fix(deploy): terminal-window-aware guard so done tasks hold Done in Plane (ORCH-094)

A DB stage=done task with 0 active jobs flapped in Plane between `Awaiting Deploy` and `Monitoring after Deploy` instead of holding `Done` (verified live on ORCH-061, task 47): the three deploy-phase setters were terminal-blind, so any stale/duplicate/unknown caller under the bot token re-stamped an intermediate status over the terminal Done, forever. - New leaf src/deploy_status_guard.py (pure, never-raise, config-gated): decide() -> ALLOW | CONVERGE_DONE | SUPPRESS on the entry of set_issue_awaiting_deploy / set_issue_deploying / set_issue_monitoring. A deploy-phase status is legitimate iff the task is non-terminal OR (done AND post-deploy window active); otherwise done converges to Done idempotently, cancelled is suppressed (FR-2, D1/D2). - D3: move post_deploy.arm_monitor ABOVE the terminal-sync block in advance_stage so window_active is True when the legitimate first Monitoring is set (the task is already DB-done by then); a re-drive after the window closes converges to Done. - D4: run_post_deploy_monitor no-ops without a status PATCH / re-queue when the task became cancelled mid-window (zombie-tick guard, FR-3). - D5: additive `reason` kwarg on the three setters + one structured log line per verdict (work_item/caller/target/db_stage/window_active/verdict); new read-only db.get_task_by_work_item_id; post_deploy.window_active helper. - Flags deploy_status_guard_enabled (kill-switch -> 1:1) / deploy_status_guard_repos (CSV; empty = self-hosting only). STAGE_TRANSITIONS / QG_CHECKS / check_* / machine-verdict keys / DB schema untouched (reads existing tasks.stage). Tests: TC-01..TC-12 across 5 new test modules + config flags; updated the reason-kwarg assertions in test_deploy_terminal_sync / test_deploy_approve. Full regress green (1413). Docs: CHANGELOG, CLAUDE.md, docs/architecture/README.md (status -> реализовано), .env.example. Refs: ORCH-094 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-09 23:31:30 +03:00
parent db4dd275e4
commit a46dcbcab3
18 changed files with 1088 additions and 25 deletions
--- a/tests/test_config.py
+++ b/tests/test_config.py
@@ -292,3 +292,30 @@ def test_merge_retry_settings_env_override(monkeypatch):
    assert s.merge_retry_max_attempts == 5
    assert s.merge_retry_backoff_base_s == 1
    assert s.merge_retry_backoff_max_s == 8
+
+
+# ---------------------------------------------------------------------------
+# ORCH-094: deploy_status_guard_* settings defaults + env override.
+# ---------------------------------------------------------------------------
+_DEPLOY_GUARD_ENV = (
+    "ORCH_DEPLOY_STATUS_GUARD_ENABLED",
+    "ORCH_DEPLOY_STATUS_GUARD_REPOS",
+)
+
+
+def test_deploy_status_guard_settings_defaults(monkeypatch):
+    """Documented defaults: enabled True, repos empty (self-hosting only)."""
+    for name in _DEPLOY_GUARD_ENV:
+        monkeypatch.delenv(name, raising=False)
+    s = Settings()
+    assert s.deploy_status_guard_enabled is True
+    assert s.deploy_status_guard_repos == ""
+
+
+def test_deploy_status_guard_settings_env_override(monkeypatch):
+    """Each field is read from its ORCH_DEPLOY_STATUS_GUARD_* env var."""
+    monkeypatch.setenv("ORCH_DEPLOY_STATUS_GUARD_ENABLED", "false")
+    monkeypatch.setenv("ORCH_DEPLOY_STATUS_GUARD_REPOS", "orchestrator,enduro-trails")
+    s = Settings()
+    assert s.deploy_status_guard_enabled is False
+    assert s.deploy_status_guard_repos == "orchestrator,enduro-trails"