MC-4501 — Follow-up: normalize omitted author_type behavior in ticket comments

Description

MC-4501

Follow-up from MC-4500 final Opus review. The Control Room v2 flag-on path now requires explicit `author_type == "human"` (or trusted identity fill) before atomic Controller audit routing. However, the legacy fallback path still defaults omitted `author_type` to `"human"` in `models.add_comment(...)`, so an untrusted/API caller omitting author_type can create a human-typed comment without Controller audit when the flag is enabled. This is not release-blocking for MC-4500 because UI posts explicit human and trusted humans are identity-filled, but it should be cleaned up/documented before enabling the flag broadly. Acceptance: - Decide and implement canonical behavior for omitted author_type on ticket comments. - Preserve trusted human identity behavior. - Preserve worker/system comments. - Add tests for omitted author_type under flag-on and flag-off. - No runtime auto-dispatch regressions.

Activity

done

Luci is working...

Details — Done · Medium · Luci ▼

State

Done

Waiting: done

State

Priority

People

Owner (assigned to)

Controller

Timing / Details

Due Date

Snooze

Source controller (system)

Project -

Created 13d ago

Updated 12d ago

Advanced / Operator evidence

Routing owner

Routes via

Operator console

Evidence

Ticket is done; runtime is closed. tmux_session_missing profile claude_opus_1m_high · cwd /home/lucienne/workspace/state/control-room-worktrees/mc-4501-author-type · uptime 12d 11h · last activity 12d 11h ago MC is visibility-only. Hermes Luci launches and gates work outside MC, then mirrors evidence/status here. Raw console: luci · claude/anthropic/opus[1m]

Workflow

Start Dev Review + QA ▾

Select phases to include:

Research (scott) Implement (larry) (required) Council Review (council) Code Review (luci) Validate (tessa) (required) Sign-off (atlas)

Agents

Review Gates

Decision

WAT routing: choose an agent, review gate, or decision. Buttons use the live runtime when one is attached.

controller 13d ago

Created as non-blocking follow-up from MC-4500 final Opus review. Parent shipped at 594c30ceae57ba7def9413e0035fe380d7a1ff67.

controller 12d ago

Ledger hygiene: closed idle websocket runtime row with no tmux_target/pid. This was not an active worker and should not be surfaced as missing tmux.

controller 12d ago

Coder gate dispatched: Claude Code Opus/high in isolated worktree mc-4501-author-type. Codex standalone was smoke-tested and rejected required models on ChatGPT OAuth, so writer lane switched to Claude; independent review will follow.

validator 12d ago

Validator gate complete — MC-4501 landed. Commit: e7d4d4f Branch: cr/mc-4501-author-type Master: fast-forwarded and pushed to origin/master. Evidence: - Coder produced TDD implementation. - Controller verification: `python3 -m pytest tests/test_mc4501_comment_author_type_defaults.py tests/test_mc4500_comment_controller_notify.py tests/test_models_dedup_regressions.py -q` → 51 passed + 4 subtests. - Compile: `python3 -m py_compile app.py models.py` → passed. - Independent review first found must-fix: non-string JSON author_type caused 500. - Must-fix applied: type-check before set membership; []/{} / number / bool now return 400. - Re-review verdict: APPROVED. - graphify update completed. - `git merge-base --is-ancestor e7d4d4f origin/master` → passed. Scope shipped: - Raw omitted/blank ticket comment author_type resolves to system, not human. - Explicit/trusted human remains human. - Invalid/non-string author_type rejected safely. - Route uses one resolved author_type for Controller-notify gate, persistence, routing and notification behavior. - models.add_comment default is now system for omitted helper calls.

Controller decision