Context
The GitHub Workflow MCP server's GH_SyncService.runFullSync() and the release script publish.mjs currently exhibit fail-open write behavior. When content synchronization or metadata reconciliation fails, these scripts proceed to automatically git add ., git commit, and git push, permanently cementing the corrupted state (e.g., the recent issue-archive path drift) into the repository.
The Problem
As detailed in Epic #11187 (Phase 6 Activation Strategy, comment 4450311817), before executing the massive 3,153 file data migration, we must establish a tracked fail-closed guard. Proceeding with data migration while the write-amplifier is active risks multiplying the same class of error at scale.
The Architectural Reality
ai/mcp/server/github-workflow/src/GH_SyncService.mjs auto-commits and pushes after metadata saves even if integrity failures occur.buildScripts/release/publish.mjs catches GH_SyncService.runFullSync() failures, logs them, but then still proceeds to broad git add ., git commit, and git push.
The Fix
- Modify
GH_SyncService.runFullSync() to implement a strict fail-closed gate: if any synchronization, metadata reconciliation, or integrity validation step fails, bypass the pushToRepoAfterSync path entirely.
- Modify
buildScripts/release/publish.mjs to abort the release process (exit with error) if GH_SyncService.runFullSync() throws an exception or returns a failure status.
Acceptance Criteria
Out of Scope
- The actual movement and migration of
issue-archive files (which is covered by subsequent phases of Epic #11187).
Origin Session ID: 2c4aa4df-2628-45ae-a9c2-156fd9308f21
Context The GitHub Workflow MCP server's
GH_SyncService.runFullSync()and the release scriptpublish.mjscurrently exhibit fail-open write behavior. When content synchronization or metadata reconciliation fails, these scripts proceed to automaticallygit add .,git commit, andgit push, permanently cementing the corrupted state (e.g., the recentissue-archivepath drift) into the repository.The Problem As detailed in Epic #11187 (Phase 6 Activation Strategy, comment 4450311817), before executing the massive 3,153 file data migration, we must establish a tracked fail-closed guard. Proceeding with data migration while the write-amplifier is active risks multiplying the same class of error at scale.
The Architectural Reality
ai/mcp/server/github-workflow/src/GH_SyncService.mjsauto-commits and pushes after metadata saves even if integrity failures occur.buildScripts/release/publish.mjscatchesGH_SyncService.runFullSync()failures, logs them, but then still proceeds to broadgit add .,git commit, andgit push.The Fix
GH_SyncService.runFullSync()to implement a strict fail-closed gate: if any synchronization, metadata reconciliation, or integrity validation step fails, bypass thepushToRepoAfterSyncpath entirely.buildScripts/release/publish.mjsto abort the release process (exit with error) ifGH_SyncService.runFullSync()throws an exception or returns a failure status.Acceptance Criteria
publish.mjshalts execution and does NOT commit/push ifGH_SyncService.runFullSync()fails.GH_SyncService.runFullSync()suppresses all auto-commit and push operations when integrity/sync errors are detected.Out of Scope
issue-archivefiles (which is covered by subsequent phases of Epic #11187).Origin Session ID: 2c4aa4df-2628-45ae-a9c2-156fd9308f21