5b8109ea55
docs(plans): router-gate v4 Stream B sub-plan (shell content parsing)
2026-05-29 19:29:17 +03:00
c4c2afd111
docs(plans): router-gate v4 master coordination plan (9 streams, parallel sessions)
...
Master plan orchestrates 9 streams (A-H + checkpoints) для параллельного
multi-session запуска. Каждый stream работает над disjoint set файлов
в tools/ или docs/ — 0 conflicts по конструкции.
Streams:
- A: Pure decision modules (8 файлов, ~250 unit tests) — independent
- B: Bash/PowerShell content rules — independent (stub path-norm)
- C: Static scan + framework boot + Glob F8 + MCP classifier — independent
- D: LLM-judge Layer 4 (multi-judge + per-tool + response scan) — independent
- E: AskUser parser + subagent return scanner — independent
- F: VM-sandbox setup (user hands-on) — independent
- G: Cleanup 5 v3.9 hooks + settings.json register — sequential after A-E
- Smokes 1-9 user-run — sequential after G
- H: Brain-retro Table 16-17 + recovery docs + Pravila/PSR/Tooling sync — sequential
Wall-clock: 16-23h parallel (vs 49-65h sequential).
User chose Subagent-Driven execution в параллельных сессиях.
Each parallel session invokes writing-plans для своего stream sub-plan'а,
затем subagent-driven-development для реализации.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-29 18:47:21 +03:00
0e768f9aa0
docs(spec): router-gate v4.0+v4.1+v4.2 design (behavioral + max-judges + VM sandbox)
...
Three-spec package for router-gate next-generation:
- v4.0 base (2249 lines) — поведенческий разворот: removes 16 защит-призраков
v3.9, adds Round 8 closures, adds 5 Directions (safe-baseline metering,
skill scope verifier, decomposition detector, TodoWrite verifier,
brain-retro Table 16). Target aggregate bypass ~15-25%.
- v4.1 max-closure amendment (1051 lines) — Layer 1-4: 8 Round 8 GAPs +
behavioral hard-blocks + universal vocab removal + 3-judge consensus
(Sonnet+Haiku+Opus) + per-tool LLM-judge + response scan. Target ~2-5%.
Cost +$300-1500/month ongoing.
- v4.2 VM-sandbox amendment (411 lines) — Layer 5 phased for solo developer:
Phase 1 VirtualBox isolation сейчас (~$0, 10-12h), Phase 2 biometric +
Phase 3 HSM via single YubiKey ($50-150) когда захотите. Two-person rule
removed (solo dev). Target ~0.5-0.8%.
Combined v4.0+v4.1+v4.2 full: ~0.5-0.8% aggregate bypass (close to
theoretical floor ~0.5% per §1.1 7 fundamental limits).
Implementation: ~49-65h sequential / 30-40h parallel through
subagent-driven-development. User wants parallel multi-session execution
for speed; writing-plans skill next.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-29 18:13:08 +03:00
e964d70c28
docs(plans): ADR-018 Stage 5 follow-up — AuditRebuildChain per-tenant fix
...
8 TDD tasks (~день кода): extract shared AuditChainConfig, refactor VerifyAuditChains (regression-safe), failing tests для multi-tenant/BYPASSRLS/single-row, rewrite AuditRebuildChain через LAG OVER (partition_clause ORDER BY id) симметрично verify, активация ADR-018 enforcement rules, Pint/Larastan/Pest --parallel smoke, handoff для прод-cleanup activity_log_y2026_m05 через gh workflow run artisan-run.yml. Self-review GREEN на spec coverage / placeholders / типы. Execution mode: subagent-driven.
2026-05-29 15:56:35 +03:00
a6bde2125a
spec(router-gate): concentrate v3.9 — убрать audit-trail и version-history overhead
...
Заказчик: «перепиши спек, убери все лишние оставь только то что необходимо для
создания плана, но сам план не делай. Только помни нельзя потерять в качестве и
объеме ни в коем случае!»
После 10 раундов adversarial audit спек вырос до 2964 строк / 288KB. Большая часть
объёма — audit-trail и история эволюции через раунды:
- 8 «Changes vX → vY» overview-таблиц в начале (~245 lines)
- 11 версионных entries в §11 v3.9-v1 (~380 lines)
- inline traceability markers «v3.6 R5-audit H1 fix:» / «v3.7 R-NEW-4 closure:»
Эта информация дублируется (mechanism описан и в TL;DR overview, и в §11 entry,
и in-place в §3-§5) и НЕ нужна для составления implementation плана.
Что убрано (НИ ОДНОГО технического механизма не потеряно):
- Edit 1: «Changes v3.8 → v3.9» giant overview (13-row table + adversarial pre-check
+ implementation breakdown + Главный урок + Generalisable formula + Methodology +
Связано) → 1 reference paragraph
- Edit 2: «Changes v3.7 → v3.8», «Changes v3.6 → v3.7», ... «Changes v1 → v2»
(9 overview blocks + 4 FATAL table + Доп v3.8 closures C5-E30 list + adversarial
pre-check v3.8 table) → один Timeline эволюции v1→v3.9 paragraph
- Edit 4: §11 v3.8/v3.7/v3.6/v3.5/v3.4/v3.3/v3.2/v3.1/v3/v2/v1 entries → один
условный compaction-summary («### v1 – v3.8 — 9 раундов, 105 holes»). v3.9
entry полностью сохранён — план будет ссылаться на R7 closure details.
Что сохранено verbatim (100% technical content):
- §1 Цель и контекст / §2 Принципы дизайна
- §3 Архитектура: §3.0 PowerShell hook / §3.0.1 OS-keychain / §3.1 protected paths
(~80 paths + path normalization NFC/8.3/inode) / §3.2 subagent inheritance +
parent_random_id sentinel / §3.2.0 10 smokes / §3.2.1 automated bootstrap /
§3.3 failure modes / §3.4 subagent constraints + tool_result scanner / §3.5
atomic writes / §3.6 gate budget + state cache / §3.6.1 dep-checksums /
§3.6.2 normative-content second-layer
- §4 Decision Flow (Поведения 1-4 + §4.5 AskUser parser + §4.6 partial unlock +
§4.7 question quality detector 3-layer LLM-judge)
- §5 Безопасная база + MCP classification / §5.1 Bash rules (whitelist +
hard-blacklist + conditional + path-deny + SKILL_BASH_ALLOW + sub-shell sweep) /
§5.1.2 PowerShell mirror / §5.2 multi-language static scan (PHP/Ruby/Go/Java)
- §6 Recovery: 3 levels + §6.1 cheatsheet + §6.2 PII guard + §6.3 redacted reason
- §7 Logging + §7.1 coverage-hint coordination
- §8 Этапы реализации (implementation order matrix + риски миграции)
- §9 Open questions + acceptable residuals R-NEW-7..R-NEW-19
- §10 Cross-refs + §10.1 functions/registry + §10.2 ALL state schemas verbatim
(router-state, chain-state, askuser-decisions, router-gate-decisions, subagent-
inheritance, subagent-block, parent-sentinel, restricted/journal-access-log,
edited-files, coverage-hint, gate-errors, gate-config v3.9 fields, session-counters)
+ §10.3 test strategy + §10.4 success metrics + §10.5 rollback + §10.6 parallelism
- §11 v3.9 entry полный (R7 closure mechanism + generalisable formula + 13-row table)
Verification:
- Spec: 2964 → 2404 строк (-560 lines / -19%); технический объём ≥99%
- Mechanism keyword counts: fs.lstatSync 4 / parent_random_id 29 / SKILL_BASH_ALLOW 9
/ schema_version 11 / Поведение[1-4] 17 / node_modules 15 / claude-md-management 19
/ approve_git_operation 28 / subagent-block 14 / restricted/ 21 / keytar 15
/ shell-quote 17 / dep-checksums 11 / multi-judge 8 / NFC|normalize 12
/ mcp_tool_classification 7 / /etc/hosts 11 / git rev-parse HEAD 5
- markdownlint 0 errors; cspell 0 issues
- All §1-§11 sections intact (12 top-level headings preserved)
§0 cross-refs не меняются — spec-only, не tooling-канон / не ADR / не off-phase
подкатегория. Self-contained для writing-plans skill input в следующей сессии.
