feat: deliver governed material notifications#91
Merged
jmcte merged 1 commit intoJul 16, 2026
Merged
Conversation
Add plan-first GitHub and webhook delivery, verified maintainer approvals for hard stops, and expiring-exception notification execution. Closes #55. Signed-off-by: Your Name <you@example.com>
jmcte
force-pushed
the
codex/issue-55-material-notifications
branch
from
July 16, 2026 12:30
7601f6d to
8c62a1e
Compare
jmcte
marked this pull request as ready for review
July 16, 2026 12:32
jmcte
merged commit Jul 16, 2026
23787fa
into
codex/issue-58-conformance-fixture
20 of 23 checks passed
9 tasks
jmcte
added a commit
that referenced
this pull request
Jul 16, 2026
* test: restore conformance warning fixture Keep the canonical conformance fixture aligned with ownership-sidecar enforcement while preserving distinct warning exit semantics. Refs #58. Signed-off-by: Your Name <you@example.com> * feat: resolve publisher and class deviations (#90) Add publisher-neutral spending thresholds and require valid scoped exceptions when a repository cannot yet declare a canonical class. Closes #56. Signed-off-by: Your Name <you@example.com> Co-authored-by: Your Name <you@example.com> * feat: deliver governed material notifications (#91) Add plan-first GitHub and webhook delivery, verified maintainer approvals for hard stops, and expiring-exception notification execution. Closes #55. Signed-off-by: Your Name <you@example.com> Co-authored-by: Your Name <you@example.com> * fix: restrict notification webhook destinations Require an executor-owned exact-host allowlist, reject non-public literal and DNS-resolved addresses, and pin validated addresses with bounded failover under one delivery deadline. Addresses the security review on #89. Signed-off-by: Your Name <you@example.com> * refactor: split secure webhook transport Keep notification planning, governing-record delivery, and hard-stop verification in this review lane while failing the configured webhook destination closed. The secure network transport moves to a smaller stacked follow-up so both pull requests satisfy the review-size policy. Signed-off-by: Your Name <you@example.com> * feat: add secure webhook delivery transport (#92) Require an executor-owned exact-host allowlist, reject non-public literal and DNS-resolved destinations, and pin validated addresses during HTTPS delivery. Bound resolution and address failover under one deadline and fail closed on transport errors. Signed-off-by: Your Name <you@example.com> Co-authored-by: Your Name <you@example.com> * Revert "feat: add secure webhook delivery transport (#92)" This reverts commit 77a486e. Signed-off-by: Your Name <you@example.com> * fix: clarify disabled webhook delivery in CLI help Signed-off-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com> --------- Signed-off-by: Your Name <you@example.com> Signed-off-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com> Co-authored-by: Your Name <you@example.com> Co-authored-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Governing Issue
Closes #55
Validation
autoreviewagainst the intended PR diff with no accepted/actionable findings/Users/johnteneyckjr./.codex/skills/autoreview/scripts/autoreview --mode local— clean; no accepted/actionable findings; overall patch-correct confidence 0.91CI GateLocal validation:
npm run check— 20 test files, 113 tests passednpm run build— passedgit diff --check— passed before commitBootstrap Governance
CONTRIBUTING.md,.github/PULL_REQUEST_TEMPLATE.md, anddocs/bootstrap/onboarding.mdwhen applicableMaterial change: no
ADR: not required; this implements the already adopted material-notification policy contract.
Merge Automation
gh pr merge --auto --squash, or the reason it is unavailable/unsafe is noted belowAuto-merge is intentionally withheld while this PR targets the unprotected intermediate stack branch. PR #90 auto-merged into that branch without an independent review gate. After PR #89 lands on protected
main, this PR can be rebased/retargeted and auto-merge can be enabled safely.Notes
codex/issue-58-conformance-fixture; its diff contains only the Validate exceptions and emit material-action notifications #55 notification work after feat: resolve publisher and class deviations #90 was merged into that base branch.