MC-4655 — Stop extra approval prompts during Luci MC ticket creation

Home Board MC-4655

Stop extra approval prompts during Luci MC ticket creation

Bug reported by Elmar via Telegram bug topic. Issue: When Luci creates MC tickets from Telegram, Hermes sometimes asks for command approval even though the user expects YOLO / ...

State Done Next Action Closed Owner Luci Runtime Closed Age 10d ago

← MC-4655

Ticket is done; runtime is closed. · cwd /home/lucienne/workspace/state/control-room-worktrees/mc-4655-stop-extra-approval-prompts-during-luci-918c22 · uptime 9d 13h · last activity 9d 12h ago

Description

MC-4655

Bug reported by Elmar via Telegram bug topic. Issue: When Luci creates MC tickets from Telegram, Hermes sometimes asks for command approval even though the user expects YOLO / always-allowed mode to bypass this. Observed trigger: a ticket-creation terminal command was paused by a security scan because the description included a raw Tailscale IP URL. This created an extra permission prompt during a routine ticket creation flow. Expected: Routine MC ticket creation from the bug-report topic should not require an extra approval prompt. If YOLO / always-allowed is enabled for the session, the approval layer should honor it consistently, or the workflow should avoid terminal-command patterns that trigger the security scanner. Acceptance criteria: - Inspect Hermes approval mode behavior for Telegram gateway sessions versus CLI YOLO / always-allowed settings. - Determine whether raw-IP URL detection is bypassing or ignoring YOLO / always-allowed. - Fix or route MC ticket creation through a safer API/helper that avoids shell security prompts. - Verify a bug-topic report can create a ticket without asking Elmar for permission. Expected check-in: today + 2h

Activity

done

Luci is working...

Details — Done · Critical · Luci ▼

State

Done

Closed

State

Priority

People

Owner (assigned to)

Controller

Timing / Details

Due Date

Snooze

Source telegram_bug_topic (human)

Project Mission Control

Created 10d ago

Updated 9d ago

Advanced / Operator evidence

Routing owner

Routes via

Operator console

Evidence

Ticket is done; runtime is closed. direct_worker_done_recovered cwd /home/lucienne/workspace/state/control-room-worktrees/mc-4655-stop-extra-approval-prompts-during-luci-918c22 · uptime 9d 13h · last activity 9d 12h ago MC is visibility-only. Hermes Luci launches and gates work outside MC, then mirrors evidence/status here. Raw console: luci-controller · claude-code

Workflow

Start Dev Review + QA ▾

Select phases to include:

Research (scott) Implement (larry) (required) Council Review (council) Code Review (luci) Validate (tessa) (required) Sign-off (atlas)

Agents

Review Gates

Decision

WAT routing: choose an agent, review gate, or decision. Buttons use the live runtime when one is attached.

luci-followup-sweep 10d ago

[follow-up] 6 min past expected check-in (2026-06-03T17:55:00.308729+00:00 UTC).

luci-controller 10d ago

[orchestrator] Escalated to critical: Elmar is repeatedly missing approval prompts despite YOLO expectation. Fix approval prompt suppression / YOLO routing before more work is gated unnecessarily.

luci-controller 10d ago

[control-room-dispatch] Control Room dispatched MC-4655 to a Claude Code worker. Worktree: /home/lucienne/workspace/state/control-room-worktrees/mc-4655-stop-extra-approval-prompts-during-luci-f21105 Branch: cr/mc-4655-stop-extra-approval-prompts-during-luci-f21105 tmux: cr-MC-4655 Expected check-in: 2026-06-03T12:41:40.047734+00:00

luci-controller 10d ago

[control-room-recover] MC-4655: recovered DONE from a finished direct worker whose tmux was gone. Ticket → in_review. Summary: MC-4655 fixed on branch cr/mc-4655-stop-extra-approval-prompts-during-luci-f21105 @ f025aa37. mc_ticket.py gains URL-safe --description-file/--body-file (path/stdin) so raw Tailscale IP URLs never hit the scanned command line; proven via tirith (inline=warn/raw_ip_url → file-form=allow). Council-hardened (regular-file/symlink/FIFO/size guards, UnicodeError caught, empty-body reject). 21 tests pass

luci-controller 10d ago

[orchestrator-review] Review failed: recovered DONE referenced commit f025aa37 / branch cr/mc-4655..., but neither commit nor worktree is present locally. Returned from in_review to todo for clean re-dispatch/reimplementation.

luci-controller 10d ago

[control-room-dispatch] Control Room dispatched MC-4655 to a Claude Code worker. Worktree: /home/lucienne/workspace/state/control-room-worktrees/mc-4655-stop-extra-approval-prompts-during-luci-918c22 Branch: cr/mc-4655-stop-extra-approval-prompts-during-luci-918c22 tmux: cr-MC-4655 Expected check-in: 2026-06-03T17:55:00.308729+00:00

luci-controller 10d ago

[control-room-recover] MC-4655: recovered DONE from a finished direct worker whose tmux was gone. Ticket → in_review. Summary: MC-4655 fixed on branch cr/mc-4655-stop-extra-approval-prompts-during-luci-918c22 @ 5ed940a6 (pushed to origin). mc_ticket.py gains shell-safe `--description-file`/`--body-file` so raw-IP URLs stay out of the tirith-scanned command; CLAUDE.md rule 4 routes ticket writes through them; 15/15 tests pass (incl. live tirith proof: inline=warn[raw_ip_url] → file=allow); solution doc added. Files: mc_tic

luci-controller 9d ago

[controller-gate] Controller gate closed: branch cr/mc-4655-stop-extra-approval-prompts-during-luci-918c22 merged via clean landing worktree; pushed root repo master 3038dd53. tests/test_mc_ticket_shell_safe.py included in 79-pass focused suite.

Controller decision

Live ▼

No activity yet

←