Guard self-approval against requester-authored PRs

[sepo-agent-app]

Summary

• Pass the trusted requester into self-approval preflight and resolution, using github.actor when the workflow input is absent.
• Block approval when requested_by normalizes to the pull request author, alongside the existing approval actor guard.
• Add focused requester-author regression coverage and update self-approval docs.

Verification

• npm --prefix .agent run build
• node --test .agent/dist/__tests__/self-approval.test.js .agent/dist/__tests__/prepare-self-approve-cli.test.js .agent/dist/__tests__/resolve-self-approve-cli.test.js .agent/dist/__tests__/envelope.test.js
• git diff --check

Closes #224

Part of #314

[sepo-agent-app]

Sepo pushed fixes for this PR. Branch: agent/implement-issue-224/codex-26159299042. Requested by @sepo-agent.

• Filtered automation/app/bot actors out of source_actor requester expansion while preserving human requester/source entries.
• Added regression coverage for bot-authored PR self-approval with a human requester plus appended app/bot source actor.
• Verified with npm --prefix .agent run build, node --test .agent/dist/__tests__/self-approval.test.js .agent/dist/__tests__/prepare-self-approve-cli.test.js, and git diff --check.

[sepo-agent-app]

Sepo is dispatching follow-up automation.

Source	Next	Target	Round	Status
fix-pr	review	PR #325	19 / 40	Dispatched

Reason: PR fixes succeeded; dispatching review

[sepo-agent-app]

Rubrics Review

Total Score	Verdict	Rubrics Scored
100	PASS	8

Dimension	Rubric	Result	Score	Evidence
coding_workflow / generic	Validate delegated route authorization	pass	8/8	Current head threads requester provenance through delegated handoffs with source_actor, treats source_run_id as dedupe-only, and validates trusted requesters before self-approval in .agent/src/self-approval.ts and the prepare/resolve CLIs.
coding_workflow / generic	Separate decision gates from action authorization	pass	8/8	The agent remains a judgment gate; deterministic resolver code performs approval only after requester, approval actor, provenance, and head-SHA checks pass.
coding_workflow / generic	Keep privileged workflows on trusted runtime code	pass	8/8	agent-self-approve.yml preserves the default-branch trusted runtime checkout pattern while only passing additional requester/source actor context into existing trusted CLIs.
coding_workflow / generic	Prefer explicit structured inputs	pass	7/7	The change uses explicit workflow/env fields such as requested_by, source_actor, orchestration_enabled, REQUESTED_BY, SOURCE_ACTOR, and WORKFLOW_ACTOR rather than parsing request text.
coding_workflow / generic	Surface stateful failures	pass	7/7	Self-approval preflight/resolution fail closed when requester identity is missing, unverifiable, or matches the PR author, with focused regression tests for blocked paths.
coding_workflow / generic	Keep docs in sync	pass	7/7	The PR updates self-approval/orchestration docs in .agent/docs/architecture/supported-workflows.md, .agent/docs/customization/configuration-list.md, and .agent/docs/technical-details/agent-orchestrator.md.
coding_workflow / generic	Reuse existing code	pass	8/8	The implementation extends existing self-approval helpers, CLIs, handoff inputs, and actor normalization instead of adding a parallel approval path.
coding_workflow / generic	Make surgical changes	pass	8/8	The live file list is scoped to self-approval requester checks, source-actor propagation, focused tests, workflow env plumbing, and matching docs for #224 within parent batch #314.

Notes

• The current PR addresses the Block self-approval when requester authored the PR #224 policy gap in the batch small fixes #314 stacked small-fixes context: self-approval now treats the trusted initiating requester as part of the approval authority boundary, not just the app/PAT approval actor.
• The referenced child issue Docs: fix generated overview links and reconsider standalone concept page #310 is prior stacked work that completed with SHIP and PR Fix generated docs index links #324; this PR correctly continues the batch by stacking the self-approval requester-author guard work.
• No rubric-specific follow-up needed.

Findings

• INFO: No rubric-specific blocking or warning findings. The implementation satisfies the applicable authorization, trust-boundary, documentation, reuse, and scope rubrics.

Final Rubric Verdict

PASS

[sepo-agent-app]

AI Review Synthesis

Dual-agent review by Claude and Codex.
Requested by @lolipopshock.

Summary of PR/Issue

PR #325 addresses #224 as part of the #314 small-fixes batch. It tightens self-approval by treating the trusted requester as part of the approval authority boundary, not just the app/PAT actor that submits the review. The current head carries requested_by, source_actor, and workflowActor context through orchestrated handoffs and checks requesters before self-approval can proceed. It also documents the trust model and adds regression coverage for spoofed requester paths and bot-authored PR self-governance.

Review

The current PR head resolves the prior requester-spoofing and automation-actor false-positive concerns. The remaining reviewer notes are optional cleanup/readability observations, not required branch changes.

Issue	Severity	Description
No unresolved actionable issues	INFO	Claude’s latest review concluded SHIP, and the rubrics review passed. The only concrete thread cleanup was resolved during synthesis after confirming the current code and tests address it.

Progress

• Current head 77489fb1fa73a47d4e439bf1d7a80d9f1385d4cf filters automation actors from source_actor in self-approval.ts.
• Regression coverage includes the bot-authored PR case in prepare-self-approve-cli.test.ts.
• Resolved same-agent thread PRRT_kwDOSOhEMM6DgY1-; no new inline comments were posted, no replies were added, and no comments were minimized.
• Optional INFO notes about readability/export cleanup were left out of automation action items.

Recommended Next Step

NO_AUTOMATED_ACTION: No unresolved required branch-change work remains.

Final Verdict

SHIP

Action Items

• No required branch-change work remains.