#!/usr/bin/env bash set -euo pipefail REPO=gbharg/exult-agent PR=67 reply() { gh api "repos/$REPO/pulls/$PR/comments/$1/replies" -f body="$2" >/dev/null; echo "replied $1"; } resolve() { gh api graphql -f query='mutation($id:ID!){resolveReviewThread(input:{threadId:$id}){thread{isResolved}}}' -f id="$1" >/dev/null; echo "resolved $1"; } # 3431612112 curogram send fresh-approval -> DEFER (architecture) reply 3431612112 "Valid concern, but this is an architecture decision for Gautam. The send is already triple-gated (confirmed=true + TCPA consent + fail-closed conversation/patient linkage). A true out-of-band approval token that the calling model cannot self-satisfy is a larger design (separate human-approval channel / out-of-band nonce). Flagging for Gautam; leaving open." # 3431612116 RC writes fresh-approval -> DEFER (architecture/scope) reply 3431612116 "Same root question as the SIP/send threads: a tool-returned approval_text is deterministic and copyable by the caller. Within the current design these writes are gated by EXULT_RC_ALLOW_WRITES=1 (operator startup gate) + approval_text. Moving to an out-of-band fresh-approval boundary, and/or splitting RC out of this PR, is Gautam's call. Leaving open." # 3431612122 SIP reveal fresh-approval -> DEFER (architecture) reply 3431612122 "Hardened in 7b4a9cc to also require EXULT_RC_ALLOW_SECRET_READS=1 (a startup-only operator gate the caller cannot self-grant) on top of approval_text. A fully external/fresh approval channel for secret reveal — or dropping the raw-reveal path entirely — is a design/scope decision for Gautam. Leaving open." # 3431612126 README -> addressed reply 3431612126 "Addressed in 29224e1: README now enumerates all write tools (queue membership + routing + AI extension), documents the EXULT_RC_ALLOW_SECRET_READS gate for raw SIP reveal, and notes the pending scope decision." resolve PRRT_kwDOR5bkYM6KXM4c # 3431614165 relogin latch -> confirm intentional reply 3431614165 "Confirmed intentional: a persistent 401 means a credential/account problem, so latching into a fail state (rather than spamming the auth endpoint) is the desired behavior. The counter only resets on a successful non-401 response." resolve PRRT_kwDOR5bkYM6KXNPQ echo "DONE5"