Methodology: EnterPlanMode → write plan → user approval → ExitPlanMode → 4 Edits
(Edit 3 inline-marker trim skipped как cosmetic — quality бы не выросло).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 14:58:46 +03:00
8910ae6cd6
spec(router-gate): v3.8 → v3.9 Round 7 audit closure (13 классов, 3 фундаментальные плоскости)
...
Round 7 adversarial audit (через superpowers:brainstorming skill) выявил 13 классов
которые 9 предыдущих раундов не покрывали:
- 2 FATAL: F5 Read-leak parent_random_id через Glob+Read (R-NEW-4 обнулён),
F6 subagent tool_result.content exfil
- 4 CRITICAL: C12 system DNS/config (/etc/hosts/~/.ssh/registry) вне §3.1,
C13 || true exit-code spoof (per-token vs per-chain),
C14 subagent state exfil,
C15 §5.2 multi-language gap (PHP/Ruby/Go test runners)
- 5 SERIOUS: S22 Skill(claude-md-management) exemption backdoor,
S23 Workflow args parameter payload,
S24 path-equivalence (Unicode NFC/NFD + Windows 8.3 + hardlinks),
S25 MCP filesystem/redis write tools classification,
S26 stop-keywords morphology gaps
- 2 EDGE: E31 gate-error reason disclosure (probing pattern),
E32 LLM-judge cache cross-session persistence
18 spec edits: header bump + TL;DR + Changes v3.8→v3.9 table + §3.1 system paths
+ parent-sentinel→restricted + §3.4 PostToolUse Task scanner + §3.6.2 normative-content
second-layer gate + §4.5 stop-keywords expanded + §4.7 cache per-session + §5 MCP
classification + §5.1 chain ANY-mutating + PostToolUse rev-parse verify + §5.1.2
PowerShell mirror + §5.2 multi-language scan + §6.3 redacted reason mode + §9 13 closures
+ §10.2 gate-config v3.9 fields + §11 v3.9 history entry.
Spec: 2554 → 2964 строк (+410 lines). Budget: 45-60h (v3.8) → 53-72h (v3.9).
Закрыто 118 holes total через 10 раундов adversarial audit.
cspell-words.txt +18 терминов (exfiltration/exfil/NFD/RCE/syscall/Inodes/PROGRA/
resolv/nsswitch/ics/HKCU/HKLM/fsutil/unstar/mvn/popen/брэйншторм/стопаем).
Generalisable formula R7 (новая): для каждого следующего audit задавать 3 вопроса
до enumeration — какие safe tools/paths/chains дают visibility/leverage; какие
границы scope подразумеваются но не enforce'ятся; где per-token vs per-chain
formulation gap есть в композиции.
§0 cross-refs не меняются — spec-only, не tooling-канон / не ADR / не off-phase
подкатегория.
Methodology: superpowers:brainstorming skill + AskUserQuestion scope choice
(user выбрал «Полное v3.9 closure всех 13»).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 14:36:36 +03:00
46c4316966
spec(router-gate): v3.6-3.8 sweep — rounds 5/6 closure (45 holes in 22 classes)
...
Adversarial audit rounds 5+6 на v3.5 spec выявили 45 attack-векторов:
- Round 5 (v3.5→v3.6 + v3.6→v3.7 maximum-closure): 15 + 7 acceptable residual closed
- Round 6 (v3.7→v3.8): 30 attack-векторов в 18 классах вкл. 4 FATAL
v3.6 — Round 5 closure (15 holes, +9 protected paths, Smoke 4-7,
§5.1↔§4.5 sync, recovery-pattern hard-block в §4.7).
v3.7 — Maximum closure pass (7 v3.6 residual + edge): LLM-judge на
каждую AskUser-опцию (R-NEW-1), parent_random_id 256-bit sentinel
(R-NEW-4), restricted/ subdir + journal-reader CLI (R-NEW-2),
shell-quote tokenizer (R-NEW-3), TF-IDF + LLM-judge для off-topic
(R12), smart batching multi-question AskUser (S6), git stash variants
в conditional class (Edge).
v3.8 — Round 6 closure (30 holes в 18 classes):
- F1 PowerShell tool gate (был полностью вне scope §5.1 — обнуляло
архитектуру на Windows)
- F2 Workflow internal agent() enumeration (nested агенты вне
gate-visibility — unlimited bypass)
- F3 node_modules whole-dir hard-deny + dep-checksums verification
через SHA-256 ключевых deps
- F4 LLM-judge anti-injection (delimiter tokens + pre-filter +
multi-judge consensus Sonnet+Haiku)
§3.1 protected paths расширен +30 entries (memory/CLAUDE.md/Pravila/
PSR/Tooling с Skill exemption для claude-md-management, CI/CD configs,
lint/build configs, plugin cache, shell init, npm configs, node_modules,
parent-sentinel, dep-checksums, expected-path).
§3.0.1 OS-keychain для LLM key (Windows Credential Manager / Keychain /
libsecret через keytar); key не в process.env → не утечёт через npm
test stdout.
§3.2.1 automated bootstrap smoke (1/5/6/7 на каждый session start,
cached 7 days); user-run остаётся для 3/4/8.
§6.1 docs/recovery-procedures.md новый файл — пошаговая шпаргалка
PowerShell-команд для 3 уровней recovery.
Budget: 13.5-20h (v3.5) → 22.5-32h (v3.6) → 33-44h (v3.7) → 45-60h (v3.8).
Закрыто 105 holes total через 9 раундов adversarial audit.
Generalisable lesson v3.8: каждый раунд аудита должен начинать с
abstract classification классов атак до enumeration конкретных дыр.
v3.7 «maximum closure» был maximum внутри границ воображения v3.6 R5-audit;
Round 6 показал что сами границы имели дыры.
Spec: 1980 → 2554 строк (+1110 inserts / -44 deletes за v3.6-3.8 sweep).
+13 терминов в cspell-words.txt (PowerShell aliases, npm deps).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 13:55:11 +03:00
8b60a18298
plan(router-gate): 51-task implementation plan (audit-integrated)
...
