That's because Herald rules are not synced from the Phabricator production instance to random Labs instances. So I don't consider this a bug per se.

https://phab-01.wmflabs.org/herald/rule/1/ exists. And I got an own instance with that too, and imported the actual security code from the wikimedia git, so the code is unique.Normaly, herald should do the same actions, and other features, like NDA or Securtiy works.

Well the security extension isn't even present nor configured on Phab-01 (which creates the Herald rules). Known issue.

I guess it's the event listener, which don't work? Is there a easy way to fix this? This feature is useful for some of my tests, so for me it would be useful, if this bug gets fixed fast.

I'm still not sure if we want the security extension on Phab-01 but if a Phabricator admin wants to do it its just:

1. Making sure the security extension is checked out in /srv/phab/libext/security (it should be with a puppet run)
2. Setting security extension to load: sudo bin/config set load-libraries '["/srv/phab/libext/Sprint/src","/srv/phab/libext/security/src"]'
3. And configuring the event listeners: sudo bin/config set events.listeners '["SecurityPolicyEventListener"]'

Only point 3 was missing. But now, there is a new error:

>>> UNRECOVERABLE FATAL ERROR <<<
Call to a member function getPHID() on a non-object
/srv/phab/libext/security/src/policy/WMFSecurityPolicy.php:171
┻━┻ ︵ ¯\_(ツ)_/¯ ︵ ┻━┻

The SRE-Access-Requests exists (my instance, not phab-01), but I get this bug.

You may need to run bin/storage upgrade and the like.

The instance still throws this message :-/

Any idea, how we can fix this?

In T117664#1788283, @Negative24 wrote:

(...)

3. And configuring the event listeners: sudo bin/config set events.listeners '["SecurityPolicyEventListener"]'

This is the second problem: Puppet overwrites this config. Can you help me to protect this setting from against overwriting?