GH#17372: add pre-close verification gate for pulse worker issue closing

[marcusquinn]

Summary

• Adds verify-issue-close-helper.sh — a pre-close verification gate that checks whether a PR's diff actually touches files mentioned in an issue body before allowing automated close
• Integrates the verification into close_issues_with_merged_prs() and reconcile_stale_done_issues() in pulse-wrapper.sh as defense-in-depth
• Updates full-loop.md worker instructions with mandatory pre-close verification gate (criterion feat: inherit OpenCode prompts for Build+ and Plan+ agents #7)
• Reopened GH#15544 and GH#15545 which were incorrectly closed against unrelated PR Prioritise triage reviews for needs-maintainer-review issues #15614

How it works

The helper uses a two-tier file-overlap strategy:

• Tier 1 (strict): When the issue mentions files with directory separators (e.g., setup-modules/schedulers.sh), at least one specific path must appear in the PR diff. Basename-only matches on contextual files (like pulse-wrapper.sh appearing as environment info) are insufficient.
• Tier 2 (relaxed): When only bare filenames exist in the issue, falls back to basename matching.

Verification evidence

Tested against the actual failure case:

$ verify-issue-close-helper.sh check 15544 15614 marcusquinn/aidevops
REJECTED: PR #15614 does NOT touch any specific file paths from issue #15544
Issue specifies: setup-modules/schedulers.sh, ...
PR changes: .agents/scripts/commands/pulse-sweep.md, .agents/scripts/pulse-wrapper.sh, ...
Note: 1 basename-only match(es) found but insufficient — specific path overlap required

Both GH#15544 and GH#15545 correctly REJECTED against PR #15614.

Runtime Testing

Risk	Assessment
Level	Low — agent prompts and helper script (no runtime state changes)
Method	self-assessed — helper tested against real issue/PR data via CLI

Closes #17372

---

aidevops.sh v3.6.84 plugin for OpenCode v1.3.13 with claude-opus-4-6 spent 14m and 3,510 tokens on this as a headless worker.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• no-review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3588629d-97a0-4a1d-af62-e72cc7a195e7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bugfix/GH-17372-pre-close-verification

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Maintainer Gate: BLOCKED

This PR cannot be merged because:

Issue #17372 has needs-maintainer-review label — a maintainer must review and approve the issue before it can be worked on.
Issue #17372 has no assignee — an issue must be assigned before work begins.
What to do:

1. A maintainer must review the linked issue(s) and remove the needs-maintainer-review label
2. The issue(s) must have an assignee before work begins
3. This check re-runs automatically when the issue is updated

This is an automated check. See issue-triage-gate.yml for the triage policy.

[marcusquinn]

Merge Summary

What: Pre-close verification gate preventing workers from closing issues against unrelated PRs

Issue: GH#17372 — pulse worker hallucinated fix, closed GH#15544 + GH#15545 against unrelated PR #15614

Files changed:

• .agents/scripts/verify-issue-close-helper.sh (new) — pre-close verification helper
• .agents/scripts/pulse-wrapper.sh — integrated verification into close_issues_with_merged_prs() and reconcile_stale_done_issues()
• .agents/scripts/commands/full-loop.md — added mandatory pre-close verification gate (criterion feat: inherit OpenCode prompts for Build+ and Plan+ agents #7)

Testing: Verified against actual failure case — both GH#15544 and GH#15545 correctly REJECTED against PR #15614

Key decisions:

• Two-tier file-overlap strategy: specific paths (with /) require exact match, bare filenames use basename matching
• When no file paths found in issue body, returns 0 (unverifiable — manual review required rather than blocking)
• Verification is defense-in-depth for automated functions; primary defense for workers is the instruction gate

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

SonarCloud: 0 bugs, 0 vulnerabilities, 1 code smells

Sat Apr 4 18:11:13 UTC 2026: Code review monitoring started
Sat Apr 4 18:11:13 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 1

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 1
• VULNERABILITIES: 0

Generated on: Sat Apr 4 18:11:16 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codacy-production]

Not up to standards ⛔

_{TIP This summary will be updated as you push new changes. Give us feedback}