Disable stop-hook auto-merge, auto-push, and auto-PR creation#162
Open
gnguralnick wants to merge 4 commits into
Open
Disable stop-hook auto-merge, auto-push, and auto-PR creation#162gnguralnick wants to merge 4 commits into
gnguralnick wants to merge 4 commits into
Conversation
added 4 commits
June 12, 2026 12:27
Repos created from this template are isolated units that grow with a particular user, not things to automatically synchronize with an upstream. The code-guardian stop hook was already fully disabled for main agents (all REVIEWER_* env set to 0), but workers still ran it with ci.is_enabled=true and the default fetch_and_merge=true, so on every stop they fetched and merged origin/main, pushed the branch, and auto-created a PR. - .reviewer/settings.json: set stop_hook.fetch_and_merge=false and ci.is_enabled=false at the repo level, which also covers agents that never write a settings.local.json (e.g. the worktree template). - .mngr/settings.toml: set REVIEWER_CI_ENABLE=0 in the worker and crystallize-worker templates so their generated settings.local.json stops re-enabling the CI/PR gate (config lookup is per-key, so the local file would not have clobbered fetch_and_merge, but it did win on ci.is_enabled). Autofix and the other review gates remain enabled for workers.
…cs-only check has a baseline With stop_hook.fetch_and_merge disabled, nothing in the workspace ever fetches origin, so the code-guardian stop hook's docs-only detection (git diff origin/main...HEAD) depends on a remote-tracking ref that must already exist. Docker-family workspaces inherit it from the clone baked into the image, but the lima path receives the repo via mngr's git-mirror transfer, which pushes only branches and tags -- so refs/remotes/origin/main never exists there, the hook's diff errors out silently, and every worker session would be treated as docs-only, skipping all review gates. build_workspace.sh now pins refs/remotes/origin/main to local main when the ref is missing (a no-op wherever the bake already provided it). This reproduces the docker-bake state on every path; a real fetch, if one ever happens, simply overwrites the pinned ref.
Problem: CLAUDE.md line 223 told agents 'A PR will be made automatically for you when you finish your reply', but that behavior came from the code-guardian CI gate, which this branch disables everywhere (ci.is_enabled=false in .reviewer/settings.json and REVIEWER_CI_ENABLE=0 in the worker templates). Fix: Reword the line to keep the operative instruction (never create a PR yourself) without the now-false claim that one is created automatically.
Problem: CLAUDE.md lines 220 and 222 still promised that CI runs automatically after the agent finishes responding and that tasks require all tests passing in CI -- promises that depended on the stop hook's now-disabled CI gate (auto-PR creation), the same stale mechanism whose auto-PR promise on line 223 this branch already reworded. Fix: condition both statements on a PR existing, since CI only triggers on pull_request or push to main.
Contributor
|
I changed some related code (to make the reviewer stuff a little less silly), but now there are conflicts I like some of the general idea here (that we don't need to always auto fetch and push as part of the stop hooks, given that we're not always working with a git repo), though generally I'd like us to at least be able to support pushing to a git repo, and also, the stop hook still makes sense -- it's just that it should be merging changes in from the code in /mngr/code, for example We should probably chat live about this one and what we want to do here! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Repos created from this template are isolated units that grow with a particular user -- they must never be automatically synchronized with a remote. The code-guardian stop hook still did exactly that for worker agents: on every stop it fetched and merged
origin/maininto the working branch, pushed the branch to origin, and auto-created a PR (main/chat agents already had the hook fully disabled via theirREVIEWER_*=0template env). This disables the merge/push/PR machinery for every agent type while keeping the review gates (autofix, conversation review, architecture verification) intact for workers.Changes
.reviewer/settings.json: setstop_hook.fetch_and_merge=falseandci.is_enabled=falseat the repo level. The plugin reads config per-key (env > settings.local.json > settings.json), so this also covers agents that never get a generatedsettings.local.json(e.g. worktree-template agents)..mngr/settings.toml: flipREVIEWER_CI_ENABLEto 0 in theworkerandcrystallize-workertemplates. Their generatedsettings.local.jsontakes per-key precedence over the repo file, so leaving the env at 1 would have re-enabled the CI/PR gate for workers.scripts/build_workspace.sh: pinrefs/remotes/origin/mainto localmainwhen the remote-tracking ref is missing. With fetching disabled, the stop hook's docs-only detection (git diff origin/main...HEAD) depends on a pre-existing remote-tracking ref. Docker-family workspaces inherit it from the clone baked into the image, but the lima path receives the repo via mngr's git-mirror transfer, which pushes only branches and tags -- the ref would never exist there, the diff would error silently, and every worker session would be classified as docs-only, skipping all review gates. The pin reproduces the docker-bake state; a real fetch (if one ever happens) overwrites it.CLAUDE.md: stop promising automatic PR creation and automatic CI runs (both came from the now-disabled CI gate); test/CI expectations are now conditioned on a PR existing.Testing
settings.jsonplus thesettings.local.jsonthatcreate_reviewer_settings.shgenerates with the new worker args) and confirmedfetch_and_mergeandci.is_enabledresolve to false while autofix stays enabled.uv run pytestfrom the repo root: 400 passed, 1 failed, 4 skipped. The single failure (libs/bootstrap/.../manager_test.py::test_detect_snapshot_settings_falls_back_to_direct_when_no_btrfs) is preexisting and environment-specific (findmntis Linux-only; reproduced identically on basemainon this macOS host).Out of scope, deliberately: the
post-commitauto-push hook and the runtime-backup service still push to the repo's own origin whenGH_TOKENis set -- those are the repo's backup mechanism, not stop-hook synchronization.