task-close: Fix publish evidence GH auth [202605012054-HS993A]

.agentplane/policy/incidents.md

@@ -1,5 +1,4 @@
 # Policy Incidents Log
-
 - Append-only. Required fields: `id`, `date`, `scope`, `failure`, `rule`, `evidence`, `enforcement`, `state`; optional: `tags`, `match`, `advice`, `source_task`, `fixability`.
 - id: INC-20260422-02 | date: 2026-04-22 | scope: release-mode hook environment pollution | tags: ci, release, hooks | match: ci, release, hooks, pre-push, core.bare, git config, inherited, test, pollution | failure: A release-mode pre-push hook inherited test-modified git config (`core.bare=true`) and blocked local release verification until the repository config was manually restored. | advice: Isolate git config mutations in release/hook tests and make release-mode hook diagnostics identify polluted repository git config before treating the release payload as broken. | rule: Release and hook verification MUST distinguish polluted local git config from release payload failures. | evidence: task 202604221605-SQYRNQ; commit 45ba9c57f939 | enforcement: manual | fixability: repo-fixable | state: open
 - id: INC-20260428-01 | date: 2026-04-28 | scope: release and hosted-close verification evidence reconciliation | tags: branch-pr, release, hosted-close, verification | match: branch-pr, code, workflow, hosted, close, release, evidence, verification, pending, done | failure: Release evidence reconciliation is not fully fixed: `release-task-evidence apply` writes `verification.state=ok` for new evidence, but legacy `DONE` tasks with pending verification artifacts are widespread and need a migration-aware invariant. | advice: Add a scoped release/hosted evidence reconciliation check that applies only to new release tasks or provides an explicit baseline for legacy `DONE` plus pending artifacts. | rule: Release and hosted-close flows MUST NOT present newly closed tasks as `DONE` with pending verification when closure evidence exists. | evidence: task 202604281616-WG87DQ; commit c02ef92ed563 | enforcement: manual | fixability: repo-fixable | state: stabilized
@@ -10,3 +9,4 @@
 - id: INC-20260430-03 | date: 2026-04-30 | scope: Add an automated docs information-architecture guard that checks docs/index.mdx and website/sidebars.ts alignment, catches orphan current docs, and fails on markdown references to repository paths that no longer exist. | tags: code, docs-ia, tooling | match: code, docs-ia, tooling, add, automated, docs, information, architecture, guard, that, checks, index, mdx, and, website, sidebars | failure: Remote Docs CI failed before this fix on docs/developer/project-layout.mdx referencing packages/agentplane/dist/. That path is generated output, not a required tracked source path. | advice: Follow-up fix commit is 4ab6c548 with artifact refresh 5685436b. | rule: Analogous Add an automated docs information-architecture guard that checks docs/index.mdx and website/sidebars.ts alignment, catches orphan current docs, and fails on markdown references to repository paths that no longer exist. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202604301955-HKY8NW; commit 00031a6f3ac9 | enforcement: manual | fixability: external | state: open
 - id: INC-20260501-01 | date: 2026-05-01 | scope: Run final integrated verification for the refactor wave and record any residual gaps. | tags: code | match: code, run, final, integrated, verification, for, the, refactor, wave, and, record, any, residual, gaps, normalized, compiled | failure: ci:local:full passed after focused init/platform-critical regression checks; framework:dev:bootstrap, agentplane doctor, policy routing, and spec:examples smoke also passed. | advice: Normalized compiled init prompt asset output to one trailing newline and updated the direct-mode agent-template expectation to account for policy gateway rendering. | rule: Analogous Run final integrated verification for the refactor wave and record any residual gaps. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202605010645-3W3EXR; commit b48a260fa73d | enforcement: manual | fixability: external | state: open
 - id: INC-20260501-02 | date: 2026-05-01 | scope: Submit a GitHub PR adding AgentPlane to brandonhimpfen/awesome-ai-coding-agents as workflow infrastructure for AI coding agents after checking scope alignment, formatting, and category placement. | tags: docs | match: docs, submit, github, adding, agentplane, brandonhimpfen, awesome, coding, agents, workflow, infrastructure, for, after, checking, scope, alignment | failure: Added AgentPlane to brandonhimpfen/awesome-ai-coding-agents under Agent Infrastructure using repo-local AI coding-agent workflow wording. Opened https://github.com/brandonhimpfen/awesome-ai-coding-agents/pull/8 with --body-file and verified gh pr view body renders with Markdown line breaks. Ran git diff --check, python3 .github/scripts/awesome_list_lint.py, python3 .github/scripts/detect_duplicate_links.py, python3 check_readme_links.py README.md --timeout 8, node .agentplane/policy/check-routing.mjs, and agentplane doctor. | advice: Upstream PR is open. Target repo link checker confirmed the AgentPlane URL as 200 but exits non-zero because the pre-existing agentcoder/AgentCoder entry returns 404; this is disclosed in the PR body. | rule: Analogous Submit a GitHub PR adding AgentPlane to brandonhimpfen/awesome-ai-coding-agents as workflow infrastructure for AI coding agents after checking scope alignment, formatting, and category placement. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202605011518-PH7024; commit cb1fe303f97a | enforcement: manual | fixability: external | state: open
+- id: INC-20260501-03 | date: 2026-05-01 | scope: Make post-publish release evidence PR recovery authenticate gh so successful releases do not end as failed after publication. | tags: ci, release, workflow | match: ci, release, workflow, make, post, publish, evidence, recovery, authenticate, successful, releases, not, end, failed, after, publication | failure: Release evidence gh CLI steps now set GH_TOKEN from github.token. | advice: Added GH_TOKEN env to release evidence PR check/create/merge steps and contract coverage. | rule: Analogous Make post-publish release evidence PR recovery authenticate gh so successful releases do not end as failed after publication. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202605012054-HS993A; commit c329da9be70f | enforcement: manual | fixability: external | state: open

