Skip to content
FractalOps

Agent PR Submission Pipeline

Agent PR Submission Pipeline

Section titled “Agent PR Submission Pipeline”

FractalOps treats PR submission as a template-scoped capability, not as a general agent privilege.

Contract

Section titled “Contract”
  • allowed_write_policy: report-only means the agent can report issues and evidence but cannot claim a branch or PR.
  • allowed_write_policy: agent-branch-pr-only means the agent may submit only through the assigned branch prefix and PR pipeline.
  • pr_submission_policy: selective-agent-pr keeps the pipeline fail-closed unless the agent id is listed in pr_submitter_agent_ids.
  • pr_submission_pipeline names the durable transport. Studio uses codexgate-github-app-pr; CodexGate repository policy uses github-app-draft-pr.

Gates

Section titled “Gates”
  • Studio templates publish the submitter list and per-agent pr_submission_allowed flag.
  • Studio session metadata mirrors the policy for the active agent.
  • HUD report ingestion rejects branch_name or pr_url unless the session grants PR submission.
  • CodexGate publication rejects publish=True unless the selected agent is allowed by the repository policy.

Default

Section titled “Default”

Ouroboros is report-only by default. forge is the only default Studio PR submitter. CodexGate allows crux-portal and sable-runtime; mira-evidence remains report-only.

Write Actor

Section titled “Write Actor”

The transport publishes as the CodexGate GitHub App (fractalops-codexgate[bot]), not a raw org PAT. AgentSquad PRs and issues are authored by the App installation:

  • App id 3249317, installation 120794317 on the yamonco org (all-repo).
  • CodexGateGitHubAppService._installation_token mints a real ghs_… installation token for git auth and the GitHub REST/GraphQL calls; repository_materialization already routes git auth through this path, so no app code changed when the App came online.
  • codexgate_github_bot_actor is fractalops-codexgate[bot] to match the real App slug.

The App was previously inert for two reasons that are now fixed: its creds (app_id / installation_id / private_key) were never provisioned, and a leftover FRACTALOPS_GITHUB_APP_TOKEN override env (the org PAT) won over App creds inside _installation_token (the method returns the override first). The override env was removed everywhere and the App creds are supplied from the k8s secret fractalops-codexgate-github-app (via envFrom on api/worker/studio-worker, and individual valueFrom on agent-server, which is the re-kick config builder).

The secret is provisioned manually today — the same pattern as the org-PAT fractalops-github-runtime secret. Migrating it to OpenBao + an ExternalSecret is a pending follow-up.