Mark loop bootstrap merged and guard main memory

[Abiorh001]

Chunk

WS-ENG-001-01 post-merge loop-memory hardening.

Goal

Make the Codex engineering loop state on main reflect that PR #23 is merged, and add a main-branch guard so stale pre-merge loop memory does not remain after future merges.

Intent

This is engineering-loop infrastructure around Workstream. It is not Workstream product/runtime functionality and does not change backend APIs, auth, task lifecycle behavior, database schema, or frontend product UI.

Design

• Mark loop memory as post-merge: no active chunk, PR Bootstrap Codex zero-trust engineering loop #23 completed, current gate inactive.
• Add scripts/check_loop_memory_state.py to reject stale pre-merge phrases in loop memory on main.
• Add .github/workflows/loop-memory.yml to run the guard on pushes to main and manual dispatch.
• Add fixture-based regression tests in scripts/test_agent_gates.py so PR pre-merge state is not blocked by the main-only guard.
• Keep internal sub-agent evidence in *-internal-review-evidence.md; external CodeRabbit/GitHub feedback remains separate.

Validation

• python3 scripts/check_internal_review_evidence.py
• python3 scripts/check_loop_memory_state.py
• python3 scripts/test_agent_gates.py
• python3 scripts/check_markdown_links.py
• python3 scripts/check_stale_workstream_wording.py
• python3 -m py_compile scripts/check_loop_memory_state.py scripts/test_agent_gates.py
• git diff --check

Review Evidence

Internal evidence: .agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-post-merge-loop-memory-internal-review-evidence.md

Required internal reviewer tracks ran and were closed: senior engineering, QA/test, security/auth, product/ops, architecture, docs, CI integrity, reuse/dedup, and test delta.

Current Status

• CodeRabbit: passing after latest inline comments were addressed.
• GitHub checks: passing on latest push.
• Merge ownership: user-owned; this PR must not be merged by the agent.

Notes

/home/abiorh/flow/workstream is a separate dirty worktree on codex/submission-artifact-policy-docs. Those checker/revision testing changes are unrelated to this PR and were not modified here.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates four .agent-loop Markdown files to reflect PR #23 being merged into main. Simultaneously introduces scripts/check_loop_memory_state.py, a validator that scans those files for forbidden pre-merge markers, a GitHub Actions workflow (loop-memory.yml) that runs the validator on main pushes, regression tests in scripts/test_agent_gates.py, and internal review evidence documentation.

Changes

Loop Memory Validator and Post-Merge State Update

Layer / File(s)	Summary
Agent loop memory files updated to merged state .agent-loop/LOOP_STATE.md, .agent-loop/REVIEW_LOG.md, .agent-loop/WORK_QUEUE.md, .agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/STATUS.md	All four loop-memory files are updated to reflect that PR #23 was merged into main on 2026-06-20: active chunk cleared, branch set to main, merge commit and reviewed code SHA recorded, pre-merge checkpoint language removed, and next-event instructions updated to require a new chunk contract before resuming.
Loop memory validator script scripts/check_loop_memory_state.py	New script that builds a list of paths from a static set of checked files plus dynamically discovered initiative STATUS.md files, compiles forbidden pre-merge regex patterns, iterates all paths (failing on missing files or pattern matches), and exits with 0 on success or 1 with a stderr error report on failure.
CI workflow and regression tests .github/workflows/loop-memory.yml, scripts/test_agent_gates.py	loop-memory.yml adds a GitHub Actions job running check_loop_memory_state.py on main pushes and manual dispatch with read-only permissions. Two new tests in test_agent_gates.py exercise the checker with temp fixtures—one asserting failure on pre-merge language, one asserting success on merged language—and are registered in the agent-gates test runner.
Internal review evidence .agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-post-merge-loop-memory-internal-review-evidence.md	Evidence document records the reviewed revision metadata, reviewer results across all change areas (loop memory files, workflow, tests, evidence file itself), list of valid findings addressed, exact verification commands run (loop-memory state checks, gate tests, markdown validation, Python compilation, git checks), and remaining risks note about unrelated dirty local directory state.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Flow-Research/workstream#23: The main PR extends the #23 bootstrap loop by adding the loop-memory checker workflow/script and tests that validate WS-ENG-001's .agent-loop/* state/docs (e.g., LOOP_STATE.md, REVIEW_LOG.md, WORK_QUEUE.md, initiative STATUS.md) after PR #23 is merged, so it directly builds on the #23 content.

Poem

🐇 Hop hop, the merge is done,
No pre-merge ghosts left to shun!
A script now guards the main branch gate,
Forbidden patterns met with fate.
The memory files all freshly say:
"PR #23 merged today!" 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and clearly reflects the main changes: marking the loop bootstrap as merged and adding a CI guard for main branch memory state.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	PR description covers all required sections with sufficient detail: chunk, goal, intent, design, validation, review evidence, and current status are provided.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/post-merge-loop-state

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

scripts/test_agent_gates.py (1)

687-754: ⚡ Quick win

Add a regression for missing initiative STATUS.md

Please add a fixture test where .agent-loop/initiatives/<name>/ exists but STATUS.md is absent, and assert checker.main() == 1. This prevents silent contract drift in the loop-memory guard.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/test_agent_gates.py` around lines 687 - 754, Add a new test function
following the same pattern as test_loop_memory_state_rejects_pre_merge_status
and test_loop_memory_state_accepts_merged_fixture that validates the checker
correctly handles the case where the initiatives directory exists but the
STATUS.md file is missing. Create the .agent-loop/initiatives/example directory
structure and write the necessary state files (LOOP_STATE.md, WORK_QUEUE.md,
REVIEW_LOG.md) similar to the existing tests, but deliberately omit creating the
STATUS.md file in the initiatives/example subdirectory. Configure
checker.INITIATIVE_STATUS_FILES to point to this missing file, call
checker.main(), and assert it returns 1 to verify the checker properly detects
and rejects this missing file condition, then restore the original checker state
in the finally block.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/check_loop_memory_state.py`:
- Around line 16-19: The INITIATIVE_STATUS_FILES variable uses a glob pattern to
only capture existing STATUS.md files, which silently skips any initiative
folders that are missing the required STATUS.md file. To fix this, detect
initiative folders in the .agent-loop/initiatives directory and explicitly
verify that each folder contains a STATUS.md file, raising an error or failing
validation if any are missing. Apply this same validation pattern to all similar
glob operations in the file that are mentioned in the related sections (lines
49-53 and 59-67) to ensure complete contract enforcement across all loop-memory
integrity checks.

---

Nitpick comments:
In `@scripts/test_agent_gates.py`:
- Around line 687-754: Add a new test function following the same pattern as
test_loop_memory_state_rejects_pre_merge_status and
test_loop_memory_state_accepts_merged_fixture that validates the checker
correctly handles the case where the initiatives directory exists but the
STATUS.md file is missing. Create the .agent-loop/initiatives/example directory
structure and write the necessary state files (LOOP_STATE.md, WORK_QUEUE.md,
REVIEW_LOG.md) similar to the existing tests, but deliberately omit creating the
STATUS.md file in the initiatives/example subdirectory. Configure
checker.INITIATIVE_STATUS_FILES to point to this missing file, call
checker.main(), and assert it returns 1 to verify the checker properly detects
and rejects this missing file condition, then restore the original checker state
in the finally block.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 06157862-1da5-49f3-b688-12f341c5acc4

📥 Commits

Reviewing files that changed from the base of the PR and between b9fe19b and 2c8ba57.

📒 Files selected for processing (7)

• .agent-loop/LOOP_STATE.md
• .agent-loop/REVIEW_LOG.md
• .agent-loop/WORK_QUEUE.md
• .agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/STATUS.md
• .github/workflows/loop-memory.yml
• scripts/check_loop_memory_state.py
• scripts/test_agent_gates.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Detect missing initiative STATUS.md files explicitly

Line 16–19 only captures existing */STATUS.md files, so an initiative folder missing STATUS.md is silently skipped and never fails validation. That leaves a contract hole in loop-memory integrity checks.

Proposed fix

-INITIATIVE_STATUS_FILES = tuple(
-    str(path.relative_to(ROOT))
-    for path in (ROOT / ".agent-loop/initiatives").glob("*/STATUS.md")
-)
+INITIATIVE_DIR = ROOT / ".agent-loop/initiatives"
+
+def initiative_status_paths() -> tuple[Path, ...]:
+    """Return expected STATUS.md paths for each initiative directory."""
+    if not INITIATIVE_DIR.exists():
+        return ()
+    return tuple(path / "STATUS.md" for path in INITIATIVE_DIR.iterdir() if path.is_dir())
@@
 def checked_paths() -> list[Path]:
     """Return loop memory paths that must not contain pre-merge state."""
     paths = [ROOT / path for path in CHECKED_FILES]
-    paths.extend(ROOT / path for path in INITIATIVE_STATUS_FILES)
+    paths.extend(initiative_status_paths())
     return paths

Also applies to: 49-53, 59-67

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check_loop_memory_state.py` around lines 16 - 19, The
INITIATIVE_STATUS_FILES variable uses a glob pattern to only capture existing
STATUS.md files, which silently skips any initiative folders that are missing
the required STATUS.md file. To fix this, detect initiative folders in the
.agent-loop/initiatives directory and explicitly verify that each folder
contains a STATUS.md file, raising an error or failing validation if any are
missing. Apply this same validation pattern to all similar glob operations in
the file that are mentioned in the related sections (lines 49-53 and 59-67) to
ensure complete contract enforcement across all loop-memory integrity checks.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
@.agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-post-merge-loop-memory-internal-review-evidence.md:
- Line 19: The statement on line 19 is ambiguous about what changed after the
reviewed SHA. Reword the sentence to clearly specify whether it means: (a) no
other files were modified after the review was completed, (b) this is the only
new evidence artifact created post-review despite other files being in the PR
scope, or (c) something related to the chronological review sequence. Make the
intent explicit and specific so readers understand exactly what the statement is
documenting about the scope and timeline of changes, rather than leaving room
for misinterpretation about which files were or were not modified.
- Line 39: The markdown file at line 39 references the workflow file path, and
the capitalization should be verified to match the actual file in the
repository. Ensure the filepath reference `.github/workflows/loop-memory.yml`
uses the correct casing—specifically that `.github/` (the reserved GitHub
directory) is in the exact casing as it exists in your repository, and the
complete path matches the actual file location where the loop-memory workflow is
stored.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 05f08728-4356-4a60-9ae3-5d82928cf249

📥 Commits

Reviewing files that changed from the base of the PR and between 2c8ba57 and b551de5.

📒 Files selected for processing (2)

• .agent-loop/WORK_QUEUE.md
• .agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-post-merge-loop-memory-internal-review-evidence.md

✅ Files skipped from review due to trivial changes (1)

• .agent-loop/WORK_QUEUE.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix GitHub capitalization.

Line 39 uses lowercase "github" in the context of workflow files. The official product name is "GitHub" (capital G and H).

📝 Proposed fix

- Missing main enforcement: added `.github/workflows/loop-memory.yml` so merged lo...
+ Missing main enforcement: added `.github/workflows/loop-memory.yml` so merged lo...

Actually, looking at the full line, the error is in the word "github" within the filename. Since .github/ is a reserved directory name in GitHub repositories (case-sensitive), it should be capitalized as .github/. The actual fix needed depends on context—if this is quoting a filename, verify the filename matches the actual file casing in the repository.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~39-~39: The official name of this software platform is spelled with a capital “H”.
Context: ...rged. - Missing main enforcement: added .github/workflows/loop-memory.yml so merged lo...

(GITHUB)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
@.agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-post-merge-loop-memory-internal-review-evidence.md
at line 39, The markdown file at line 39 references the workflow file path, and
the capitalization should be verified to match the actual file in the
repository. Ensure the filepath reference `.github/workflows/loop-memory.yml`
uses the correct casing—specifically that `.github/` (the reserved GitHub
directory) is in the exact casing as it exists in your repository, and the
complete path matches the actual file location where the loop-memory workflow is
stored.

Source: Linters/SAST tools