From 636ff5aeee6888568cd3505465de1c02ff5360db Mon Sep 17 00:00:00 2001
From: "Molecule AI Dev Engineer A (Kimi)"
 <dev-engineer-a-kimi@agents.moleculesai.app>
Date: Wed, 27 May 2026 13:00:12 +0000
Subject: [PATCH] fix(gitea): align audit-force-merge REQUIRED_CHECKS with
 branch protection (#1739)

The staging branch protection requires:
  - CI / all-required (pull_request)
  - sop-checklist / all-items-acked (pull_request)

But audit-force-merge.yml REQUIRED_CHECKS had:
  - E2E API Smoke Test (advisory, continue-on-error:true)
  - Handlers Postgres Integration (advisory, continue-on-error:true)
  - Missing sop-checklist / all-items-acked

This caused two problems:
  F3a: audit falsely flagged non-force-merges as force when E2E
       contexts were not green (issue #1739).
  F3b: real force-merges that bypassed sop-checklist went undetected
       on both main and staging.

Remove the advisory E2E contexts (they cannot block merge by design)
and add the missing sop-checklist context.

Closes #1739

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .gitea/workflows/audit-force-merge.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/audit-force-merge.yml b/.gitea/workflows/audit-force-merge.yml
index 899198275..a8d4d9d68 100644
--- a/.gitea/workflows/audit-force-merge.yml
+++ b/.gitea/workflows/audit-force-merge.yml
@@ -52,8 +52,13 @@ jobs:
           # Declared here rather than fetched from /branch_protections
           # because that endpoint requires admin write — sop-tier-bot is
           # read-only by design (least-privilege).
+          #
+          # E2E workflows (e2e-api, handlers-postgres-integration) are
+          # intentionally omitted: each job has `continue-on-error: true`
+          # per RFC §1 contract, so they always report success to branch
+          # protection and cannot meaningfully gate merges. Including them
+          # would cause false force-merge positives (issue #1739 / mc#1739).
           REQUIRED_CHECKS: |
             CI / all-required (pull_request)
-            E2E API Smoke Test / E2E API Smoke Test (pull_request)
-            Handlers Postgres Integration / Handlers Postgres Integration (pull_request)
+            sop-checklist / all-items-acked (pull_request)
         run: bash .gitea/scripts/audit-force-merge.sh
-- 
2.52.0