Skip to content

Add project setup visibility APIs#76

Merged
Abiorh001 merged 7 commits into
mainfrom
codex/ws-pol-001-12-project-setup-policy-visibility
Jul 7, 2026
Merged

Add project setup visibility APIs#76
Abiorh001 merged 7 commits into
mainfrom
codex/ws-pol-001-12-project-setup-policy-visibility

Conversation

@Abiorh001

@Abiorh001 Abiorh001 commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Summary

Implements WS-POL-001-12: project setup-run and project policy visibility APIs.

This adds APIs 1-7 for operator visibility:

  • GET /api/v1/projects/{project_id}/guides/{guide_id}/setup-runs/latest
  • GET /api/v1/projects/{project_id}/guides/{guide_id}/sufficiency-reports
  • GET /api/v1/projects/{project_id}/guides/{guide_id}/sufficiency-reports/{report_id}
  • GET /api/v1/projects/{project_id}/guides/{guide_id}/submission-artifact-policies
  • GET /api/v1/projects/{project_id}/guides/{guide_id}/submission-artifact-policies/{policy_id}
  • GET /api/v1/projects/{project_id}/guides/{guide_id}/effective-submission-artifact-policy
  • GET /api/v1/projects/{project_id}/guides/{guide_id}/pre-submit-checker-policy

Key Changes

  • Adds ProjectSetupRun as a non-authoritative project setup ledger.
  • Records setup enqueue status, Celery task id, worker status, bounded error summary, and output ids.
  • Validates worker setup-run context before execution.
  • Validates setup-run output ids against project, guide, guide version, source snapshot id, and source snapshot hash.
  • Adds operator-only visibility endpoints for setup runs, sufficiency reports, submission artifact policies, effective policies, and compiled pre-submit checker summaries.
  • Keeps raw compiled checker bundle and checker configs out of the new pre-submit visibility endpoint.
  • Preserves active-guide response behavior through a separate schema.
  • Updates docs, glossary, roadmap status, and WS-POL-001 chunk artifacts for chunks 12-14.

Validation

Passed locally:

  • cd backend && .venv/bin/python -m ruff check app tests scripts
  • python3 scripts/check_stale_workstream_wording.py
  • python3 scripts/check_markdown_links.py
  • Targeted setup/project tests: 7 passed
  • Final post-hardening visibility tests: 2 passed
  • cd backend && WORKSTREAM_DATABASE_URL=postgresql+asyncpg://workstream:workstream@localhost:5433/workstream_test .venv/bin/python scripts/api_contract_e2e.py
  • INTERNAL_REVIEW_CHUNK_ID=WS-POL-001-12 INTERNAL_REVIEW_HEAD_SHA=c143b54b62d6325a1d4787116e692fedfc5716f2 python3 scripts/check_internal_review_evidence.py

Full project suite also passed before the final optional same-project/different-guide list-scope hardening: 206 passed.

Internal Review

All required internal reviewer tracks ran and sessions were closed:

  • senior engineering: PASS WITH LOW RISKS
  • QA/test: PASS WITH LOW RISKS
  • security/auth: PASS
  • product/ops: PASS WITH LOW RISKS
  • architecture: PASS
  • docs: PASS
  • reuse/dedup: PASS WITH LOW RISKS
  • test delta: PASS WITH LOW RISKS

Evidence and trust bundle are included under .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/.

Human Review Focus

  • Confirm setup-run status names and operator semantics.
  • Confirm ProjectSetupRun remains a ledger, not policy truth.
  • Confirm operator access should stay limited to admin and project_manager.
  • Confirm the new pre-submit checker visibility endpoint should hide checker_configs while active-guide keeps its existing context shape.

Not Included

Chunks 13 and 14 are not implemented here. The full no-DB Terminal Benchmark drill remains assigned to WS-POL-001-14.

Summary by CodeRabbit

  • New Features

    • Added API access to view project setup progress, sufficiency reports, submission artifact policies, effective policy details, task context, and submission finalization.
    • Introduced a visible setup-run record so users can track automated project setup status and outcomes.
  • Bug Fixes

    • Improved error handling so failed setup runs return safer, more consistent messages without exposing sensitive details.
    • Updated submission handling terminology and behavior to use a clearer finalize flow.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@Abiorh001, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 6 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 7ea957c7-d0de-4d48-9c8d-0a0a32016ce8

📥 Commits

Reviewing files that changed from the base of the PR and between 85b08a1 and ffdbe4a.

📒 Files selected for processing (8)
  • .agent-loop/LOOP_STATE.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-12-external-review-response.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-12-internal-review-evidence.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-12-pr-trust-bundle.md
  • backend/app/workers/project_setup.py
  • backend/tests/test_projects.py
  • docs/roadmap_status.md
📝 Walkthrough

Walkthrough

Introduces a ProjectSetupRun orchestration ledger (migration, model, repository, schema) with new HTTP visibility APIs for setup runs, sufficiency reports, submission artifact policies, effective policy, and pre-submit checker policy. Threads a setup_run_id through enqueue/worker pipeline, updates tests, the API contract e2e drill, and initiative/architecture docs.

Changes

Project Setup Visibility Feature

Layer / File(s) Summary
Initiative planning and review docs
.agent-loop/LOOP_STATE.md, .agent-loop/initiatives/WS-POL-001-.../*
Documents WS-POL-001-12/13/14 chunks, decisions, risks, discovery findings, status, and internal review/trust-bundle evidence for the visibility APIs.
ProjectSetupRun data model and migration
backend/alembic/versions/0013_project_setup_runs.py, backend/app/modules/projects/models.py, backend/app/db/models.py
Adds the project_setup_runs table and ProjectSetupRun model with status constraints and foreign keys.
Repository queries and schemas
backend/app/modules/projects/repository.py, backend/app/modules/projects/schemas.py
Adds ledger persistence/query methods, sufficiency report/policy listing, and ProjectSetupRunResponse/ActiveGuidePreSubmitCheckerPolicyResponse schemas.
Service layer ledger and visibility logic
backend/app/modules/projects/service.py
Adds ledger creation/status-update helpers, safe error redaction, not-found exceptions, and retrieval methods for setup runs and policy artifacts; wires guide/snapshot creation to enqueue with a ledger id.
Worker and queue wiring
backend/app/modules/projects/setup_queue.py, backend/app/workers/project_setup.py
Propagates setup_run_id through enqueue and the Celery pipeline, adding ledger status transitions and structured error handling.
Router endpoints
backend/app/modules/projects/router.py
Adds GET endpoints for setup run, sufficiency reports, submission artifact policies, effective policy, and pre-submit checker policy.
Tests
backend/tests/test_projects.py
Updates enqueue helper signatures, removes an obsolete test, and adds ledger/visibility/RBAC test coverage.
API contract drill and docs
backend/scripts/api_contract_e2e.py, docs/architecture_data_model.md, docs/architecture_system_architecture.md, docs/glossary.md, docs/operations_project_operating_manual.md, docs/roadmap_status.md
Replaces DB-based checks with GET visibility calls in the drill script and documents the ledger and new APIs.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant ProjectService
  participant ProjectRepository
  participant SetupQueue
  participant CeleryWorker

  ProjectService->>ProjectRepository: add_project_setup_run(queued)
  ProjectService->>SetupQueue: enqueue_pre_submit_setup_pipeline(setup_run_id)
  SetupQueue->>CeleryWorker: apply_async(setup_run_id)
  CeleryWorker->>ProjectService: update_project_setup_run_status(running_sufficiency_agent)
  CeleryWorker->>ProjectService: update_project_setup_run_status(policy_draft_ready/failed)
Loading

Possibly related PRs

  • Flow-Research/workstream#7: Extends the same backend/app/modules/projects/* scaffolding (repository/service/router) that this PR augments with the ledger and visibility endpoints.
  • Flow-Research/workstream#69: Builds on the Celery project setup pipeline by adding the ProjectSetupRun ledger and threading setup_run_id through setup_queue.py and workers/project_setup.py.
  • Flow-Research/workstream#74: New visibility endpoints inject ActorContext via get_registered_actor, directly building on this PR's actor identity plumbing.

Suggested reviewers: abiorh-claw

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding project setup visibility APIs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/ws-pol-001-12-project-setup-policy-visibility

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@abiorh-claw abiorh-claw self-requested a review July 7, 2026 17:46
@Abiorh001

Copy link
Copy Markdown
Collaborator Author

@CodeRabbit

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

@Abiorh001 I see you've tagged me but I don't see a specific request. Could you let me know what you'd like me to help with? For example, I can:

  • Review the changes in this PR (or)
  • Answer questions about the setup-run/policy visibility APIs described in the PR objectives
  • Look into a specific file, endpoint, or test
  • Help with CodeRabbit configuration questions

Just let me know what you need!

(◕‿◕)

✅ Action performed

Full review finished.

@Abiorh001

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
backend/tests/test_projects.py (1)

760-767: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Tautological assertion — setup_run_id is compared against itself.

enqueued[0]["setup_run_id"] is used both as the actual and expected value in the same equality assertion, so this never validates that a real setup_run_id was captured (it would pass even if it were None or ""). The equivalent guide-autostart test at Line 560 correctly asserts truthiness separately — this test should do the same.

🐛 Proposed fix
+    assert len(enqueued) == 1
+    assert enqueued[0]["setup_run_id"]
     assert enqueued == [
         {
             "project_id": project["id"],
             "guide_id": guide["id"],
             "source_snapshot_id": snapshot["id"],
             "setup_run_id": enqueued[0]["setup_run_id"],
         }
     ]
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/tests/test_projects.py` around lines 760 - 767, The assertion in the
test for the enqueued setup job is tautological because `setup_run_id` is
compared against itself inside the `enqueued` payload, so it never verifies that
a real value was captured. Update the test around the `enqueued` assertion to
first assert truthiness of `enqueued[0]["setup_run_id"]`, then compare the
remaining fields in the payload, following the same pattern used by the
guide-autostart test. Use the `enqueued` list and its first item consistently to
locate the check.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/roadmap_status.md`:
- Line 66: Update the roadmap status entry to match the completed state of
WS-POL-001-12 instead of leaving it marked as in implementation. In the markdown
status document, adjust the line describing the Chunk 12 project setup-run and
project policy visibility APIs so it reflects that the work is
completed/reviewed, and make sure to run the stale wording scan across the
markdown files to catch any similar outdated status phrasing. Use the existing
roadmap section and the Chunk 12 entry as the primary place to update.
- Line 87: The phrase in the roadmap status description is awkward and should be
rewritten for clarity. Update the sentence containing “exercises project setup
visibility plus:” to use clearer wording, such as replacing it with “exercises
project setup visibility and the following flow:” so the description reads
naturally and consistently with the rest of the document.

---

Outside diff comments:
In `@backend/tests/test_projects.py`:
- Around line 760-767: The assertion in the test for the enqueued setup job is
tautological because `setup_run_id` is compared against itself inside the
`enqueued` payload, so it never verifies that a real value was captured. Update
the test around the `enqueued` assertion to first assert truthiness of
`enqueued[0]["setup_run_id"]`, then compare the remaining fields in the payload,
following the same pattern used by the guide-autostart test. Use the `enqueued`
list and its first item consistently to locate the check.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: c0309ac8-d371-4fe1-b33e-b77f7f6042af

📥 Commits

Reviewing files that changed from the base of the PR and between 3c314c5 and 85b08a1.

📒 Files selected for processing (28)
  • .agent-loop/LOOP_STATE.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DECISIONS.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DISCOVERY.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/PLAN.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/RISKS.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-12-project-setup-policy-visibility-apis.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-13-task-context-submission-requirements-apis.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-14-submission-finalize-no-db-drill.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-12-internal-review-evidence.md
  • .agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-12-pr-trust-bundle.md
  • backend/alembic/versions/0013_project_setup_runs.py
  • backend/app/db/models.py
  • backend/app/modules/projects/models.py
  • backend/app/modules/projects/repository.py
  • backend/app/modules/projects/router.py
  • backend/app/modules/projects/schemas.py
  • backend/app/modules/projects/service.py
  • backend/app/modules/projects/setup_queue.py
  • backend/app/workers/project_setup.py
  • backend/scripts/api_contract_e2e.py
  • backend/tests/test_projects.py
  • docs/architecture_data_model.md
  • docs/architecture_system_architecture.md
  • docs/glossary.md
  • docs/operations_project_operating_manual.md
  • docs/roadmap_status.md

Comment thread docs/roadmap_status.md Outdated
Comment thread docs/roadmap_status.md Outdated
```

The script runs migrations forward and exercises:
The script runs migrations forward and exercises project setup visibility plus:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Awkward phrasing: "exercises project setup visibility plus:".

Consider rewording for clarity, e.g. "exercises project setup visibility and the following flow:".

✏️ Proposed fix
-The script runs migrations forward and exercises project setup visibility plus:
+The script runs migrations forward and exercises project setup visibility and the following flow:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
The script runs migrations forward and exercises project setup visibility plus:
The script runs migrations forward and exercises project setup visibility and the following flow:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/roadmap_status.md` at line 87, The phrase in the roadmap status
description is awkward and should be rewritten for clarity. Update the sentence
containing “exercises project setup visibility plus:” to use clearer wording,
such as replacing it with “exercises project setup visibility and the following
flow:” so the description reads naturally and consistently with the rest of the
document.

@Abiorh001

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@Abiorh001 Abiorh001 merged commit 46e74de into main Jul 7, 2026
3 checks passed
@Abiorh001 Abiorh001 deleted the codex/ws-pol-001-12-project-setup-policy-visibility branch July 7, 2026 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants