bug(workflows): auto-resume after reject-with-redraft bypasses the approval gate and posts

[Wirasm]

Summary

After an approval node is rejected with on_reject.prompt (which redrafts an artifact and re-pauses at the same approval gate per the documented behavior), invoking archon workflow run <name> a second time auto-resumes the paused run and treats the post-redraft pause as approved, executing the downstream nodes without re-asking the user. In a workflow whose post-approval node has real-world side effects (e.g. gh pr comment), this means the side effect fires when the user expected another approval pause.

Reproduction

I hit this today in the maintainer-review-pr workflow on dev:

1. archon workflow run maintainer-review-pr \"1335\" — workflow ran through gate (verdict: decline), paused at approve-decline approval node.
2. archon workflow reject db81f7043abb2b1d07eb80f409ba7962 --reason \"PR was closed manually before the comment posted. Redraft to acknowledge the closure ...\" — on_reject.prompt ran, regenerated decline-comment.md, workflow re-paused at approve-decline (per docs: "After running, the workflow re-pauses at the same gate").
3. archon workflow run maintainer-review-pr \"1369\" — intent was to start a fresh run on a different PR.
4. Actual: the second invocation auto-resumed run db81f7043abb.... The approve-decline node showed as dag.node_skipped_prior_success. post-decline (which executes gh pr comment) ran. The comment was posted to PR feat: add MD Quick View Electron desktop app for viewing .md files #1335 without the user being asked again. The \"1369\" argument was ignored.

Run record:

nodeId: approve-decline ...  msg: dag.node_skipped_prior_success
nodeId: post-decline ... durationMs: 2547 ... msg: dag_node_completed

Expected behavior

One of:

• (A) The approval node re-pauses on resume. The on_reject redraft re-paused at the gate; that pause should be honored on the next resume too. Approval state should not be cached as 'approved' from the prior cycle.
• (B) archon workflow run <name> <new-args> should create a new run, not silently auto-resume a paused one with a different argument. At minimum, when the new args differ from the paused run's args, refuse to auto-resume and ask the user explicitly (via a CLI prompt or by requiring --resume <run-id> to opt in).

Either behavior would prevent the foot-gun.

Impact

• Real-world side effects fire without explicit approval. In our case, a gh pr comment posted to a closed third-party PR. In a destructive workflow (auto-merge, delete-branch, etc.) this could be much worse.
• Surprising for users — the documented contract is "approval pauses the workflow until a human approves or rejects." Auto-resume eliding that for prior-success runs violates the contract.

Suggested fix paths

• Cleanest: when an approval node is reached on resume, re-evaluate the approval state from scratch (paused → wait for user) instead of treating any prior 'approved' marker as final. The redraft cycle should reset the approval to 'pending'.
• Alternative: explicit --resume <run-id> flag required to resume; bare archon workflow run <name> always creates a new run. (More disruptive change.)

Related

• Documented approval semantics: workflow-dag.md, Approval Nodes section.
• The auto-resume feature itself is documented as "resume from last failure point," but the interaction with approval re-pauses isn't spelled out.

[Wirasm]

Investigation: auto-resume after reject-with-redraft bypasses approval gate

Type: BUG

Assessment

Metric	Value	Reasoning
Severity	HIGH	Downstream nodes with real-world side effects fire without user approval; documented approval contract is violated
Complexity	LOW	Single-line fix in one function — the root cause is a synthetic node ID collision
Confidence	HIGH	Full data flow traced; exact node_completed event write identified at dag-executor.ts:1114

---

Problem Statement

When on_reject.prompt runs during an approval gate rejection, the internal executeNodeInternal function writes a node_completed event using the approval gate's node ID as the step_name. On the next archon workflow run invocation, getCompletedDagNodeOutputs() finds this event and treats the approval gate as "already completed" — skipping it entirely and running downstream nodes without re-asking the user.

---

Root Cause Analysis

WHY: post-decline runs without approval
↓ BECAUSE: dag.node_skipped_prior_success fires for approve-decline
Evidence: packages/workflows/src/dag-executor.ts:2415 — if (priorCompletedNodes?.has(node.id))

↓ BECAUSE: priorCompletedNodes contains the approval gate's node ID
Evidence: packages/core/src/db/workflow-events.ts:130 — queries event_type = 'node_completed' by step_name

↓ ROOT CAUSE: executeApprovalNode creates a synthetic PromptNode with id: node.id (same as the approval gate) to run the on_reject prompt. executeNodeInternal writes node_completed with that ID — poisoning the resume state.

packages/workflows/src/dag-executor.ts:2253:

const syntheticNode: PromptNode = {
  id: node.id,  // ← BUG: collides with approval gate ID
  prompt: substituteNodeOutputRefs(substitutedPrompt, nodeOutputs),
  ...
};

The CLI immediately auto-resumes after rejection (packages/cli/src/commands/workflow.ts:1071), so this happens on the first archon workflow reject call, not a second invocation. The second archon workflow run then finds the poisoned node_completed event.

---

Implementation Plan

Step	File	Change
1	packages/workflows/src/dag-executor.ts:2253	Change id: node.id → id: `${node.id}:on_reject`
2	packages/workflows/src/dag-executor.test.ts	Add regression test: on_reject must not write node_completed for the approval gate ID

Detailed Step 1

Current:

const syntheticNode: PromptNode = {
  id: node.id,
  prompt: substituteNodeOutputRefs(substitutedPrompt, nodeOutputs),
  ...(node.depends_on ? { depends_on: node.depends_on } : {}),
  ...(node.idle_timeout ? { idle_timeout: node.idle_timeout } : {}),
};

Fix:

// Use a distinct ID so the node_completed event written by executeNodeInternal
// does not collide with the approval gate's own ID in getCompletedDagNodeOutputs.
const syntheticNode: PromptNode = {
  id: `${node.id}:on_reject`,
  prompt: substituteNodeOutputRefs(substitutedPrompt, nodeOutputs),
  ...(node.depends_on ? { depends_on: node.depends_on } : {}),
  ...(node.idle_timeout ? { idle_timeout: node.idle_timeout } : {}),
};

The legitimate node_completed for the approval gate is written by approveWorkflow() in workflow-operations.ts:182-187 — that path is correct and untouched.

---

Validation

bun run type-check && bun test packages/workflows/src/dag-executor.test.ts && bun run lint

---

Next Step

To implement: /implement-issue 1429

---

Investigated by Claude · 2026-04-27

[Wirasm]

Resolution Report

PR: #1435 (#1435)
Status: COMPLETE

---

Summary

The root cause was a synthetic node ID collision inside executeApprovalNode in dag-executor.ts. The on_reject PromptNode was given id: node.id, so executeNodeInternal wrote a node_completed event with step_name = approval-gate-id. On the next workflow run, getCompletedDagNodeOutputs() found that event and treated the approval gate as "already completed", causing it to be skipped entirely and downstream nodes to execute without re-approval.

Fix: one-line change — id: node.id → id: `${node.id}:on_reject` — so the synthetic node's step_name in node_completed never matches priorCompletedNodes.has(node.id).

---

Changes Made

File	Change
packages/workflows/src/dag-executor.ts	Distinct synthetic node ID + inline SSE side-effect comment
packages/workflows/src/dag-executor.test.ts	Regression test (negative assertion: approval gate ID not written; positive assertion: review:on_reject written exactly once)

---

Validation

✅ Type check | ✅ Lint (0 warnings) | ✅ Tests (193 dag-executor tests passed) | ✅ Build

---

Review findings addressed

• LOW: Added positive assertion (step_name === 'review:on_reject' written exactly once)
• MEDIUM: Added inline comment documenting SSE side-effect as known/intentional

---

Unaddressed items

Finding	Severity	Reason
Filter synthetic :on_reject node IDs from WorkflowExecution.tsx nodeMap	MEDIUM (cosmetic)	Out of scope for this bug fix; phantom node in UI is cosmetic only — approval gate re-presents correctly

---

Suggested follow-up

"Filter synthetic :on_reject node IDs from WorkflowExecution.tsx nodeMap" (P3) — During an on_reject cycle the web UI execution view shows a phantom review:on_reject node because WorkflowExecution.tsx builds its nodeMap from all node_* SSE events unconditionally. Filtering IDs containing :on_reject would eliminate this cosmetic artifact.