Adds DEFAULT_TIMEOUT=15 to gate_check.py and passes it to all urlopen()
calls (api_get, comment POST, comment PATCH).
Adds socket.setdefaulttimeout(15) to the inline Python in the workflow's
cron step, catching the PR-polling loop too.
Defence-in-depth: the real fix is provisioning SOP_TIER_CHECK_TOKEN
in Gitea; this caps worst-case wall-clock at ~15 s per call when the
token is missing or Gitea is unreachable.
Fixes issue #603. Note: PR #603 (da1487ad) has the same changes but
is missing `import socket` in the inline Python — that version would
NameError at runtime. This branch carries the complete fix.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The `elif ci_state == "failure"` fallback in signal_6_ci was creating a
self-referential failure loop: gate-check posts failure → combined_state
becomes failure → script re-blocks → posts failure again.
Root cause: combined_state is Gitea's aggregate over ALL commit statuses,
including gate-check-v3's own prior result. Using it as a fallback verdict
driver means the script gates on its own output.
Fix: remove the combined_state fallback. check_statuses already excludes
gate-check (Bug-1 fix from PR #547). Use failing_required as the sole
CI gate. If no required checks are defined on the branch, return CLEAR
rather than re-using combined_state which includes our own status.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Bug 1 (self-referential failure loop, #544):
signal_6_ci now filters out its own prior status from
check_statuses before evaluating, preventing a
gate-check-v3 → failure → re-reads self → failure cycle.
Bug 2 (hardcoded base branch, #544):
signal_6_ci now uses the PR's actual base branch ref
instead of hardcoded 'main'. Caller passes PR data to
avoid redundant API call.
Bug 3 (comment-post 403, #543):
Wrapped POST/PATCH comment-post in try/except for
HTTPError 403. Logs a warning and skips posting when
the token lacks write:repository scope — verdict still
drives exit code correctly.
Also removed 3 lines of dead code at the end of
format_comment (unreachable return after prior return).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
tier:low and tier:high are OR gates — any one positive verdict
is sufficient. The previous implementation required ALL groups to have
positive verdicts, causing INCOMPLETE even when core-devops APPROVED
and core-lead was absent.
Now uses tier-specific logic:
- tier:low / tier:high (OR): any positive = CLEAR
- tier:medium (AND): all positive = CLEAR
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Paginate all list endpoints (comments, reviews) to handle PRs with
many comments without missing entries. Uses per_page=100 with page
increment loop, safety-capped at 20 pages.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Gitea reviews use "submitted_at" not "created_at" for when the review
was submitted. The earlier signal_1_comment_scan fix (inherited from
sop-tier-check investigation) already handled this; signal_2 and
signal_3 were missing the same correction.
Fixes KeyError: 'created_at' on PRs with no comments/reviews.
Includes the individual-check-status fix (use "status" not "state").
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Gitea Actions API uses "status" (pending/success/failure) not "state"
for individual status entries. The "state" field is null for pending
runs. This caused all_check_statuses to show Python null instead of
"pending" for queued jobs.
Also verified on PR #391 and PR #393 — individual checks now correctly
display "pending" while combined_state is "pending" (CI_PENDING verdict).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
SOP-6 + CI gate checker for Gitea PRs. Detects:
- Signal 1: Author-aware agent-tag comment scan (tier-aware)
- Signal 2: REQUEST_CHANGES reviews state machine
- Signal 3: Staleness detection (SOP-12)
- Signal 6: CI required-checks awareness
Post `[gate-check-v3] STATUS:` comment on PRs. CLI + Gitea Actions
workflow (cron hourly + PR-triggered).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