.agentplane/tasks/202605012054-HS993A/README.md

@@ -1,10 +1,11 @@
 ---
 id: "202605012054-HS993A"
 title: "Fix publish evidence GH auth"
-status: "DOING"
+result_summary: "Merged via PR #734."
+status: "DONE"
 priority: "high"
 owner: "CODER"
-revision: 5
+revision: 6
 origin:
   system: "manual"
 depends_on: []
@@ -23,11 +24,16 @@ verification:
   updated_at: "2026-05-01T20:55:55.110Z"
   updated_by: "CODER"
   note: "Passed publish workflow contract test, workflow command contract, lint, routing, diff check, and doctor."
-commit: null
+commit:
+  hash: "c329da9be70f46f70224d6117c44dce1c9f7f008"
+  message: "release: Authenticate publish evidence gh steps (HS993A)"
 comments:
   -
     author: "CODER"
     body: "Start: fix publish workflow release evidence gh authentication after successful publication."
+  -
+    author: "INTEGRATOR"
+    body: "Verified: PR #734 merged on GitHub main; hosted closure automation recorded canonical task artifacts."
 events:
   -
     type: "status"
@@ -42,9 +48,16 @@ events:
     author: "CODER"
     state: "ok"
     note: "Passed publish workflow contract test, workflow command contract, lint, routing, diff check, and doctor."
+  -
+    type: "status"
+    at: "2026-05-01T21:00:23.947Z"
+    author: "INTEGRATOR"
+    from: "DOING"
+    to: "DONE"
+    note: "Verified: PR #734 merged on GitHub main; hosted closure automation recorded canonical task artifacts."
 doc_version: 3
-doc_updated_at: "2026-05-01T20:55:55.146Z"
-doc_updated_by: "CODER"
+doc_updated_at: "2026-05-01T21:00:23.953Z"
+doc_updated_by: "INTEGRATOR"
 description: "Make post-publish release evidence PR recovery authenticate gh so successful releases do not end as failed after publication."
 sections:
   Summary: |-

.agentplane/tasks/202605012054-HS993A/pr/meta.json

@@ -1,13 +1,19 @@
 {
+  "artifact_state": "merged",
+  "artifact_state_updated_at": "2026-05-01T20:59:40Z",
   "base": "main",
   "branch": "task/202605012054-HS993A/publish-evidence-gh-token",
   "created_at": "2026-05-01T20:54:39.445Z",
-  "head_sha": "d76b638117e0acce830ef596a72dd74f169115c3",
+  "head_sha": "358b9daf09e2a3421cf27ea4416b9a33f270791f",
   "last_verified_at": "2026-05-01T20:55:55.110Z",
   "last_verified_sha": "62153d7eedd49b356e67aee92d713ad9b7b8485c",
+  "merge_commit": "c329da9be70f46f70224d6117c44dce1c9f7f008",
+  "merge_strategy": "merge",
+  "merged_at": "2026-05-01T20:59:40Z",
   "schema_version": 1,
+  "status": "MERGED",
   "task_id": "202605012054-HS993A",
-  "updated_at": "2026-05-01T20:56:01.665Z",
+  "updated_at": "2026-05-01T20:59:40Z",
   "verify": {
     "status": "pass"
   }

