You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Four required checks sat permanently at "Expected — Waiting for status to be reported" on this repo (the push to #645 confirmed it server-side: "4 of 4 required status checks are expected"). "Expected" is not a failure — it means a pinned context name was never reported on the head commit. Root cause: branch protection pins context strings the repo only conditionally emits. Three independent mechanisms produce the same symptom:
Required pin
Producer
Why it can sit "Expected"
analyze (actions, none)
codeql.yml
was pull_request: branches:[main,master]-gated → no run on other bases
hypatia / Hypatia Neurosymbolic Analysis
hypatia-scan.yml
same branch gate
Hypatia
GitHub App check
external; not produced by a repo workflow (see hypatia issue)
governance / Validate Hypatia baseline
the standards governance reusable
this repo runs a standalone governance job (#603/#604) that emits governance instead → orphaned pin
What remains (needs repo-admin / branch-protection access)
Repoint the affinescript governance pingovernance / Validate Hypatia baseline → governance (the name the standalone gate actually emits). Once repointed, the local bridge added in ci: make the four required status checks reportable on every PR #645 (governance-baseline.yml + governance-baseline-impl.yml) can be removed — it exists only to satisfy the stale pin without admin access.
Audit each repo's required-pin list vs. emitted names. Only affinescript is API-confirmed (the "4 of 4"); hypatia / gitbot-fleet / .git-private-farm need a required-vs-emitted diff against a green main PR.
Adopt the guardrail: a context may be marked Required only if it is emitted unconditionally on every PR that can target the protected branch. Pin to job names the repo's own workflows emit unconditionally — never to reusable-job names that can change out from under you, nor to app checks (see ci: Bump actions/cache from 5.0.2 to 5.0.4 #4).
The Hypatia app check — tracked separately in hyperpolymath/hypatia (post on every PR or de-require).
Background
Four required checks sat permanently at "Expected — Waiting for status to be reported" on this repo (the push to #645 confirmed it server-side: "4 of 4 required status checks are expected"). "Expected" is not a failure — it means a pinned context name was never reported on the head commit. Root cause: branch protection pins context strings the repo only conditionally emits. Three independent mechanisms produce the same symptom:
analyze (actions, none)codeql.ymlpull_request: branches:[main,master]-gated → no run on other baseshypatia / Hypatia Neurosymbolic Analysishypatia-scan.ymlHypatiagovernance / Validate Hypatia baselinestandardsgovernance reusablegovernancejob (#603/#604) that emitsgovernanceinstead → orphaned pinWhat's already done (repo-side)
codeql.yml+hypatia-scan.yml; added a local-reusable bridge that re-emitsgovernance / Validate Hypatia baseline. All four now report green.What remains (needs repo-admin / branch-protection access)
governance / Validate Hypatia baseline→governance(the name the standalone gate actually emits). Once repointed, the local bridge added in ci: make the four required status checks reportable on every PR #645 (governance-baseline.yml+governance-baseline-impl.yml) can be removed — it exists only to satisfy the stale pin without admin access.affinescriptis API-confirmed (the "4 of 4"); hypatia / gitbot-fleet / .git-private-farm need a required-vs-emitted diff against a greenmainPR.Hypatiaapp check — tracked separately in hyperpolymath/hypatia (post on every PR or de-require).Acceptance
docs/ci/required-checks.adoc)