Skip to content
PETROVA

2026-05-10 — TASKSET 5b-ii — open_decision form on /console (eight verbs over HTTP)

Date: 2026-05-10 Status: closed Supersedes: none Superseded-by: none — current

Context

Section titled “Context”

TASKSET 5a shipped the eight petrova.act.* verbs as MCP tools and CLI commands. TASKSET 5b-i added a read-only audit panel at /console/acts. Operators still had to drop to MCP/CLI to emit a decision-doc PR — the dashboard couldn’t drive the loop.

The plan in docs/superpowers/plans/2026-05-10-taskset-5b-write-verbs-from-dashboard.md parked the form work pending per-user auth. Reconsidering: the dashboard is already gated by Vercel Password Protection (single shared password) and the verb library enforces fleets_allowed server-side. Adding a dry-run-required UX is enough friction for solo-driver use; multi-user identity can come later.

Decision

Section titled “Decision”
  1. Wire all eight petrova.act.* handlers into the HTTP RPC surface (api/rpc.ts and host/src/http.ts). They were previously stdio-MCP only. Tools list jumps from 12 to 20.
  2. Add a server-side proxy at dashboard/src/pages/api/act.ts so the form can submit JSON without exposing the PETROVA_HOST_BEARER to the browser. Allowlists the eight verbs; defaults dry_run to true.
  3. Ship the first form: /console/acts/new/open_decision. Two-step UX: a preview (dry-run) button POSTs with dry_run: true and renders the verb’s response; only after preview returns non-failed does the commit (apply) button enable. Confirmation dialog before the apply call. Result JSON is shown inline both times.
  4. Keep the other seven verbs HTTP-callable but UI-less for now — operators can compose payloads against /api/act directly until per-verb forms land.

Alternatives considered

Section titled “Alternatives considered”
  • Per-user GitHub OAuth before exposing writes. Rejected for v1: gates progress on a separate auth migration. Vercel password + dry-run-required + fleets_allowed check inside the verb is enough for solo operation. Revisit when a second human needs scoped access.
  • One generic schema-driven form for all 8 verbs. Rejected: the verbs have meaningfully different semantics (decision body vs phase scope vs PR rationale). A generic form would either be too loose to validate or too rigid to express. Per-verb pages are clearer and accumulate as they’re needed.

Consequences

Section titled “Consequences”

For code:

  • 8 new HTTP-RPC handlers in host/src/http.ts and api/rpc.ts. Tools list: 12 → 20.
  • New Astro server endpoint dashboard/src/pages/api/act.ts with verb allowlist.
  • New form page dashboard/src/pages/console/acts/new/open_decision.astro.
  • Acts audit page gets a + open_decision CTA.
  • Integration test count assertion updated (12 → 20).

For docs:

  • This doc. Plan docs/superpowers/plans/2026-05-10-taskset-5b-write-verbs-from-dashboard.md is partially fulfilled (sub-phase 5b-ii now in progress, scoped to one verb).

For in-flight phases:

  • None.

For invariants:

  • No MR-N changes. The exposed verbs already enforce MR grounding inside themselves.

Security note

Section titled “Security note”

Anyone with the Vercel password can now emit a PR via the dashboard. The verb’s own fleets_allowed check still bites — a write to a fleets_allowed: [] repo (petrova-codes, eva-hq, rocky-hq, skyflow-hq, smo1-io) is rejected unless PETROVA_ALLOW_HUMAN_OVERRIDE=1 is set in the function env. Default deploy keeps that off.

References

Section titled “References”
  • Plan: docs/superpowers/plans/2026-05-10-taskset-5b-write-verbs-from-dashboard.md
  • TASKSET 5a closure: docs/decisions/2026-05-10-taskset-5a-petrova-act.md
  • Existing MCP wrappers: host/src/tools/mutations.ts

Sign-off

Section titled “Sign-off”
  • Subagent: Claude Code (main direct-push under standing approval)
  • Human: alex@devarno.com — 2026-05-10