Expose task context and submission requirement APIs#77
Conversation
📝 WalkthroughWalkthroughThis PR adds worker-safe task work-context and submission-requirements endpoints, an operator-only locked-context endpoint, locked-context validation and redaction in task service logic, expanded tests and API contract checks, and matching process-tracking and documentation updates. ChangesTask Context APIs
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant Worker
participant TaskRouter
participant TaskService
participant Database
Worker->>TaskRouter: GET /tasks/{task_id}/work-context
TaskRouter->>TaskService: get_task_work_context(actor, task_id)
TaskService->>Database: load task and locked-context rows
TaskService->>TaskService: validate locked context
TaskService-->>TaskRouter: TaskWorkContextResponse
TaskRouter-->>Worker: 200 response
Possibly related issues
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
backend/tests/test_tasks.py (1)
1446-1457: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winReading
pre_submit_policy.compiled_bundleafterdelete()+flush()is fragile.The instance is deleted and flushed at Lines 1446-1447, then its
compiled_bundleis dereferenced at Line 1455. This only works because the column is already cached in the instance state; any attribute expiry/refresh on a deleted row raisesObjectDeletedError. Capture the bundle before deleting to avoid relying on that.♻️ Capture the bundle before deletion
compiler_version = pre_submit_policy.compiler_version + original_compiled_bundle = dict(pre_submit_policy.compiled_bundle) await session.delete(pre_submit_policy) await session.flush() malformed_policy = { **effective_policy.effective_policy, "schema_version": ["not", "a", "string"], } malformed_policy_hash = canonical_json_hash(malformed_policy) malformed_bundle = { - **pre_submit_policy.compiled_bundle, + **original_compiled_bundle, "effective_policy_hash": malformed_policy_hash, }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/tests/test_tasks.py` around lines 1446 - 1457, Capture pre_submit_policy.compiled_bundle before calling session.delete() and session.flush() in the test that builds malformed_bundle, then use that saved bundle when constructing malformed_bundle. This avoids dereferencing a deleted ORM instance after flush and keeps the test from depending on cached state; locate the fix around the pre_submit_policy, malformed_policy, and malformed_bundle setup.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@backend/tests/test_tasks.py`:
- Around line 1446-1457: Capture pre_submit_policy.compiled_bundle before
calling session.delete() and session.flush() in the test that builds
malformed_bundle, then use that saved bundle when constructing malformed_bundle.
This avoids dereferencing a deleted ORM instance after flush and keeps the test
from depending on cached state; locate the fix around the pre_submit_policy,
malformed_policy, and malformed_bundle setup.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 7f9e897a-4e62-492f-922c-083065dcea2a
📒 Files selected for processing (14)
.agent-loop/LOOP_STATE.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-13-internal-review-evidence.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-13-pr-trust-bundle.mdbackend/app/modules/tasks/router.pybackend/app/modules/tasks/schemas.pybackend/app/modules/tasks/service.pybackend/scripts/api_contract_e2e.pybackend/tests/test_tasks.pydocs/architecture_data_model.mddocs/architecture_system_architecture.mddocs/glossary.mddocs/operations_project_operating_manual.mddocs/roadmap_status.md
PR Trust Bundle: WS-POL-001-13
Chunk
WS-POL-001-13- Task context and submission requirement APIs.Goal
Expose task context and submission requirements through authorized HTTP APIs so
workers and operators no longer need to infer locked requirements from failures
or inspect Postgres during the next live drill.
Human-approved intent
Chunk contract:
.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-13-task-context-submission-requirements-apis.mdThe user approved exposing worker-safe task context, exact submission
requirements, and operator-only locked provenance APIs before rerunning the
Terminal Benchmark drill.
