mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
68073c6113a06db49d9ab2ddf144834643268b42
stack/docs/plans/gatekeeper-service.md
Jason Woltje 68073c6113
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/push/ci Pipeline was successful
Details
docs: augment agent platform architecture plan + task breakdown 
- Augmented 2026-03-15-agent-platform-architecture.md with 6 missing
  sections: Teams Architecture, REST Route Specifications, /provider
  OAuth flow (URL+clipboard), preferences mutable migration, Test
  Strategy (per-task), and Phase Execution Order (wave plan)
- Created spin-off plan stubs: gatekeeper-service.md,
  task-queue-unification.md, chroot-sandboxing.md
- Added P8-007 through P8-019 to TASKS.md (13 new tasks)
- Created Gitea issues #160-#172, Phase 8 milestone ms-165
- Updated MISSION-MANIFEST.md (Phase 8 in-progress)
- Updated scratchpad with session 14 decisions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 20:27:44 -05:00

2.4 KiB
Raw Blame History

Gatekeeper Service — PR Review, Quality Gates & Merge Authority

Status: Stub — deferred. Referenced from 2026-03-15-agent-platform-architecture.md (Phase 7 Workspaces). Implement after Workspaces (P8-015) is complete and the workspace/git infrastructure is operational.

Date: 2026-03-15 Packages: apps/gateway, packages/types, packages/agent

Problem Statement

Project agents create PRs but cannot review or merge their own work. A separate, isolated agent service with read-only code access and quality gate enforcement is needed to act as the authoritative merge authority.

The Gatekeeper existed in the old Mosaic codebase and must be ported/redesigned for mosaic-mono-v1.

Key Design Constraints

  • Isolated trust boundary — project agents cannot invoke Gatekeeper directly; it listens for PR events from the git provider
  • isSystem: true — system agent, not editable by users
  • Read-only code access — reads diffs and runs checks; cannot commit or push
  • Quality gates required before merge — lint, typecheck, test results must pass
  • Cannot self-approve — the agent that authored the PR cannot be the Gatekeeper for that PR

Scope (To Be Designed)

  • Gatekeeper agent bootstrap — system agent config, tool set, prompt engineering
  • PR event listener — Gitea/GitHub webhook integration (PR opened/updated/ready)
  • Quality gate runner — trigger CI checks, poll for results, enforce pass criteria
  • Review generation — LLM-driven code review comment generation
  • Merge execution — approve + merge when gates pass; reject with comments when they fail
  • Configurable strictness — per-project required checks, review depth
  • Trust boundary enforcement — gateway rejects Gatekeeper tool calls that exceed read-only scope
  • Audit trail — OTEL spans for all Gatekeeper decisions (approve/reject/merge)

Dependencies

  • Workspaces (P8-015) — Gatekeeper needs project workspace layout to locate code
  • Git provider API tools — PR creation/review/merge API (Gitea/GitHub/GitLab)
  • CI/CD tool integration — Woodpecker pipeline status polling

References

  • Original design context: docs/plans/2026-03-15-agent-platform-architecture.md → "Gatekeeper Service" section
  • Workspace RBAC and agent trust model: same document → "RBAC & Filesystem Security"
Reference in New Issue View Git Blame Copy Permalink