Pin action-run list to page one #575

Open
opened 2026-07-15 09:16:01 +00:00 by coilyco-ops · 3 comments
Member

The generated Forgejo Actions run list leaf sends --limit without an explicit page. Forgejo can ignore that limit on /actions/runs unless page=1 is present, which let agent CI checks dump thousands of historical runs. Shadow action-run list with the same safe page-1 behavior as the Actions listing bridge and document the mounted safe surfaces.

The generated Forgejo Actions run list leaf sends --limit without an explicit page. Forgejo can ignore that limit on /actions/runs unless page=1 is present, which let agent CI checks dump thousands of historical runs. Shadow action-run list with the same safe page-1 behavior as the Actions listing bridge and document the mounted safe surfaces.
Author
Member

workflow: pull-request-and-merge
WARD-OUTCOME: done
PR: #576

Validation:

  • ward exec test -- tests/test_forgejo_actions_list_bridge.py
  • env FORGEJO_TOKEN=dummy ward exec test
  • ward exec pre-commit-all
workflow: pull-request-and-merge WARD-OUTCOME: done PR: https://forgejo.coilysiren.me/coilyco-flight-deck/agentic-os/pulls/576 Validation: - ward exec test -- tests/test_forgejo_actions_list_bridge.py - env FORGEJO_TOKEN=dummy ward exec test - ward exec pre-commit-all
Author
Member

WARDED_WORKFLOW: qa-done

qa details

verdict: pass
reviewed_sha:
reviewer_family: internal
workflow: pull-request-and-merge
issue_ref: coilyco-flight-deck/agentic-os#575
pr_ref:
reason: PR #576 at 9825a70ee2cbf1b6e0bdacadc2d4cb0fa251c7d2 appears to satisfy issue #575. The patch shadows ward ops forgejo action-run list in both Forgejo guardfiles with a composite that hard-pins page=1 and threads through only owner, repo, and --limit, which fixes the reported unbounded run-list behavior without widening the ops surface. The docs and generated Forgejo reference were updated to point operators at the safe mounted surfaces, and Forgejo currently reports the PR checks green.
evidence:

  • Issue contract asks for page-one pinning on the Actions run list plus documentation of the safe surfaces. The patch adds action list action-run wrappers to both .ward/guardfile.forgejo.kdl and .ward/guardfile.forgejo.read.kdl that call the underlying list op with page "1" and limit $limit.
  • The wrapper matches the existing tasks list safe-wrapper pattern instead of exposing the raw generated leaf, so the change narrows the callable surface rather than widening it.
  • The patch updates docs/forgejo-actions-listing.md to distinguish the safe action-run list and tasks list surfaces from the role-scoped actions runs and actions tasks bridge surface.
  • The generated docs/ward-ops-forgejo-reference.md now shows ward ops forgejo action-run list as a shadowed composite action with the safe page-one behavior, replacing the prior raw leaf description.
  • Test coverage was added in tests/test_forgejo_actions_list_bridge.py for ward ops forgejo action-run list ... --limit 3 --dry-run, asserting the rendered URL contains /actions/runs?limit=3&page=1 and does not leak the unexpanded ${limit} placeholder.
  • Live PR status is green: ci / gate (pull_request) = success and ci / ward-doctor (pull_request) = success.

risks:

  • The added test exercises the default .ward surface via WARD_CONFIG_REF, but it does not separately prove the mirrored .ward/guardfile.forgejo.read.kdl wrapper. The two guardfile edits are textually parallel, so this looks low risk rather than a blocker.

next steps:

  • If a human wants extra confidence before merge, a quick manual --dry-run check against the read-scoped surface would close the only remaining coverage gap.

run_identity:

dispatcher framing:
Read the issue title, body, and comment thread below as the QA brief. Inspect the candidate branch, any linked pull request, and the available checks in the live repository state. Return a structured QA verdict that a human can read at a glance. Do not edit files, commit, push, or otherwise change implementation state.

Additional framing from the dispatcher:
Verify PR #576 fixes the Forgejo action-run list pagination issue without widening the ops surface.

