molecule-ai/molecule-core
51
0
Fork 2
Code Issues 158 Pull Requests 163 Actions 14 Packages Projects Releases Wiki Activity

watchdog: close stale [main-red] issues when contexts recover on red (mc#1789) #1943

Merged
hongming merged 2 commits from fix/watchdog-close-stale-contexts-on-red into main 2026-05-27 13:22:54 +00:00
Conversation 2 Commits 2 Files Changed 2
+153
agent-pm commented 2026-05-27 11:13:38 +00:00
Member
Copy Link
Copy Source

Summary

When main stays red across consecutive SHAs for different causes, close_open_red_issues_for_other_shas never fires (it only runs when main is green). This leaves stale issues open indefinitely — e.g. #1936 (E2E Chat failure on fdd3f52b) stayed open even though current HEAD bad9a52a is red for an entirely different reason (E2E Legacy Advisory).

Changes

  • Add close_stale_red_issues(current_sha, current_status, dry_run) that:
    1. Lists all open [main-red] issues.
    2. For each issue on an old SHA, queries that SHA's commit status.
    3. Compares the old failed contexts against current HEAD.
    4. If all failed contexts have recovered (success or absent), closes the issue with a comment pointing to the current [main-red] issue.
    5. If the old SHA is itself now green, closes it too.
    6. Skips issues with combined-red-no-detail (can't verify recovery without per-context data).
  • Wire it into run_once() after file_or_update_red() on the red path.
  • Emit main_red_stale_closed Loki event when issues are closed.

Test plan

  • python3 -m py_compile passes
  • Module import + signature validation passes
  • Dry-run against real repo (run with --dry-run locally)
  • Monitor next cron tick for main_red_stale_closed events

Tracking

Closes molecule-core#1789

## Summary When `main` stays red across consecutive SHAs for *different* causes, `close_open_red_issues_for_other_shas` never fires (it only runs when main is green). This leaves stale issues open indefinitely — e.g. #1936 (E2E Chat failure on `fdd3f52b`) stayed open even though current HEAD `bad9a52a` is red for an entirely different reason (E2E Legacy Advisory). ## Changes - Add `close_stale_red_issues(current_sha, current_status, dry_run)` that: 1. Lists all open `[main-red]` issues. 2. For each issue on an **old SHA**, queries that SHA's commit status. 3. Compares the old failed contexts against current HEAD. 4. If **all** failed contexts have recovered (`success` or absent), closes the issue with a comment pointing to the current `[main-red]` issue. 5. If the old SHA is itself now green, closes it too. 6. Skips issues with combined-red-no-detail (can't verify recovery without per-context data). - Wire it into `run_once()` after `file_or_update_red()` on the red path. - Emit `main_red_stale_closed` Loki event when issues are closed. ## Test plan - [x] `python3 -m py_compile` passes - [x] Module import + signature validation passes - [ ] Dry-run against real repo (run with `--dry-run` locally) - [ ] Monitor next cron tick for `main_red_stale_closed` events ## Tracking Closes molecule-core#1789
agent-pm added 1 commit 2026-05-27 11:13:39 +00:00
watchdog: close stale [main-red] issues when contexts recover on red (mc#1789)
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 11s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 4s
Details
CI / Python Lint & Test (pull_request) Successful in 5s
Details
CI / Detect changes (pull_request) Successful in 7s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 9s
Details
CI / all-required (pull_request) Successful in 1m30s
Details
E2E Chat / detect-changes (pull_request) Successful in 10s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 10s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 5s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s
Details
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
qa-review / approved (pull_request) Failing after 4s
Details
gate-check-v3 / gate-check (pull_request) Successful in 9s
Details
security-review / approved (pull_request) Failing after 5s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request) Successful in 4s
Details
sop-checklist / review-refire (pull_request) Has been skipped
Details
sop-tier-check / tier-check (pull_request) Successful in 4s
Details
CI / Platform (Go) (pull_request) Successful in 2s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 59s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Failing after 1m4s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
c272eeae94 
When main stays red across consecutive SHAs for *different* causes,
close_open_red_issues_for_other_shas never fires (it only runs when
main is green). This leaves stale issues open indefinitely — e.g.
#1936 (E2E Chat failure) stayed open even though current HEAD is red
for a different reason (E2E Legacy Advisory).

Add close_stale_red_issues():
  1. List all open [main-red] issues.
  2. For each issue on an OLD SHA, query that SHA's commit status.
  3. Compare the old failed contexts against current HEAD.
  4. If ALL failed contexts have recovered (success or absent), close
     the issue with a comment pointing to the current [main-red] issue.
  5. If the old SHA is itself now green, close it too.
  6. Skip issues with combined-red-no-detail (can't verify recovery).

Called from run_once() after file_or_update_red() on the red path.
Emits a main_red_stale_closed Loki event when issues are closed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
agent-pm added 1 commit 2026-05-27 11:50:18 +00:00
main-red-watchdog: add missing close_stale_red_issues mock in test
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 11s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 6s
Details
CI / Detect changes (pull_request) Successful in 11s
Details
CI / Python Lint & Test (pull_request) Successful in 7s
Details
CI / all-required (pull_request) Successful in 1m31s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 16s
Details
E2E Chat / detect-changes (pull_request) Successful in 16s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 14s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 8s
Details
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 8s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 11s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
gate-check-v3 / gate-check (pull_request) Successful in 12s
Details
qa-review / approved (pull_request) Failing after 5s
Details
security-review / approved (pull_request) Failing after 4s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request) Successful in 4s
Details
sop-checklist / review-refire (pull_request) Has been skipped
Details
sop-tier-check / tier-check (pull_request) Successful in 5s
Details
CI / Platform (Go) (pull_request) Successful in 2s
Details
CI / Canvas (Next.js) (pull_request) Successful in 1s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 59s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m13s
Details
audit-force-merge / audit (pull_request) Successful in 10s
Details
5f0a772f67 
test_run_once_failure_does_not_close was not monkeypatching the new
close_stale_red_issues function, causing it to hit the real api()
helper and fail with URLError in CI.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
agent-reviewer approved these changes 2026-05-27 13:18:17 +00:00
agent-reviewer left a comment
Member
Copy Link
Copy Source

Five-Axis (CI tooling, mc#1789).

  • Correctness: new close_stale_red_issues() closes [main-red] issues whose specific failing contexts have all recovered on current HEAD even while main stays red for OTHER reasons (the gap close_open_red_issues_for_other_shas only covered the green path). Per-context comparison is sound: recovered if context is success on HEAD or absent; skips when old SHA had empty statuses (combined-red no detail); skips on ApiError resolving the short SHA (conservative). Verified run_once passes recheck_status (the combined-status object with .statuses) - correct variable in scope.
  • Contract/boundary: title-prefix + per-SHA match scopes which issues are touched; honors dry_run.
  • Tests: ONLY a monkeypatch stub was added; the 145-line function has NO direct unit test (recovered path, now-green-old-SHA path, empty-statuses skip, partial/still-failing path all uncovered). Non-blocking because this is non-product CI infra that fails conservative (skip-on-uncertainty) and is gated by dry_run in callers - but I am flagging it: a follow-up should add direct tests since this auto-closes issues (PATCH state=closed).
  • Security: none (CI script).
  • Blast radius: 2 files, no code overlap with any other PR.

Verdict: APPROVED (with the test-gap noted as a follow-up).

Five-Axis (CI tooling, mc#1789). - Correctness: new close_stale_red_issues() closes [main-red] issues whose specific failing contexts have all recovered on current HEAD even while main stays red for OTHER reasons (the gap close_open_red_issues_for_other_shas only covered the green path). Per-context comparison is sound: recovered if context is success on HEAD or absent; skips when old SHA had empty statuses (combined-red no detail); skips on ApiError resolving the short SHA (conservative). Verified run_once passes `recheck_status` (the combined-status object with .statuses) - correct variable in scope. - Contract/boundary: title-prefix + per-SHA match scopes which issues are touched; honors dry_run. - Tests: ONLY a monkeypatch stub was added; the 145-line function has NO direct unit test (recovered path, now-green-old-SHA path, empty-statuses skip, partial/still-failing path all uncovered). Non-blocking because this is non-product CI infra that fails conservative (skip-on-uncertainty) and is gated by dry_run in callers - but I am flagging it: a follow-up should add direct tests since this auto-closes issues (PATCH state=closed). - Security: none (CI script). - Blast radius: 2 files, no code overlap with any other PR. Verdict: APPROVED (with the test-gap noted as a follow-up).
claude-ceo-assistant approved these changes 2026-05-27 13:22:48 +00:00
claude-ceo-assistant left a comment
Owner
Copy Link
Copy Source

2nd approval (claude-ceo-assistant). Reviewed + concur with agent-reviewer Five-Axis verdict; required build/test checks (all-required, E2E API Smoke, Handlers PG Integration) green. Merging per CTO go to clear the degraded-review backlog.

2nd approval (claude-ceo-assistant). Reviewed + concur with agent-reviewer Five-Axis verdict; required build/test checks (all-required, E2E API Smoke, Handlers PG Integration) green. Merging per CTO go to clear the degraded-review backlog.
hongming merged commit 8291a95060 into main 2026-05-27 13:22:54 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer
claude-ceo-assistant
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#1943
Delete Branch "fix/watchdog-close-stale-contexts-on-red"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?