98 lines
4.1 KiB
Markdown
98 lines
4.1 KiB
Markdown
---
|
|
id: 20260605-040104-ticket-built-in-feature-tools
|
|
slug: ticket-built-in-feature-tools
|
|
title: Ticket built-in feature tools
|
|
status: closed
|
|
kind: task
|
|
priority: P1
|
|
labels: [ticket, feature, tool, orchestration]
|
|
created_at: 2026-06-05T04:01:04Z
|
|
updated_at: 2026-06-05T06:00:22Z
|
|
assignee: null
|
|
legacy_ticket: null
|
|
---
|
|
|
|
## Background
|
|
|
|
After a typed Ticket backend exists, Pods need a controlled way to read and mutate Tickets without receiving arbitrary filesystem write scope over the repository.
|
|
|
|
Ticket operations are orchestration authority, not ordinary source-file writes. A coder Pod may have write access only to a child worktree and still need to report implementation progress or attach artifacts to a Ticket through a typed operation. Intake and Orchestrator Pods likewise need Ticket operations that are bounded, auditable, and backend-independent.
|
|
|
|
This ticket depends on `ticket-local-files-backend`. It should also be sequenced after or alongside `feature-api-authority-separation` if that ticket is still open, because Ticket tools should use the built-in contribution path without confusing internal built-ins with external plugin grants.
|
|
|
|
## Requirements
|
|
|
|
- Add a built-in Pod feature for Ticket tools.
|
|
- Register tools through the existing feature contribution / ToolRegistry path.
|
|
- Use the typed Ticket backend from `ticket-local-files-backend`.
|
|
- Treat Ticket operations as configured backend authority, not filesystem scope.
|
|
- Do not grant arbitrary writes to `work-items/` through generic filesystem tools.
|
|
- Keep tool outputs bounded and model-readable.
|
|
- Preserve current `tickets.sh` semantics where equivalent operations exist.
|
|
- Ensure Ticket operations are recorded durably in the ticket files/thread/resolution/artifacts.
|
|
- Keep permission/policy behavior explicit and fail-closed.
|
|
- Avoid external plugin loading or MCP integration in this ticket.
|
|
|
|
## Candidate tool surface
|
|
|
|
Exact names can be adjusted during preflight, but the surface should be close to:
|
|
|
|
- `TicketCreate`
|
|
- `TicketList`
|
|
- `TicketShow`
|
|
- `TicketComment`
|
|
- `TicketReview`
|
|
- `TicketStatus`
|
|
- `TicketClose`
|
|
- `TicketDoctor`
|
|
|
|
Optional follow-up if needed rather than MVP:
|
|
|
|
- `TicketArtifactWrite`
|
|
- `TicketArtifactRead`
|
|
- `TicketSearch`
|
|
|
|
## Authority model
|
|
|
|
- The Pod must receive a Ticket backend/tool grant through manifest/profile/feature configuration.
|
|
- The grant points to a configured backend root, initially the local repository `work-items/` root.
|
|
- Tool implementations validate paths and identifiers against the backend root.
|
|
- Artifact writes are constrained to the selected ticket's `artifacts/` directory.
|
|
- Ticket tools do not imply general `Write` permission to the repository.
|
|
- Existing PreToolCall policy still applies to the tool call itself.
|
|
|
|
## Non-goals
|
|
|
|
- Implementing the local files backend itself.
|
|
- Building Intake workflow behavior.
|
|
- Building Orchestrator routing/scheduling.
|
|
- Renaming `work-items/`.
|
|
- Removing `tickets.sh`.
|
|
- External tracker integration.
|
|
- MCP/plugin loading.
|
|
- Scheduler/lease/queue automation.
|
|
- TUI changes.
|
|
|
|
## Acceptance criteria
|
|
|
|
- Ticket tools are registered only when the built-in Ticket feature is enabled/configured.
|
|
- Ticket tools operate through the typed Ticket backend and not shelling out to `tickets.sh`.
|
|
- A Pod without filesystem write scope to `work-items/` can perform allowed Ticket operations through the tool grant.
|
|
- A Pod without the Ticket tool grant cannot mutate Tickets through these tools.
|
|
- Tool schemas and outputs are bounded, deterministic enough for tests, and suitable for LLM use.
|
|
- Ticket create/comment/review/status/close operations produce files accepted by `./tickets.sh doctor`.
|
|
- Tool calls produce no writes outside the backend root and selected ticket artifact directories.
|
|
- Unit/integration tests cover allowed/denied operation paths and path traversal attempts.
|
|
- `cargo test` for affected crates passes.
|
|
- `cargo check --workspace --all-targets`, `cargo fmt --check`, `git diff --check`, and `./tickets.sh doctor` pass.
|
|
|
|
## Dependencies
|
|
|
|
- Requires `ticket-local-files-backend`.
|
|
- Prefer after `feature-api-authority-separation` if that ticket remains open.
|
|
|
|
## Follow-up tickets
|
|
|
|
- `ticket-intake-workflow`
|
|
- `ticket-orchestrator-routing`
|