fix(verify-review): tier-aware §9 gating — T0/T1 need no approval (regression)

High Obol finding: verify-review was tier-blind and effectively required approval on every PR,
losing §9 'T0/T1 -> auto-merge'. (The acute T1-stays-red symptom was already cleared by v0.2.4's
pending-pass, but the tier was never consumed.)

- verify-review now consumes the tier (from tier.json via the template): after the always-on
  gate-tamper check, T0/T1 -> success with NO approval (§9). Unknown tier defaults to T3
  (conservative). T2/T3: approval-validity (bot/author/stale present -> fail) + pending-pass on
  missing (the authoritative T2/T3 block is branch protection's required CODEOWNER review).
- template passes tier to verify-review.
- USAGE: the §9 merge-gate is CODEOWNERS-by-path; tier-map T2/T3 paths MUST be ⊆ CODEOWNER paths
  (else a T2/T3 PR could auto-merge unreviewed) — documented as a hard requirement.

Reconciles with the v0.2.4 stale-FAILURE fix (T2/T3 block stays out of a failing check).
v0.2.5, 130 tests green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RjNiTNchAZoTmkmovVngnR

Author: TMogdans

.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "devloop",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "Generische agentische Dev-Loop-Kette: /devloop:specify|spec-to-tests|implement|critic|loop + Bindungs-Anker (Wächter-Vorbedingung, content-gebundene Stopps, CI-Required-Check). Projektübergreifend.",
   "author": { "name": "Tobias Mogdans" }
 }

USAGE.md

@@ -43,9 +43,15 @@ Danach **von Hand** (das ist der Anker, der Selbst-Freigabe verhindert):
      Admin-Override statt eines normalen Reviews.
    - `.devloop/bot-logins.json` — die GitHub-Login(s) **deines Agenten** (damit seine
      „Approvals" nie als Mensch zählen).
-5. **CODEOWNERS auf das Spec-Verzeichnis** (z.B. `/.specify/specs/` bzw. wo deine Specs liegen) →
-   erzwingt das Spec-Review per Branch-Protection, tier-unabhängig, ohne Admin-Override. (Ohne das
-   würde ein Spec-only-Diff zu T0/T1 ableiten und ohne Review auto-mergen — der Spec-Review ginge verloren.)
+5. **CODEOWNERS = das §9-Merge-Tor (wichtig).** CODEOWNERS muss decken:
+   - das **Spec-Verzeichnis** (z.B. `/.specify/specs/`) → erzwingt den Spec-Review-Stopp, tier-unabhängig;
+   - **alle T2/T3-Pfade aus deiner `tier-map`** (auth, migrations, contracts, `src/**`, …).
+   So funktioniert §9 serverseitig: **T0/T1 berührt keine CODEOWNER-Pfade → kein Review nötig → Auto-Merge;
+   T2/T3 berührt CODEOWNER-Pfade → required Review.** `verify-review` failt **nicht** auf „noch nicht
+   approved" (sonst hinge ein veralteter FAILURE-Lauf, s. v0.2.4) — der T2/T3-Block kommt aus CODEOWNERS.
+   > **Drift-Achtung:** Die **tier-map-T2/T3-Pfade müssen ⊆ CODEOWNER-Pfade** sein. Klafft das auseinander,
+   > kann ein T2/T3-PR ohne Review auto-mergen. `verify-review` ist tier-bewusst (T0/T1 grün, Gate-Tamper +
+   > Approval-Gültigkeit immer), erzwingt das „muss approved sein" aber **nicht** selbst — das tut CODEOWNERS.
 6. **Trace-/Coverage-Gate muss `.skip`'te Tests als Abdeckung zählen** (Regex über Quelltext).
    Davon hängt ab, dass der Spec-PR `main` grün hält. Wer das weghärtet, bricht das Spec-PR-Modell still.
 7. Sicherstellen, dass die **anderen drei Wächter** stehen: Mutation-Ratchet (Stryker),

dist/cli/verify-review.js

@@ -19,6 +19,15 @@ if (req.diffPaths &&
     touchesProtectedSet(req.diffPaths, req.protectedGlobs)) {
     fail("protected-set-touched: the diff edits a guardian/gate config (reward-hacking alarm)");
 }
+// 2. Tier gate (§9): T0/T1 auto-merge — no approval required. (Gate-tamper above still applied.)
+// Unknown/absent tier defaults to conservative "T3" (approval required). The authoritative
+// T2/T3 merge block is branch protection's required CODEOWNER review on the high-tier paths;
+// this check additionally validates a present approval (human, on HEAD) and the protected set.
+const tier = req.tier ?? "T3";
+if (tier === "T0" || tier === "T1") {
+    process.stdout.write(JSON.stringify({ ok: true, tier, note: "tier T0/T1: no approval required (§9)" }) + "\n");
+    process.exit(0);
+}
 const status = evaluateApproval(reviews, req);
 if (status === "ok") {
     process.stdout.write(JSON.stringify({ ok: true }) + "\n");