packages/agentplane/assets/policy/incidents.md

@@ -1,5 +1,4 @@
 # Policy Incidents Log
-
 - Append-only. Required fields: `id`, `date`, `scope`, `failure`, `rule`, `evidence`, `enforcement`, `state`; optional: `tags`, `match`, `advice`, `source_task`, `fixability`.
 - id: INC-20260422-02 | date: 2026-04-22 | scope: release-mode hook environment pollution | tags: ci, release, hooks | match: ci, release, hooks, pre-push, core.bare, git config, inherited, test, pollution | failure: A release-mode pre-push hook inherited test-modified git config (`core.bare=true`) and blocked local release verification until the repository config was manually restored. | advice: Isolate git config mutations in release/hook tests and make release-mode hook diagnostics identify polluted repository git config before treating the release payload as broken. | rule: Release and hook verification MUST distinguish polluted local git config from release payload failures. | evidence: task 202604221605-SQYRNQ; commit 45ba9c57f939 | enforcement: manual | fixability: repo-fixable | state: open
 - id: INC-20260428-01 | date: 2026-04-28 | scope: release and hosted-close verification evidence reconciliation | tags: branch-pr, release, hosted-close, verification | match: branch-pr, code, workflow, hosted, close, release, evidence, verification, pending, done | failure: Release evidence reconciliation is not fully fixed: `release-task-evidence apply` writes `verification.state=ok` for new evidence, but legacy `DONE` tasks with pending verification artifacts are widespread and need a migration-aware invariant. | advice: Add a scoped release/hosted evidence reconciliation check that applies only to new release tasks or provides an explicit baseline for legacy `DONE` plus pending artifacts. | rule: Release and hosted-close flows MUST NOT present newly closed tasks as `DONE` with pending verification when closure evidence exists. | evidence: task 202604281616-WG87DQ; commit c02ef92ed563 | enforcement: manual | fixability: repo-fixable | state: stabilized
@@ -10,3 +9,4 @@
 - id: INC-20260430-03 | date: 2026-04-30 | scope: Add an automated docs information-architecture guard that checks docs/index.mdx and website/sidebars.ts alignment, catches orphan current docs, and fails on markdown references to repository paths that no longer exist. | tags: code, docs-ia, tooling | match: code, docs-ia, tooling, add, automated, docs, information, architecture, guard, that, checks, index, mdx, and, website, sidebars | failure: Remote Docs CI failed before this fix on docs/developer/project-layout.mdx referencing packages/agentplane/dist/. That path is generated output, not a required tracked source path. | advice: Follow-up fix commit is 4ab6c548 with artifact refresh 5685436b. | rule: Analogous Add an automated docs information-architecture guard that checks docs/index.mdx and website/sidebars.ts alignment, catches orphan current docs, and fails on markdown references to repository paths that no longer exist. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202604301955-HKY8NW; commit 00031a6f3ac9 | enforcement: manual | fixability: external | state: open
 - id: INC-20260501-01 | date: 2026-05-01 | scope: Run final integrated verification for the refactor wave and record any residual gaps. | tags: code | match: code, run, final, integrated, verification, for, the, refactor, wave, and, record, any, residual, gaps, normalized, compiled | failure: ci:local:full passed after focused init/platform-critical regression checks; framework:dev:bootstrap, agentplane doctor, policy routing, and spec:examples smoke also passed. | advice: Normalized compiled init prompt asset output to one trailing newline and updated the direct-mode agent-template expectation to account for policy gateway rendering. | rule: Analogous Run final integrated verification for the refactor wave and record any residual gaps. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202605010645-3W3EXR; commit b48a260fa73d | enforcement: manual | fixability: external | state: open
 - id: INC-20260501-02 | date: 2026-05-01 | scope: Submit a GitHub PR adding AgentPlane to brandonhimpfen/awesome-ai-coding-agents as workflow infrastructure for AI coding agents after checking scope alignment, formatting, and category placement. | tags: docs | match: docs, submit, github, adding, agentplane, brandonhimpfen, awesome, coding, agents, workflow, infrastructure, for, after, checking, scope, alignment | failure: Added AgentPlane to brandonhimpfen/awesome-ai-coding-agents under Agent Infrastructure using repo-local AI coding-agent workflow wording. Opened https://github.com/brandonhimpfen/awesome-ai-coding-agents/pull/8 with --body-file and verified gh pr view body renders with Markdown line breaks. Ran git diff --check, python3 .github/scripts/awesome_list_lint.py, python3 .github/scripts/detect_duplicate_links.py, python3 check_readme_links.py README.md --timeout 8, node .agentplane/policy/check-routing.mjs, and agentplane doctor. | advice: Upstream PR is open. Target repo link checker confirmed the AgentPlane URL as 200 but exits non-zero because the pre-existing agentcoder/AgentCoder entry returns 404; this is disclosed in the PR body. | rule: Analogous Submit a GitHub PR adding AgentPlane to brandonhimpfen/awesome-ai-coding-agents as workflow infrastructure for AI coding agents after checking scope alignment, formatting, and category placement. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202605011518-PH7024; commit cb1fe303f97a | enforcement: manual | fixability: external | state: open
+- id: INC-20260501-03 | date: 2026-05-01 | scope: Make post-publish release evidence PR recovery authenticate gh so successful releases do not end as failed after publication. | tags: ci, release, workflow | match: ci, release, workflow, make, post, publish, evidence, recovery, authenticate, successful, releases, not, end, failed, after, publication | failure: Release evidence gh CLI steps now set GH_TOKEN from github.token. | advice: Added GH_TOKEN env to release evidence PR check/create/merge steps and contract coverage. | rule: Analogous Make post-publish release evidence PR recovery authenticate gh so successful releases do not end as failed after publication. work MUST review and apply the recorded external incident advice before retrying. | evidence: task 202605012054-HS993A; commit c329da9be70f | enforcement: manual | fixability: external | state: open