bugs
• Produce prioritized review findings JSON
2026-04-08T10:17:23.982815Z ERROR codex_core::tools::router: error=exec_command failed for /bin/bash -lc 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
2026-04-08T10:17:28.229422Z ERROR codex_core::tools::router: error=exec_command failed for /bin/bash -c 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
mcp: codex/list_mcp_resources started
mcp: codex/list_mcp_resources (completed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (failed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (completed)
mcp: codex_apps/github_list_repositories started
mcp: codex_apps/github_list_repositories (completed)
mcp: codex_apps/github_search_installed_repositories_v2 started
mcp: codex_apps/github_search_installed_repositories_v2 (completed)
2026-04-08T10:18:08.761860Z ERROR codex_core::tools::router: error=exec_command failed for /bin/sh -c 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
mcp: codex_apps/github_search_commits started
mcp: codex_apps/github_search_commits (completed)
mcp: codex_apps/github_get_users_recent_prs_in_repo started
mcp: codex_apps/github_get_users_recent_prs_in_repo (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
✓ Inspect diff against merge base
✓ Analyze changed files for actionable bugs
→ Produce prioritized review findings JSON
codex
The new filtering fixes one false-positive case, but it also changes agent resolution semantics so doctor can now miss stale private tasks in common multi-agent setups that rely on detected/default identities rather than a static config agent. That mismatch means the patch is not fully correct.

Review comment:

  • [P2] Preserve the same agent fallback that palaia list uses — /home/dev/projects/palaia-plugin/palaia/doctor/checks.py:1888-1889
    In multi-agent stores that intentionally removed the static config.agent, this check now resolves the agent with config.resolve_agent(), which returns None unless PALAIA_AGENT is set. palaia list does not behave that way: cli_helpers.resolve_agent() falls back to detected/default identities, so it can still show the current agent's private tasks. Here, passing None into Store.all_entries() hides all private tasks and can make palaia doctor incorrectly report no stale unassigned tasks for the very same store that palaia list still shows tasks for.
    The new filtering fixes one false-positive case, but it also changes agent resolution semantics so doctor can now miss stale private tasks in common multi-agent setups that rely on detected/default identities rather than a static config agent. That mismatch means the patch is not fully correct.

Review comment:

  • [P2] Preserve the same agent fallback that palaia list uses — /home/dev/projects/palaia-plugin/palaia/doctor/checks.py:1888-1889
    In multi-agent stores that intentionally removed the static config.agent, this check now resolves the agent with config.resolve_agent(), which returns None unless PALAIA_AGENT is set. palaia list does not behave that way: cli_helpers.resolve_agent() falls back to detected/default identities, so it can still show the current agent's private tasks. Here, passing None into Store.all_entries() hides all private tasks and can make palaia doctor incorrectly report no stale unassigned tasks for the very same store that palaia list still shows tasks for.

Automated review by OpenAI Codex on devhost

iret77 and others added 2 commits April 8, 2026 10:27
@iret77 @claude
test: regression test for doctor phantom stale tasks (#189)
94df6a9 
Private-scoped entries from a different agent must not appear in
doctor's stale-task check. Reproduces the exact user-reported scenario:
agent-a writes a private task, doctor runs as agent-b → must be ok.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@iret77 @claude
docs: add bugfix verification rule to AGENTS.md
0c3b8c0 
Every bugfix must include a regression test reproducing the exact
user-reported symptom. Green test suite alone is not sufficient.
Learned from v2.7.3 doctor fix that passed tests but didn't fix
the actual bug.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@iret77

iret77 commented Apr 8, 2026

Copy link
Copy Markdown
Collaborator Author

🤖 Codex Review

OpenAI Codex v0.117.0 (research preview)

workdir: /home/dev/projects/palaia-plugin
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: none
reasoning summaries: none
session id: 019d6cac-2332-7540-9032-4f1d14c16793

user
changes against 'origin/main'
→ Inspect diff against merge base
• Analyze changed code for actionable bugs
• Produce prioritized review findings JSON
2026-04-08T10:38:39.528381Z ERROR codex_core::tools::router: error=exec_command failed for /bin/bash -lc 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
2026-04-08T10:38:41.877751Z ERROR codex_core::tools::router: error=exec_command failed for /bin/bash -c 'git diff 198cc50fcb226021c886619aaefc995357207b46': CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
mcp: codex/list_mcp_resources started
mcp: codex/list_mcp_resources (completed)
2026-04-08T10:38:47.863015Z ERROR codex_core::tools::router: error=exec_command failed for /bin/sh -c pwd: CreateProcess { message: "Codex(Sandbox(Denied { output: ExecToolCallOutput { exit_code: 1, stdout: StreamOutput { text: "", truncated_after_lines: None }, stderr: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, aggregated_output: StreamOutput { text: "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted\n", truncated_after_lines: None }, duration: 0ns, timed_out: false }, network_policy_decision: None }))" }
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (failed)
mcp: codex_apps/github_get_user_login started
mcp: codex_apps/github_get_user_login (completed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (failed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (completed)
mcp: codex_apps/github_search_repositories started
mcp: codex_apps/github_search_repositories (completed)
mcp: codex_apps/github_get_users_recent_prs_in_repo started
mcp: codex_apps/github_get_users_recent_prs_in_repo (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_fetch_file started
mcp: codex_apps/github_fetch_file (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
mcp: codex_apps/github_search started
mcp: codex_apps/github_search (completed)
Used GitHub PR metadata for the branch with the matching base SHA because local shell access is blocked in this sandbox.
✓ Inspect diff against merge base
✓ Analyze changed code for actionable bugs
→ Produce prioritized review findings JSON
codex
The changes are limited to documentation updates plus a help epilog for the ui subcommand, and I did not identify any discrete, user-impacting regressions in the diff against the provided base commit.
The changes are limited to documentation updates plus a help epilog for the ui subcommand, and I did not identify any discrete, user-impacting regressions in the diff against the provided base commit.

Automated review by OpenAI Codex on devhost

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iret77