fix(queue): reject stale gate overrides

[JSONbored]

Motivation

• Prevent a race where a maintainer's @gittensory gate-override could be applied to a newer, unreviewed commit pushed after the comment was issued.
• Preserve the existing fail-open fallback (use cached head when live fetch is unreadable or missing) while ensuring overrides only target the PR head the maintainer actually approved.

Description

• Change resolveOverrideHeadSha to return a structured OverrideHeadResolution with headSha, stale, and liveHeadSha so callers can detect a live-vs-cached mismatch.
• In the gate-override handler (maybeProcessGateOverrideCommand) skip the override when stale === true, record a stale_pr_head skip audit event, and only build the advisory / create the neutral Gate check when the cached head is still current.
• Update unit tests to cover matching live/cached heads, the stale-head path (skip), and fail-open fallback cases.
• Small type/test adjustments to accommodate the new return shape.

Testing

• Ran the focused unit tests with npm test -- --run test/unit/resolve-override-head-sha.test.ts test/unit/queue.test.ts -t "gate-override|resolveOverrideHeadSha", and the targeted suites passed.
• Ran type checking with npm run typecheck which completed successfully.
• Attempted coverage with npm run test:coverage; tests passed but coverage remapping failed in this environment with TypeError: jsTokens is not a function (environmental/tooling issue during Vitest V8 remapping).
• npm audit --audit-level=moderate failed in this environment due to the registry audit endpoint returning 403 Forbidden (environment limitation, not related to code changes).

---

Codex Task

[superagent-security]

Superagent didn't find any vulnerabilities or security issues in this PR.

[codecov]

Codecov Report

❌ Patch coverage is 87.50000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 95.39%. Comparing base (a356441) to head (07606ea).
⚠️ Report is 59 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/queue/processors.ts	87.50%	0 Missing and 1 partial ⚠️

❌ Your patch check has failed because the patch coverage (87.50%) is below the target coverage (97.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1427      +/-   ##
==========================================
- Coverage   95.39%   95.39%   -0.01%     
==========================================
  Files         193      193              
  Lines       20929    20933       +4     
  Branches     7564     7565       +1     
==========================================
+ Hits        19966    19969       +3     
  Misses        383      383              
- Partials      580      581       +1     

Files with missing lines	Coverage Δ
src/queue/processors.ts	88.24% <87.50%> (-0.05%)	⬇️

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	gittensory-ui	43b4aa3	Commit Preview URL Branch Preview URL	Jun 26 2026, 07:05 AM

[gittensory-orb]

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review — blocked

3 files · 1 AI reviewers · no blockers · readiness 48/100 · CI green · dirty

🛑 Blocked

Signal	Result	Evidence
Code review	✅ No blockers	1 reviewers, synthesized
Linked issue	⚠️ Missing	No linked issue or no-issue rationale found.
Related work	⚠️ 3 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:M.
Validation evidence	❌ 5/25	Cached preflight status is hold.
Open PR queue	❌ 3/10	48 open PR(s), 9 likely reviewable, 39 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	JSONbored; Gittensor profile; 81 PR(s), 261 issue(s).
Gate result	✅ Passing	No configured blocker found.

Nits — 2 non-blocking

• Repository config was not parsed
• No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.

Review context

• Author: JSONbored
• Role context: owner (maintainer lane)
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: not available
• Official Gittensor activity: 81 PR(s), 261 issue(s).
• Related work: Titles/paths share 8 meaningful terms. (PR #1489)
• Related work: Titles/paths share 6 meaningful terms. (PR #1398)
• Related work: Titles/paths share 6 meaningful terms. (PR #1441)
• Additional title-only matches omitted; title-only overlap does not block.

Contributor next steps

• Treat this as maintainer-lane context rather than normal contributor-lane activity.
• Explain no-issue PR.
• Review top overlaps.
• Add scope summary.
• Fix blocker.
• Expect slower review.
• Refresh registry data or choose a registered active repo.
• Link the issue being solved, or explicitly explain why this is a no-issue PR.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review

[JSONbored]

Closing — this silently reverses a recently-audited security decision rather than fixing a bug. The current "override the Gate on the live PR head, not the stale cached SHA" behavior was shipped deliberately as #1408 (3ec6bfc5, audit item #16) because the neutral check is per-commit and posting on the stale SHA is a silent no-op. This PR flips that to "reject as stale when live≠cached." Both are defensible postures, but reversing #1408 is an explicit policy call to make in the open, not an auto-merge — and the branch is conflicting with stale CI besides. If you want stale-rejection over live-head-override, let's decide that against #1408 directly and re-cut.