package.json

@@ -1,6 +1,6 @@
 {
   "name": "devloop",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "private": true,
   "type": "module",
   "license": "MIT",

src/cli/verify-review.ts

@@ -13,6 +13,7 @@ interface Request extends ApprovalContext {
   reviews?: Review[];
   diffPaths?: string[];
   protectedGlobs?: string[];
+  tier?: string; // from tier.json (derive-tier). Absent -> conservative default (require approval).
 }
 
 function fail(reason: string): never {
@@ -33,6 +34,16 @@ if (
   fail("protected-set-touched: the diff edits a guardian/gate config (reward-hacking alarm)");
 }
 
+// 2. Tier gate (§9): T0/T1 auto-merge — no approval required. (Gate-tamper above still applied.)
+// Unknown/absent tier defaults to conservative "T3" (approval required). The authoritative
+// T2/T3 merge block is branch protection's required CODEOWNER review on the high-tier paths;
+// this check additionally validates a present approval (human, on HEAD) and the protected set.
+const tier = req.tier ?? "T3";
+if (tier === "T0" || tier === "T1") {
+  process.stdout.write(JSON.stringify({ ok: true, tier, note: "tier T0/T1: no approval required (§9)" }) + "\n");
+  process.exit(0);
+}
+
 const status = evaluateApproval(reviews, req);
 if (status === "ok") {
   process.stdout.write(JSON.stringify({ ok: true }) + "\n");

templates/ci-precondition-check.yml

@@ -89,10 +89,11 @@ jobs:
             --argjson reviews "$REVIEWS" \
             --arg prAuthor "$AUTHOR" \
             --arg headSha "$HEAD_SHA" \
+            --arg tier "$(jq -r .tier tier.json)" \
             --argjson bots "$(cat .devloop/bot-logins.json)" \
             --argjson diff "$DIFF" \
             --argjson protected "$(cat .devloop/protected-globs.json)" \
-            '{reviews:$reviews, prAuthor:$prAuthor, headSha:$headSha, botLogins:$bots, diffPaths:$diff, protectedGlobs:$protected}' \
+            '{reviews:$reviews, prAuthor:$prAuthor, headSha:$headSha, tier:$tier, botLogins:$bots, diffPaths:$diff, protectedGlobs:$protected}' \
             | node node_modules/devloop/dist/cli/verify-review.js
 
       - name: Verify implement only un-skipped tests (test<->code seam, §11 #3)

test/cli/verify-review.test.ts

@@ -22,6 +22,42 @@ test("exit 0 when a human approved HEAD and the diff is clean", () => {
   expect(JSON.parse(r.stdout).ok).toBe(true);
 });
 
+test("tier T0/T1 passes WITHOUT any approval (§9 auto-merge)", () => {
+  for (const tier of ["T0", "T1"]) {
+    const r = run({ ...base, tier, reviews: [] });
+    expect(r.status).toBe(0);
+  }
+});
+
+test("tier T1 passes even with a (bot/stale) approval present — T1 needs no approval at all", () => {
+  // tier-blind code would FAIL here (an approval is present but not a valid human one); §9 says
+  // T0/T1 auto-merge, so the tier-aware check must pass regardless of who/whether anyone approved.
+  const r = run({ ...base, tier: "T1", reviews: [{ user: "agent-bot", state: "APPROVED", commit_id: "abc123" }] });
+  expect(r.status).toBe(0);
+});
+
+test("tier T1 still FAILS on gate-tamper (protected-set is a human gate at every tier)", () => {
+  const r = run({
+    ...base,
+    tier: "T1",
+    reviews: [],
+    diffPaths: ["stryker.conf.json"],
+    protectedGlobs: ["**/stryker.conf.*"],
+  });
+  expect(r.status).toBe(1);
+  expect(JSON.parse(r.stdout).reason).toMatch(/protected/);
+});
+
+test("tier T2 with a valid human approval -> success", () => {
+  const r = run({ ...base, tier: "T2", reviews: [{ user: "alice", state: "APPROVED", commit_id: "abc123" }] });
+  expect(r.status).toBe(0);
+});
+
+test("tier T2 with only a bot approval -> fail (self-approve attempt)", () => {
+  const r = run({ ...base, tier: "T2", reviews: [{ user: "agent-bot", state: "APPROVED", commit_id: "abc123" }] });
+  expect(r.status).toBe(1);
+});
+
 test("exit 0 (pending) when NOBODY has approved yet — no stale FAILURE on a fresh PR", () => {
   // The authoritative 'must be approved' block is branch protection's CODEOWNER requirement,
   // not this check. A fresh PR with zero approvals must NOT leave a failing run that lingers