{ "task_id": "task-2552", "scope": "OWNER /gemini review trigger-only 자동화 정책 초안", "level": "Lv.1 사전조사 (정책 결정 X — 회장 결정 필요)", "generated_at_utc": "2026-05-11", "author": "dev1 헤르메스 (사전조사 PASS)", "facts_established": { "fact_1_bot_trigger_fails": { "verdict": "DEFINITIVE", "evidence": "memory/events/task-2552.trigger_evidence_audit_24h.json", "data": "5/5 bot /gemini comments → 0 Gemini reviews; 10/10 OWNER /gemini comments → 10 Gemini reviews" }, "fact_2_pat_scope_feasible": { "verdict": "FEASIBLE", "evidence": "memory/events/task-2552.token_scope_risk_matrix.md", "data": "Fine-grained PAT with Issues:write only blocks merge/approve/close/reopen/push/admin" }, "fact_3_official_docs_silent": { "verdict": "AMBIGUOUS", "evidence": "memory/events/task-2552.gemini_app_docs_summary.md", "data": "Official docs say 'any pull request contributor' but empirical evidence shows User-only. No official statement on bot identity restriction." } }, "options_evaluated": [ { "id": "opt_1_owner_pat_trigger_only", "name": "Fine-grained OWNER PAT (Issues:write only)", "feasibility": "POSSIBLE", "trigger_works": true, "scope_safe": true, "implementation_cost": "LOW (single env var + sanitized HTTP POST)", "ongoing_cost": "MEDIUM (90d rotation + audit)", "doctrine_exception_required": true, "doctrine_exception_reason": "기존 doctrine: 'OWNER PAT는 fallback 금지'. 본 옵션은 trigger-only로 doctrine 예외 신설 필요" }, { "id": "opt_2_separate_github_app_comment_only", "name": "별도 GitHub App (comment-only)", "feasibility": "INFEASIBLE", "trigger_works": false, "scope_safe": true, "implementation_cost": "HIGH (App 등록, OAuth, installation, webhook)", "rejection_reason": "검증 #1 결과 동일하게 sender.type=='Bot'으로 분류되어 trigger 미작동 가능성 매우 높음. 검증 비용 대비 ROI 음수" }, { "id": "opt_3_existing_bot_token_assumed_to_trigger", "name": "기존 BOT_GITHUB_TOKEN trigger 시도", "feasibility": "INFEASIBLE", "trigger_works": false, "scope_safe": true, "implementation_cost": "ZERO", "rejection_reason": "검증 #1 결정적 기각 (5/5 실패). 도구 도입 불필요 가설 폐기" }, { "id": "opt_4_gemini_app_settings_change", "name": "GitHub Gemini App 설정 변경 (bot-opened auto-review 활성화)", "feasibility": "UNKNOWN_GOOGLE_POLICY", "trigger_works": "unknown", "scope_safe": true, "implementation_cost": "ZERO (Google policy 의존)", "rejection_reason": "Google 정책 한계 추정 — 회장 §명시 7번 (Gemini App 설정 변경 X) + 본 task scope 외" }, { "id": "opt_5_gemini_cli_replacement", "name": "Gemini CLI로 GitHub Gemini App 대체", "feasibility": "OUT_OF_SCOPE", "trigger_works": "n/a", "scope_safe": "n/a", "rejection_reason": "회장 §명시 'GitHub Gemini App = 공식 merge evidence, 대체 X' (task-2548 doctrine 1:1 일관)" } ], "recommended_option": "opt_1_owner_pat_trigger_only", "recommended_with_conditions": [ "doctrine 예외 신설 (회장 §명시 결정 필요)", "PAT scope: Repository/Issues:write 단독, 다른 모든 권한 No access", "PAT repository selection: Only select repositories — dev_workspace 단독", "PAT 만료: 90일 rotation 강제", "audit log: memory/events/{task}.gemini_trigger_call.jsonl (PR#, head sha, dedup_key, ts)", "dedup: sha256(PR# + head_commit_id) per-head 1회만", "secret 저장: .env.keys 0600 + sanitize_gate에서 token 패턴 마스킹", "trigger 시점: update-branch 후 head_commit_id 확정 이후에만", "fallback: PAT 만료/leak 감지 시 ESCALATED — OWNER 수동 개입 요구", "운영 cap: 호출당 rate limit dedup + 30s cooldown per PR" ], "chairman_decisions_required": [ { "id": "dec_1_pat_doctrine_exception", "question": "OWNER PAT를 trigger-only 용도로 doctrine 예외 승인하는가?", "default_if_no_answer": "NO (현행 doctrine 유지, 수동 OWNER 개입 지속)" }, { "id": "dec_2_rotation_period", "question": "PAT rotation 주기? (30d / 90d / 366d)", "recommended": "90d", "default_if_no_answer": "90d" }, { "id": "dec_3_dedup_policy", "question": "동일 head 재 trigger 정책? (per-head 1회 / per-head N회 / 무제한)", "recommended": "per-head 1회", "default_if_no_answer": "per-head 1회" }, { "id": "dec_4_implementation_owner", "question": "구현 task 발행 시 owner는? (헤르메스/dev2/dev3)", "recommended": "별도 control-plane Lv.4 task로 회장이 발행", "default_if_no_answer": "회장 결정 대기" }, { "id": "dec_5_g4_g3_compatibility", "question": "본 OWNER PAT trigger와 task-2548 G4 Pre-PR Gemini CLI Gate 양립 여부?", "recommended": "양립 가능 — G4(CLI, Pre-PR)과 GitHub Gemini App(post-PR official merge gate)는 layer 다름. OWNER PAT trigger는 GitHub App 측만 자동화", "default_if_no_answer": "양립 가능" } ], "deliverables_index": { "policy_decision_this_file": "memory/events/task-2552.owner_trigger_policy_decision.json", "trigger_evidence_audit": "memory/events/task-2552.trigger_evidence_audit_24h.json", "docs_summary": "memory/events/task-2552.gemini_app_docs_summary.md", "scope_risk_matrix": "memory/events/task-2552.token_scope_risk_matrix.md", "probe_plan_and_results": "memory/events/task-2552.trigger_identity_probe_plan.md", "recommended_path": "memory/events/task-2552.recommended_implementation_path.md", "go_no_go_decision": "memory/events/task-2552.go_no_go_decision.md", "report": "memory/reports/task-2552.md" }, "prohibition_audit": { "prohibited_action_1_pat_creation": "0 (no PAT created)", "prohibited_action_2_owner_pat_used": "0 (BOT_GITHUB_TOKEN read-only only)", "prohibited_action_3_production_token_stored": "0 (no token written to any file)", "prohibited_action_4_auto_pr_comment": "0 (GET API only)", "prohibited_action_5_merge_approve_close": "0 (no mutation API)", "prohibited_action_6_github_settings_change": "0", "prohibited_action_7_doctrine_preimplementation": "0 (recommendations are proposals, not enacted)" } }