What changed
Implemented APIs 8-10 only:
GET /api/v1/tasks/{task_id}/work-contextGET /api/v1/tasks/{task_id}/submission-requirementsGET /api/v1/tasks/{task_id}/locked-contextThe implementation also redacts existing worker-visible task reads so
GET /tasks/{task_id}cannot bypass the worker-safe projection.Why it changed
The Terminal Benchmark drill showed that setup and task policy state was still
too dependent on direct database inspection. This chunk exposes the
already-locked task context through authorized APIs while preserving the rule
that runtime uses stamped policy references, not recomputed current project
state.
Design chosen
Task context APIs read the task's already-stamped locked context. They do not
recompute from the current active guide or current project policy.
Worker-facing APIs return:
package_hashOperator-only
locked-contextreturns full locked provenance foradminandproject_manager.Authorization:
work-context: existing task visibility foradmin,project_manager, oreligible/assigned worker.
submission-requirements: existing task visibility foradmin,project_manager, or eligible/assigned worker.locked-context:adminorproject_manageronly.roles remain the route gate.
Alternatives rejected
rejected because tasks must expose the stamped context they already locked.
internals to workers: rejected because worker-facing APIs should show what
must be submitted, not checker authority.
next drill must prove the public/operator API surface.
Scope control
Allowed files changed
backend/app/modules/tasks/router.pybackend/app/modules/tasks/schemas.pybackend/app/modules/tasks/service.pybackend/scripts/api_contract_e2e.pybackend/tests/test_tasks.pydocs/architecture_data_model.mddocs/architecture_system_architecture.mddocs/glossary.mddocs/operations_project_operating_manual.mddocs/roadmap_status.md.agent-loop/LOOP_STATE.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-13-internal-review-evidence.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-13-external-review-response.md.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-13-pr-trust-bundle.mdFiles outside scope
None.
Product Behavior
Workers and operators can now inspect task context and submission requirements
through authorized APIs. Worker responses are intentionally redacted. Operators
with
adminorproject_managercan inspect full locked provenance.Acceptance criteria proof
Evidence:
test_task_context_apis_return_worker_requirements_and_operator_provenance.storage, packaging, hash, and attestation requirements.
Evidence:
test_task_context_apis_return_worker_requirements_and_operator_provenanceand
scripts/api_contract_e2e.py.adminandproject_manager.Evidence:
test_task_context_apis_return_worker_requirements_and_operator_provenance.Evidence:
test_submission_requirements_fail_closed_on_hash_consistent_malformed_policy_shape.Evidence:
test_worker_task_response_redacts_locked_policy_hashes.Tests/checks run
Result summary:
Test delta
Tests added
requirements.
Tests modified
test_submission_requirements_fail_closed_on_hash_consistent_malformed_policy_shapeafter CodeRabbit review to capture the compiled bundle before deleting the
ORM row.
Tests removed/skipped
None.
CI integrity
External review
External review response file:
.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-13-external-review-response.mdReviewer results
Reviewed implementation SHA:
f533f1a572a38d4e8ecd34ff6316885c6c6b1016Reviewed at: 2026-07-08T02:09:55Z
Reviewer run IDs:
019f3f6d-441f-7340-9bcc-ef92155d956d019f3f6d-4986-7612-a7a7-9457a2182d0b019f3f6d-4fea-7890-a372-a261d2482b91019f3f6d-5758-79d3-a7d4-3d58933064da019f3f6d-6062-7590-8358-3bc0766e935d019f3f6d-685a-7300-82ab-966c3c034976All sub-agent sessions were closed before final reporting.
Remaining risks
values, hashes, source refs, bundles, or configs.
SubmissionCreateand should be keptin sync until a shared schema-derived helper is extracted.
WS-POL-001-14.Follow-up work
WS-POL-001-14: replace public submission lock wording with finalize,define system actor audit semantics, and rerun the Terminal Benchmark proof
without DB inspection.
fields if another caller needs the same constants.
Human review focus
Please inspect:
exposing internal checker authority.
GET /tasks/{task_id}redaction is acceptable for workers.locked-contextexposes the right operator provenance and remainsrestricted to
adminandproject_manager.task_locked_context_invalidis the right public error code formissing/stale/malformed task locked context.
Human ownership