[bug] Required check names collapse checks and statuses that GitHub requires separately

[coygeek]

[bug] Required check names collapse checks and statuses that GitHub requires separately

Summary

DeployBot collapses status-check rollup entries by display name only. GitHub's required-status-check documentation says that if a check run and a commit status have the same name, and that name is selected as required, both the check and the status are required.

Because DeployBot stores only one latest state per name, one passing entry can hide another same-name required entry that is failed or still pending.

Evidence

• check_states() uses name = check.get("name") or check.get("context"), then stores one grouped[name] value in src/agent_merge_queue/cli.py lines 132-152.
• QueueEntry.classify() checks required checks by name using self.checks.get(name) in src/agent_merge_queue/cli.py lines 624-629.
• The GitHub Docs source repository is https://github.com/github/docs/; the source file says: "If you have a check and a status with the same name, and you select that name as a required status check, both the check and the status are required" in https://github.com/github/docs/blob/main/content/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks.md.
• The current public GitHub Docs page has the same rule: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks

Impact

DeployBot can mark a pull request ready when GitHub still requires another same-name check/status to pass. Depending on branch protection and ruleset configuration, this can cause late merge rejection, misleading queue comments, or an unsafe DeployBot decision if repository protection is not an exact mirror of DeployBot's .mergequeue.toml.

This is especially risky for repositories migrating from legacy commit statuses to GitHub Checks, where duplicate names are common during transition.

Proposed fix

• Preserve the check/status identity when reducing rollup entries, or aggregate same-name required contexts fail-closed.
• For a required name, evaluate all matching rollup entries:
  • any failed terminal entry => failed
  • else any pending/in-progress entry => pending
  • else all terminal passing entries => passed
• Add a regression test where a check run named CI passes but a commit status named CI fails or remains pending, and assert DeployBot does not mark CI passed.

Verification

• python3 -m pytest tests/test_cli.py -q
• python3 -m pytest -q