Problem Statement
Pending policy proposal chunks store validation_result from the effective policy and credential/provider state at proposal submission time. If the effective policy, provider/credential composition, or relevant approval settings change before a pending chunk is approved, the stored prover verdict can become stale. Reviewers may see prover: no new findings or older findings that no longer match the policy that will actually receive the merge.
Proposed Design
Track enough validation baseline context to identify stale pending chunks, such as the policy hash/revision and a provider or credential composition fingerprint used for validation. When those inputs change, re-evaluate pending chunks or mark their validation_result stale until revalidated. Approval paths should not silently rely on stale validation; they should refresh the verdict or surface a clear stale-validation state before approval.
Alternatives Considered
Re-running the prover only at submit time is enough for the MVP and common single-proposal flow, but it does not cover long-lived pending chunks or concurrent policy/provider updates. Re-running only during human approval is smaller, but still leaves stale reviewer inbox state and does not help reviewer agents that reason before approval.
Agent Investigation
PR #1528 validates each proposal against a snapshot from current_effective_policy_for_sandbox inside handle_submit_policy_analysis. validation_result is persisted on the draft chunk. handle_approve_draft_chunk and handle_approve_all_draft_chunks merge pending chunks without recomputing the prover verdict against the latest effective policy and provider state.
Related: #1528, #1062, #1434.
Problem Statement
Pending policy proposal chunks store
validation_resultfrom the effective policy and credential/provider state at proposal submission time. If the effective policy, provider/credential composition, or relevant approval settings change before a pending chunk is approved, the stored prover verdict can become stale. Reviewers may seeprover: no new findingsor older findings that no longer match the policy that will actually receive the merge.Proposed Design
Track enough validation baseline context to identify stale pending chunks, such as the policy hash/revision and a provider or credential composition fingerprint used for validation. When those inputs change, re-evaluate pending chunks or mark their
validation_resultstale until revalidated. Approval paths should not silently rely on stale validation; they should refresh the verdict or surface a clear stale-validation state before approval.Alternatives Considered
Re-running the prover only at submit time is enough for the MVP and common single-proposal flow, but it does not cover long-lived pending chunks or concurrent policy/provider updates. Re-running only during human approval is smaller, but still leaves stale reviewer inbox state and does not help reviewer agents that reason before approval.
Agent Investigation
PR #1528 validates each proposal against a snapshot from
current_effective_policy_for_sandboxinsidehandle_submit_policy_analysis.validation_resultis persisted on the draft chunk.handle_approve_draft_chunkandhandle_approve_all_draft_chunksmerge pending chunks without recomputing the prover verdict against the latest effective policy and provider state.Related: #1528, #1062, #1434.