Master implementation plan covering:
- 6 phases per spec §8 Этапы (1 / 1.1-1.8 / 2 / 2.1.0 smoke / 2.1
subagent inheritance / 2.2 constraints + block-file / 2.3
branch-switch / 3 settings.json / 4 recovery / 6 brain-retro)
- 51 TDD tasks with bite-sized 3-5 steps each
- All 8 MUST critical inline fixes integrated (CRITICAL-1/3/4/5/6/8/9/10)
- All 5 SHOULD-FIX findings tasked (vitest globalSetup / git format-patch /
approved_action_pattern / chain reset organic-only / chain-state
malformed fail-CLOSE)
- 5 DOS findings tasked (D-1/2/3/8/9) + 2 deferred (D-7 subagent
reader-writer lock, partial coverage; full split deferred to refinement)
Architecture: single PreToolUse hook tools/enforce-router-gate.mjs
+ PostToolUse handler tools/router-gate-post.mjs. Pure decision
functions in tools/router-gate-{decide,bash,askuser,path,state,
static-scan,quality,chain,coverage,cache,config,subagent}.mjs +
thin I/O wrapper. 10 state files at ~/.claude/runtime/*.
Execution: subagent-driven-development (recommended) или
executing-plans inline. Plan self-review verified all 63 spec
design decisions + 13 audit-driven decisions covered.
Source spec: 2026-05-29-router-gate-hard-wall-design-condensed.md
(commit 71b07e52noreply@anthropic.com >
2026-05-29 10:06:06 +03:00
71b07e52eb
audit(spec): 51 findings + 8 MUST critical fixes inline
...
Adversarial audit condensed router-gate spec через 3 parallel
Sonnet adversaries (9 attack zones). 51 finding total:
10 BYPASS-COMPLETE + 17 PARTIAL + 9 DOS + 15 INFO. Spec
заявление «hard wall полный» НЕ выдерживает.
8 MUST critical inline fixes applied:
- §5.1 Bash: <<< here-string, node REPL/stdin block,
< input redirect, tokenizer per-arg path-deny check
(closes CRITICAL-9/8/6 + PARTIAL-15)
- §3.1 path normalization: UNC \?\ prefix strip,
8.3 short names expand via GetLongPathName,
unresolved $VAR fail-CLOSE
(closes CRITICAL-3/4/5)
- §4 Поведение 1: source restriction — detector проверяет
только organic root user prompt, НЕ AskUser chosen_label
(closes CRITICAL-1 design flaw)
- §8 Implementation order matrix: Этап 2.3 branch-switch
rewrite MUST complete BEFORE Этап 3 enforce-mode
(closes CRITICAL-10 S8 migration regression)
- §1.4: gate-config.json protected с Этапа 1.4 ранее
(closes DOS D-1 tiny-budget patch attack window)
5 SHOULD-FIX + 5 DOS-MUST-ADDRESS deferred в writing-plans
(§9 «Audit findings deferred» documented для plan pickup).
Audit report saved at:
docs/superpowers/audits/2026-05-29-router-gate-condensed-
adversarial-audit.md
cspell-words.txt: +UNC, +EACCES (valid technical terms).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 09:50:18 +03:00
2c8e6146fb
docs(handoff): stage 5 findings 1+2 merged + prod-deploy commands ready
2026-05-29 09:45:59 +03:00
d4f7e681f6
docs(spec): condensed plan-ready router-gate hard wall v3.5
...
Prep для writing-plans фазы: 1489 → ~850 строк (-43%) убрав
§11 историю версий + 4 TL;DR «Changes vN→vN+1» блока + inline
audit-метки «closes Дыра N v4-audit».
Sonnet subagent verified 63/63 design decisions present + 3
места где condensed улучшил оригинал (subagent-inheritance
schema без stale parent_router_state_path полей, §8 Этап 1.2
+git-pattern, §10.6 sequential 2.1.0→2.1→2.2→2.3).
Оригинал 2026-05-28-router-gate-hard-wall-design.md v3.5 не
тронут (audit-trail сохраняется в git log).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 09:21:19 +03:00
0067174154
docs(audit): mark Tasks 1-3 complete, add prod deploy instructions
...
Tasks 1-3 DONE on branch worktree-agent-acf422b86772ab536:
- Task 1 (06fbb238): race condition test (pcntl skip + pg_locks advisory check)
- Task 2 (41fb0d94): migration — pg_advisory_xact_lock in audit_chain_hash
- Task 3 (7081f2a7): audit:rebuild-chain command + 4 GREEN tests
Task 4 updated with factual prod deploy steps:
- merge worktree branch to main + deploy.yml
- artisan-run whitelist needs audit:rebuild-chain in MUTATING_RE
- --force flag required (non-interactive CI mode)
- consecutive_failures reset after verified clean chains
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 09:20:57 +03:00
c454a3bedd
docs(plan): update Task 4 with actual deployment commands (no migrations needed)
...
Task 4 уточнён: нет миграций (только PHP), fast-fail активируется сразу после
деплоя. Добавлены конкретные gh workflow run команды для cleanup (Steps 3-4 из
sql-runner.yml) и верификации шторма + incidents алерта. Галочки [ ] оставлены
(задача контроллера, не агента).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 09:11:28 +03:00
6c6796d84a
chore(spec): cosmetic markdownlint auto-fix in router-gate v3.5
...
Markdownlint added blank line before list in TL;DR v3.5 Changes section. Cosmetic, no semantic change. Captured to keep working tree clean for session handoff.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 08:31:21 +03:00
80c8160203
spec(router-gate): v3.5 S8 TRUE closure via AskUserQuestion-gate
...
Dedicated brainstorm на S8 (последний acceptable residual после v3.4) — controller-writable markers BRANCH-SWITCH-CONFIRMED / RECOVERY-INTENT: заменены на AskUserQuestion-gate через расширение §4.5 answer parser. Тот же class fix что S5 v3.4 — перенос сигнала в side-channel который controller не контролирует.
V3.5 architectural shift:
- Old: controller wants git rebase → hook видит блокировку → controller пишет BRANCH-SWITCH-CONFIRMED в response → hook читает, allows. Самоодобрение через controller-written text.
- New: controller wants git rebase → hook блокирует → controller обязан AskUserQuestion('Выполнить git rebase main?') с 3 опциями → user picks → §4.5 parser распознаёт git-pattern, пишет approve_git_operation запись в askuser-decisions.jsonl с approved_action_pattern exact → controller retries → hook читает askuser-decisions, exact-match approval, consumes one-shot, allows.
Anti-forgery 4 защиты:
- askuser-decisions.jsonl в protected paths (~/.claude/runtime/*)
- Пишется только §4.5 parser при реальном AskUser-ответе
- Strict exact-match approved_action_pattern против tool_input.command
- 5-min time window + one-shot consumption (consumed flag)
Adversarial pre-check v4.3 — 6 attack-векторов проверены, все заблокированы.
5 spec edits:
- §3 preserved hooks таблица — enforce-branch-switch row переписан (no longer reads response markers, instead reads askuser-decisions)
- §4.5 — новый row + новое enum gate_interpretation: approve_git_operation
- §9 — S8 убран из acceptable residual list. Список residual теперь ПУСТ.
- §10.2 — askuser-decisions schema +consumed/consumed_at/consumed_by_tool_use_id + полный schema приведён
- §11 v3.5 history entry
Implementation budget: 21.5-31h (v3.4) → 22.5-32h (v3.5). +1.1h за: rewrite hook, extend parser, one-shot consumption, schema, spec edits.
Главный урок: класс controller-writable signals закрыт архитектурно через обе v3.4 (file side-channel) и v3.5 (askuser-decisions side-channel). Формула generalisable — любой controller-writable signal закрывается переносом write-канала в protected file который пишет отдельный gate-процесс при harness-driven событии.
Hard wall теперь полный hard. Acceptable residual list пуст.
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 08:24:21 +03:00
15bf46a1c0
spec(router-gate): v3.4 N1/S5 TRUE closure via out-of-band block-file
...
Dedicated brainstorm на N1 (S5 controller-writable signal) — найден real out-of-band channel без harness-зависимости через subagent gate-process side-channel.
V3.4 architectural shift: BLOCKED-сигнал перенесён из controller-written text (v3.2 regex, v3.3 weak heuristic) в side-channel file `subagent-block-<tool-use-id>.json`:
- Path derived из tool_use_id (Anthropic-assigned, controller не контролирует generation)
- File в `~/.claude/runtime/*` protected paths (Edit/Write/Delete blocked)
- Пишет subagent gate-процесс (отдельный node), не controller text response
- Parent gate читает при PreToolUse следующего tool-use после Task return
Anti-forgery 3 защитных слоя + 6-attack adversarial pre-check (все blocked).
7 spec edits:
- §3.4 переписан: out-of-band block-file channel + anti-forgery + failure modes + adversarial pre-check
- §3.1 +`subagent-block-<tool-use-id>.json` explicit-mention
- §3.2 расширен: subagent gate ТАКЖЕ пишет block-file (side-channel parallel к inheritance read)
- §3.2.0 +Smoke 3: user-run probe для verification block-file write механизма
- §8 budget +2h (subagent write 0.5h + parent read 0.5h + lockfile 0.3h + spec 0.5h + integration 0.1h)
- §9 — S5 убран из acceptable residual list (теперь CLOSED, не как S8)
- §10.2 +schema для subagent-block-<tool-use-id>.json
Implementation budget: 19.5-29h (v3.3) → 21.5-31h (v3.4).
Главный урок v3.4: controller-writable signals fundamentally fake-able, НО можно вырваться из класса через side-channel write — separate process + harness-derived path + protected file. Это НЕ harness-dependent (работает с любым Claude Code где env-vars пробрасываются + subagent gate стартует с теми же хуками).
Brainstorm methodology: superpowers:brainstorming skill — 1 clarifying вопрос (closure level выбран б — out-of-band runtime-файл) → 3 защитных слоя дизайна + 6-attack pre-check → user approval → 7 spec edits.
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 08:08:01 +03:00
903aa70098
spec(router-gate): v3.3 closes 10 of 12 holes from v4.1 adversarial audit
...
V3.3 — второй раунд adversarial audit от controller'а на свою же v3.2. Главное:
N1 fatal honest revision — мой v3.2-фикс S5 был самообманом. BLOCKED-protocol regex в subagent response = controller-written text → fake `{"status":"DONE"}` маркер trivially. §3.4 переписан: убран claim «closes S5», заменён weak heuristic (tool_use count > 0 + marker check). S5 → §9 acceptable residual класса controller-writable signals (как S8). Real-fix требует harness-level enforcement за пределами controller-writable spec'а.
12 правок без новых секций:
- §3.4 BLOCKED-protocol → weak heuristic + S5 residual (N1)
- §3.2.0 расширен: user-run smoke + PostToolUse semantics probe (N4, N10)
- §4 Поведение 1 stale-registry → mandatory AskUser (N2)
- §4.5 fail-CLOSE с конкретными keyword-примерами (N8)
- §4.7 first-option-position bias detection (N11)
- §5.1 file-watcher reset только на git commit exit 0 + lefthook GREEN (N3)
- §5.1 SKILL_BASH_ALLOW hardcoded mapping в gate-code, не Skill-controlled (N5)
- §8 +PostToolUse handler task + implementation order matrix (N7, N9)
- §9 N12 off-topic detection limits acknowledged + S5 acceptable residual
- §10.2 +schema для edited-files-<sess>.json (N6)
Implementation budget: 18-27h (v3.2) → 19.5-29h (v3.3). +1.5-2h за inline-фиксы.
Главный урок: controller-writable signals — fundamental class уязвимостей. Любой текстовый/JSON-маркер в response = fake-able trivially. Реальное закрытие требует out-of-band каналов. S5 и S8 — этого класса, оба unresolvable в controller-writable spec.
cspell-words.txt sync: +1 валидный термин (эскалируем).
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 07:50:34 +03:00
832fadbcc3
spec(router-gate): v3.2 closes 18 holes from v4 adversarial audit
...
7 секций фиксов A-G закрывают 16 из 18 новых holes (2 → §9 acceptable residual):
- A §3.1 protected paths +7 (registry, helpers, prompt-prefix, gate-config, package.json, composer.json) — закрывает C1-C5
- B §3 chain-state: user-content-only substring (H1), keyword list trimmed (S7), PostToolUse chain_step++ (S3), transcript SoT clarified (S2)
- C §5.1 Bash: tokenizer +& (H3), session-scoped file-watcher (C6), git --output blacklist (C8), path-deny на все read commands (C9/S4), node -r blacklist (C10). §5.2 glob-aware (C11) + 1-level imports (E1)
- D §4.5 default-CLOSE: unmatched answer → gate remains locked (H4)
- E §3.2.0 smoke-test env propagation pre-impl (H2) + §3.2 path hardening derive from session-id (C7) + §3.4 BLOCKED-protocol enforced parent-side (S5)
- F §4 Поведение 1 case-insensitive + morphology (E3) + stale-registry fall-through (S1). §4.7 length-ratio 4× (E2)
- G §9 open questions: S6 (2-AskUser limit) UX-tradeoff acceptable, S8 (BRANCH-SWITCH controller-writable) → follow-up эпик
Implementation budget: 13.5-20h → 18-27h (+5-7h за smoke-test, PostToolUse migration, Bash hardening, path-args overlay).
Audit methodology: audit-context-building skill + ручной adversarial разбор по 13 attack-зонам. Brainstorming через superpowers:brainstorming для дизайна правок (scope=all, H4=default-CLOSE, H2=smoke-test через AskUserQuestion).
cspell-words.txt sync: +4 валидных терминов (уйте/инкрементирован/матчащий/неверифицирована).
Verify-sentinel: 1179/1179 vitest tools-only GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 07:31:27 +03:00
bf181350ca
docs: stage 5 day 1 handoff + 2 fix plans for findings 1 and 2 (audit-chain race + webhook storm) with PII masks
2026-05-29 07:02:14 +03:00
af2ff720ec
docs(handoff): router-gate L4 spec v3.1 ready, next session writing-plans
...
Handoff document for transition to new session. Contains:
- TL;DR of where we left off (spec v3.1 ready, impl not started)
- 4-step instructions for next session (read spec, writing-plans,
subagent-driven impl, post-impl tasks)
- Context (brain-retro #10 trigger, self-retrospect #2 confirmation,
user choice of Level 4)
- 7 design principles from spec section 2
- Architecture TL;DR (gate, 4 behaviors, baseline, deletes, preserved)
- All 4 spec versions in git with commits
- Cross-refs to L1+L2 plan, brain-retro, self-retrospect
- 5 open questions for writing-plans phase
Cannot write to memory/ path in this turn (memory-coverage hook
requires direct:memory-sync coverage, current turn has different
coverage). Memory entry can be added in next session via Skill or
manual annotation.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 06:45:46 +03:00
fab8e72d97
spec(router-gate): v3.1 clarification pass for writing-plans handoff
...
Comprehensive analysis of v3 found ~24 minor issues (no critical bypasses).
V3.1 closes most via clarifications to prepare for writing-plans skill in
next session.
Additions:
- TL;DR at top — fast orientation for implementer
- 10.1 Function and registry references (nodeMatches source,
registry source docs/registry/nodes.yaml, SDD-skill impact,
coverage-hint to recovery resolution)
- 10.2 State file schemas (8 files: router-state, chain-state,
askuser-decisions, router-gate-decisions, subagent-inheritance,
coverage-hint, gate-errors, gate-config)
- 10.3 Test strategy: ~150 unit + 10-15 integration + 10-15 golden
snapshot + 5-7 smoke
- 10.4 Success metrics: quantitative (override drops to 0,
gate-decisions growing) + qualitative (lockout < 5/100,
correct% > 60%) + acceptance criteria
- 10.5 Rollback plan (3 levels: hook off / revert commits / v2 baseline)
- 10.6 Stages and parallelism: 6-9h wall-clock with SDD parallelism
vs 13.5-20h sequential
No architectural changes — v3.1 only clarifies what implementer needs
to know without making implicit decisions.
Spec versions in git:
- v1: 7a43c175b510a758b632bcbanoreply@anthropic.com >
2026-05-29 06:41:48 +03:00
b632bcbae6
spec(router-gate): v3 closes 10 holes from v2 adversarial audit
...
V2 audit found 10 new bypasses:
- Fatal: subagent inheritance via text-prefix (no enforcement)
- Critical: hook race conditions / DoS timeout / Bash script execution
- Serious: path-deny symlinks/case / AskUser fatigue / silence off-topic
- Edge cases: parallel subagents / coverage-verify interaction / sub-shells
V3 closes all 10:
- 3.2 rewritten: env-based subagent inheritance (env vars + inheritance file),
gate-on-subagent reads parent state via CLAUDE_GATE_INHERIT env
- 3.4 new: subagent constraints (no AskUser, no recursive Task, max 3 parallel)
- 3.5 new: atomic writes (tmp+rename) + proper-lockfile for race-free state
- 3.6 new: gate budget 2s + state cache TTL 5s + lazy transcript parsing
- 3.1 extended: path normalization (resolve + realpath + case-fold + env)
- 4.5 extended: max 2 AskUserQuestion per turn (fatigue exploit closed)
- 4.7 extended: off-topic at silence uses task_classification
- 5.1 extended: file-watcher for script execution + broad sweep sub-shell
blacklist (backticks, command sub, process sub, heredocs)
- 5.2 new: static content scan for node/python/vitest scripts before exec
- 7.1 new: coverage-hint coordination layer between gate and coverage-verify
Implementation cost: 8.5-12h (v2) to 13.5-20h (v3). +5-8h for architectural
fixes (env-inheritance, atomic writes, static scan) + infrastructure
(gate budget, path norm, askuser counter, coverage-hint).
V2 baseline preserved as commit b510a7587a43c175noreply@anthropic.com >
2026-05-29 06:30:07 +03:00
5c02d33cce
feat(stage5): daily monitor workflow + remove non-existent partitions:list from artisan-run whitelist + checklist refinement (GitHub-cron 06:00 UTC daily 29.05-04.06 runs scheduler:check-heartbeats + incidents:watch-failures + migrate:status + 4 SQL signals from incidents_log/project_routing_snapshots/failed_webhook_jobs/scheduler_heartbeats; window auto-stops after 2026-06-05; result to job summary + artifact)
2026-05-29 05:42:30 +03:00
b510a75826
spec(router-gate): v2 closes 10 holes from adversarial audit
...
Adversarial review of v1 found 10 bypass paths:
- Fatal: AskUserQuestion = universal unlock (1 question = full bypass)
- Critical: Bash unlimited / Skill-invoke-no-followthrough / State-files edit
- Serious: Subagent inheritance / Direct-invocation regex too wide
- Edge cases: leading questions / multi-direct / failure mode / chain TTL
V2 closes all 10:
- 3.1 Protected paths (hard-deny for runtime/settings/skill/hook files)
- 3.2 Subagent gate inheritance via subagent-prompt-prefix injection
- 3.3 Failure modes — explicit fail-CLOSE policy
- 3 chain-state TTL 24h + explicit-clear markers
- 4 Direct invocation = strict whitelist (slash-cmd / Skill() / used N / делай exact)
- 4 Multiple direct invocations require AskUser between executions
- 4.5 AskUserQuestion answer parsing — gate reads transcript response,
unlocks only for explicitly-approved action, blocks on stop answer
- 4.6 Post-skill partial unlock (Read/Grep/next-chain-step allowed,
Edit/Write require additional AskUser, Bash requires whitelist+approval)
- 4.7 Question quality detector in rationalization-audit (blocks
missing-stop-option, flags leading options, off-topic questions)
- 5.1 Bash content rules: whitelist read-only / hard-blacklist mutating /
conditional-whitelist after AskUser approval / path-deny overlay
Implementation cost: 6-8.5h (v1) to 8.5-12h (v2). +2.5-3.5h for
Bash content parser, answer parser, question-quality detector,
hard-deny logic.
Spec v1 (commit 7a43c175noreply@anthropic.com >
2026-05-29 05:24:40 +03:00
7a43c175d0
spec(router-gate): Level 4 hard-wall enforcement architecture design
...
Single PreToolUse router-gate hook replaces 5 existing hooks
(chain-recommendation / classifier-match / graph-first /
semgrep-security / override-limit) + override-vocab.json.
Key principles:
- Hard wall — no inline overrides, no substring-match vocab
- User approval everywhere for router output (single + chains)
- Direct invocations (slash-commands, explicit 'use X') bypass
- Read-only baseline (Read/Grep/Glob/LS/TodoWrite/AskUser) always allowed
- All decisions logged to router-gate-decisions.jsonl
Observability migration:
- Loses: override-usage.jsonl, hook-outcomes.jsonl Cut 11
- Gains: router-gate-decisions.jsonl + 3 new brain-retro tables
- Etap 6 brain-retro adaptation included in epic
Implementation 6-8.5 hours across 6 etap'ов.
Risk: 7 preserved hooks lose their findOverride escape valves
(except rationalization-audit) — explicit acknowledged risk.
Driver: brain-retro #10 (override events 12->679 in 4 days),
self-retrospect #2 (2/5 commitments broken in 6 hours).
User-approved Section by section (1-5) via AskUserQuestion.
cspell-words.txt += вокабуляр / Бypass / sess.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-29 05:06:36 +03:00
c95445de47
plan(router-discipline): Level 1+2 implementation plan
...
5-task plan to close 3 enforcement gaps surfaced by brain-retro #10 :
1. Narrow 'recovery' override scope (5→2 categories)
2. Narrow 'ремонт инфраструктуры' override scope (11→3)
3. Per-rate-window in enforce-override-limit (5/10min)
4. Lower classifier-match threshold 0.8→0.6 + inline router-skip
Driver: 679 override events on 2026-05-28 vs 12 baseline on 25.05.
User selected option B (Level 1+2) after brain-retro #10 analysis.
All 4 implementation tasks completed via subagent-driven workflow
(commits 09f6e332029dbe502b23a1f2726c2121noreply@anthropic.com >
2026-05-28 17:55:58 +03:00
98dc24b33f
docs(plan): Phase 4 router-hooks — Semgrep-security hook + chain-hook measurement
2026-05-28 13:23:04 +03:00
4d7e9e338b
docs(session 2026-05-28): brain-retro 8/9, self-retrospect, sanity, Phase 1-3 plans
...
Groups documentation produced during 2026-05-28 brain-retro session:
retro notes 8 (carryover) and 9, self-retrospect 1, sanity check JSON,
three Phase plans for router-hooks fixes. All implementation already
pushed in earlier commits — this commit groups artifact metadata.
Plus typo fixes in self-retrospect (agregatov, seryj) and cspell vocab
extensions for session-specific terms (PAMYATKA / procs / russian verbs).
Pure documentation. No code, no normative drift.
2026-05-28 12:26:05 +03:00
64b0a3d944
docs(billing-v2-c): спек C + план реализации (преfflight + VTB)
...
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-26 20:38:50 +03:00
9ca75a788a
docs(slepok): spec v0.4 + plan + CLAUDE.md v2.29 + ПИЛОТ — design-only artefacts, прод не затронут (audit session 135a4adf)
2026-05-26 19:21:33 +03:00
7a56442149
docs(enforce): defer holes 3 and 6 (architecture / by-definition)
...
Brain-retro #5 candidate C, holes 3 + 6 — architectural / by-definition,
deferred. Hole 3: trust-level field recommended for next router-overhaul
Stage 4. Hole 6: PreToolUse mirror after multi-week data accumulates.
2026-05-26 11:25:29 +03:00
6f70cca90e
docs: spec + plan for hard-rule enforcement (10 rules + override vocab)
2026-05-25 18:10:31 +03:00
da4ab729df
docs(supplier): spec + 3 plans for webhook reliability (phases 1-3)
...
Investigation 2026-05-25: for tenant client1 (tenant_id=2) on prod liderra.ru:
- 205 leads at supplier (info@lkomega.ru , visit=rt) vs 160 deals on portal
- 82 leads lost (76 via 302-redirect from ValidationException, mostly
non-B-prefix projects: client.carmoney.ru, cashmotor.ru, etc.)
- 37 duplicate deals (CSV-recovered SupplierLead vid=null + later
webhook with real vid "create two Deals because supplier_lead_deliveries
locks on supplier_lead_id, not phone+project)
Three independent fixes, three plans, three deploys:
Phase 1 (low risk): Always JSON 422 for webhook ValidationException
Phase 2 (med risk, billing): merge webhook-after-CSV-recovered into
existing deal, no double-charge
Phase 3 (high risk, migration): accept non-B projects as platform=DIRECT
end-to-end (controller + 4 services + migration)
Phase 3 includes new LeadRouter fallback path: DIRECT-supplier_projects
match Liderra projects via signal_type+signal_identifier directly
(no project_supplier_links pivot required, since psl rows don't exist
for auto-created DIRECT supplier_projects).
Refs: docs/superpowers/specs/2026-05-25-supplier-webhook-reliability-design.md
2026-05-25 16:25:22 +03:00
26999ca597
chore: working tree cleanup pre-llm-first-router merge
...
Три группы накопившихся auto-правок (НЕ ручные):
1. markdownlint --fix auto-format (~25 .md в docs/superpowers/, docs/security/marketing-vet.md, docs/adr/015, docs/deploy/lkomega-runbook): MD031/MD032 (blank lines around fence/list) + MD004 (bullet markers `+`→`-`). Содержательных текстовых правок 3: ADR-015 bullet, sprint5d-cleanup bullet, router-discipline trailing space.
2. lefthook 2.1.6 → 2.1.8 (package.json + lock): patch-bump, авто-резолвил npm.
3. Observer runtime (docs/observer/): episodes-2026-05.jsonl +420 строк (текущая активность мозга), STATUS.md regen, .pii-counters / .read-counter тики, +2026-05-24-brain-retro.md note.
Цель — разблокировать merge feat/llm-first-router → main (этап 0 плана постановки в боевой). Содержание ветки не трогает.
2026-05-25 14:23:11 +03:00
b2cbc57533
docs(brain): spec v2.3 + plan v1.2 — coverage announcement (§4.9) + decision confirmed
...
Coverage announcement — новая фича прозрачности (brainstorm 2026-05-25):
заказчик всегда видит чем покрыта задача (skill/node/hook/direct) в прозе
+ TodoWrite. Источник — classifier_output. Enforcement через economy-mode
reminder (economy сохраняется). Flag coverage-annotation-mode (10-й).
Тайминг — в составе overhaul Phase 3.
spec v2.2 → v2.3:
- §4.9 (новое) Coverage announcement — 2 поверхности, формат пометки,
источник, enforcement, flag, тайминг, откат.
- §10 flags table +coverage-annotation-mode (9→10 флагов).
- §11.3 Phase 3 +task coverage announcement.
- §23 (новое) changelog v2.2→v2.3.
plan v1.1 → v1.2:
- DECISION POINT ✅ ПОДТВЕРЖДЁН: economy keep / §12 remove.
- Task 19 +step 8 coverage announcement (economy-mode reminder + Pravila §17
подпункт + memory feedback_coverage_announcement + flag).
brainstorm Q&A: Q1 поверхности=проза+TodoWrite; Q2 состав=skill+node+hook+direct;
Q3 enforcement=convention+reminder; Q4 тайминг=в составе overhaul.
НЕ исполняется (per user — план).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-25 07:31:33 +03:00
7d31d0be39
docs(brain): plan v1.1 — откат мозга первым + 9 пробелов 0%-аудита
...
v1.0 → v1.1 после полного 0%-аудита плана.
ГЛАВНОЕ: Task 1 = «Откат мозга» — полная инфра + snapshot user-level
(~/.claude/settings.json + hooks/*.py + runtime flags) + dry-run +
END-TO-END SMOKE (тривиальная правка → откат → verify) ДО любой
деструкции. Если откат не зелёный — дальше не идём.
9 закрытых пробелов:
- G3 (КРИТИЧЕСКОЕ): user-level hooks смешивают economy-mode (0%/5%/100%,
СОХРАНИТЬ) и §12 skill-discipline (СНЯТЬ). Task 2 разделяет: snimaet
skill-marker.py+skill-check.py, оставляет economy-*.py, чистит §12 из
economy-state-guard.py + economy-mode.py. DECISION POINT для заказчика.
- G16: brain-retro-opus-reviewer.mjs НЕ существует → Task 18 CREATE
(не «keep from v2.0» как было в v1.0/spec).
- G11: router-accuracy-runner.mjs:11 import classifyByRegex сломается →
Task 10 чинит на regex-fallback модуль.
- G14: registry-to-classification-map.mjs нейтрализуется (Task 4).
- G8/G9: C1/C2 адаптируются рано (Task 6), чтобы lefthook не блокировал
коммиты Task 7-15.
- G5: parser forward-compat к v4 эпизодам после отката (Task 15).
- user-level rollback + episodes preservation в test-rollback.mjs/ROLLBACK.md.
Прочее: test-rollback.mjs использует execFileSync (не execSync — без shell,
без инъекции). 21 задача (было 22 в v1.0, консолидация rollback в Task 1).
Self-review: spec coverage + 16 находок v2.2 + 9 находок аудита плана,
type consistency, 0 placeholders.
НЕ исполняется сейчас (per user «только план»).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-25 06:31:11 +03:00
2b7a71c5b6
docs(brain): implementation plan фазы 1+2+3 LLM-first router overhaul
...
План из spec v2.2 — 22 задачи (Task 0 pre-flight + 8 phase-1 + 8 phase-2
+ 6 phase-3) в bite-sized TDD-формате.
Phase 1 (foundation+archive): tag + archive scaffold + inventory hooks +
discipline-metrics decision + test-rollback.mjs (TDD) + archive §12/routing-
docs/memory + §17+ADR-016 + cross-refs §12→§17 + flags+ROLLBACK.md.
Phase 2 (classifier): router-config + nodes.yaml capabilities + prefilter
3 группы/manual-override/anchor (TDD) + Sonnet 4.6 classifier+памятка (TDD)
+ missed-activations на nodes.yaml (TDD) + embedding (TDD) + §17 gate (TDD,
D1 continuation-not-exempt) + prehook inheritance+cost (TDD) + parser v4.0
+ C1/C2 adapters + warmup hook + flags flip.
Phase 3 (evidence loop): Stop-hook execution_trace+chain_gaps+inheritance-
copy (TDD) + self_assessment (TDD) + reviewer subagent verify + direct-API
fallback handler + sanity-generator + brain-retro v2 procedure + self-
retrospect skill + analyzer v4 + status-md cost sections + schema v4.3 +
final flags + rollback dry-run verification.
Self-review: spec coverage (8 слоёв + §17 + 16 находок v2.2), 0 placeholders
(кроме намеренного model-ID резолва Task 0/9), type consistency проверена.
Реализация — после Биллинга v2 Спек C. Фаза 4 (distillation) — отдельный
план через ~6 месяцев. НЕ исполняется сейчас (per user).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-25 06:08:08 +03:00
81f52fd1c6
docs(brain): spec v2.2 — закрыты 16 находок 0%-аудита
...
v2.1 → v2.2. Полный critical audit (экономия 0%) нашёл 16 пробелов;
все закрыты. Новый §22 — changelog с таблицей всех находок.
Критическое (1):
- D1: §17 formal text (§6) включал Continuation в exempt-список direct,
но Continuation наследует non-conversation classification → §17 enforce
должен применяться. §6 п.4 переписан: exempt только Acknowledgment +
Cancellation; Continuation — нет (NON_BLOCKING_TASK_TYPES не содержит её).
Внутренние несогласованности (6):
- A1: schema alternative_better типизирован только null → заметка string|null.
- A2/C3: task_cost reviewer tokens vs usd — взаимоисключающи по пути review.
- A3: §11.3 step 3.2 «создать reviewer-agent.md» → файл уже создан (49aa4ba7noreply@anthropic.com >
2026-05-25 06:02:33 +03:00
49aa4ba725
docs(brain): spec v2.1 + reviewer-agent — 16 правок после code review
...
v2.0 → v2.1 — 3 группы изменений (16 пунктов суммарно):
Группа 1 — решения принятые после v2.0, не внесённые:
- 1.1 Памятка classifier (4 паттерна: brainstorming / discovery-interview /
writing-plans / systematic-debugging). +flag prompt-enrichment-mode.
- 1.2 Reviewer как полноценный Claude Code subagent (tools=[Read,Grep,Glob,
Skill], model=opus). Новый файл .claude/agents/reviewer-agent.md.
+стоимость $240-1200/мес vs $40-80 direct API. Crash fallback на direct
API. Context bloat cap 10 соседних эпизодов.
- 1.3 Inheritance + 3 группы коротких prompt'ов (continuation/acknowledgment/
cancellation) + 30-минутный таймаут. +flag inheritance-mode. Новые поля
в schema v4.1: inherited_from_task_id, inheritance_age_minutes,
previous_direction_rejected, previous_task_id_rejected.
Группа 2 — edge cases:
- 2.1 Reviewer model явно opus в agent file.
- 2.2 Reviewer subagent crash → fallback direct API call.
- 2.3 Reviewer context bloat: max 10 episodes в agent system prompt.
- 2.4 Manual override приоритет №1 в prefilter (раньше inheritance).
- 2.5 Cancellation clears state + previous_task_id_rejected marker.
Группа 3 — мелкие упущения:
- 3.1 brain-retro SKILL.md description: раз в 1-2 недели (не sprint).
- 3.2 recommended_chain_id nullable для custom chains.
- 3.3 Embedding только для non-prefilter эпизодов.
- 3.4 PII filter wraps sanity-check comments.
- 3.5 requested_node fuzzy matching fallback.
- 3.6 Anchor word list inline initial.
- 3.7 Self-retrospect counter init в фазе 3 step 3.3.
- 3.8 Sanity-check answer file schema_version=1.
Cost rewrite: 720-1380 USD (v2.0) -> 1940-8200 USD (v2.1) на 6 месяцев
из-за reviewer subagent. Granular rollback через reviewer-mode=direct-api
возвращает к v2.0 ценам.
§21 новый — changelog v2.0 → v2.1 со всеми 16 пунктами и где правка.
Реализация — после закрытия Биллинга v2 Спек C.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-25 04:23:33 +03:00
10eed4e7e4
docs(brain): spec v2.0 LLM-first router overhaul
...
Brainstorming сессия 2026-05-24..25:
- LLM-first классификатор (Sonnet 4.6) заменяет regex Layer 1.
- §17 «universal skill-coverage» заменяет §12 (default-deny кроме
conversation/micro/manual_override/escape-hatch).
- Opus 4.7 ревьюер в /brain-retro заполняет review.* (auto, не пользователь).
- Self-retrospect skill (opt-in) для самоанализа агента.
- 7 гранулярных flag-переключателей + dry-run rollback.
- 3 implementation фазы (~3.5-4.5 недели) + 5-6 месяцев passive
evidence collection + фаза 4 distillation regex из эмпирики.
v1.0 содержал 8 фактических ошибок (несуществующие skill-discipline
файлы, отсутствующие nodes.yaml поля, L1-L16 в неверных файлах) +
11 пропусков охвата + 10 underspecified + 6 противоречий. v2.0 —
полная перезапись с реальным state inventory (§18) и explicit
accepted trade-offs (§19).
Реализация — после закрытия Биллинга v2 Спек C (per user decision).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-25 03:27:02 +03:00
af6c328933
docs(billing-v2-c): спек C + план реализации (preflight + VTB)
...
Спек: preflight баланса на cut-off 18:00 MSK (защита от заказа лидов
клиентам без денег) + VTB-эквайринг через TopupGateway-интерфейс
(безнал полный, СБП/карты dev-заглушки до Б-1).
План: 6 фаз TDD-разбивкой, ~30 задач, subagent-driven-development
с git-verify-протоколом per Pravila §15.1.
Брейнсторм 24.05.2026, реализация стартует 25.05.
Lint: гибрид «Преfflight»→«Префлайт» (опечатка предыдущей сессии),
+6 терминов в cspell (Atol/uniqid/ОФД/брейнсторме/префлайт/Префлайт).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-25 03:09:07 +03:00
352354e30b
docs(billing): plan — sync after Phase 1 impact-checks (RED FLAG: webhook_dedup_keys жив)
...
Phase 1 impact-check выявил что webhook_dedup_keys использует HistoricalImportService
(CSV-канал) для идемпотентности — таблицу и модель НЕ удаляем.
Изменения в плане:
- Task 1.8: заполнена финальная таблица (13 удалить, 2 оставить).
- Task 3.0 NEW: чистка tenants.webhook_token из 7 тест-файлов + фабрики + Tenant model.
- Task 3.3 CANCELLED: WebhookDedupKey.php остаётся.
- Task 4.1: миграция БЕЗ DROP webhook_dedup_keys; verify-команды скорректированы.
- Task 4.2: db/schema.sql baseline сохраняет CREATE TABLE webhook_dedup_keys.
2026-05-24 15:30:38 +03:00
136bad4db2
docs(router-stage3): план — 3 follow-up фикса с TDD-шагами
...
Декомпозиция: Task 1 (UTF-8 helper + 3 хука), Task 2 (state-enricher),
Task 3 (parser enrichment), Task 4 (smoke + continuity + push).
Subagent-driven последовательно: Task 1-3 Sonnet, Task 4 controller Opus.
Worktree от свежего origin/main + junction'ы. Финал — push на main FF.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-24 15:20:23 +03:00
36ada767f4
docs(plan): implementation plan for controller-offload agents (3 tasks)
...
3-task TDD-ish plan to create two new project agents:
- Task 1: .claude/agents/normative-sync.md (full Sonnet 4.6 system prompt)
- Task 2: .claude/agents/prod-deploy-validator.md (8 SSH checks + quirks 104-108)
- Task 3: First dry-run smoke test for both + capture lessons in memory
Spec: docs/superpowers/specs/2026-05-24-controller-offload-agents-design.md (71a5dd6noreply@anthropic.com >
2026-05-24 15:19:01 +03:00
5f9bd07dd9
docs(router-stage3): spec — три follow-up фикса (UTF-8 + recommended_node + chain_progress)
...
3 дыры обнаружены при инспекции warn-only состояния сторожа 24.05.2026:
1. UTF-8 mojibake в state-файле сторожа (Windows Node stdin без setEncoding).
2. recommended_node не пишется в эпизоды наблюдателя (helper существует, не подключён).
3. chain_progress / chain_completed / recommended_chain — то же.
Без починки brain-retro новых метрик (domainHitRate / chainCompletionRate)
покажет пустоту, а Layer 2 эскалация на русских промптах работает по
испорченному тексту. Stage 3 enforce включать до фиксов нельзя.
Spec scoped к 3 файлам кода + ≤80 строкам нетто; subagent-driven
последовательно (3 Sonnet + closure Opus). Smoke на живой сессии.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-24 15:13:18 +03:00
71a5dd6f6d
docs(spec): controller-offload agents design (normative-sync + prod-deploy-validator)
...
Spec for two specialized AI agents to offload the main controller:
- #1 normative-sync: applies 4-file normative sync (Pravila/PSR/Tooling/CLAUDE.md)
after a completed task. ~20 invocations/week, saves ~70K controller tokens
per episode. Model: Sonnet 4.6.
- #2 prod-deploy-validator: 8-check pre-flight before liderra.ru deploy.
~5-7 invocations/week. Driven by 24.05 03:46 UTC 18-min portal incident
(quirk 107 — config:cache not under www-data). Model: Sonnet 4.6.
Based on brainstorming session 24.05 with measured frequencies from
MEMORY.md + CLAUDE.md §6 + push history 16-24.05.
Precedents: pest-parallel-debugger, rls-reviewer project agents.
Also: +7 cspell-words entries for the new spec.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-24 15:11:43 +03:00
4dbf78b204
docs(billing): plan — legacy ProcessWebhookJob removal implementation
...
7 фаз: Phase 0 worktree → Phase 1 impact-checks (8 grep'ов) →
Phase 2 удаление core (job + 1 dedicated test) →
Phase 3 удаление обвязки (controller + route + model + conditional
NotificationService методы + Mailable) →
Phase 4 DROP-миграция БД (3 таблицы + 2 колонки tenants) →
Phase 5 регрессия + code review →
Phase 6 merge + deploy + 7д наблюдение.
Все conditional-блоки гейтятся на impact-checks Phase 1
(финальный список — Task 1.8 inline).
Spec: 2026-05-24-legacy-direct-webhook-removal-design.md
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-24 15:05:19 +03:00
b103c8819c
docs(billing): spec — remove legacy ProcessWebhookJob (direct webhook channel)
...
Pre-sharing-эпик legacy: ProcessWebhookJob + WebhookReceiveController +
POST /api/webhook/{token} + webhook_log/webhook_dedup_keys/tenants.webhook_token.
На проде 0 вызовов за всю историю. Не часть актуальной архитектуры каналов
(основной = шеринг crm.bp-gr.ru, резервный = CSV reconcile — оба уже на always-rub).
Удаление снимает блокер для Phase B Спека A (DROP COLUMN balance_leads),
закрывает публичный endpoint /api/webhook/{token}, убирает расхождение
биллинг-моделей в коде.
Approach: одним PR, одним релизом. Бэкап перед миграцией, 7д наблюдение.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-24 14:47:43 +03:00
a68ea3964c
Merge remote-tracking branch 'origin/feat/router-overhaul-stage-2-measurements' into worktree-router-stage3-enforcement
2026-05-24 09:17:18 +03:00
688da5d38b
docs(stage3): spec amendment (Task 0a/0b + chain governance) + implementation plan
...
Spec amendment 2026-05-24:
- Task 0a — доменная разметка реестра (keyword-триггеры на 30+ узлах)
- Task 0b — цепочки L1-L16 в рекомендациях classifier'а
- Chain governance — правила создания/изменения цепочек (без auto-правок Claude)
Plan этапа 3: 10 тасков, 2 checkpoint'а (Phase A accuracy review,
24h warn-only window перед enforce). Phase A — classifier без блокировок.
Phase B — enforcement. Phase C — continuity + push.
Triggered by заказчик 2026-05-24 после закрытия этапа 2:
«есть скилы для биллинга/маркетинга/безопасности — но не используются»
+ «как создаются и меняются цепочки».
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-24 09:06:37 +03:00
Дмитрий