Commit Graph

18 Commits

Author SHA1 Message Date
Дмитрий 2f39286ddf feat(m7-phase4b): rationalization + self-debrief в FAIL_CLOSE_DISCIPLINE_HOOKS (манифест Ф6)
Обе Stop-дисциплины Фазы 4b зарегистрированы в манифесте fail-CLOSE. self-debrief уже
fail-CLOSE поведенчески; rationalization конвертируется отдельным коммитом (Task 2).
Манифест-тест (for-of) сверяет наличие обоих. 89/89 тестов хелперов GREEN.
2026-06-08 12:18:51 +03:00
Дмитрий a630c994db feat(m7-phase4a): coverage-verify + todowrite-skill-verifier в FAIL_CLOSE_DISCIPLINE_HOOKS (манифест Ф6)
Оба поглощённых дисциплинарных стража Фазы 4a добавлены в FAIL_CLOSE_DISCIPLINE_HOOKS —
манифест-самопроверка Фазы 6 потребует их регистрации. Манифест-тест (for-of) сверяет
наличие обоих. 87/87 тестов хелперов GREEN.
2026-06-08 11:10:41 +03:00
Дмитрий 5320de8371 feat(m7-phase3): enforce-skill-journaler в FAIL_CLOSE_DISCIPLINE_HOOKS (P-7, манифест Фазы 6) 2026-06-08 10:36:42 +03:00
Дмитрий 91a5acc4bf fix(m7-phase0): disciplineOutcome строгий fail-CLOSE на малформ-возврат (sharp-edges) 2026-06-08 10:07:52 +03:00
Дмитрий dc30c5daee feat(m7-phase0): disciplineOutcome fail-CLOSE + P-7 списки + контракт helpers:7 (правило 1) 2026-06-08 10:02:43 +03:00
Дмитрий c55e14b626 feat(brain): surface router-gate v4 signals into episode + factor axes
Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com
2026-05-31 19:05:20 +03:00
Дмитрий ffd70d6fa5 fix(router-gate-v4): lastTurnEntries skips harness-injected skill bodies (isMeta + sourceToolUseID)
Sibling Claude session 2026-05-30 found that lastTurnEntries treats
harness-injected skill bodies as spurious turn boundaries, breaking both
enforce-memory-coverage (can't find user's coverage line) AND
enforce-normative-content-rules::detectLegitSkillActive (can't find the
Skill tool_use that lives in the assistant message BEFORE the body).

Refinement applied here: this session inspected 29 isMeta:true entries
across the live transcript (8f4ba767-...jsonl) via a debug helper and
found isMeta:true is ALSO used for "Continue from where you left off"
auto-resume, Stop hook feedback strings, and <local-command-caveat>
wrappers — those are real user-equivalent boundaries that must remain
visible. Sibling's blanket "skip isMeta" proposal would have broken them.

Discriminator: skip ONLY when isMeta === true AND typeof sourceToolUseID
=== 'string' (tool-spawned content). Skill bodies have the linking field;
the other isMeta sources do not. The sourceToolUseID field is harness-
controlled and not writable by controller from inside a tool call —
cannot be spoofed.

Behaviour after fix:
  * Skill body injection → skipped → walk continues back to find user's
    real prompt (with coverage line).
  * The assistant message containing the Skill tool_use is now inside the
    turn → detectLegitSkillActive finds it → normative writes pass when
    invoked under an active claude-md-management skill.
  * "Continue from where you left off." → still treated as turn boundary.
  * Stop hook feedback strings → still treated as turn boundary.

TDD:
  * 3 new tests in tools/enforce-hook-helpers.test.mjs under the
    "lastTurnEntries / lastUserPromptText / lastAssistantText / turnToolUses"
    describe block:
      - lastTurnEntries skips skill body injections (isMeta + sourceToolUseID)
      - lastTurnEntries does NOT skip "Continue from where you left off"
        (isMeta but no sourceToolUseID)
      - turnToolUses includes Skill tool_use spawned in same turn as the
        injected skill body
  * 2/3 RED→GREEN (the "Continue" negative test passed on baseline already
    since its string content satisfies the existing string-content branch).

Scope:
  * Fixes 2 of the 5 structural quirks documented in the Stream H
    completion log (enforce-memory-coverage gap, enforce-normative-
    content-rules detectLegitSkillActive gap).
  * Does NOT fix: enforce-read-path-deny LEGIT_SKILLS exemption gap
    (separate hook, no lastTurnEntries dependency); TDD-gate cross-actor
    blindness (different mechanism — actor session boundaries);
    detectFullTestRun regex narrowness (command-pattern matching).

Regression: vitest tools 1788/1788 GREEN (was 1785; +3 new tests).

Plan: docs/superpowers/plans/2026-05-30-lastturnentries-skill-body-skip.md
2026-05-30 14:16:12 +03:00
Дмитрий 40d4443926 refactor(router-gate-v4): stub override helpers (universal vocab removed per spec §4.2)
findOverride/findOverrideAttempt/loadOverrideVocab become permanent stubs returning null/null/empty.
Non-deleted hooks (verify-before-push, tdd-gate, memory-coverage, branch-switch) still import these
symbols and need them to compile; runtime always reports 'no override'.

Adapted 15 existing tests in enforce-hook-helpers.test.mjs and 7 in enforce-semgrep-security.test.mjs
that asserted old vocab behaviour; all now assert stub behaviour (null/empty).
1824/1824 vitest tools GREEN.

Stream G of router-gate v4 deployment.
2026-05-30 05:55:46 +03:00
Дмитрий b93e5af439 chore(brain-retro): export CHAIN_OUTCOME_BUCKETS + clean up redundant fs import (Phase 4 #2 review fixes)
Code-quality review of Task B (Phase 4) flagged two minor fixes:
- Export CHAIN_OUTCOME_BUCKETS for external consumers (test + future cuts)
  no longer hard-code bucket names.
- Replace fs.readFileSync via duplicate `import fs from 'fs'` with the
  already-imported named `readFileSync` in helpers test.

+1 regression test on the export.
2026-05-28 15:48:42 +03:00
Дмитрий a3f5f392cd feat(brain-retro): Cut 11 chain-hook effectiveness ledger + analyzer (Phase 4 #2) 2026-05-28 15:48:39 +03:00
Дмитрий 5eb2066524 feat(hooks): enforce-semgrep-security — block git commit when auth/billing/CSV/webhook in staged без Semgrep (Phase 4 #9) 2026-05-28 15:48:37 +03:00
Дмитрий 8266755c2e feat(enforce-verify-before-push): docs-only short-circuit
The verify-before-push hook now skips the regression gate when EVERY
staged/unpushed file is a .md document (memory, docs, specs, plans,
SKILL.md). Code-touching pushes remain fully gated as before; mixed
pushes (even one non-md file) keep the full gate.

Closes the recurring loop where Claude invokes the "ремонт инфраструктуры"
override on every docs-only push — regression adds no value when the
change set has no executable code.

New helpers (tools/enforce-hook-helpers.mjs):
  - isDocsOnlyPath(p): true iff path ends with .md (case-insensitive)
  - isDocsOnlyChange(paths): true iff non-empty AND every entry docs-only
  - listChangedFiles(kind): git diff --cached (commit) / @{u}..HEAD (push)
    Empty result = unknown -> caller MUST fall through to normal gate.

decide() in enforce-verify-before-push.mjs accepts a new changedPaths
arg and short-circuits {block: false} when isDocsOnlyChange === true.
Empty/undefined -> falls through (conservative).

TDD: 13 new tests across enforce-hook-helpers.test.mjs + enforce-verify-
before-push.test.mjs, all GREEN. Tools-only canonical regression 965/965.
2026-05-27 08:23:17 +03:00
Дмитрий 165f1ed993 fix(hooks): findOverrideAttempt + helpful diagnostic for silent-reject when justification missing. Resolves UX bug where enforce-verify-before-push silently rejected master overrides without justification line. Now emits explicit diagnostic. 132/132 hook tests green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-26 15:53:04 +03:00
Дмитрий 57a7f55bf1 fix(enforce): hole 7 — ремонт инфраструктуры requires justification line
Brain-retro #5 candidate C, hole 7: the 'ремонт инфраструктуры' phrase
suppressed ALL rule keys with no constraint. Now requires a 'ремонт: <what>'
line in the same prompt documenting the target.

enforce-override-vocab.json: added 'requires_justification: "ремонт:"' to
the entry.
enforce-hook-helpers.mjs findOverride(): honors requires_justification — when
set, the user prompt must contain '<prefix> <non-empty-text>' or the override
is rejected.
2026-05-26 11:23:19 +03:00
Дмитрий c7079ac8e4 fix(enforce-helpers): detectFullTestRun first-real-command approach (third iteration)
Previous segment-split approach still mis-detected because naive && split
also splits INSIDE quoted commit messages. A git commit with a body like
'... npx vitest run ...' produced a segment starting with vitest after split.

New approach: find FIRST real command (after skipping cd / env-prefix),
classify based on that. Anything after it is arguments / chained commands,
which don't change the kind. Hard guard rejects first-real ∈ {git, scp, ssh,
curl, cat, echo, grep, cp, mv, ...}.

Found live: my own commit message from the previous fix ('handles compound
commands like cd ... && npx vitest run') caused the verify-pass sentinel to
overwrite as fail. Test for this case in helpers.test.mjs.
2026-05-26 03:22:29 +03:00
Дмитрий bfa228197d fix(enforce-helpers): detectFullTestRun handles compound commands (segment-split)
Previous guard ("any \b(git|cat|echo)\s/ → null") was too aggressive: it
blocked legitimate compound test commands like `cd ... && npx vitest run`
or `npx vitest run && echo done`.

New approach: split on shell separators, examine each segment after stripping
env-prefix and `cd` prefix. A command is a test run iff some segment STARTS
with a recognised test-invocation token. Correctly handles both directions:
  - false-positive guard (commit message containing 'vitest run' → null)
  - false-negative fix (compound 'cd ... && vitest run' → vitest-full)

Live-caught by my own TDD-gate: prod-edit blocked, wrote tests first, RED
verified, then GREEN. 59/59 unit tests pass.
2026-05-26 03:13:41 +03:00
Дмитрий 982cd00678 fix(enforce): detectFullTestRun guard against false-positive on git/echo/cat strings 2026-05-25 18:35:08 +03:00
Дмитрий 76cb825331 feat(enforce): T1 — shared hook helpers + override vocab 2026-05-25 18:14:34 +03:00