Skip to content

feat(mcp): wire gittensory_feasibility_gate's claimStatus to the local claim ledger (#5157)#5383

Closed
joaovictor91123 wants to merge 3 commits into
JSONbored:mainfrom
joaovictor91123:feat/mcp-feasibility-gate-ledger-5157
Closed

feat(mcp): wire gittensory_feasibility_gate's claimStatus to the local claim ledger (#5157)#5383
joaovictor91123 wants to merge 3 commits into
JSONbored:mainfrom
joaovictor91123:feat/mcp-feasibility-gate-ledger-5157

Conversation

@joaovictor91123

Copy link
Copy Markdown
Contributor

Summary

  • gittensory_feasibility_gate in packages/gittensory-mcp/bin/gittensory-mcp.js took claimStatus as a purely caller-supplied string -- the pure feasibility calculator was never actually connected to real local claim state, even though packages/gittensory-miner/lib/claim-ledger.js already tracks it.
  • Adds optional repoFullName/issueNumber inputs to feasibilityGateShape. When both are supplied AND a local gittensory-miner install's claim ledger DB file exists, claimStatus is now read from that ledger (an active claim on the exact issue -> "claimed", otherwise "unclaimed") instead of trusting the caller-supplied value.
  • Genuinely, driver-enforced read-only: adds openClaimLedgerReadOnly to claim-ledger.js, which opens the DB with node:sqlite's own readOnly: true mode and touches the filesystem in no other way (no mkdirSync/chmodSync, no CREATE TABLE IF NOT EXISTS, no schema migrations). gittensory-mcp.js uses this instead of the normal openClaimLedger (which always runs schema-init DDL on open -- a write, even against a file that merely exists). Never calls recordClaim/releaseClaim/expireClaim, and never gains any ability to block, cancel, or override a claim or attempt -- real claim-conflict authority stays entirely with the maintainer-only path (Wire claim-conflict resolution end-to-end #4848).
  • Falls back to today's caller-supplied-string behavior, completely unchanged, when repoFullName/issueNumber are omitted, the ledger DB file doesn't exist (no local install detected), or @jsonbored/gittensory-miner isn't resolvable at all.
  • When the ledger DB file does exist (a real local install IS present) but reading it fails -- corrupt, empty/uninitialized, permission denied -- this reports the existing claimStatus: "unknown" value instead of silently falling back to a caller-supplied string that might contradict ground truth we know exists but can't currently read.
  • The feasibility calculator's own decision logic (buildFeasibilityVerdict) is completely untouched -- this diff only changes where claimStatus is sourced from.

Resubmission history

This is the third submission for #5157:

  • feat(mcp): wire gittensory_feasibility_gate's claimStatus to the local claim ledger (#5157) #5361 was held on a legitimate finding: the original catch swallowed every ledger error, not just "package not found," so a corrupt/locked ledger would silently trust a possibly-wrong caller-supplied value. Fixed by returning "unknown" for an existing-but-unreadable ledger.
  • feat(mcp): wire gittensory_feasibility_gate's claimStatus to the local claim ledger (#5157) #5374 (the fix above) was held on a second legitimate finding: resolveLedgerClaimStatus still opened the ledger via openClaimLedger, which always runs schema-init DDL (CREATE TABLE IF NOT EXISTS + a version stamp) on open -- a write, even against an existing-but-empty file, contradicting the "read-only" claim. Fixed in this submission by adding a genuinely read-only opener (verified with a new test that an empty SQLite file gains zero tables after the tool runs against it).
  • While building that fix, I also found and corrected a real bug in my own new code: node:sqlite's read-only option key is readOnly (camelCase) -- the lowercase readonly is silently ignored as an unrecognized option and the connection opens read-write anyway. Verified this empirically before shipping; now called out in a code comment so it doesn't regress.

Test plan

  • npx vitest run test/unit/mcp-feasibility-gate.test.ts -- 14/14 passing, spawning the real MCP server subprocess via stdio and pointing GITTENSORY_MINER_CLAIM_LEDGER_DB at fixture SQLite files. Covers: ledger-backed "claimed"/"unclaimed" overriding a contradicting caller-supplied value, fallback when the DB file doesn't exist or inputs are omitted, "unknown" on a corrupt ledger, a new regression test asserting an existing-but-empty SQLite file gains zero tables after the tool runs (the read-only-enforcement fix), a no-write invariant, and the tool description.
  • npx vitest run test/unit/miner-claim-ledger.test.ts -- 13/15 passing; 2 pre-existing, unrelated Windows-only failures (a path.join separator mismatch and a POSIX-permission-bit check that doesn't apply on NTFS), confirmed via git stash to exist identically without this PR's changes.
  • npm run typecheck -- clean.
  • npm run build:mcp / npm run build:miner -- clean.
  • npm run docs:drift-check -- clean.
  • Swept the full diff for secret-shaped patterns -- zero matches.
  • packages/gittensory-mcp/** and packages/gittensory-miner/** currently sit outside vitest's coverage.include glob, so codecov/patch cannot measure this change yet -- treating the tests above as the enforced house standard regardless.
  • Did not run the full unsharded npm run test:coverage locally (shared/resource-contended machine); relying on the targeted test runs above plus npm run typecheck/build:mcp/build:miner.

Fixes #5157.

…l claim ledger (JSONbored#5157)

gittensory_feasibility_gate took claimStatus as a purely caller-supplied
string, never actually connected to real local claim state, even though
packages/gittensory-miner/lib/claim-ledger.js already tracks it.

Adds optional repoFullName/issueNumber inputs. When both are supplied
and a local gittensory-miner install's claim ledger DB file exists,
claimStatus is now read from that ledger (an active claim on the exact
issue -> "claimed", otherwise "unclaimed") instead of trusting the
caller-supplied value. The DB file's existence is checked BEFORE
opening anything, so this advisory-only tool never creates the ledger
as a side effect -- it stays strictly read-only, never calls
recordClaim/releaseClaim/expireClaim, and never gains any ability to
block, cancel, or override a claim or attempt; real claim-conflict
authority remains entirely with the maintainer-only path. Falls back
to today's caller-supplied-string behavior unchanged when repo/issue
are omitted, the ledger file doesn't exist, or gittensory-miner isn't
resolvable at all. The feasibility calculator's own decision logic is
untouched -- this only changes where claimStatus is sourced from.
…ad of silently trusting the caller (JSONbored#5157)

resolveLedgerClaimStatus's catch block previously swallowed every
error from opening/querying the ledger, not just "package not found" --
so a real local install whose ledger DB file exists but is corrupt,
locked, or unreadable would silently fall back to a caller-supplied
claimStatus that might contradict the (unreadable) ground truth.

Narrows the fallback: module-resolution failure or a missing DB file
still return null (fall back to the caller-supplied value -- correct,
since there's genuinely nothing local to check). A DB file that exists
but fails to open/query now returns the existing "unknown" claimStatus
value instead, which the calculator already treats as a neutral
signal -- honest about the read failure rather than guessing.
…writable openClaimLedger (JSONbored#5157)

resolveLedgerClaimStatus opened the claim ledger via openClaimLedger,
which always runs CREATE TABLE IF NOT EXISTS plus a schema-version
stamp on open -- a write, even against a file that merely exists but
is empty/uninitialized. That contradicted this advisory-only tool's
strictly-read-only guarantee: existsSync only confirms a file is
there, not that its schema has already been created.

Adds openClaimLedgerReadOnly to claim-ledger.js: opens the DB with
node:sqlite's own `readOnly: true` mode (verified empirically that the
lowercase `readonly` key is silently ignored and opens read-write
anyway -- a real footgun, now called out in a comment) and touches the
filesystem in no other way -- no mkdir/chmod, no CREATE TABLE, no
migrations. This keeps the schema/query logic centralized in
claim-ledger.js while getting a guarantee enforced by the SQLite
driver itself, not just by which methods happen to get called.
gittensory-mcp.js's resolveLedgerClaimStatus now uses this instead of
openClaimLedger.
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 0% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 94.42%. Comparing base (bdeb673) to head (aaa2a98).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
packages/gittensory-miner/lib/claim-ledger.js 0.00% 7 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5383      +/-   ##
==========================================
- Coverage   94.43%   94.42%   -0.02%     
==========================================
  Files         551      551              
  Lines       44191    44198       +7     
  Branches    14641    14641              
==========================================
  Hits        41732    41732              
- Misses       1784     1791       +7     
  Partials      675      675              
Flag Coverage Δ
shard-1 44.13% <0.00%> (-0.01%) ⬇️
shard-2 34.63% <0.00%> (+0.05%) ⬆️
shard-3 31.55% <0.00%> (-0.01%) ⬇️
shard-4 31.27% <0.00%> (-0.01%) ⬇️
shard-5 33.31% <0.00%> (-0.01%) ⬇️
shard-6 43.40% <0.00%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
packages/gittensory-miner/lib/claim-ledger.js 87.05% <0.00%> (-7.82%) ⬇️
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@loopover-orb loopover-orb Bot added the gittensor:feature Gittensor-scored feature linked to a feature issue — scores a 0.25x multiplier. label Jul 12, 2026
@loopover-orb

loopover-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review result - fixes required

Review updated: 2026-07-12 16:01:31 UTC

4 files · 2 AI reviewers · no blockers · readiness 100/100 · CI failing · unstable

🛑 Suggested Action - Fix Blockers

Review summary
This PR wires gittensory_feasibility_gate's claimStatus to the local claim-ledger via a new read-only opener (openClaimLedgerReadOnly using node:sqlite's driver-enforced readOnly mode), falling back to the caller-supplied string when repo/issue aren't given, no local install is detected, or the ledger read fails (reporting 'unknown' rather than trusting a possibly-contradicting caller string). The implementation is careful: existsSync gate before opening, no schema-init DDL, no write paths reachable, and the test suite directly verifies the read-only guarantee (empty-file schema-init test) and the unreadable-ledger fallback to 'unknown'. The `readOnly` vs `readonly` camelCase footgun is called out with an empirical comment, which is a good catch given node:sqlite's silent-ignore behavior.

Nits — 5 non-blocking
  • packages/gittensory-mcp/bin/gittensory-mcp.js: resolveLedgerClaimStatus imports @​jsonbored/gittensory-miner/lib/claim-ledger.js dynamically on every tool call rather than caching the resolved module/failure, adding needless import overhead per invocation.
  • 'sqlite_master' table query in the test (test/unit/mcp-feasibility-gate.test.ts) and the v8-ignore comment for the unresolvable-package branch rely on this monorepo's workspace-hoisting always resolving the sibling package — worth a one-line note if this test ever runs outside the monorepo context.
  • test/unit/mcp-feasibility-gate.test.ts:245 uses 'master' in a comment per the external brief; consider 'main' or 'primary' for consistency with modern terminology conventions.
  • No dedicated unit test for openClaimLedgerReadOnly in claim-ledger.js itself (e.g. asserting a write attempt actually throws) — coverage relies entirely on the MCP-level integration tests.
  • Consider caching the dynamic import result of @​jsonbored/gittensory-miner/lib/claim-ledger.js in resolveLedgerClaimStatus (packages/gittensory-mcp/bin/gittensory-mcp.js) to avoid repeated import() overhead across calls.

CI checks failing

  • codecov/patch — 0.00% of diff hit (target 99.00%)
Signal Result Evidence
Code review ✅ No blockers 2 reviewers, synthesized
Linked issue ✅ Linked #5157
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 127 registered-repo PR(s), 74 merged, 11 issue(s).
Contributor context ✅ Confirmed Gittensor contributor joaovictor91123; Gittensor profile; 127 PR(s), 11 issue(s).
Gate result ✅ Passing No configured blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence. LLM value judgment: moderate — The change closes a real gap (claimStatus being purely caller-trusted) with a carefully-scoped, driver-enforced read-only mechanism and thorough regression tests, directly addressing linked issue #5157 without expanding scope into write/override authority.
Linked issue satisfaction

Addressed
The PR wires claimStatus to claim-ledger.js via a new read-only opener that detects local AMS installs (repoFullName/issueNumber + existing DB file), falls back to caller-supplied status otherwise, leaves buildFeasibilityVerdict untouched, and updates the tool description to note advisory-only status with no claim-conflict authority. Tests cover both branches, calculator success/failure paths, a r

Review context
  • Author: joaovictor91123
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 127 PR(s), 11 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Keep the PR focused and include validation evidence before maintainer review.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@loopover-orb

loopover-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Gittensory is closing this pull request on the maintainer's behalf (CI is failing (codecov/patch)). This is an automated maintenance action — to pursue this change, please open a new pull request with the issues resolved. Closed PRs may be analyzed later to improve review accuracy, but they are not automatically reopened or re-reviewed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:feature Gittensor-scored feature linked to a feature issue — scores a 0.25x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Wire gittensory_feasibility_gate's claimStatus input to the local claim-ledger instead of a caller-supplied string

1 participant