5b8109ea55
docs(plans): router-gate v4 Stream B sub-plan (shell content parsing)
2026-05-29 19:29:17 +03:00
480649db30
fix(rationalization-audit): skip quoted citations to remove false-positives
2026-05-29 18:47:21 +03:00
c4c2afd111
docs(plans): router-gate v4 master coordination plan (9 streams, parallel sessions)
...
Master plan orchestrates 9 streams (A-H + checkpoints) для параллельного
multi-session запуска. Каждый stream работает над disjoint set файлов
в tools/ или docs/ — 0 conflicts по конструкции.
Streams:
- A: Pure decision modules (8 файлов, ~250 unit tests) — independent
- B: Bash/PowerShell content rules — independent (stub path-norm)
- C: Static scan + framework boot + Glob F8 + MCP classifier — independent
- D: LLM-judge Layer 4 (multi-judge + per-tool + response scan) — independent
- E: AskUser parser + subagent return scanner — independent
- F: VM-sandbox setup (user hands-on) — independent
- G: Cleanup 5 v3.9 hooks + settings.json register — sequential after A-E
- Smokes 1-9 user-run — sequential after G
- H: Brain-retro Table 16-17 + recovery docs + Pravila/PSR/Tooling sync — sequential
Wall-clock: 16-23h parallel (vs 49-65h sequential).
User chose Subagent-Driven execution в параллельных сессиях.
Each parallel session invokes writing-plans для своего stream sub-plan'а,
затем subagent-driven-development для реализации.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-29 18:47:21 +03:00
0c3552393a
docs(incidents): handoff для cleanup activity_log_y2026_m05 после ADR-018 fix
...
Task 7 плана 2026-05-29-audit-rebuild-per-tenant-fix.md.
Шаги выкатки cleanup'а 6 mismatches в activity_log_y2026_m05 через
исправленный audit:rebuild-chain (per-tenant per ADR-018):
1. Pre-flight: deploy success + verify baseline (6 mismatches expected).
2. Dry-run через artisan-run workflow (НЕ confirm_apply) — verify Scope =
"PARTITION BY tenant_id" в output (sanity check Task 4 deploy reached prod).
3. Apply через artisan-run --force + confirm_apply=true.
4. Verify ещё раз: 6 партиций intact.
5. Post: закрыть incident в incidents_log, обновить memory.
6. Rollback: бэкап PG + audit_block_mutation охрана.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 18:14:41 +03:00
575f7a1f59
docs(adr): ADR-018 enforcement активирован (Tasks 2+4 завершены)
...
Task 5 плана 2026-05-29-audit-rebuild-per-tenant-fix.md.
Активированы 2 декларативных правила в ADR-018:
- rebuild-must-use-shared-config: AuditRebuildChain.php должен читать
partition_clause из AuditChainConfig (require_pattern matches существующему
коду после Task 4 fix).
- verify-must-use-shared-config: VerifyAuditChains.php должен читать TABLES из
AuditChainConfig (require_pattern matches коду после Task 2 refactor).
llm_judge=false (declarative only, zero cost).
adr-judge на staged diff: 0 violations / 0 advisories.
Ref: docs/superpowers/plans/2026-05-29-audit-rebuild-per-tenant-fix.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 18:14:40 +03:00
0e768f9aa0
docs(spec): router-gate v4.0+v4.1+v4.2 design (behavioral + max-judges + VM sandbox)
...
Three-spec package for router-gate next-generation:
- v4.0 base (2249 lines) — поведенческий разворот: removes 16 защит-призраков
v3.9, adds Round 8 closures, adds 5 Directions (safe-baseline metering,
skill scope verifier, decomposition detector, TodoWrite verifier,
brain-retro Table 16). Target aggregate bypass ~15-25%.
- v4.1 max-closure amendment (1051 lines) — Layer 1-4: 8 Round 8 GAPs +
behavioral hard-blocks + universal vocab removal + 3-judge consensus
(Sonnet+Haiku+Opus) + per-tool LLM-judge + response scan. Target ~2-5%.
Cost +$300-1500/month ongoing.
- v4.2 VM-sandbox amendment (411 lines) — Layer 5 phased for solo developer:
Phase 1 VirtualBox isolation сейчас (~$0, 10-12h), Phase 2 biometric +
Phase 3 HSM via single YubiKey ($50-150) когда захотите. Two-person rule
removed (solo dev). Target ~0.5-0.8%.
Combined v4.0+v4.1+v4.2 full: ~0.5-0.8% aggregate bypass (close to
theoretical floor ~0.5% per §1.1 7 fundamental limits).
Implementation: ~49-65h sequential / 30-40h parallel through
subagent-driven-development. User wants parallel multi-session execution
for speed; writing-plans skill next.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-29 18:13:08 +03:00
e964d70c28
docs(plans): ADR-018 Stage 5 follow-up — AuditRebuildChain per-tenant fix
...
8 TDD tasks (~день кода): extract shared AuditChainConfig, refactor VerifyAuditChains (regression-safe), failing tests для multi-tenant/BYPASSRLS/single-row, rewrite AuditRebuildChain через LAG OVER (partition_clause ORDER BY id) симметрично verify, активация ADR-018 enforcement rules, Pint/Larastan/Pest --parallel smoke, handoff для прод-cleanup activity_log_y2026_m05 через gh workflow run artisan-run.yml. Self-review GREEN на spec coverage / placeholders / типы. Execution mode: subagent-driven.
2026-05-29 15:56:35 +03:00
0098db6628
docs(adr): ADR-018 audit hash-chain per-tenant semantics canonical
...
29.05 disk-full incident выявил несогласованность между trigger (per-tenant
через RLS), VerifyAuditChains (per-tenant через PARTITION BY tenant_id) и
AuditRebuildChain (global). 6 mismatches в activity_log_y2026_m05 -
следствие неправильного rebuild'а, не оригинальной порчи.
Decision (User: Дмитрий): per-tenant canonical через RLS scope. Trigger и
verify уже согласованы; AuditRebuildChain - bug, переделать в Stage 5
follow-up (отдельный plan). После фикса re-run на activity_log_y2026_m05 -
6 mismatches исчезнут.
Альтернатива global semantics + переписать trigger SECURITY DEFINER + миграция
БД отвергнута: ослабляет 152-ФЗ tamper-detection + рискованная миграция.
Cross-links: ADR-002 RLS multi-tenancy, incidents/2026-05-29-disk-full-pg-recovery.md,
F1 advisory-lock migration 2026_05_30_000001.
Enforcement-block declarative (require_pattern AuditChainConfig::TABLES) -
активируется после имплементации Stage 5 follow-up.
cspell-words.txt: +партиционированы
2026-05-29 15:32:46 +03:00
a6bde2125a
spec(router-gate): concentrate v3.9 — убрать audit-trail и version-history overhead
...
Заказчик: «перепиши спек, убери все лишние оставь только то что необходимо для
создания плана, но сам план не делай. Только помни нельзя потерять в качестве и
объеме ни в коем случае!»
После 10 раундов adversarial audit спек вырос до 2964 строк / 288KB. Большая часть
объёма — audit-trail и история эволюции через раунды:
- 8 «Changes vX → vY» overview-таблиц в начале (~245 lines)
- 11 версионных entries в §11 v3.9-v1 (~380 lines)
- inline traceability markers «v3.6 R5-audit H1 fix:» / «v3.7 R-NEW-4 closure:»
Эта информация дублируется (mechanism описан и в TL;DR overview, и в §11 entry,
и in-place в §3-§5) и НЕ нужна для составления implementation плана.
Что убрано (НИ ОДНОГО технического механизма не потеряно):
- Edit 1: «Changes v3.8 → v3.9» giant overview (13-row table + adversarial pre-check
+ implementation breakdown + Главный урок + Generalisable formula + Methodology +
Связано) → 1 reference paragraph
- Edit 2: «Changes v3.7 → v3.8», «Changes v3.6 → v3.7», ... «Changes v1 → v2»
(9 overview blocks + 4 FATAL table + Доп v3.8 closures C5-E30 list + adversarial
pre-check v3.8 table) → один Timeline эволюции v1→v3.9 paragraph
- Edit 4: §11 v3.8/v3.7/v3.6/v3.5/v3.4/v3.3/v3.2/v3.1/v3/v2/v1 entries → один
условный compaction-summary («### v1 – v3.8 — 9 раундов, 105 holes»). v3.9
entry полностью сохранён — план будет ссылаться на R7 closure details.
Что сохранено verbatim (100% technical content):
- §1 Цель и контекст / §2 Принципы дизайна
- §3 Архитектура: §3.0 PowerShell hook / §3.0.1 OS-keychain / §3.1 protected paths
(~80 paths + path normalization NFC/8.3/inode) / §3.2 subagent inheritance +
parent_random_id sentinel / §3.2.0 10 smokes / §3.2.1 automated bootstrap /
§3.3 failure modes / §3.4 subagent constraints + tool_result scanner / §3.5
atomic writes / §3.6 gate budget + state cache / §3.6.1 dep-checksums /
§3.6.2 normative-content second-layer
- §4 Decision Flow (Поведения 1-4 + §4.5 AskUser parser + §4.6 partial unlock +
§4.7 question quality detector 3-layer LLM-judge)
- §5 Безопасная база + MCP classification / §5.1 Bash rules (whitelist +
hard-blacklist + conditional + path-deny + SKILL_BASH_ALLOW + sub-shell sweep) /
§5.1.2 PowerShell mirror / §5.2 multi-language static scan (PHP/Ruby/Go/Java)
- §6 Recovery: 3 levels + §6.1 cheatsheet + §6.2 PII guard + §6.3 redacted reason
- §7 Logging + §7.1 coverage-hint coordination
- §8 Этапы реализации (implementation order matrix + риски миграции)
- §9 Open questions + acceptable residuals R-NEW-7..R-NEW-19
- §10 Cross-refs + §10.1 functions/registry + §10.2 ALL state schemas verbatim
(router-state, chain-state, askuser-decisions, router-gate-decisions, subagent-
inheritance, subagent-block, parent-sentinel, restricted/journal-access-log,
edited-files, coverage-hint, gate-errors, gate-config v3.9 fields, session-counters)
+ §10.3 test strategy + §10.4 success metrics + §10.5 rollback + §10.6 parallelism
- §11 v3.9 entry полный (R7 closure mechanism + generalisable formula + 13-row table)
Verification:
- Spec: 2964 → 2404 строк (-560 lines / -19%); технический объём ≥99%
- Mechanism keyword counts: fs.lstatSync 4 / parent_random_id 29 / SKILL_BASH_ALLOW 9
/ schema_version 11 / Поведение[1-4] 17 / node_modules 15 / claude-md-management 19
/ approve_git_operation 28 / subagent-block 14 / restricted/ 21 / keytar 15
/ shell-quote 17 / dep-checksums 11 / multi-judge 8 / NFC|normalize 12
/ mcp_tool_classification 7 / /etc/hosts 11 / git rev-parse HEAD 5
- markdownlint 0 errors; cspell 0 issues
- All §1-§11 sections intact (12 top-level headings preserved)
§0 cross-refs не меняются — spec-only, не tooling-канон / не ADR / не off-phase
подкатегория. Self-contained для writing-plans skill input в следующей сессии.
Methodology: EnterPlanMode → write plan → user approval → ExitPlanMode → 4 Edits
(Edit 3 inline-marker trim skipped как cosmetic — quality бы не выросло).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 14:58:46 +03:00
6383da7f12
chore(incident-followup): close 4 tails from 29.05 disk-full incident
...
ремонт: incident-followup cleanup batch — 4 хвоста
1. Larastan baseline regenerated (was 161 errors pre-existing IDE helper drift)
2. Deptrac Mail: [Model, Service] + ADR-005 amend (was 4 pre-existing violations)
3. PG logrotate config in setup-logrotate.yml
4. F1 6 mismatches — RCA updated (algorithm divergence trigger global vs verify per-tenant)
+3 cspell words: notifempty, missingok, верифицируется.
Ref: docs/incidents/2026-05-29-disk-full-pg-recovery.md §4-5
2026-05-29 14:45:28 +03:00
8910ae6cd6
spec(router-gate): v3.8 → v3.9 Round 7 audit closure (13 классов, 3 фундаментальные плоскости)
...
Round 7 adversarial audit (через superpowers:brainstorming skill) выявил 13 классов
которые 9 предыдущих раундов не покрывали:
- 2 FATAL: F5 Read-leak parent_random_id через Glob+Read (R-NEW-4 обнулён),
F6 subagent tool_result.content exfil
- 4 CRITICAL: C12 system DNS/config (/etc/hosts/~/.ssh/registry) вне §3.1,
C13 || true exit-code spoof (per-token vs per-chain),
C14 subagent state exfil,
C15 §5.2 multi-language gap (PHP/Ruby/Go test runners)
- 5 SERIOUS: S22 Skill(claude-md-management) exemption backdoor,
S23 Workflow args parameter payload,
S24 path-equivalence (Unicode NFC/NFD + Windows 8.3 + hardlinks),
S25 MCP filesystem/redis write tools classification,
S26 stop-keywords morphology gaps
- 2 EDGE: E31 gate-error reason disclosure (probing pattern),
E32 LLM-judge cache cross-session persistence
18 spec edits: header bump + TL;DR + Changes v3.8→v3.9 table + §3.1 system paths
+ parent-sentinel→restricted + §3.4 PostToolUse Task scanner + §3.6.2 normative-content
second-layer gate + §4.5 stop-keywords expanded + §4.7 cache per-session + §5 MCP
classification + §5.1 chain ANY-mutating + PostToolUse rev-parse verify + §5.1.2
PowerShell mirror + §5.2 multi-language scan + §6.3 redacted reason mode + §9 13 closures
+ §10.2 gate-config v3.9 fields + §11 v3.9 history entry.
Spec: 2554 → 2964 строк (+410 lines). Budget: 45-60h (v3.8) → 53-72h (v3.9).
Закрыто 118 holes total через 10 раундов adversarial audit.
cspell-words.txt +18 терминов (exfiltration/exfil/NFD/RCE/syscall/Inodes/PROGRA/
resolv/nsswitch/ics/HKCU/HKLM/fsutil/unstar/mvn/popen/брэйншторм/стопаем).
Generalisable formula R7 (новая): для каждого следующего audit задавать 3 вопроса
до enumeration — какие safe tools/paths/chains дают visibility/leverage; какие
границы scope подразумеваются но не enforce'ятся; где per-token vs per-chain
formulation gap есть в композиции.
§0 cross-refs не меняются — spec-only, не tooling-канон / не ADR / не off-phase
подкатегория.
Methodology: superpowers:brainstorming skill + AskUserQuestion scope choice
(user выбрал «Полное v3.9 closure всех 13»).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 14:36:36 +03:00
d181e98046
docs(claude-md): v2.40 add §5 п.13 NB (mixed-diff blocks docs-only short-circuit) + §5 +п.15 (memory-coverage rejects chain channels)
...
Two operational gotchas discovered в session 29.05.2026 (router-gate v3.6-3.8 sweep + post-sweep memory updates):
1. §5 п.13 NB — docs-only short-circuit считает строго .md-суффикс.
cspell-words.txt / package.json / lefthook.yml рядом со spec.md
делают diff mixed → verify-before-push активен → нужен vitest sentinel
ИЛИ override. Прецедент: commit 46c43169noreply@anthropic.com >
2026-05-29 14:29:38 +03:00
46c4316966
spec(router-gate): v3.6-3.8 sweep — rounds 5/6 closure (45 holes in 22 classes)
...
Adversarial audit rounds 5+6 на v3.5 spec выявили 45 attack-векторов:
- Round 5 (v3.5→v3.6 + v3.6→v3.7 maximum-closure): 15 + 7 acceptable residual closed
- Round 6 (v3.7→v3.8): 30 attack-векторов в 18 классах вкл. 4 FATAL
v3.6 — Round 5 closure (15 holes, +9 protected paths, Smoke 4-7,
§5.1↔§4.5 sync, recovery-pattern hard-block в §4.7).
v3.7 — Maximum closure pass (7 v3.6 residual + edge): LLM-judge на
каждую AskUser-опцию (R-NEW-1), parent_random_id 256-bit sentinel
(R-NEW-4), restricted/ subdir + journal-reader CLI (R-NEW-2),
shell-quote tokenizer (R-NEW-3), TF-IDF + LLM-judge для off-topic
(R12), smart batching multi-question AskUser (S6), git stash variants
в conditional class (Edge).
v3.8 — Round 6 closure (30 holes в 18 classes):
- F1 PowerShell tool gate (был полностью вне scope §5.1 — обнуляло
архитектуру на Windows)
- F2 Workflow internal agent() enumeration (nested агенты вне
gate-visibility — unlimited bypass)
- F3 node_modules whole-dir hard-deny + dep-checksums verification
через SHA-256 ключевых deps
- F4 LLM-judge anti-injection (delimiter tokens + pre-filter +
multi-judge consensus Sonnet+Haiku)
§3.1 protected paths расширен +30 entries (memory/CLAUDE.md/Pravila/
PSR/Tooling с Skill exemption для claude-md-management, CI/CD configs,
lint/build configs, plugin cache, shell init, npm configs, node_modules,
parent-sentinel, dep-checksums, expected-path).
§3.0.1 OS-keychain для LLM key (Windows Credential Manager / Keychain /
libsecret через keytar); key не в process.env → не утечёт через npm
test stdout.
§3.2.1 automated bootstrap smoke (1/5/6/7 на каждый session start,
cached 7 days); user-run остаётся для 3/4/8.
§6.1 docs/recovery-procedures.md новый файл — пошаговая шпаргалка
PowerShell-команд для 3 уровней recovery.
Budget: 13.5-20h (v3.5) → 22.5-32h (v3.6) → 33-44h (v3.7) → 45-60h (v3.8).
Закрыто 105 holes total через 9 раундов adversarial audit.
Generalisable lesson v3.8: каждый раунд аудита должен начинать с
abstract classification классов атак до enumeration конкретных дыр.
v3.7 «maximum closure» был maximum внутри границ воображения v3.6 R5-audit;
Round 6 показал что сами границы имели дыры.
Spec: 1980 → 2554 строк (+1110 inserts / -44 deletes за v3.6-3.8 sweep).
+13 терминов в cspell-words.txt (PowerShell aliases, npm deps).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 13:55:11 +03:00
9f44b82f8f
docs(incident): root-cause report 2026-05-29 disk-full PG recovery loop
...
ремонт: incident response 29.05 (4h prod downtime) — root cause report + cspell words
Full timeline, 3-factor RCA (B1+SMS constraint loop / no fast-fail / no size-based
logrotate), incident response actions, deferred items (F1 chain rebuild + PG log
rotation), action items.
+3 cspell words: lsn, биндинги, ретрае.
2026-05-29 13:31:19 +03:00
8b60a18298
plan(router-gate): 51-task implementation plan (audit-integrated)
...
Master implementation plan covering:
- 6 phases per spec §8 Этапы (1 / 1.1-1.8 / 2 / 2.1.0 smoke / 2.1
subagent inheritance / 2.2 constraints + block-file / 2.3
branch-switch / 3 settings.json / 4 recovery / 6 brain-retro)
- 51 TDD tasks with bite-sized 3-5 steps each
- All 8 MUST critical inline fixes integrated (CRITICAL-1/3/4/5/6/8/9/10)
- All 5 SHOULD-FIX findings tasked (vitest globalSetup / git format-patch /
approved_action_pattern / chain reset organic-only / chain-state
malformed fail-CLOSE)
- 5 DOS findings tasked (D-1/2/3/8/9) + 2 deferred (D-7 subagent
reader-writer lock, partial coverage; full split deferred to refinement)
Architecture: single PreToolUse hook tools/enforce-router-gate.mjs
+ PostToolUse handler tools/router-gate-post.mjs. Pure decision
functions in tools/router-gate-{decide,bash,askuser,path,state,
static-scan,quality,chain,coverage,cache,config,subagent}.mjs +
thin I/O wrapper. 10 state files at ~/.claude/runtime/*.
Execution: subagent-driven-development (recommended) или
executing-plans inline. Plan self-review verified all 63 spec
design decisions + 13 audit-driven decisions covered.
Source spec: 2026-05-29-router-gate-hard-wall-design-condensed.md
(commit 71b07e52noreply@anthropic.com >
2026-05-29 10:06:06 +03:00
71b07e52eb
audit(spec): 51 findings + 8 MUST critical fixes inline
...
Adversarial audit condensed router-gate spec через 3 parallel
Sonnet adversaries (9 attack zones). 51 finding total:
10 BYPASS-COMPLETE + 17 PARTIAL + 9 DOS + 15 INFO. Spec
заявление «hard wall полный» НЕ выдерживает.
8 MUST critical inline fixes applied:
- §5.1 Bash: <<< here-string, node REPL/stdin block,
< input redirect, tokenizer per-arg path-deny check
(closes CRITICAL-9/8/6 + PARTIAL-15)
- §3.1 path normalization: UNC \?\ prefix strip,
8.3 short names expand via GetLongPathName,
unresolved $VAR fail-CLOSE
(closes CRITICAL-3/4/5)
- §4 Поведение 1: source restriction — detector проверяет
только organic root user prompt, НЕ AskUser chosen_label
(closes CRITICAL-1 design flaw)
- §8 Implementation order matrix: Этап 2.3 branch-switch
rewrite MUST complete BEFORE Этап 3 enforce-mode
(closes CRITICAL-10 S8 migration regression)
- §1.4: gate-config.json protected с Этапа 1.4 ранее
(closes DOS D-1 tiny-budget patch attack window)
5 SHOULD-FIX + 5 DOS-MUST-ADDRESS deferred в writing-plans
(§9 «Audit findings deferred» documented для plan pickup).
Audit report saved at:
docs/superpowers/audits/2026-05-29-router-gate-condensed-
adversarial-audit.md
cspell-words.txt: +UNC, +EACCES (valid technical terms).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 09:50:18 +03:00
2c8e6146fb
docs(handoff): stage 5 findings 1+2 merged + prod-deploy commands ready
2026-05-29 09:45:59 +03:00
d4f7e681f6
docs(spec): condensed plan-ready router-gate hard wall v3.5
...
Prep для writing-plans фазы: 1489 → ~850 строк (-43%) убрав
§11 историю версий + 4 TL;DR «Changes vN→vN+1» блока + inline
audit-метки «closes Дыра N v4-audit».
Sonnet subagent verified 63/63 design decisions present + 3
места где condensed улучшил оригинал (subagent-inheritance
schema без stale parent_router_state_path полей, §8 Этап 1.2
+git-pattern, §10.6 sequential 2.1.0→2.1→2.2→2.3).
Оригинал 2026-05-28-router-gate-hard-wall-design.md v3.5 не
тронут (audit-trail сохраняется в git log).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 09:21:19 +03:00
0067174154
docs(audit): mark Tasks 1-3 complete, add prod deploy instructions
...
Tasks 1-3 DONE on branch worktree-agent-acf422b86772ab536:
- Task 1 (06fbb238): race condition test (pcntl skip + pg_locks advisory check)
- Task 2 (41fb0d94): migration — pg_advisory_xact_lock in audit_chain_hash
- Task 3 (7081f2a7): audit:rebuild-chain command + 4 GREEN tests
Task 4 updated with factual prod deploy steps:
- merge worktree branch to main + deploy.yml
- artisan-run whitelist needs audit:rebuild-chain in MUTATING_RE
- --force flag required (non-interactive CI mode)
- consecutive_failures reset after verified clean chains
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 09:20:57 +03:00
c454a3bedd
docs(plan): update Task 4 with actual deployment commands (no migrations needed)
...
Task 4 уточнён: нет миграций (только PHP), fast-fail активируется сразу после
деплоя. Добавлены конкретные gh workflow run команды для cleanup (Steps 3-4 из
sql-runner.yml) и верификации шторма + incidents алерта. Галочки [ ] оставлены
(задача контроллера, не агента).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 09:11:28 +03:00
002b8c4c35
ops(sql-runner): add whitelisted SQL workflow + stuck-leads cleanup doc
...
.github/workflows/sql-runner.yml — универсальный SQL-runner для прод-операций
через GitHub Actions (workflow_dispatch). Whitelist: SELECT/WITH/EXPLAIN (read-only)
+ targeted UPDATE/DELETE на 5 таблицах при confirm_mutating=true.
docs/ops/2026-05-29-stage5-stuck-leads-cleanup.md — шаблон rollback log + инструкции
для cleanup 2 застрявших supplier_leads (id=1110, 1157, ~256k failed_webhook_jobs).
Root cause: поставщик crm.bp-gr.ru шлёт B1+SMS combo,
constraint chk_supplier_projects_b1_not_for_sms запрещает (Finding 2 Stage 5).
Task 1 plan 2026-05-29-supplier-webhook-fast-fail-and-stuck-cleanup.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 09:11:26 +03:00
f1486015b0
docs(CLAUDE.md): v2.39 router-gate Уровень 4 spec v3.2→v3.5 finalized
...
Сессия 29.05.2026: 4 раунда adversarial audit + 2 dedicated brainstorm на N1/S5 и S8 закрыли ВСЕ известные controller-writable signals архитектурно.
5 commits на main за сессию:
- 832fadbc903aa70015bf46a180c816026c6796d8noreply@anthropic.com >
2026-05-29 08:37:53 +03:00
6c6796d84a
chore(spec): cosmetic markdownlint auto-fix in router-gate v3.5
...
Markdownlint added blank line before list in TL;DR v3.5 Changes section. Cosmetic, no semantic change. Captured to keep working tree clean for session handoff.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 08:31:21 +03:00
80c8160203
spec(router-gate): v3.5 S8 TRUE closure via AskUserQuestion-gate
...
Dedicated brainstorm на S8 (последний acceptable residual после v3.4) — controller-writable markers BRANCH-SWITCH-CONFIRMED / RECOVERY-INTENT: заменены на AskUserQuestion-gate через расширение §4.5 answer parser. Тот же class fix что S5 v3.4 — перенос сигнала в side-channel который controller не контролирует.
V3.5 architectural shift:
- Old: controller wants git rebase → hook видит блокировку → controller пишет BRANCH-SWITCH-CONFIRMED в response → hook читает, allows. Самоодобрение через controller-written text.
- New: controller wants git rebase → hook блокирует → controller обязан AskUserQuestion('Выполнить git rebase main?') с 3 опциями → user picks → §4.5 parser распознаёт git-pattern, пишет approve_git_operation запись в askuser-decisions.jsonl с approved_action_pattern exact → controller retries → hook читает askuser-decisions, exact-match approval, consumes one-shot, allows.
Anti-forgery 4 защиты:
- askuser-decisions.jsonl в protected paths (~/.claude/runtime/*)
- Пишется только §4.5 parser при реальном AskUser-ответе
- Strict exact-match approved_action_pattern против tool_input.command
- 5-min time window + one-shot consumption (consumed flag)
Adversarial pre-check v4.3 — 6 attack-векторов проверены, все заблокированы.
5 spec edits:
- §3 preserved hooks таблица — enforce-branch-switch row переписан (no longer reads response markers, instead reads askuser-decisions)
- §4.5 — новый row + новое enum gate_interpretation: approve_git_operation
- §9 — S8 убран из acceptable residual list. Список residual теперь ПУСТ.
- §10.2 — askuser-decisions schema +consumed/consumed_at/consumed_by_tool_use_id + полный schema приведён
- §11 v3.5 history entry
Implementation budget: 21.5-31h (v3.4) → 22.5-32h (v3.5). +1.1h за: rewrite hook, extend parser, one-shot consumption, schema, spec edits.
Главный урок: класс controller-writable signals закрыт архитектурно через обе v3.4 (file side-channel) и v3.5 (askuser-decisions side-channel). Формула generalisable — любой controller-writable signal закрывается переносом write-канала в protected file который пишет отдельный gate-процесс при harness-driven событии.
Hard wall теперь полный hard. Acceptable residual list пуст.
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 08:24:21 +03:00
15bf46a1c0
spec(router-gate): v3.4 N1/S5 TRUE closure via out-of-band block-file
...
Dedicated brainstorm на N1 (S5 controller-writable signal) — найден real out-of-band channel без harness-зависимости через subagent gate-process side-channel.
V3.4 architectural shift: BLOCKED-сигнал перенесён из controller-written text (v3.2 regex, v3.3 weak heuristic) в side-channel file `subagent-block-<tool-use-id>.json`:
- Path derived из tool_use_id (Anthropic-assigned, controller не контролирует generation)
- File в `~/.claude/runtime/*` protected paths (Edit/Write/Delete blocked)
- Пишет subagent gate-процесс (отдельный node), не controller text response
- Parent gate читает при PreToolUse следующего tool-use после Task return
Anti-forgery 3 защитных слоя + 6-attack adversarial pre-check (все blocked).
7 spec edits:
- §3.4 переписан: out-of-band block-file channel + anti-forgery + failure modes + adversarial pre-check
- §3.1 +`subagent-block-<tool-use-id>.json` explicit-mention
- §3.2 расширен: subagent gate ТАКЖЕ пишет block-file (side-channel parallel к inheritance read)
- §3.2.0 +Smoke 3: user-run probe для verification block-file write механизма
- §8 budget +2h (subagent write 0.5h + parent read 0.5h + lockfile 0.3h + spec 0.5h + integration 0.1h)
- §9 — S5 убран из acceptable residual list (теперь CLOSED, не как S8)
- §10.2 +schema для subagent-block-<tool-use-id>.json
Implementation budget: 19.5-29h (v3.3) → 21.5-31h (v3.4).
Главный урок v3.4: controller-writable signals fundamentally fake-able, НО можно вырваться из класса через side-channel write — separate process + harness-derived path + protected file. Это НЕ harness-dependent (работает с любым Claude Code где env-vars пробрасываются + subagent gate стартует с теми же хуками).
Brainstorm methodology: superpowers:brainstorming skill — 1 clarifying вопрос (closure level выбран б — out-of-band runtime-файл) → 3 защитных слоя дизайна + 6-attack pre-check → user approval → 7 spec edits.
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 08:08:01 +03:00
903aa70098
spec(router-gate): v3.3 closes 10 of 12 holes from v4.1 adversarial audit
...
V3.3 — второй раунд adversarial audit от controller'а на свою же v3.2. Главное:
N1 fatal honest revision — мой v3.2-фикс S5 был самообманом. BLOCKED-protocol regex в subagent response = controller-written text → fake `{"status":"DONE"}` маркер trivially. §3.4 переписан: убран claim «closes S5», заменён weak heuristic (tool_use count > 0 + marker check). S5 → §9 acceptable residual класса controller-writable signals (как S8). Real-fix требует harness-level enforcement за пределами controller-writable spec'а.
12 правок без новых секций:
- §3.4 BLOCKED-protocol → weak heuristic + S5 residual (N1)
- §3.2.0 расширен: user-run smoke + PostToolUse semantics probe (N4, N10)
- §4 Поведение 1 stale-registry → mandatory AskUser (N2)
- §4.5 fail-CLOSE с конкретными keyword-примерами (N8)
- §4.7 first-option-position bias detection (N11)
- §5.1 file-watcher reset только на git commit exit 0 + lefthook GREEN (N3)
- §5.1 SKILL_BASH_ALLOW hardcoded mapping в gate-code, не Skill-controlled (N5)
- §8 +PostToolUse handler task + implementation order matrix (N7, N9)
- §9 N12 off-topic detection limits acknowledged + S5 acceptable residual
- §10.2 +schema для edited-files-<sess>.json (N6)
Implementation budget: 18-27h (v3.2) → 19.5-29h (v3.3). +1.5-2h за inline-фиксы.
Главный урок: controller-writable signals — fundamental class уязвимостей. Любой текстовый/JSON-маркер в response = fake-able trivially. Реальное закрытие требует out-of-band каналов. S5 и S8 — этого класса, оба unresolvable в controller-writable spec.
cspell-words.txt sync: +1 валидный термин (эскалируем).
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 07:50:34 +03:00
832fadbcc3
spec(router-gate): v3.2 closes 18 holes from v4 adversarial audit
...
7 секций фиксов A-G закрывают 16 из 18 новых holes (2 → §9 acceptable residual):
- A §3.1 protected paths +7 (registry, helpers, prompt-prefix, gate-config, package.json, composer.json) — закрывает C1-C5
- B §3 chain-state: user-content-only substring (H1), keyword list trimmed (S7), PostToolUse chain_step++ (S3), transcript SoT clarified (S2)
- C §5.1 Bash: tokenizer +& (H3), session-scoped file-watcher (C6), git --output blacklist (C8), path-deny на все read commands (C9/S4), node -r blacklist (C10). §5.2 glob-aware (C11) + 1-level imports (E1)
- D §4.5 default-CLOSE: unmatched answer → gate remains locked (H4)
- E §3.2.0 smoke-test env propagation pre-impl (H2) + §3.2 path hardening derive from session-id (C7) + §3.4 BLOCKED-protocol enforced parent-side (S5)
- F §4 Поведение 1 case-insensitive + morphology (E3) + stale-registry fall-through (S1). §4.7 length-ratio 4× (E2)
- G §9 open questions: S6 (2-AskUser limit) UX-tradeoff acceptable, S8 (BRANCH-SWITCH controller-writable) → follow-up эпик
Implementation budget: 13.5-20h → 18-27h (+5-7h за smoke-test, PostToolUse migration, Bash hardening, path-args overlay).
Audit methodology: audit-context-building skill + ручной adversarial разбор по 13 attack-зонам. Brainstorming через superpowers:brainstorming для дизайна правок (scope=all, H4=default-CLOSE, H2=smoke-test через AskUserQuestion).
cspell-words.txt sync: +4 валидных терминов (уйте/инкрементирован/матчащий/неверифицирована).
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 07:31:27 +03:00
bf181350ca
docs: stage 5 day 1 handoff + 2 fix plans for findings 1 and 2 (audit-chain race + webhook storm) with PII masks
2026-05-29 07:02:14 +03:00
9704c539b4
docs(observer): brain-retro #10 + self-retrospect #2 notes from 28.05
...
Brain-retro #10 (10:47 МСК → ~16:30 МСК period, 27 episodes after retro #9 ):
- All 11 mandatory cuts including chain-hook effectiveness
- Batch reviewer pass on 27 episodes (~$2 Opus 4.7)
- Found 4 rework cases, all on ambiguous short prompts
- 4 candidates for owner review (self-retrospect counter quirk,
enforce-clarify-short-prompts hook, cost-aggregator reviewer
cost gap, factor-matrix low-signal marker)
Self-retrospect #2 (evening, after retro #10 ):
- 67 episodes since previous self-retrospect (~07:30 UTC)
- 88 override events in 6 hours (recovery 31, без скилов 57)
- 5 commitments from morning self-retrospect: 2 of 5 broken
- Conclusion: habits without enforcement do not hold
- 3 hook proposals documented for future work
Sanity-check answers persisted for retro #10 audit trail.
cspell-words.txt += триггернулась / triggerов / флагнутые /
ambig / deplo / обнулился / Ревьюер (Russian/English mixed
project terminology from observer notes).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 06:50:19 +03:00
af2ff720ec
docs(handoff): router-gate L4 spec v3.1 ready, next session writing-plans
...
Handoff document for transition to new session. Contains:
- TL;DR of where we left off (spec v3.1 ready, impl not started)
- 4-step instructions for next session (read spec, writing-plans,
subagent-driven impl, post-impl tasks)
- Context (brain-retro #10 trigger, self-retrospect #2 confirmation,
user choice of Level 4)
- 7 design principles from spec section 2
- Architecture TL;DR (gate, 4 behaviors, baseline, deletes, preserved)
- All 4 spec versions in git with commits
- Cross-refs to L1+L2 plan, brain-retro, self-retrospect
- 5 open questions for writing-plans phase
Cannot write to memory/ path in this turn (memory-coverage hook
requires direct:memory-sync coverage, current turn has different
coverage). Memory entry can be added in next session via Skill or
manual annotation.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 06:45:46 +03:00
fab8e72d97
spec(router-gate): v3.1 clarification pass for writing-plans handoff
...
Comprehensive analysis of v3 found ~24 minor issues (no critical bypasses).
V3.1 closes most via clarifications to prepare for writing-plans skill in
next session.
Additions:
- TL;DR at top — fast orientation for implementer
- 10.1 Function and registry references (nodeMatches source,
registry source docs/registry/nodes.yaml, SDD-skill impact,
coverage-hint to recovery resolution)
- 10.2 State file schemas (8 files: router-state, chain-state,
askuser-decisions, router-gate-decisions, subagent-inheritance,
coverage-hint, gate-errors, gate-config)
- 10.3 Test strategy: ~150 unit + 10-15 integration + 10-15 golden
snapshot + 5-7 smoke
- 10.4 Success metrics: quantitative (override drops to 0,
gate-decisions growing) + qualitative (lockout < 5/100,
correct% > 60%) + acceptance criteria
- 10.5 Rollback plan (3 levels: hook off / revert commits / v2 baseline)
- 10.6 Stages and parallelism: 6-9h wall-clock with SDD parallelism
vs 13.5-20h sequential
No architectural changes — v3.1 only clarifies what implementer needs
to know without making implicit decisions.
Spec versions in git:
- v1: 7a43c175b510a758b632bcbanoreply@anthropic.com >
2026-05-29 06:41:48 +03:00
23c7615284
ci(stage5-investigate): round 3 schema discovery — list columns of activity_log/balance_transactions/supplier_projects/supplier_leads; SELECT * on broken audit rows (ids 597-601 + 460-464) and stuck supplier_leads (1110, 1157) + sample failed_webhook_jobs raw_payload + all B1 supplier_projects
2026-05-29 06:41:01 +03:00
fdd688dc06
ci(stage5-investigate): round 2 root-cause queries — chain triggers on broken vs healthy partitions + audit_chain_hash function + broken row context (ids 599/462 + neighbours); webhook storm — top supplier_lead_id + supplier_projects with illegal B1+SMS combo + project_id concentration + signal_type distribution + real leads processed last 24h
2026-05-29 06:32:36 +03:00
b632bcbae6
spec(router-gate): v3 closes 10 holes from v2 adversarial audit
...
V2 audit found 10 new bypasses:
- Fatal: subagent inheritance via text-prefix (no enforcement)
- Critical: hook race conditions / DoS timeout / Bash script execution
- Serious: path-deny symlinks/case / AskUser fatigue / silence off-topic
- Edge cases: parallel subagents / coverage-verify interaction / sub-shells
V3 closes all 10:
- 3.2 rewritten: env-based subagent inheritance (env vars + inheritance file),
gate-on-subagent reads parent state via CLAUDE_GATE_INHERIT env
- 3.4 new: subagent constraints (no AskUser, no recursive Task, max 3 parallel)
- 3.5 new: atomic writes (tmp+rename) + proper-lockfile for race-free state
- 3.6 new: gate budget 2s + state cache TTL 5s + lazy transcript parsing
- 3.1 extended: path normalization (resolve + realpath + case-fold + env)
- 4.5 extended: max 2 AskUserQuestion per turn (fatigue exploit closed)
- 4.7 extended: off-topic at silence uses task_classification
- 5.1 extended: file-watcher for script execution + broad sweep sub-shell
blacklist (backticks, command sub, process sub, heredocs)
- 5.2 new: static content scan for node/python/vitest scripts before exec
- 7.1 new: coverage-hint coordination layer between gate and coverage-verify
Implementation cost: 8.5-12h (v2) to 13.5-20h (v3). +5-8h for architectural
fixes (env-inheritance, atomic writes, static scan) + infrastructure
(gate budget, path norm, askuser counter, coverage-hint).
V2 baseline preserved as commit b510a7587a43c175noreply@anthropic.com >
2026-05-29 06:30:07 +03:00
ea7cc84a37
ci: stage5 day-1 investigation workflow — diagnose audit:verify-chains failures + failed_webhook_jobs 163k spike (one-shot read-only, hardcoded SQL on incidents_log/failed_jobs/failed_webhook_jobs + direct audit:verify-chains -v artisan call)
2026-05-29 06:24:30 +03:00
5c02d33cce
feat(stage5): daily monitor workflow + remove non-existent partitions:list from artisan-run whitelist + checklist refinement (GitHub-cron 06:00 UTC daily 29.05-04.06 runs scheduler:check-heartbeats + incidents:watch-failures + migrate:status + 4 SQL signals from incidents_log/project_routing_snapshots/failed_webhook_jobs/scheduler_heartbeats; window auto-stops after 2026-06-05; result to job summary + artifact)
2026-05-29 05:42:30 +03:00
b510a75826
spec(router-gate): v2 closes 10 holes from adversarial audit
...
Adversarial review of v1 found 10 bypass paths:
- Fatal: AskUserQuestion = universal unlock (1 question = full bypass)
- Critical: Bash unlimited / Skill-invoke-no-followthrough / State-files edit
- Serious: Subagent inheritance / Direct-invocation regex too wide
- Edge cases: leading questions / multi-direct / failure mode / chain TTL
V2 closes all 10:
- 3.1 Protected paths (hard-deny for runtime/settings/skill/hook files)
- 3.2 Subagent gate inheritance via subagent-prompt-prefix injection
- 3.3 Failure modes — explicit fail-CLOSE policy
- 3 chain-state TTL 24h + explicit-clear markers
- 4 Direct invocation = strict whitelist (slash-cmd / Skill() / used N / делай exact)
- 4 Multiple direct invocations require AskUser between executions
- 4.5 AskUserQuestion answer parsing — gate reads transcript response,
unlocks only for explicitly-approved action, blocks on stop answer
- 4.6 Post-skill partial unlock (Read/Grep/next-chain-step allowed,
Edit/Write require additional AskUser, Bash requires whitelist+approval)
- 4.7 Question quality detector in rationalization-audit (blocks
missing-stop-option, flags leading options, off-topic questions)
- 5.1 Bash content rules: whitelist read-only / hard-blacklist mutating /
conditional-whitelist after AskUser approval / path-deny overlay
Implementation cost: 6-8.5h (v1) to 8.5-12h (v2). +2.5-3.5h for
Bash content parser, answer parser, question-quality detector,
hard-deny logic.
Spec v1 (commit 7a43c175noreply@anthropic.com >
2026-05-29 05:24:40 +03:00
89f124cd27
fix(artisan-run): pass command via base64 to avoid SSH shell-quote space loss (first dry-run showed 'supplier:rekey-orphansdry-run' — space eaten by printf %q + outer double-quote interaction; base64 encode locally + decode on prod side preserves spaces and special chars cleanly)
2026-05-29 05:13:14 +03:00
7ec97230af
ci: add artisan-run workflow as ssh-bypass for prod artisan commands (whitelist of read-only/dry-run/inspection commands runs without confirm; mutating commands require confirm_apply=true input; output to job summary + artifact; works while dev IP 89.144.17.119 blocked by YC backbone filter)
2026-05-29 05:07:43 +03:00
7a43c175d0
spec(router-gate): Level 4 hard-wall enforcement architecture design
...
Single PreToolUse router-gate hook replaces 5 existing hooks
(chain-recommendation / classifier-match / graph-first /
semgrep-security / override-limit) + override-vocab.json.
Key principles:
- Hard wall — no inline overrides, no substring-match vocab
- User approval everywhere for router output (single + chains)
- Direct invocations (slash-commands, explicit 'use X') bypass
- Read-only baseline (Read/Grep/Glob/LS/TodoWrite/AskUser) always allowed
- All decisions logged to router-gate-decisions.jsonl
Observability migration:
- Loses: override-usage.jsonl, hook-outcomes.jsonl Cut 11
- Gains: router-gate-decisions.jsonl + 3 new brain-retro tables
- Etap 6 brain-retro adaptation included in epic
Implementation 6-8.5 hours across 6 etap'ов.
Risk: 7 preserved hooks lose their findOverride escape valves
(except rationalization-audit) — explicit acknowledged risk.
Driver: brain-retro #10 (override events 12->679 in 4 days),
self-retrospect #2 (2/5 commitments broken in 6 hours).
User-approved Section by section (1-5) via AskUserQuestion.
cspell-words.txt += вокабуляр / Бypass / sess.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 05:06:36 +03:00
5e103ef5b5
ci(ssh-diagnose): add round 2 — show sshd_config.d/01-claude.conf, full nftables ruleset, ssh.service journal, fail2ban jail.d content, recidive jail check (round 1 showed dev IP not in fail2ban banlist, INPUT policy ACCEPT — narrowing to 01-claude.conf restriction or nftables f2b-table; recidive jail can persist bans beyond regular sshd bantime)
2026-05-29 04:47:10 +03:00
88a284cc91
feat(supplier): R-18 — fixed target_date in online sync (21:00 МСК cut-off)
...
Extracted SyncSupplierProjectJob::targetWeekdayForNow() — slepok cut-off boundary
is 21:00 МСК, matching supplier's snapshot fix-point. Before fix Carbon::tomorrow
flipped at midnight, mis-aligning portal sync (Thu 23:59 МСК pointed to Fri while
post-21:00 portion of day N belongs to slepok dated N+1 effective day N+2).
hour < 21 МСК → target = today + 1 day
hour >= 21 МСК → target = today + 2 days
3 pure unit tests (Mon 20:00→Tue, Mon 22:00→Wed discriminator, Tue 00:01→Wed
no-midnight-flicker) confirm new logic. Baseline regression verified — 8 pre-
existing Pest failures on Windows-native PG env are NOT caused by this change.
Stage 4 §4.4.2.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 19:59:23 +03:00
c95445de47
plan(router-discipline): Level 1+2 implementation plan
...
5-task plan to close 3 enforcement gaps surfaced by brain-retro #10 :
1. Narrow 'recovery' override scope (5→2 categories)
2. Narrow 'ремонт инфраструктуры' override scope (11→3)
3. Per-rate-window in enforce-override-limit (5/10min)
4. Lower classifier-match threshold 0.8→0.6 + inline router-skip
Driver: 679 override events on 2026-05-28 vs 12 baseline on 25.05.
User selected option B (Level 1+2) after brain-retro #10 analysis.
All 4 implementation tasks completed via subagent-driven workflow
(commits 09f6e332029dbe502b23a1f2726c2121noreply@anthropic.com >
2026-05-28 17:55:58 +03:00
726c2121b5
feat(classifier-match): lower threshold 0.8→0.6 + inline router-skip override
...
Two changes:
1. CONFIDENCE_THRESHOLD 0.8 → 0.6 — catches borderline recommendations
that previously slipped through. Driver: brain-retro #10 shows 0%
single-node-skill follow-through, suggesting hook needs to fire more.
2. Inline escape hatch — 'router-skip: <reason 50+ chars>' in assistant text.
Per-tool scope (does not affect other tools in same turn). Replaces
the documented 'override: <reason>' hint which was a self-bypass
loophole — high-friction 50+ char justification discourages reflexive use.
Per Level 2 of plan docs/superpowers/plans/2026-05-28-router-discipline-level-1-2.md.
Legacy tests flipped (2 tests):
- 'allows when confidence exactly 0.7 (raised threshold)' →
'BLOCKS when confidence exactly 0.7 (above new threshold 0.6)'
- 'allows when confidence 0.75 (still under raised threshold)' →
'BLOCKS when confidence 0.75 (above new threshold 0.6)'
These tests previously asserted block:false at 0.7/0.75 under the old 0.8
threshold; with 0.6 threshold they now correctly assert block:true.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:52:43 +03:00
2b23a1f210
feat(override-limit): add per-rate-window check (5 events / 10 min)
...
Adds RATE_WINDOW_MIN=10 + RATE_THRESHOLD=5 alongside existing per-day THRESHOLD=5.
Closes gap where per-day limit doesn't catch rate-spikes:
- 2026-05-28 session 4a8b327e burned 40 events / 59 minutes (0.68/min).
- Per-day=5 was breached after 5 events; rate-spike of next 35 went uncounted.
shouldBlock returns triggered='daily' or 'rate' with reason. buildBlockOutput
emits rate-specific message asking for 10-min pause + bypass-phrase
confirmation.
Per Level 1 plan docs/superpowers/plans/2026-05-28-router-discipline-level-1-2.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:41:28 +03:00
029dbe501d
chore(override-vocab): narrow 'ремонт инфраструктуры' to verify-only
...
Reduces full-opt-out from 11→3 categories (tdd-gate / verify-before-commit /
verify-before-push). Requires_justification 'ремонт:' kept intact.
Driver: brain-retro #10 trend analysis — 'ремонт инфраструктуры' fired
26 times on 2026-05-28 (vs 71 on 27.05). Used as side-effect to bypass
classifier/chain/skill hooks. Per Level 1 plan.
Also flips test 'global override "ремонт инфраструктуры" suppresses semgrep-security'
to assert new behaviour (toBeFalsy) in tools/enforce-semgrep-security.test.mjs.
Old test asserted truthy — now ремонт инфраструктуры no longer suppresses semgrep-security.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:34:38 +03:00
4a4fb625d2
docs(pilot): Этап 3 slepok-routing-protection выкачен на боевой liderra.ru
...
GitHub Actions run 26575476127, merge commit 8b818144#27 .
R-03 (frozen filter в LeadRouter + LedgerService reject) + R-13 (paused_at
sync на freeze/unfreeze) live на проде.
+ cspell-words: чарж, чарже, сматчить, тригернёт (domain jargon)
2026-05-28 15:53:11 +03:00
b93e5af439
chore(brain-retro): export CHAIN_OUTCOME_BUCKETS + clean up redundant fs import (Phase 4 #2 review fixes)
...
Code-quality review of Task B (Phase 4) flagged two minor fixes:
- Export CHAIN_OUTCOME_BUCKETS for external consumers (test + future cuts)
no longer hard-code bucket names.
- Replace fs.readFileSync via duplicate `import fs from 'fs'` with the
already-imported named `readFileSync` in helpers test.
+1 regression test on the export.
2026-05-28 15:48:42 +03:00
a3f5f392cd
feat(brain-retro): Cut 11 chain-hook effectiveness ledger + analyzer (Phase 4 #2 )
2026-05-28 15:48:39 +03:00
ff18acc5e7
docs(pilot): Этап 2 slepok-routing-protection выкачен на боевой liderra.ru
...
Run 26567039690 GREEN. Schema applied via psql superuser (workaround for SET ROLE
crm_migrator transaction-poisoning), migration marked [12] Ran, backfill за 28.05
создал 1 row в project_routing_snapshots. External HTTPS 200 OK verified из Azure runner.
Также фундаментально решён вопрос деплоя — .github/workflows/deploy.yml через GitHub
Actions runner обходит YC backbone фильтр между моим dev-IP и прод-VM. Будущие
деплои = gh workflow run deploy.yml -f ref=main без участия заказчика.
+19 жаргонных слов в cspell-words.txt (paus'нувшие, синкнутом, форкнутой и др.) —
устранение pre-existing cspell-флагов в наследии ПИЛОТ.md записей за май.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 13:24:19 +03:00
Дмитрий