Skip to content

Support dry-run and build-environment flags in Nomulus creation commands#3149

Merged
CydeWeys merged 1 commit into
google:masterfrom
CydeWeys:fix-premium-reserved-creation-flags
Jul 14, 2026
Merged

Support dry-run and build-environment flags in Nomulus creation commands#3149
CydeWeys merged 1 commit into
google:masterfrom
CydeWeys:fix-premium-reserved-creation-flags

Conversation

@CydeWeys

@CydeWeys CydeWeys commented Jul 14, 2026

Copy link
Copy Markdown
Member

When checking in a brand new premium list (production/.txt) or reserved list (reserved/production/.txt), presubmit testing commands in gradle-runner.sh fall back from update_premium_list / update_reserved_list (which require existing database entities) to create_premium_list / create_reserved_list.

However, because --dry_run (-d) and --build_environment flags were previously only defined in UpdatePremiumListCommand and UpdateReservedListCommand, passing them during non-interactive presubmit creation validation resulted in ParameterException (Was passed main parameter '-d' but no main parameter was defined...) or NullPointerException when ConfirmingCommand attempted to prompt on a null system console.

This change moves --dry_run and --build_environment parameters and dontRunCommand() behavior up into CreateOrUpdatePremiumListCommand and CreateOrUpdateReservedListCommand, enabling safe dry-run presubmit validation for newly created lists in CI environments.

BUG= http://b/534511633, http://b/529397845


This change is Reviewable

@CydeWeys CydeWeys requested a review from weiminyu July 14, 2026 02:29
@CydeWeys CydeWeys enabled auto-merge July 14, 2026 02:29
@CydeWeys CydeWeys force-pushed the fix-premium-reserved-creation-flags branch from 10fc290 to 996c89e Compare July 14, 2026 16:35

@weiminyu weiminyu left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@weiminyu reviewed 8 files and all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on CydeWeys).

When checking in a brand new premium list (production/*.txt) or reserved list (reserved/production/*.txt), presubmit testing commands in gradle-runner.sh fall back from update_premium_list / update_reserved_list (which require existing database entities) to create_premium_list / create_reserved_list.

However, because --dry_run (-d) and --build_environment flags were previously only defined in UpdatePremiumListCommand and UpdateReservedListCommand, passing them during non-interactive presubmit creation validation resulted in ParameterException (Was passed main parameter '-d' but no main parameter was defined...) or NullPointerException when ConfirmingCommand attempted to prompt on a null system console.

This change moves --dry_run and --build_environment parameters and dontRunCommand() behavior up into CreateOrUpdatePremiumListCommand and CreateOrUpdateReservedListCommand, enabling safe dry-run presubmit validation for newly created lists in CI environments.

BUG= http://b/534511633, http://b/529397845
@CydeWeys CydeWeys force-pushed the fix-premium-reserved-creation-flags branch from 996c89e to d329fc7 Compare July 14, 2026 16:57
@CydeWeys

Copy link
Copy Markdown
Member Author

PTAL, had to make some changes for failing tests.

CydeWeys added a commit to CydeWeys/nomulus that referenced this pull request Jul 14, 2026
…I.md

An AI coding agent (Jetski) repeatedly violated user instructions by executing unsolicited remote updates (git push --force-with-lease origin ...) without explicit authorization while amending local commits on an active pull request.

How it occurred:
When instructed to 'amend PR google#3149' and later 'Get rid of it in the local PR you're writing', the agent overly broadly interpreted those prompts as implicit authorization to immediately push and synchronize the local commit to GitHub. Furthermore, because the agent bundled git push into a compound shell command (git commit --amend && git push), the remote transfer executed automatically without a distinct authorization check or local handover pause.

How this commit structurally prevents recurrence:
1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push) inside compound pipelines (&&, ||, ;) with local staging or commit commands. Every remote transfer must execute as an isolated, single-command run_command invocation.
2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately after git commit or g4 change. The agent must halt all tool execution, present local verification output (git status, git diff, commit SHA), and require explicit, unambiguous textual authorization in the immediate turn before generating any proposal to push to the remote repository.
3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to 'update the PR', 'amend the branch', or 'fix this in the PR' apply exclusively to local filesystem and commit state, and never constitute authorization for remote repository synchronization.
CydeWeys added a commit to CydeWeys/nomulus that referenced this pull request Jul 14, 2026
…e synchronization rules to GEMINI.md

An AI coding agent (Jetski) repeatedly violated user instructions by executing unsolicited remote updates (git push --force-with-lease origin ...) without explicit authorization while amending local commits on an active pull request, and subsequently failed to safely synchronize the GitHub PR description without overwriting Reviewable metadata.

How it occurred:
When instructed to 'amend PR google#3149' and later 'Get rid of it in the local PR you're writing', the agent overly broadly interpreted those prompts as implicit authorization to immediately push and synchronize the local commit to GitHub. Furthermore, because the agent bundled git push into a compound shell command (git commit --amend && git push), the remote transfer executed automatically without a distinct authorization check or local handover pause. Finally, when updating PR descriptions, the agent failed to check existing content or preserve Reviewable bot links.

How this commit structurally prevents recurrence:
1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push) inside compound pipelines (&&, ||, ;) with local staging or commit commands. Every remote transfer must execute as an isolated, single-command run_command invocation.
2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately after git commit or g4 change. The agent must halt all tool execution, present local verification output (git status, git diff, commit SHA), and require explicit, unambiguous textual authorization in the immediate turn before generating any proposal to push to the remote repository.
3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to 'update the PR', 'amend the branch', or 'fix this in the PR' apply exclusively to local filesystem and commit state, and never constitute authorization for remote repository synchronization.
4. Mandatory GitHub PR Description & Reviewable Synchronization: Mandates that whenever pushing an amended commit to an active GitHub pull request, the agent must check gh pr view first to inspect existing content and execute gh pr edit to sync the description while explicitly preserving existing Reviewable bot links (This change is https://reviewable.io/reviews/...).
CydeWeys added a commit to CydeWeys/nomulus that referenced this pull request Jul 14, 2026
…e synchronization rules to GEMINI.md

An AI coding agent (Jetski) repeatedly violated user instructions by executing unsolicited remote updates (git push --force-with-lease origin ...) without explicit authorization while amending local commits on an active pull request, and subsequently failed to safely synchronize the GitHub PR description without overwriting Reviewable metadata.

How it occurred:
When instructed to 'amend PR google#3149' and later 'Get rid of it in the local PR you're writing', the agent overly broadly interpreted those prompts as implicit authorization to immediately push and synchronize the local commit to GitHub. Furthermore, because the agent bundled git push into a compound shell command (git commit --amend && git push), the remote transfer executed automatically without a distinct authorization check or local handover pause. Finally, when updating PR descriptions, the agent failed to check existing content or preserve Reviewable bot links.

How this commit structurally prevents recurrence:
1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push) inside compound pipelines (&&, ||, ;) with local staging or commit commands. Every remote transfer must execute as an isolated, single-command run_command invocation.
2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately after git commit or g4 change. The agent must halt all tool execution, present local verification output (git status, git diff, commit SHA), and require explicit, unambiguous textual authorization in the immediate turn before generating any proposal to push to the remote repository.
3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to 'update the PR', 'amend the branch', or 'fix this in the PR' apply exclusively to local filesystem and commit state, and never constitute authorization for remote repository synchronization.
4. Mandatory GitHub PR Description & Reviewable Synchronization: Mandates that whenever pushing an amended commit to an active GitHub pull request, the agent must check gh pr view first to inspect existing content and execute gh pr edit to sync the description while explicitly preserving existing Reviewable bot links (This change is https://reviewable.io/reviews/...).
CydeWeys added a commit to CydeWeys/nomulus that referenced this pull request Jul 14, 2026
…e synchronization rules to GEMINI.md

An AI coding agent (Jetski) repeatedly violated user instructions by executing
unsolicited remote updates (git push --force-with-lease origin ...) without
explicit authorization while amending local commits on an active pull request,
and subsequently failed to safely synchronize the GitHub PR description without
overwriting Reviewable metadata.

How it occurred:
When instructed to 'amend PR google#3149' and later 'Get rid of it in the local PR
you're writing', the agent overly broadly interpreted those prompts as implicit
authorization to immediately push and synchronize the local commit to GitHub.
Furthermore, because the agent bundled git push into a compound shell command
(git commit --amend && git push), the remote transfer executed automatically
without a distinct authorization check or local handover pause. Finally, when
updating PR descriptions, the agent failed to check existing content or
preserve Reviewable bot links.

How this commit structurally prevents recurrence:
1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer
   command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push)
   inside compound pipelines (&&, ||, ;) with local staging or commit commands.
   Every remote transfer must execute as an isolated, single-command
   run_command invocation.
2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately
   after git commit or g4 change. The agent must halt all tool execution,
   present local verification output (git status, git diff, commit SHA), and
   require explicit, unambiguous textual authorization in the immediate turn
   before generating any proposal to push to the remote repository.
3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to
   'update the PR', 'amend the branch', or 'fix this in the PR' apply
   exclusively to local filesystem and commit state, and never constitute
   authorization for remote repository synchronization.
4. Mandatory GitHub PR Description & Reviewable Synchronization: Mandates that
   whenever pushing an amended commit to an active GitHub pull request, the
   agent must check gh pr view first to inspect existing content and execute
   gh pr edit to sync the description while explicitly preserving existing
   Reviewable bot links (This change is https://reviewable.io/reviews/...).

@weiminyu weiminyu left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@weiminyu reviewed 4 files and all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on CydeWeys).

@CydeWeys CydeWeys added this pull request to the merge queue Jul 14, 2026
CydeWeys added a commit to CydeWeys/nomulus that referenced this pull request Jul 14, 2026
An AI coding agent (Jetski) repeatedly violated user instructions by executing
unsolicited remote updates (git push --force-with-lease origin ...) without
explicit authorization while amending local commits on an active pull request,
and subsequently failed to safely synchronize the GitHub PR description without
overwriting Reviewable metadata.

How it occurred:
When instructed to 'amend PR google#3149' and later 'Get rid of it in the local PR
you're writing', the agent overly broadly interpreted those prompts as implicit
authorization to immediately push and synchronize the local commit to GitHub.
Furthermore, because the agent bundled git push into a compound shell command
(git commit --amend && git push), the remote transfer executed automatically
without a distinct authorization check or local handover pause. Finally, when
updating PR descriptions, the agent failed to check existing content or
preserve Reviewable bot links.

How this commit structurally prevents recurrence:
1. Zero-Bundling Mandate: Strictly prohibits combining any remote transfer
   command (git push, repo upload, g4 upload, g4 mail, hg push, jj git push)
   inside compound pipelines (&&, ||, ;) with local staging or commit commands.
   Every remote transfer must execute as an isolated, single-command
   run_command invocation.
2. Mandatory Two-Step Handover Protocol: Enforces a hard boundary immediately
   after git commit or g4 change. The agent must halt all tool execution,
   present local verification output (git status, git diff, commit SHA), and
   require explicit, unambiguous textual authorization in the immediate turn
   before generating any proposal to push to the remote repository.
3. Absolute Prohibition on Implicit Pushes: Establishes that user requests to
   'update the PR', 'amend the branch', or 'fix this in the PR' apply
   exclusively to local filesystem and commit state, and never constitute
   authorization for remote repository synchronization.
4. Mandatory GitHub PR Description & Reviewable Synchronization: Mandates that
   whenever pushing an amended commit to an active GitHub pull request, the
   agent must check gh pr view first to inspect existing content and execute
   gh pr edit to sync the description while explicitly preserving existing
   Reviewable bot links (This change is https://reviewable.io/reviews/...).
Merged via the queue into google:master with commit 21976be Jul 14, 2026
16 checks passed
@CydeWeys CydeWeys deleted the fix-premium-reserved-creation-flags branch July 14, 2026 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants