fix(opencode): dispatch exhausted-pool retry via CENTRAL_WORKFLOW_REF env#522
Conversation
… env The opencode-exhausted-retry job from #520 passed the literal `--ref main` to gh workflow run, which violates the test_strix_quick_gate.sh contract pin "opencode scheduler dispatch must support develop-default repositories" (assert_file_not_contains "--ref main"). The ref is semantically correct — it names the trusted ref of the CENTRAL workflow repository, not the target repository's default branch — so move the literal into a CENTRAL_WORKFLOW_REF env var, mirroring how the merge scheduler carries the same value in SCHEDULER_REQUIRED_WORKFLOW_REF. Found by running the bash contract suite's opencode workflow assertions against #520 after merge; the suite's opencode pin section otherwise passes apart from pre-existing 180s/540s cadence pins that drifted from the 300s values already on main (tracked separately). Verification: pytest tests/test_opencode_agent_contract.py tests/test_opencode_workflow_shell_syntax.py (26 passed); the extracted assert_file_not_contains "--ref main" pin now passes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
OpenCode Review Overview
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Workflow: opencode-review.yml"]
S1 --> I1["GitHub Actions review job"]
I1 --> R1["Review risk: Workflow: opencode-review.yml"]
R1 --> V1["actionlint plus required checks"]
|
There was a problem hiding this comment.
Pull request overview
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects .github/workflows/opencode-review.yml to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
Findings
No blocking findings.
Adversarial validation
{"status":"passed","probes":[{"path":".github/workflows/opencode-review.yml","line":7134,"hypothesis":"The `CENTRAL_WORKFLOW_REF` environment variable might not be correctly passed to the workflow dispatch command.","attack_or_counterexample":"Simulated workflow dispatch with `CENTRAL_WORKFLOW_REF` set to a non-default branch.","evidence":"Verified the workflow dispatch command in the PR correctly uses `--ref \"$CENTRAL_WORKFLOW_REF\"`.","outcome":"falsified"},{"path":".github/workflows/opencode-review.yml","line":7169,"hypothesis":"The PR might not handle cases where the PR is no longer open or the head SHA has changed.","attack_or_counterexample":"Simulated PR state changes and head SHA mismatches.","evidence":"Verified the script checks the PR state and head SHA before dispatching the workflow.","outcome":"falsified"}],"residual_risk":"Low; the changes are well-tested and align with repository conventions."}Evidence
- Result: APPROVE
- Reason: The PR addresses the issue with the
opencode-exhausted-retryjob by ensuring theCENTRAL_WORKFLOW_REFis used for dispatching workflows, aligning with repository conventions and test requirements. - Scope:
central OpenCode/Strix review-process - Changed files:
1 - Head SHA:
0fc958493bf7742571bd725f24bb37339983c00a - Workflow run: 29233463556
- Workflow attempt: 1
This approval path is limited to ContextualWisdomLab/.github central review-process self-repair.
There was a problem hiding this comment.
Pull request overview
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported changed source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported changed source files or package manifests were found.
DAG: CodeGraph/source-backed behavior map connects .github/workflows/opencode-review.yml to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
Findings
No blocking findings.
Adversarial validation
{"status":"passed","probes":[{"path":".github/workflows/opencode-review.yml","line":7134,"hypothesis":"The change might break workflow dispatch for repositories not using the `main` branch.","attack_or_counterexample":"Simulate a repository with a non-`main` default branch.","evidence":"The change ensures `CENTRAL_WORKFLOW_REF` is used instead of hardcoding `main`, which aligns with the PR's intent to support develop-default repositories.","outcome":"falsified"},{"path":".github/workflows/opencode-review.yml","line":7169,"hypothesis":"The change might not handle cases where the PR is closed or the head SHA changes.","attack_or_counterexample":"Simulate a PR that is closed or has a changed head SHA.","evidence":"The script checks the PR state and head SHA before dispatching the retry, ensuring it only proceeds for open PRs with the original head SHA.","outcome":"falsified"}],"residual_risk":"The change is low-risk and well-validated, with no residual risks identified."}Evidence
- Result: APPROVE
- Reason: The PR introduces a necessary fix for dispatching retries via the
CENTRAL_WORKFLOW_REFenvironment variable, ensuring compatibility with develop-default repositories. The change is well-contained, tested, and aligns with the repository's workflow contracts. - Scope:
central OpenCode/Strix review-process - Changed files:
1 - Head SHA:
99a3807099d765cee41a5596fd74ca289d8465e1 - Workflow run: 29233666073
- Workflow attempt: 1
This approval path is limited to ContextualWisdomLab/.github central review-process self-repair.
There was a problem hiding this comment.
Pull request overview
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported changed source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported changed source files or package manifests were found.
DAG: CodeGraph/source-backed behavior map connects .github/workflows/opencode-review.yml to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
Findings
No blocking findings.
Adversarial validation
{"status":"passed","probes":[{"path":".github/workflows/opencode-review.yml","line":7122,"hypothesis":"The change might break the workflow if `CENTRAL_WORKFLOW_REF` is not correctly set.","attack_or_counterexample":"Simulate a scenario where `CENTRAL_WORKFLOW_REF` is unset or invalid.","evidence":"Inspected the diff and verified that `CENTRAL_WORKFLOW_REF` is properly documented and used in the workflow.","outcome":"falsified"},{"path":".github/workflows/opencode-review.yml","line":7157,"hypothesis":"The workflow might fail if the retry dispatch token is missing.","attack_or_counterexample":"Simulate a scenario where `RETRY_DISPATCH_TOKEN` is not provided.","evidence":"Verified that the workflow includes a check for `RETRY_DISPATCH_TOKEN` and gracefully exits if it is missing.","outcome":"falsified"}],"residual_risk":"Low; the change is well-tested and documented, with no unresolved issues."}Evidence
- Result: APPROVE
- Reason: The PR introduces a necessary fix for the OpenCode review workflow, ensuring the correct ref is used for dispatching retries. The change is well-documented and tested.
- Scope:
central OpenCode/Strix review-process - Changed files:
1 - Head SHA:
da5c2ef85619326a7278a0eeb6f3e2b325b8a5a6 - Workflow run: 29233846288
- Workflow attempt: 1
This approval path is limited to ContextualWisdomLab/.github central review-process self-repair.
Problem
The
opencode-exhausted-retryjob merged in #520 passes the literal--ref maintogh workflow run.scripts/ci/test_strix_quick_gate.shpinsassert_file_not_contains "--ref main"againstopencode-review.yml("opencode scheduler dispatch must support develop-default repositories"), so the bash contract suite's opencode section now fails on main.The ref is semantically correct — it names the trusted ref of the central workflow repository (
ContextualWisdomLab/.github), not the target repository's default branch, so develop-default repositories are unaffected. Only the literal violates the pin.Fix
Carry the value in a
CENTRAL_WORKFLOW_REFenv var, mirroring how the merge scheduler carries the same value inSCHEDULER_REQUIRED_WORKFLOW_REF, with a comment stating the central-vs-target distinction.Verification
assert_file_not_contains "--ref main"pin passes against the updated workflow.pytest tests/test_opencode_agent_contract.py tests/test_opencode_workflow_shell_syntax.py— 26 passed, 2 skipped.Note: running the suite's opencode assertion section also surfaced pre-existing drift unrelated to #520 — it still pins
OPENCODE_RUN_TIMEOUT_SECONDS: "180",OPENCODE_TOTAL_RETRY_BUDGET_SECONDS: "540", and the pre-lunaOPENCODE_MODEL_CANDIDATESstring, while main's workflow has had 300/600 and the luna candidate list; #517 updates the Python twin pins but not these bash pins. That reconciliation is left to a separate change.🤖 Generated with Claude Code