Skip to content

Post-merge incident: gittensory's obligations to the customer #5137

Description

@JSONbored

Context

#4809's kill-switch and #4806's escalation path both cover a misbehaving, in-flight loop. Neither covers the scenario where a loop already completed and its PR already merged into a customer's live repository, and is only later discovered to be broken or harmful. #4805 (Terms of Service) itself frames the core risk explicitly: "An autonomous agent merging code into a paying customer's live repository... carries real liability exposure."

Note: the reporting-path/audit-trail engineering half of this issue has been split out into #5672 (Post-merge incident audit-trail & reporting wiring), which is now open to Gittensor contributors. This issue covers only the policy/legal question of what gittensory's obligations actually are once a report comes in.

Dependencies

Blocked on #4805 (Terms of Service & liability terms) — obligations here are part of the same liability surface.

Requirements

  1. Define gittensory's obligations once an already-merged rented-loop PR is reported harmful: revert assistance, compute credit, notification, or some combination.
  2. Define how this feeds back into Launch-readiness gate #4810's launch-readiness pilot criteria.
  3. Out of scope: the reporting path and audit-trail record itself — see Post-merge incident audit-trail & reporting wiring #5672.

Deliverables / Acceptance Criteria

Links & Resources


Part of #4778.

Metadata

Metadata

Assignees

Labels

maintainer-onlyOwner-only work — yields no Gittensor points.roadmapOn the Wave-2 agent-layer roadmap board (project 9)

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions