fix(merge-gate): SHA-in-main as sole merge-verify criterion + main regression guard

Root-cause fix for main erosion (phantom merge): code of ORCH-067/069 reached `done` while absent from origin/main (only their auto docs-PRs landed). - FR-1: verify_merged_to_main confirms merge ONLY by `git merge-base --is-ancestor <validated_sha> origin/main`; the OR-branch pr_already_merged is removed (a merged PR no longer confirms). Empty SHA / git error -> False. - FR-2: pr_already_merged demoted to merge_pr idempotency-guard; counts a PR only when merged & head.ref==<branch> & base.ref=="main" (explicit in-loop filter). - FR-3: merge_pr selects the open code-PR by head==<branch> AND base==main. - FR-5: new deterministic check_main_regression in _handle_merge_verify (after confirmed SHA-in-main, before done) verifies MAIN_REGRESSION_MARKERS still in origin/main; deterministic count==0 -> alert "main regressed" + HOLD (NOT done, no rollback); git error of the grep -> fail-open. Kill-switch ORCH_REGRESSION_GUARD_ENABLED; non-self -> no-op. - FR-4: root .gitattributes `CHANGELOG.md merge=union` so Unreleased edits auto-merge on rebase without conflict (branch not rolled back). Invariants unchanged (STAGE_TRANSITIONS, QG_CHECKS, deploy-status, merge-gate, image-freshness, DB schema, external HTTP API); non-self repos no-op (INV-5); never-raise (INV-1); merge only via Gitea PR-API (INV-2). Docs: CHANGELOG, .env.example (README/ADR updated by architect). Tests: tests/test_orch073_*.py (TC-01..18); existing merge-gate tests updated for the new code-PR filter. Refs: ORCH-073 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-08 16:21:48 +03:00
parent fa9b96545c
commit aff334e82b
17 changed files with 887 additions and 47 deletions
--- a/tests/test_merge_gate.py
+++ b/tests/test_merge_gate.py
@@ -315,10 +315,17 @@ class _FakeResp:


 def test_tc16_pr_already_merged_true(monkeypatch):
-    """A merged PR -> True so a re-driven/reaped task is a no-op (no second merge)."""
+    """A merged code-PR -> True so a re-driven/reaped task is a no-op (no second merge).
+
+    ORCH-073 FR-2: the guard now counts a PR only when it carries THIS branch's code
+    into main (merged & head.ref==branch & base.ref=="main").
+    """
    monkeypatch.setattr(
        httpx, "get",
-        lambda *a, **k: _FakeResp(200, [{"number": 7, "merged": True}]),
+        lambda *a, **k: _FakeResp(
+            200,
+            [{"number": 7, "merged": True, "head": {"ref": "feature/x"}, "base": {"ref": "main"}}],
+        ),
    )
    assert merge_gate.pr_already_merged("orchestrator", "feature/x") is True