— Codex, via ward agent

WARDED_WORKFLOW: qa-done ✅ <details><summary>qa details</summary> verdict: pass reviewed_sha: reviewer_family: internal workflow: pull-request-and-merge issue_ref: coilyco-flight-deck/agentic-os#575 pr_ref: reason: PR [#576](https://forgejo.coilysiren.me/coilyco-flight-deck/agentic-os/pulls/576) at `9825a70ee2cbf1b6e0bdacadc2d4cb0fa251c7d2` appears to satisfy issue [#575](https://forgejo.coilysiren.me/coilyco-flight-deck/agentic-os/issues/575). The patch shadows `ward ops forgejo action-run list` in both Forgejo guardfiles with a composite that hard-pins `page=1` and threads through only `owner`, `repo`, and `--limit`, which fixes the reported unbounded run-list behavior without widening the ops surface. The docs and generated Forgejo reference were updated to point operators at the safe mounted surfaces, and Forgejo currently reports the PR checks green. evidence: - Issue contract asks for page-one pinning on the Actions run list plus documentation of the safe surfaces. The patch adds `action list action-run` wrappers to both `.ward/guardfile.forgejo.kdl` and `.ward/guardfile.forgejo.read.kdl` that call the underlying list op with `page "1"` and `limit $limit`. - The wrapper matches the existing `tasks list` safe-wrapper pattern instead of exposing the raw generated leaf, so the change narrows the callable surface rather than widening it. - The patch updates `docs/forgejo-actions-listing.md` to distinguish the safe `action-run list` and `tasks list` surfaces from the role-scoped `actions runs` and `actions tasks` bridge surface. - The generated `docs/ward-ops-forgejo-reference.md` now shows `ward ops forgejo action-run list` as a shadowed composite action with the safe page-one behavior, replacing the prior raw leaf description. - Test coverage was added in `tests/test_forgejo_actions_list_bridge.py` for `ward ops forgejo action-run list ... --limit 3 --dry-run`, asserting the rendered URL contains `/actions/runs?limit=3&page=1` and does not leak the unexpanded `${limit}` placeholder. - Live PR status is green: `ci / gate (pull_request) = success` and `ci / ward-doctor (pull_request) = success`. risks: - The added test exercises the default `.ward` surface via `WARD_CONFIG_REF`, but it does not separately prove the mirrored `.ward/guardfile.forgejo.read.kdl` wrapper. The two guardfile edits are textually parallel, so this looks low risk rather than a blocker. next steps: - If a human wants extra confidence before merge, a quick manual `--dry-run` check against the read-scoped surface would close the only remaining coverage gap. run_identity: dispatcher framing: Read the issue title, body, and comment thread below as the QA brief. Inspect the candidate branch, any linked pull request, and the available checks in the live repository state. Return a structured QA verdict that a human can read at a glance. Do not edit files, commit, push, or otherwise change implementation state. Additional framing from the dispatcher: Verify PR #576 fixes the Forgejo action-run list pagination issue without widening the ops surface. </details> <!-- ward-agent-signature --> — Codex, via `ward agent`
Author
Member

WARDED_WORKFLOW: #576

details

director merge authorization: reviewed-and-ready
workflow: pull-request-and-merge; review summary: passed: quick internal QA accepted PR #576 at 9825a70 with green checks
checked head sha: 9825a70ee2
status context: ci / gate=success, ci / ward-doctor=success
status state: success

Validation:

  • ward exec test -- tests/test_forgejo_actions_list_bridge.py
  • env FORGEJO_TOKEN=dummy ward exec test
  • ward exec pre-commit-all
  • ward agent qa --agent codex --thoroughness quick coilyco-flight-deck/agentic-os#575

Retrospective: the fix was in the aos ward-spec bundle, not ward's native PR client. The remaining caveat is that the composite action no longer exposes the generated leaf's --query flag, but it prevents the unbounded run listing and keeps the surface narrow.

WARDED_WORKFLOW: https://forgejo.coilysiren.me/coilyco-flight-deck/agentic-os/pulls/576 <details><summary>details</summary> director merge authorization: reviewed-and-ready workflow: pull-request-and-merge; review summary: passed: quick internal QA accepted PR #576 at 9825a70 with green checks checked head sha: 9825a70ee2cbf1b6e0bdacadc2d4cb0fa251c7d2 status context: ci / gate=success, ci / ward-doctor=success status state: success Validation: - ward exec test -- tests/test_forgejo_actions_list_bridge.py - env FORGEJO_TOKEN=dummy ward exec test - ward exec pre-commit-all - ward agent qa --agent codex --thoroughness quick coilyco-flight-deck/agentic-os#575 Retrospective: the fix was in the aos ward-spec bundle, not ward's native PR client. The remaining caveat is that the composite action no longer exposes the generated leaf's --query flag, but it prevents the unbounded run listing and keeps the surface narrow. </details>
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/agentic-os#575
No description provided.