Skip to content

Harden proposal review/resegment flow against duplicate approvals and malformed candidates #6

Description

@KumamuKuma

Summary

rgit review / rgit resegment currently lack validation around proposal state and candidate shape. When a user or agent passes the wrong argument or malformed JSON, the graph can be silently polluted, or a later CLI command can crash with a traceback.

Problems

  1. A resolved proposal can be approved again.

    • curation.approve() does not check prop.status.
    • Re-approving the same proposal creates duplicate capsules and repeats related edges.
  2. review --approve --name <name> falls back to candidate_index when the name does not match.

    • A typo can approve candidate 0 and assign it the wrong user-provided name.
    • Expected: if --name is provided and no candidate matches, fail clearly.
  3. resegment accepts arbitrary JSON / candidate shape.

    • Missing or extra code_slices fields can later make approve() raise an uncaught TypeError.
    • A candidate missing name can also break the rgit review listing.
  4. Store.set_proposal_candidates() and set_proposal_status() do not report whether a row was actually updated.

    • A mistyped proposal id can look successful even though nothing changed.

Expected Behavior

  • Only open proposals can be approved or dismissed.
  • If --name is provided, it must match a candidate; otherwise the command should return a clear error.
  • resegment should validate that input is a list of candidate dictionaries with the required fields.
  • Malformed candidates should produce a friendly CLI error, not a traceback.
  • Updating an unknown proposal id should fail clearly.

Suggested Tests

  • Approving an already resolved proposal fails and does not create a second capsule.
  • A resolved proposal cannot be dismissed again, or is rejected consistently.
  • review --approve <pid> --name typo fails instead of approving index 0.
  • resegment <bad-id> returns non-zero status and a clear error.
  • resegment rejects candidates with missing name, missing intent, or malformed code_slices.
  • rgit review listing does not crash on existing malformed candidates, or reports them clearly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions