Skip to content

GitHub Issue Bridge Access (Owner-Only Approval)

Ticket #146 : GitHub Issue Bridge Implementation
Type: Automation / Process Improvement
Affected Component: src/github_issue_automation.py, scripts/manage_github_issue.py, scripts/create_github_issue.py, logs/github_issue_audit.jsonl, logs/github_issue_bridge_state.json

Context

Deliver an internal workflow allowing the AI agent to read, propose, and execute GitHub issue actions with mandatory owner-only approval.

Technical Decisions

  • Access scope strictly bound to owner/repo.
  • Proposal lifecycle: pending -> approved/rejected -> executed.
  • Write validation restricted to repository owner.
  • Allowed business statuses: Backlog, Todo, In Progress, Done, Closed, Reopened.
  • Operation and decision audit trail in logs/github_issue_audit.jsonl.
  • Local grant/proposal state in logs/github_issue_bridge_state.json.

Implemented Deliverables

  • src/github_issue_automation.py
  • Access grants and scope validation.
  • Proposal workflow with owner-only approval.
  • Parent/sub-issue reading (explicit links only).
  • Create/update execution after approval.
  • Audit event and validation decision emission.
  • scripts/manage_github_issue.py
  • Commands: grant, status, read, create, update, approve, reject, revoke, narrow.
  • scripts/create_github_issue.py
  • Added proposal/approval mode while keeping direct mode backward-compatible.

Manual Validation (initial pass)

  • [x] Python syntax validation for scripts/modules (module import + CLI parser)
  • [x] README + chapter1 FR/EN documentation review
  • [x] Live end-to-end validation on the real GitHub repository with owner token

Final Operational Validation (2026-04-01)

  • Validated repository: jngoufo/qa-automated-pipeline
  • Owner token loaded via GH_TOKEN
  • Fixes applied during live validation:
  • made CLI JSON output Windows-safe with ASCII-safe serialization
  • corrected #123 reference parsing for sub-issue resolution
  • corrected business-status readback for Backlog, Todo, In Progress, Done, Closed, and Reopened

Measured Results

Criterion Sample Result Evidence
SC-002 1/1 100% in 1.422 s for parent read logs/t051/20260401-124100-sc002-read-parent-success.json
SC-003 1/1 100% in 2.255 s for parent #160 + child #159 in a single response logs/t051/20260401-124100-sc003-read-parent-subissues-success.json
SC-004 1/1 100% in 1.802 s for approved creation of issue #161 logs/t051/20260401-124100-sc004-create-proposal.json, logs/t051/20260401-124100-sc004-create-approved.json
SC-005 1/1 100% in 2.119 s for approved update of issue #161 logs/t051/20260401-124100-sc005-update-proposal.json, logs/t051/20260401-124100-sc005-update-approved.json
SC-009 1/1 100% with read + create blocked in 1.359 s after revocation logs/t051/20260401-124100-sc009-revoke.json, logs/t051/20260401-124100-sc009-read-after-revoke.json, logs/t051/20260401-124100-sc009-create-after-revoke.json

Additional T054 Checks

  • Unapproved proposal remains pending and unexecuted: logs/t051/20260401-124301-t054-create-proposal-pending.json
  • Non-owner approval denied with APPROVER_NOT_OWNER: logs/t051/20260401-124301-t054-non-owner-approval-denied.json
  • Full six-status transition cycle executed successfully on issue #162
  • Final readback of issue #162: status Reopened
  • Audit trail confirmed in logs/github_issue_audit.jsonl

Residual Risks

  • The measured sample remains limited to one live run per quantified criterion; a broader operator sample would improve statistical confidence.

Conclusion

The owner-only workflow is validated on the target repository under real conditions, with timestamped evidence for parent reads, parent-plus-child reads, approved create/update execution, and immediate blocking after revocation.