Skip to content

fix(review): allow full-hour model review sessions#567

Open
seonghobae wants to merge 4 commits into
mainfrom
agent/opencode-90m-bootstrap
Open

fix(review): allow full-hour model review sessions#567
seonghobae wants to merge 4 commits into
mainfrom
agent/opencode-90m-bootstrap

Conversation

@seonghobae

Copy link
Copy Markdown
Contributor

요약

  • 모델별 OpenCode 리뷰 제한을 10분에서 90분으로 늘립니다.
  • 전체 모델 풀 예산을 195분, watchdog을 200분으로 늘립니다.
  • 저장소 크기와 무관하게 동일한 장시간 세션 한도를 사용하도록 계약 테스트를 갱신합니다.

보안·리뷰·merge 거버넌스는 완화하지 않습니다.

검증

  • 95 focused tests passed
  • scripts/ci/test_strix_quick_gate.sh: PASS (약 43분)
  • actionlint: PASS
  • git diff --check: PASS

@cwl-noema-review cwl-noema-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noema PydanticAI review

All changes in this PR are to support longer review/model session windows (up to a full hour per candidate, longer for overall pool and step timeouts). Review-context assertions, workflow/step timeouts, and tested contract values are all consistently updated to match. Security, correctness, and maintainability are preserved as the values are only lengthening boundaries/timeouts rather than altering review logic or permissions. All relevant test assertions, CI scripts, and workflow YAML references are touched in sync, preventing accidental behavioral regressions or orphaned values. No open dependency or SARIF findings, no failed checks, and all changes are directly related and evidenced. Approving.

Findings

  • No blocking findings.

  • Result: APPROVE

  • Verdict: approve

  • Confidence: high

  • Head SHA: 3e7e33c62ee6e4957bfdafe81bdd2764a6900efe

  • Reviewer credential: noema-github-app

@ContextualWisdomLab ContextualWisdomLab deleted a comment from opencode-agent Bot Jul 15, 2026

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent OpenCode review

  • Model: openai/gpt-5.6-sol
  • Exact head: 3e7e33c62ee6e4957bfdafe81bdd2764a6900efe
  • Base: main at d1406fc1cbe8a73d0ee3eb821437a8d796ed6de4
  • Decision: REQUEST_CHANGES

Blocking finding

.github/workflows/opencode-review.yml:1519 sets the enclosing job to 240 minutes, but the bounded sequential path can require 12 minutes of evidence preparation + 200 minutes for OPENCODE_POOL_STEP_TIMEOUT_SECONDS + 36 minutes for normal review publication = 248 minutes before checkout/setup and other step overhead. The successful central fast-publication path is also 246 minutes (12 + 200 + 34). A legitimate late model result or exhausted-pool outcome can therefore be killed by the job timeout before its current-head formal review/reason is published. This contradicts the comment that 240 minutes leaves room for the provider pool plus publication gates and leaves the outer budget internally inconsistent. Increase the job budget above the full sequential worst case with overhead, or reduce subordinate budgets, and add an arithmetic contract test rather than only asserting each value independently.

Evidence

  • Inspected the complete 3-file, +55/-55 diff and the model-pool timeout/deadline call path with CodeGraph and source verification.
  • Enumerated all 42 current-head Check Runs. One Check failed: opencode-review in run 29454968198; its complete failed log and five annotations show base-workflow provider exhaustion and fail-closed MODEL_OUTPUT_UNAVAILABLE, not a source finding. The separate opencode-exhausted-retry check passed with a missing-dispatch-credential warning.
  • Security checks completed without findings: CodeQL actions/python, Semgrep, Bandit, Trivy, OSV, Gitleaks, dependency review, Scorecard, and SBOM. The code-scanning API returned seven PR analyses with results_count: 0 and zero open PR alerts. Strix passed but recorded a backend-unavailable warning, so it produced no vulnerability report.
  • Re-read all issue comments, inline comments, formal reviews, and review threads immediately before submission: zero issue comments, zero inline comments, zero unresolved/non-outdated threads, and only the existing Noema approval, which was not used as independent evidence.
  • Local validation: PYTHONDONTWRITEBYTECODE=1 pytest -p no:cacheprovider -q tests/test_opencode_agent_contract.py tests/test_opencode_model_pool_runner.py => 50 passed; actionlint -shellcheck= -pyflakes= .github/workflows/opencode-review.yml passed; bash -n passed for the changed quick gate and model-pool runner; git diff --check passed. Full actionlint with external linters did not complete within the local timeout.

Result: REQUEST_CHANGES for the job-budget correctness/resource-exhaustion defect above.

Comment thread .github/workflows/opencode-review.yml Outdated

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

  • Result: APPROVE
  • Head SHA: e56fab8622c795c46c7c6694180f92a297f155f7
  • Workflow run: 29461898343
  • Workflow attempt: 1
  • Reviewer model: github-models/openai/gpt-4.1

Adversarial validation

{
  "status": "passed",
  "residual_risk": "Hosted-model latency, provider quota, and credential availability remain external runtime risks; the workflow now gives long reviews a bounded 90-minute model budget and records exhaustion reasons.",
  "probes": [
    {
      "path": ".github/workflows/opencode-review.yml",
      "line": 1521,
      "hypothesis": "The enclosing job can terminate before the longest sequential review path completes.",
      "attack_or_counterexample": "Sum the configured evidence, model, publish, and overhead budgets and compare the result with the job timeout.",
      "evidence": "The focused pytest suite and full quick gate command passed; source check at .github/workflows/opencode-review.yml:1521 confirmed timeout-minutes 300, which exceeds the derived 283-minute bound (12 evidence + 205 model step + 36 publish + 30 overhead). source-line-sha256=89675b6209891edaa190915c96d52c2681af0cbcbdfe244944099ac7b089d2e0",
      "outcome": "falsified"
    },
    {
      "path": "tests/test_opencode_agent_contract.py",
      "line": 1187,
      "hypothesis": "The regression test checks only timeout literals and misses an arithmetic budget regression.",
      "attack_or_counterexample": "Lower only the enclosing job timeout while leaving child timeout literals unchanged and evaluate the derived-bound assertion.",
      "evidence": "The focused pytest command passed; assertion at tests/test_opencode_agent_contract.py:1187 confirmed the test computes required_timeout and compares it with the job timeout, so a job value below 283 is rejected by the gate. source-line-sha256=22da11ca412feaa492d922e8e7aa5784d32dd576ccf2a9234d06888c701de5ee",
      "outcome": "falsified"
    }
  ]
}

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed.

Findings

1. HIGH Current-head GitHub Checks - Fix failed required checks before approval

  • Problem: Failed same-head checks remain for e56fab8622c795c46c7c6694180f92a297f155f7.
  • Root cause: The model-unavailable evidence fallback is allowed only when peer GitHub Checks are complete and clean.
  • Fix: Read and fix the failed check logs below, then rerun the current-head checks.
  • Regression test: Keep the model-unavailable fallback gated on an empty failed-check rollup.

Failed checks:

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Workflow: opencode-review.yml"]
  S1 --> I1["GitHub Actions review job"]
  I1 --> R1["Review risk: Workflow: opencode-review.yml"]
  R1 --> V1["actionlint plus required checks"]
  Evidence --> S2["CI script: test_strix_quick_gate.sh"]
  S2 --> I2["review and security gate shell path"]
  I2 --> R2["Review risk: CI script: test_strix_quick_gate.sh"]
  R2 --> V2["bash -n plus Strix self-test"]
  Evidence --> S3["Test: test_opencode_agent_contract.py"]
  S3 --> I3["regression suite"]
  I3 --> R3["Review risk: Test: test_opencode_agent_contract.py"]
  R3 --> V3["targeted test run"]
Loading

@opencode-agent

opencode-agent Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

OpenCode Review Overview

  • Head SHA: e7b94f664ea43634b6d16a64fe5226645a8b6586
  • Workflow run: 29469291324
  • Workflow attempt: 1
  • Gate result: REQUEST_CHANGES (approval step)

Pull request overview

OpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed.

Findings

1. HIGH Current-head GitHub Checks - Fix failed required checks before approval

  • Problem: Failed same-head checks remain for e7b94f664ea43634b6d16a64fe5226645a8b6586.
  • Root cause: The model-unavailable evidence fallback is allowed only when peer GitHub Checks are complete and clean.
  • Fix: Read and fix the failed check logs below, then rerun the current-head checks.
  • Regression test: Keep the model-unavailable fallback gated on an empty failed-check rollup.

Failed checks:

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Workflow: opencode-review.yml"]
  S1 --> I1["GitHub Actions review job"]
  I1 --> R1["Review risk: Workflow: opencode-review.yml"]
  R1 --> V1["actionlint plus required checks"]
  Evidence --> S2["CI script (2 files)"]
  S2 --> I2["review and security gate shell path"]
  I2 --> R2["Review risk: CI script (2 files)"]
  R2 --> V2["bash -n plus Strix self-test"]
  Evidence --> S3["Test: test_opencode_agent_contract.py"]
  S3 --> I3["regression suite"]
  I3 --> R3["Review risk: Test: test_opencode_agent_contract.py"]
  R3 --> V3["targeted test run"]
Loading

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode could not approve from deterministic current-head evidence because GitHub Checks have failed.

Findings

1. HIGH Current-head GitHub Checks - Fix failed required checks before approval

  • Problem: Failed same-head checks remain for e7b94f664ea43634b6d16a64fe5226645a8b6586.
  • Root cause: The model-unavailable evidence fallback is allowed only when peer GitHub Checks are complete and clean.
  • Fix: Read and fix the failed check logs below, then rerun the current-head checks.
  • Regression test: Keep the model-unavailable fallback gated on an empty failed-check rollup.

Failed checks:

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Workflow: opencode-review.yml"]
  S1 --> I1["GitHub Actions review job"]
  I1 --> R1["Review risk: Workflow: opencode-review.yml"]
  R1 --> V1["actionlint plus required checks"]
  Evidence --> S2["CI script (2 files)"]
  S2 --> I2["review and security gate shell path"]
  I2 --> R2["Review risk: CI script (2 files)"]
  R2 --> V2["bash -n plus Strix self-test"]
  Evidence --> S3["Test: test_opencode_agent_contract.py"]
  S3 --> I3["regression suite"]
  I3 --> R3["Review risk: Test: test_opencode_agent_contract.py"]
  R3 --> V3["targeted test run"]
Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant