E2E tests did not run

E2E tests run automatically for org/repo members and collaborators on pull requests.

For other contributors, a maintainer must add the ok-to-test label after the latest push.

See E2E testing guide for details.

🤖 Finished Review · ✅ Success · Started 5:32 PM UTC · Completed 5:44 PM UTC
Commit: 8627f86 · View workflow run →

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Review

Findings

Medium

• [edge-case] internal/scaffold/scaffold.go:210 — The idempotency check strings.HasPrefix(s, header) only detects a pre-existing header when it appears at the very start of the content. For files with a shebang (#!), PrependManagedHeader inserts the header AFTER the first line, so a second call would not find the header at position 0 and would insert a duplicate. While current call sites only invoke this function on fresh template content (making duplication unlikely in practice), the docstring now claims the function is "idempotent" without qualification, which is incorrect for the shebang path.
  Remediation: Add a second check after the shebang-prefix branch to detect the header after the first line, or clarify the docstring that idempotency only applies when the content does not start with a shebang. Add a TestPrependManagedHeaderIdempotentShebang test.

• [architectural-coherence] internal/scaffold/fullsend-repo/scripts/reconcile-repos.sh:130 — The stripping logic that removes provenance headers from extracted user content exists because the reconcile script now prepends headers that were not in the original template. This creates a circular pattern: the script adds headers, then must strip them when preserving user content, then re-adds them. The Go installer (PrependManagedHeader in scaffold.go) and the shell reconcile script implement parallel header-injection logic that can drift independently.
  Remediation: Consider refactoring so both paths share the same header definition or cross-validate their output in tests, ensuring the two code paths stay synchronized.

/fs-fix

🤖 Finished Fix · ✅ Success · Started 9:48 AM UTC · Completed 9:59 AM UTC
Commit: 6bd5f3a · View workflow run →

🔧 Fix agent — iteration 1 (human-triggered)

Addressed both review findings. Reverted template to header-free state per ADR 43 and added deploy-time provenance header injection in reconcile-repos.sh. Retained provenance-stripping logic to prevent duplication from existing deployed shims.

Fixed (2):

1. architectural-divergence: template should be header-free per ADR 43 (internal/scaffold/fullsend-repo/templates/shim-workflow-call.yaml): Reverted template to header-free state. Added PROVENANCE_HEADER variable and deploy-time injection in shim_content_b64() and shim_with_header_b64() in reconcile-repos.sh. Updated Go tests to expect header-free template. Updated shell test template and assertions.
2. scope-divergence: stripping logic is a workaround for template having headers (internal/scaffold/fullsend-repo/scripts/reconcile-repos.sh): Added deploy-time provenance header injection per ADR 43. Retained provenance-stripping logic in shim_with_header_b64 because existing deployed shims already have provenance headers from the Go installer — without stripping, headers would be duplicated when the reconciliation script extracts and re-prepends user headers. Updated the comment to clarify the stripping prevents duplication rather than working around template-embedded headers.

Tests: passed

_{Updated by fullsend fix agent}

Site preview

Preview: https://3a52860d-site.fullsend-ai.workers.dev

Commit: 6c9a9615d0914752b8c6455ac59c0eae83d1d0e2

🤖 Finished Review · ✅ Success · Started 10:03 AM UTC · Completed 10:15 AM UTC
Commit: 6c9a961 · View workflow run →