CPL approval — ADMIN_TOKEN matched-pair guard prevents silent mis-wiring at canvas boot. Fully reviewed, safe to merge.
CPL approval — duplicate of #140, same fix, merging both to cover branches.
CPL approval — critical stopgap for org-wide gh auth. Merge immediately.
LGTM — matched-pair guard for ADMIN_TOKEN prevents silent mis-wiring at boot. Safety fix, safe to merge.
LGTM. Pure test-side alignment with already-shipped production behavior. 3 distinct sub-shapes correctly traced: TimeoutStopSec helper formula (DEFAULT_GATEWAY_RESTART_DRAIN_TIMEOUT 60→180 cascade), _preflight_user_systemd stub (covered separately by TestUserSystemdPrivateSocketPreflight), is_container False stub (matches native-Linux test contract). 7 named + 1 adjacent. No production code touched.
LGTM. 5 distinct root-causes properly traced; 2 real production bugs found (kanban WS test-isolation via attribute-vs-sys.modules path, lazy-session pending_title collapsed except). Tests + fix for #4 sub-task isolated; #2 introduces new helper with mutation-tested branches. 5/5 named tests pass; 424 passed in subset. Closes 5 of remaining 14 from hermes-agent#9.
LGTM. Root-caused via git blame to commit 58b89965 ('add tool-call loop guardrails'). Fixture mirrors new production attributes (_tool_guardrails + 3 integration points). Sibling audit confirmed no other drift. 4/4 named tests pass; 1193 in directory pass.
LGTM. Root-caused via git blame to commit 5e1197a4. Hoist is_container to module-level so monkeypatch works (matching existing shutil/_import_audio/_termux_api_app_installed convention). Autouse fixture defaults is_container=False; new test pins the docker-blocks-voice intent. 10/10 TestDetectAudioEnvironment + 61/61 file pass.
LGTM. Tests aligned with current Dockerfile shape (post-a49f4c61 npm_config_install_links=false approach replaced the manifest materialization). New ENV-checker uses parsed Dockerfile instructions (not raw text) so a comment alone won't satisfy it. PID-1 reaping coverage preserved. 6/6 pass.
LGTM. Right fix shape: extract _TEMPLATE_DIR to module level so tests can pin it. 65/65 pass.
LGTM. Restores the 4-path _load_providers from the May-4 image. Verified locally: 7 providers loaded vs 2 (builtins) on old code. Closes #129 failure mode #1 (the 38h chronic canary red).
LGTM. Both regressions correctly identified: (1) Apr-2026 branch never merged + zombie-detection bug in _wait_for_group_exit; (2) PR #18409 sweep races the just-sent SIGTERM under monkey-patched sleep. Fix is the right shape: SIGKILL-direct in cleanup path (kernel-synchronous, no zombie ambiguity) + monotonic-time gate on survivor sweep + per-PID os.kill(pid, 0) probe. 49/49 tests pass on target cluster. Closes 4 of 27 from #9.
LGTM. One-line fix that closes the canary's 38h chronic red. Live SSM verification: /app/config.yaml is missing → _load_providers falls through to _BUILTIN_PROVIDERS → MiniMax routes to anthropic-oauth → Not logged in. The COPY config.yaml puts the file at path 2 of the lookup.
LGTM. workflow_dispatch input only — no cron impact, no unattended leak risk. Unblocks live log capture for #129.
LGTM. Drops the Gitea-incompatible listWorkflowRuns call that broke alerting for 38h+. Sticky-issue + comment-on-existing handles dedup for transient flakes. Also fixes runURL to use context.serverUrl. Closes 1/3 of #129.
LGTM. 36-line noop CI clears the stale red badge sticky from before the upptime disable. Once internal#97 picks a replacement, delete this file.
LGTM. Pinning setup-uv version bypasses the github.com/octokit getLatestRelease call that was hitting the 60-req/hr anon rate limit on operator IP. Same fix shape as the prior molecule-core CI fix. Drops the trigger marker which has done its job.
LGTM. upptime cannot run post-suspension; moving the workflow files out of .github/workflows/ silences the 5x/hour red noise. RFC for external replacement filed separately.
LGTM. Distinct sentinel types for !include and !external lets the validator route them as opaque refs instead of misclassifying. Verified on real failing org.yaml + synthetic bad case still trips errors.
LGTM. Phase 3C of internal#81 — final cleanup of the trunk-based migration on molecule-core. Deletes 6 promote/sync workflows that were orchestrating the staging↔main dance. Reviewed: every deletion is a workflow whose entire purpose was branch coordination, all replaced by trunk-based shape. Required check Secret scan green; Platform (Go) green.