Skip to content

fix(review): coalesce a repeated over-cap sibling wake by head SHA, not just PR number#5485

Merged
JSONbored merged 2 commits into
mainfrom
fix/review-burst-dedup-guard
Jul 12, 2026
Merged

fix(review): coalesce a repeated over-cap sibling wake by head SHA, not just PR number#5485
JSONbored merged 2 commits into
mainfrom
fix/review-burst-dedup-guard

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

Sentry issue GITTENSORY-1D is a deliberate anomaly-detection capture, not a bug in itself — but the specific anomaly it flagged this time was real: "review burst: #5260 published 27 review surfaces in the last 2h — likely a stuck-CI finalize loop or retry storm."

Live GitHub evidence ruled out the obvious suspect (a stuck-CI retry loop on PR #5260's own commit — its CI ran and settled exactly once). The actual driver: the same PR author repeatedly opened (and had auto-closed) five near-duplicate PRs throughout the day. Each episode re-triggers wakeOverCapSiblingPullRequests for the author's other open PRs (including #5260), which enqueues a full agent-regate-pr job — re-running and republishing the ENTIRE review surface — coalesced only by a 60-second key sized for a burst of near-simultaneous CI completions, not a trigger recurring every 10 minutes to 5+ hours.

This is a live sibling of the bug fixed in #3755/9b1cfc9d5 (a durable per-head-SHA guard against redundant re-publishing), which was scoped only to prReadyForReview's CI-stuck-pending branch and never generalized to this wake path.

Changes

  • wakeOverCapSiblingPullRequests (src/queue/processors.ts) now scopes its coalescing key by the sibling's CURRENT head SHA (not just its bare PR number), with a ~30-minute cooldown (reusing the existing AI_REVIEW_NON_CACHEABLE_RETRY_COOLDOWN_MS precedent) instead of the 60-second CI_COALESCE_WINDOW_SECONDS window.
  • Falls back to the old bare-number key on a PR lookup miss (fail-open, never skips a wake it can't safely dedupe).
  • A genuinely new commit changes the head SHA and naturally resets the guard — mirrors the identical idiom the CI-stuck-finalize guard already uses one function up.

Test plan

  • npm run typecheck — clean
  • npm run test:ci (full local gate, unsharded coverage) — green
  • Updated the two existing coalescing tests to the new headSha-scoped key format
  • Added a regression test: first discovery wakes the sibling once; a second discovery 90s later (past the old 60s window, within the new cooldown) for the SAME unchanged head does not re-wake it; a genuinely new commit does trigger a fresh wake
  • Manually confirmed (before writing the fix) that this new test fails against the old code

Fixes GITTENSORY-1D

…ot just PR number

wakeOverCapSiblingPullRequests dispatched a full agent-regate-pr job (re-run
the entire review + gate + comment republish) for every over-cap sibling
whenever ANY webhook for the same author recomputed the per-contributor
open-PR cap, throttled only by a 60-second coalesce key scoped to the bare
PR number -- a window sized for a burst of near-simultaneous CI completions,
not a trigger that can recur every few minutes to several hours.

Confirmed live: a contributor repeatedly opening (and having auto-closed)
near-duplicate PRs re-triggered the SAME sibling's full review republish
every time, even though nothing about the sibling itself ever changed --
one PR published 27 redundant review surfaces in 2 hours this way.

The coalescing key is now scoped by the sibling's CURRENT head SHA (falling
back to the bare-number key on a lookup miss) with a ~30-minute cooldown
(reusing AI_REVIEW_NON_CACHEABLE_RETRY_COOLDOWN_MS), mirroring the identical
"a new commit resets the guard" idiom the CI-stuck-finalize guard already
uses one function up (#orb-ci-stuck-repeat). An unchanged head within the
cooldown has nothing new to learn from a fresh full re-review; a genuinely
new commit still gets its own fresh wake.

Fixes GITTENSORY-1D
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@JSONbored JSONbored self-assigned this Jul 12, 2026
@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.74%. Comparing base (849e11e) to head (338dcab).
⚠️ Report is 10 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #5485   +/-   ##
=======================================
  Coverage   94.73%   94.74%           
=======================================
  Files         561      561           
  Lines       44794    44796    +2     
  Branches    14667    14669    +2     
=======================================
+ Hits        42437    42440    +3     
  Misses       1622     1622           
+ Partials      735      734    -1     
Flag Coverage Δ
shard-1 43.78% <0.00%> (-0.50%) ⬇️
shard-2 35.39% <0.00%> (+0.11%) ⬆️
shard-3 32.11% <0.00%> (+0.08%) ⬆️
shard-4 31.29% <0.00%> (-0.10%) ⬇️
shard-5 33.10% <0.00%> (-0.12%) ⬇️
shard-6 43.88% <100.00%> (+0.29%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
src/queue/processors.ts 95.66% <100.00%> (+0.03%) ⬆️
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 12, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review result - fixes required

Review updated: 2026-07-12 23:06:35 UTC

2 files · 2 AI reviewers · 3 blockers · readiness 93/100 · CI failing · unstable

🛑 Suggested Action - Manual Review

Review summary
This is a well-targeted fix that scopes the sibling-wake coalescing key by head SHA (falling back to the bare-number key on lookup miss) and swaps the 60s CI-burst window for the existing ~30-minute AI_REVIEW_NON_CACHEABLE_RETRY_COOLDOWN_MS, directly addressing the confirmed live incident of repeated full re-review republishing across near-duplicate PR churn. The change mirrors an established idiom one function up in the same file, and the new regression test walks first-wake, still-coalesced-90s-later, and reset-after-new-commit cases end to end via the real webhook path rather than fabricating internal state. The main gap is codecov/patch failing at 50% — the fail-open catch branch (PR lookup miss falling back to the bare key) doesn't appear to be exercised by a dedicated test.

Blockers

Nits — 5 non-blocking
  • The fail-open branch (`getPullRequest(...).catch(() => null)` producing the bare-number key) in src/queue/processors.ts doesn't appear to have a dedicated test, which likely explains the codecov/patch shortfall.
  • src/queue/processors.ts: `cooldownSeconds` computation and key construction could be extracted to a small helper to avoid the slightly dense ternary-per-line, though this is purely stylistic.
  • Add a unit test that forces the `getPullRequest` call to reject/return null for the sibling PR and asserts the bare `#{prNumber}` key (with the old CI_COALESCE_WINDOW_SECONDS cooldown) is used, closing the coverage gap flagged by codecov/patch.
  • src/queue/processors.ts:3798: the lookup-miss fallback to the bare PR-number key and 60-second cooldown is intentionally fail-open, but the diff adds no real-path test for that branch.
  • test/unit/queue-3.test.ts:4313: the pre-seeded transient cache entry still uses a 60-second TTL even though the production head-SHA path now uses the longer cooldown, which is harmless for the immediate assertion but makes the test less representative.

Why this is blocked

  • PR fix(review): coalesce a repeated over-cap sibling wake by head SHA, not just PR number #5485 description does not close or clearly link an eligible open GitHub issue in this repository, so under the repo’s issue-scope rule I need you to add that link or explain maintainer authorization before this can proceed.
  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
📋 Copy for AI agents — paste into your coding agent
Fix the following blocker(s) from this PR review:

1. PR \#5485 description does not close or clearly link an eligible open GitHub issue in this repository, so under the repo’s issue-scope rule I need you to add that link or explain maintainer authorization before this can proceed.

2. No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.

3. Maintainer requires a linked issue — Link the relevant issue (for example `Closes #123`) before opening the PR.

CI checks failing

  • codecov/patch — 50.00% of diff hit (target 99.00%)
Signal Result Evidence
Code review ❌ 3 blockers 2 reviewers, synthesized
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 44 registered-repo PR(s), 36 merged, 424 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 44 PR(s), 424 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence. LLM value judgment: moderate — The change closes a concretely diagnosed live bug (27 redundant review-surface republishes in 2 hours) with a narrow, precedented fix and a thorough end-to-end regression test.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: Python, TypeScript, Ruby, Go, JavaScript, MDX, Shell, Solidity
  • Official Gittensor activity: 44 PR(s), 424 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
  • Explain no-issue PR.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb gittensory-orb Bot added the manual-review Gittensor contributor context label Jul 12, 2026
Codecov flagged 2 uncovered partials in wakeOverCapSiblingPullRequests
(#5385-sentry, GITTENSORY-1D) -- every existing test resolves the
sibling's head SHA successfully, so the documented "PR not found
locally, fail open to the bare key + 60s window" branch was never
exercised.
@JSONbored JSONbored merged commit ee9cf6f into main Jul 12, 2026
13 checks passed
@JSONbored JSONbored deleted the fix/review-burst-dedup-guard branch July 12, 2026 23:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant