feat(resolver): pt5 — coherence + merge-loss audits, judgment probes, gloss legend; evals → top-level#18
Merged
Merged
Conversation
Skip comments when a well-named identifier already conveys intent; add one only when removing it would confuse a future agent. Slots after RULE NDC as its sibling (don't add noise). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Absorbs the 7-lens adversarial CTO review (38 findings: 19 P0/16 P1/3 P2) and the follow-up coverage check (21 resolved/17 partial). Verdict was REWORK — concept sound, migration plan under-scoped ~10x. v2 keeps the façade-pair core and fixes: - staged non-destructive migration (§9): scaffold → prove equivalence → atomic Stage-2 switchover; make audit never goes red mid-flight - in-dotfiles blast radius as PRIMARY (§8), grounded to real file:line; machine-enforced zero-dangling-ref grep gate - symlink fix (§10): sync-agents uses ln -s, so RESOLVER_ROOT splits into RESOLVER_HOME (BASH_SOURCE) vs TARGET_ROOT (git rev-parse --show-toplevel) - docs/gates/ keeps its 5 process cards (AGENTS.md has no room); only the 15 authoring cards dissolve; new parity invariant 5 process + 4 resolvers - honesty downgrades: "no missing symbol" not "cannot drift" (§3); llmevals are comprehension probes not adherence judges (§6.2); merge-loss proof is token-coverage + Indy-ack drops (§6.5) - glyph collision fixed: 🔵 DECIDE for judgment, 🟡 stays "addressed" (§3.1) - Stage-2 harness edits signed off by Indy (§15) Stage-0 implementation (reworking the v1-era lib.sh/write_zig.sh) not yet started; this commit is the design only. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- RESOLVER_REVIEW_DISPOSITION.md (new): every confirmed finding traced to its v2 section + status (21 resolved / 17 partial = the Stage-0 backlog). The 22 refuted findings are excluded with rationale. Answers "where did the 38 go?" durably, not just in the ephemeral workflow log. - §16: JUDGMENT ledger DEFERRED (Indy: "I defer the ledger, its complicated"); Stage-2 harness edits SIGNED OFF (Indy, §15); 🔵 glyph pending confirm. - link the disposition record from the v2 doc header. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Stage-0 foundation per RESOLVER_ARCHITECTURE.md v2 — additive, make audit stays green, no gate dissolved yet: - RESOLVER_HOME (BASH_SOURCE) vs TARGET_ROOT (git rev-parse --show-toplevel) split (§10): a symlinked resolver in a product repo now scopes --staged discovery + length checks to THAT repo, not dotfiles. Fixes the "scans empty tree, passes vacuously" class. - absent DETERMINISTIC helper -> 🔴 RESOLVER_RC=1 (was silent ⚪/exit 0); ⚪ reserved for resolver_delegate (§10). - 🟡 JUDGMENT -> 🔵 DECIDE, so judgment never collides with HARNESS_VERIFY's "🟡 violations addressed" (§3.1). - gloss map: drop the FLL/LENGTH duplicate (§6.4). - rename resolvers/zig.sh -> write_zig.sh (the deterministic-façade name). Advances disposition partials #4,6,10,18,33,36 (foundation half). Verified: bash -n clean; --staged + fixture run correct; lib.sh 181/350; make audit ALL CHECKS PASSED. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
resolvers/write_zig.md = docs/ZIG_RULES.md (478 lines, preserved VERBATIM — merge-loss audit: 0 lost, only the BUN_RULES §2 ref repointed to write_ts_adhere_bun.md) + façade header + one enforcement tag per § + the merged deltas from the dissolved zig/pub-surface/lifecycle gate cards. An adversarial merge/reference/tag verify (workflow) flagged pass=false; this commit fixes every gap it found: - 5 dropped gate-card rules re-merged: PUB threshold-cross triggers, pre-edit grep patterns, override scope + syntax, and the defer+errdefer-on-same-allocation forbiddance. - 2 new judgment codes were dangling -> registered: FSD (File Shape Decision) + DIDEM (Deinit IDEMpotency) in lib.sh gloss, emitted as 🔵 DECIDE rows by write_zig.sh. - legend placeholder CODE -> <CODE> so it cannot read as a real code. Stage 0 is additive: docs/ZIG_RULES.md + docs/gates/ still present. Verified: comm base-preservation (only the intentional repoint differs); all tag codes resolve; resolver emits FSD/DIDEM; make audit ALL CHECKS PASSED. Advances disposition partials #16,25,27 + pub/lifecycle deltas. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Indy confirmed Reading A for the cross-repo enforcement question: resolvers ship into product repos (usezombie etc.) as agent-facing files only — their make/harness.mk and .githooks/pre-commit are never edited by the migration. The 8 leaf audits stay each repo's codebase-wide mechanical net; the one in-scope leaf edit (audit-logging.sh:152 fail-message repoint) propagates via the sync-agents symlink with zero product-repo commit. Closes the §7-Backstop drift risk surfaced while tracing usezombie's harness-verify wiring: the Backstop plane is dotfiles-only (fires against resolver-evals fixtures), so the §8 zero-dangling-ref grep and the Stage-2 Indy sign-off stay scoped to dotfiles. - §7: Backstop row marked dotfiles-only; product repos keep the 8 leaves - §8: blast-radius disclaimer — no product-repo harness.mk / pre-commit edit - §10: new item 7 pinning the cross-repo delivery contract Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The file-length gate card states file ≤ 350 for every source language, but write_zig.sh (pt1) wired resolver_length_gate 300 — the resolver early-warning was stricter than the gate it mirrors. Indy confirmed 350 is canonical (Jun 04, 2026). Corrects write_zig.sh 300→350 and the now-stale §3/§4/§6.1 cap examples in RESOLVER_ARCHITECTURE.md (300→350, 301→351, worked example to 360-over-350) so the doc no longer misleads pt4 fixture authoring. Records the call + the deferred .md-cap decision in §16 (decisions 4–5). resolver_length_gate now equals the enforced gate value everywhere. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Third resolver façade pair (after write_zig). The latent .md is docs/BUN_RULES.md preserved verbatim (one forward-looking repoint ZIG_RULES.md→write_zig.md) with one enforcement tag per §, and the dissolving ui-substitution + design-token gate cards merged verbatim — headings demoted, each subsection tagged UIS/DTK to match write_zig's "tag every merged subsection" convention. The deterministic .sh runs FLL(350)/UFS in-repo, delegates TSC/UIS/DTK to make lint (the audit scripts scan ui/packages, present only in the product repo), and emits FSD/TGU/TSJ as judgment. lib.sh gains four glosses (TSC/TSJ/UIS/DTK) so no code prints naked. Verified by a 4-lens adversarial workflow: merge-loss clean (base byte-faithful, design-token card zero-diff, every token present), no dangling/orphan/naked codes, tags structurally complete. Findings addressed: all 12 merged subsections tagged (convention parity), §9→TSJ + §8→TODO-CHECK (honest enforcement), TSC delegate description corrected. §2→UFS and §13→FLL kept — retagging would orphan those codes; this is the one-tag-per-verbatim-section limit, documented for review. Stage 0 additive — BUN_RULES.md + gate cards untouched; make audit green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fourth resolver façade pair, and the structurally novel one: SQL has no standalone dissolving RULES file. Only the schema-removal gate card merges in verbatim (SCHEMA GUARD / teardown-vs-ALTER by VERSION; title→tagged ###, its subsections demoted + tagged SCH). The durable SQL rules NSQ/STS/SGR/ITF stay in the retained docs/greptile-learnings/RULES.md and are *referenced*, not copied — STS/NSQ/SGR as [DETERMINISTIC → TODO-CHECK] (no SQL leaf-check exists yet), ITF as a judgment row. write_sql.sh: FLL(350) inline + SCH/ITF judgment; lib.sh gains SCH/ITF glosses. Adversarially verified (4 lenses): merge-loss clean (schema-removal verbatim, eliminated RULE SCM not cited, no full-body copy of retained rules), no dangling/orphan/naked codes, the reference pattern judged sound + honest. Findings fixed: STS summary Zig/TS→Zig/JS (reference-fidelity drift vs canonical RULE STS), companion intro now distinguishes ITF's dual enforcement (GREPTILE + judgment row), SCH .sh note flags the pre-2.0 forbidden-token floor as a build-the-check candidate. Stage 0 additive — schema-removal card + RULES.md untouched; make audit green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The [container] wrapper tag — used by every façade for the "Merged from dissolved gate cards" section (and twice in write_sql) — was undocumented in the façade Tag legends and the §3 frozen-grammar table, so the not-yet-built coherence audit had no definition telling it to skip these non-enforcement wrappers. Backports a [container] legend row to the committed write_zig.md + write_ts_adhere_bun.md and adds a table row + prose note to RESOLVER_ARCHITECTURE.md §3 (write_sql.md ships with the row in its own commit). Surfaced by the write_sql adversarial review (P2, batch-with-siblings rather than fix-in-isolation). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The fourth and largest façade — fires for ANY source file, in addition to the per-language façade. Merges all nine dissolving cross-cutting cards verbatim (file-length, logging, milestone-id, error-registry, ufs, greptile, nlr, nlg, legacy-design; headings demoted, every subsection tagged). Five deterministic codes: FLL inline + UFS/LOG/MSID via leaf helpers (modes verified against each leaf's arg-parser); ERR deterministic-but-DELEGATED because audit-error-codes.sh hard-exits without the product-repo error_registry.zig. Four judgment codes: GRP/NLR/NLG/LDC. The fn≤50/method≤70 sub-cap is named explicitly as a TODO-CHECK subsection per §13 (not folded into the 350 file cap). lib.sh gains 5 glosses (LOG/MSID/ERR/GRP/LDC). Adversarially verified (4 lenses): 9-card merge-loss clean (every token verbatim, 0 lines lost), no dangling/orphan/naked codes, the run-vs-delegate split empirically validated (ufs/logging/msid exit 0 on empty input, error-codes exit 1 — confirming the delegate). Probe caught the ERR product-repo dependency. Fixed: ERR prose drift in the container paragraph (was mislabeled "via leaf helpers"), per-file firing-semantics documented in Scope. Flagged for Indy decision (next, does NOT affect write_any): UFS is run-wired in write_zig + write_ts_adhere_bun + write_any — a universal-rule homing question (consolidate to write_any vs amend §5's "none double-homed"). write_any is UFS's canonical home either way. Stage 0 additive; make audit green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
UFS (literal hygiene) is a universal rule, but it was run-wired in three façades (write_zig / write_ts_adhere_bun / write_any) — so a multi-language touch ran the same audit-ufs --all full-tree scan twice, and §5's "none double-homed" was literally false. Indy chose to consolidate (Jun 04, 2026): UFS runs ONCE in write_any.sh, which fires for every source file, so coverage stays complete. - Removed the resolver_run_helper "UFS" rows from write_zig.sh + write_ts_adhere_bun.sh. - Their verbatim UFS prose stays (merge-loss intact), tagged [DETERMINISTIC → UFS] but annotated as enforced-cross-cutting by write_any. - §6.3 orphan check relaxed to a universal-code carve-out: a [DET → CODE] tag is satisfied when CODE is wired in ANY resolver. §16 Decision 6 records the call. Verified: UFS run_helper now appears only in write_any.sh; zig/ts probes pass without it; write_any probe runs UFS 🟢; make audit green. Restores §5's single-homed-enforcement invariant. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
audit-ufs.sh:100 used a regex *literal* `/^ui\/packages\/[^/]+\/…/` — the `/`
inside the `[^/]` class makes macOS's BWK/one-true-awk abort the whole string-dup
awk program ("nonterminated character class"), silently finding zero violations
(false green). gawk on Linux CI was unaffected, so it went unnoticed; on macOS the
UFS dup-string check was DEAD — in the resolver's UFS row AND in usezombie's live
make-harness-verify / make-lint.
Fix: dynamic-regex STRING "^ui/packages/[^/]+/(src|app|tests|components|lib|hooks)/"
— identical match semantics on gawk, portable on BWK awk.
Verified on macOS (awk 20200816): a src/ dup now FLAGS (string-dup-file, exit 1),
a ui/packages dup is correctly SKIPPED, no awk error, make audit green. Found via
an Indy-directed BSD-awk sweep of the five resolver-wired leaves — this was the
ONLY macOS-awk incompatibility; audit-deinit-pairs/logging/msid-ui/error-codes are
clean across all modes.
NOTE: this script is synced to product repos — the next `make lint` in usezombie
will run UFS dup-detection on macOS for the first time and may surface real
violations that were previously masked.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Follow-on to the audit-ufs :100 fix (2b0fe40). The Indy-directed BSD-awk sweep of the resolver-wired leaves found a second, SEMANTIC class: `\b` (word boundary) is a gawk extension — on macOS BWK awk it means *backspace*, so any `\b` in an AWK regex silently matches nothing (no error, so it evades a syntax-error sweep). Three live checks were dead on macOS: - audit-logging.sh:138 — `\bstd.debug.print(` never matched -> debug.print ban dead. - audit-ufs.sh:179 — NUMERIC_RE `\b…\b` -> numeric-suspect detection dead. - audit-msid-ui.sh:108 — `\bT[0-9]+\b` / `\bdim…` -> T-number + dim-ref detection dead (the M_/§ alternatives still worked). (`\b` in GREP is fine — BSD grep supports it — so audit-logging :154/:178/:197 and audit-error-codes :77 are unaffected. audit-deinit-pairs HEAP_RETURN_RE is a dead variable, no live impact.) Fix: `\b` -> explicit capturing boundaries `(^|[^A-Za-z0-9_])…([^A-Za-z0-9_]|$)`; for audit-ufs's numeric extraction, trim the captured boundary chars back off the RSTART/RLENGTH token (BWK awk has no subgroup match()). Verified on macOS (awk 20200816), each both ways: std.debug.print now flagged; 1048576 flagged (clean token) while 21048576 is not; T7 + 'dim 2.3' flagged while 'START7' is not. As with 2b0fe40, the next usezombie make lint on macOS may surface real violations these checks previously missed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…unner (pt 4) scripts/resolver-evals/: pass+fail fixtures for all five deterministic-RUN resolver codes (FLL/UFS/LOG/MSID/DEINIT) + run.sh, which drops each fixture into an isolated git sandbox, stages it, runs the owning resolver --staged from inside (TARGET_ROOT = sandbox, so the leaf checks scan the fixture, not dotfiles), and diffs actual vs expected exit. 10/10 green. The boundary pair length_350_pass / length_351_fail PINS the 350 file cap: edit any resolver_length_gate and the 351 fixture flips, turning run.sh red — the fixture, not a tag, is the drift detector (RESOLVER_ARCHITECTURE prose-pinned-fixtures model). ERR is intentionally absent: deterministic-but-DELEGATED, its leaf needs the product-repo error_registry.zig (§16 Decision 6), so the product harness exercises it instead. Why a sandbox: the leaf checks scan `git rev-parse --show-toplevel`'s tree (src/*.zig via git ls-files / find src), never a passed file path — proven during authoring (a direct `write_any.sh fixture` left audit-ufs scanning dotfiles, not the fixture). That same harness surfaced the macOS-awk leaf bugs fixed in 2b0fe40 + 46d7fa4. Stage 0 additive; make audit green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… gloss legend
Completes Stage-0 of the resolver façade-pair migration (the last pt5 piece) and
relocates the eval harnesses to a top-level home.
Coherence audit (RESOLVER_ARCHITECTURE.md 6.3 + 6.4):
- scripts/audit-resolver-coverage.sh: 7 checks over the façade pairs — every
DETERMINISTIC tag has a .sh row (universal-code carve-out, Decision 6), every
run-enforced code has a pass+fail fixture, every JUDGMENT tag has a probe, no
orphan rows, leaf helpers present+executable, no naked codes, and the RULES.md
canonical gloss legend matches lib.sh RESOLVER_GLOSS byte-for-byte. Wired into
`make audit` (green).
- docs/greptile-learnings/RULES.md: new canonical gloss legend (27 rule codes)
mirroring lib.sh.
Judgment comprehension probes (6.2):
- 11 probes (codes SCH ITF GRP NLR NLG LDC TGU ARCH FSD DIDEM TSJ) added to
fixtures.jsonl — 5 expect-YES / 6 expect-NO so a constant-answer agent cannot
game the exact-match grader; build_context repointed to also embed resolvers/*.md.
Merge-loss proof (6.5) — Stage-2 deletion gate, deliberately NOT in `make audit`:
- scripts/audit-merge-coverage.sh + evals/resolver-evals/merge_coverage.py:
frozen tokenizer ([a-z0-9]+, fixed stopwords, len>=3) asserts every dissolving
card's tokens land in some resolver .md or an Indy-acked drop. --selftest over
merge_orphan_card.md proves an orphaned sentence fails. 13/15 cards fully
covered; zig/pub-surface/lifecycle surface ~40 reworded-away prose tokens
(no lost rules) pending Indy drop-acks in merge-coverage-drops.tsv.
Relocation (Decision 7): eval harnesses moved scripts/{resolver-evals,llmevals}/
-> evals/{resolver-evals,llmevals}/; drops ledger moved out of the synced
resolvers/ payload. All functional + spec path refs repointed; the
RESOLVER_REVIEW_DISPOSITION.md review quote left as a historical record.
Stage-0 invariant held: `make audit` green throughout. Invariance signoff
pending at push (AGENTS_INVARIANCE.md 23.7 path correction; all-YES preserved).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…rewordings) Indy reviewed the uncovered-token report (zig 2, pub-surface 22, lifecycle 16), confirmed all 40 are reworded-away prose/example tokens — not rules — and authorized keeping the ledger. Orly verified each underlying rule survives in write_zig.md before recording: use-after-free -> :112, allocator-ownership -> :42/:46, PUB surface -> :70/:103, deinit/drain -> :61/:62. audit-merge-coverage.sh now green (every dissolving-card token covered or acked-dropped); --selftest still bites. The audit stays a Stage-2 deletion gate (NOT wired into `make audit`) per Decision 8 — the cards still exist at Stage 0. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adversarial pre-PR review (find -> verify) surfaced 11 confirmed findings, none
P0/P1 (nothing produced a wrong green). Fixes:
audit-resolver-coverage.sh:
- (g) add a non-empty floor — empty-vs-empty gloss maps no longer pass as
"identical" (a reworded RULES.md legend heading now fails loudly).
- (b) apply `| real` so the TODO-CHECK/NEW: exemption the header claims is real.
- align .sh-row code extractors to [A-Z0-9_-] (no colon) with the gloss/fixture
extractors — colon codes are .md-tag-only proposed markers.
merge_coverage.py + audit-merge-coverage.sh + drops ledger:
- per-card drop scoping (ledger now card<TAB>token<TAB>ack) — a token reworded
away in one card no longer clears the same word in another card.
- reject multi-word / non-single-token drops (was a silent dead drop).
- --selftest now asserts the orphan fixture's discriminator tokens are flagged,
not just exit!=0 (the framing prose alone could satisfy exit!=0).
- honest headers: guard 2 is a FORMAT check (rejects malformed/un-acked), NOT an
authenticity check; ack authenticity is enforced socially at PR review.
docs + probes:
- RESOLVER_ARCHITECTURE.md 6.3: boundary-pinning is run.sh's job, not this audit.
- AGENTS_INVARIANCE.md: runner now embeds resolver façades too (build_context).
- re-anchor the ARCH probe ("operating model's architecture rule", not "Zig
façade" — the rule lives in the Architecture gate body, not write_zig.md).
- soften the FSD probe: the one-sentence why-not is required only when the
verdict is the conventional shape.
MSID guard: reworded §N.M doc cross-refs in lib.sh + run.sh comments to drop the
milestone-id glyph. The M42_007 in msid_violation.zig is an INTENTIONAL MSID
negative fixture (it must contain a milestone id to test the detector) — left as
test data; audit-msid-ui.sh is not wired into make audit/hooks, so no CI impact.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Two near-duplicate targets become one entry point. The live run already validates fixtures + reports agent availability as a mandatory preamble (run-llmevals.sh:188, exits 2 before any spend), so folding `--check` in loses no safety: make llmevals live graded run (costs tokens) make llmevals CHECK=1 validate fixtures + availability only, zero tokens AGENTS_INVARIANCE.md Scenario 23.8 (the zero-token minimum that must pass when the runner is unavailable) repointed to `make llmevals CHECK=1`. Invariance Suite Gate green: `make audit` 10/10, no orphaned refs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
"Resolver" described nothing being resolved. The façade pairs are now
dispatch/ — AGENTS.md dispatches each authoring action to its pair.
Three honest top-level dirs:
dispatch/ façade pairs (write_*.md/.sh + lib.sh) — ships to product repos
audits/ conformance gates (audit- prefix dropped) — ships to product repos
evals/ rule-system correctness proofs — dotfiles-internal
dispatch/ deterministic façade evals + coverage + merge-coverage
llms/ live cross-agent evals (was llmevals)
test-agents-md.sh negative harness (proves the audit bites)
Audit/eval split is by role: audits/ block bad work (commit plane); evals/
prove the rules are sound (on-demand). test-audit + both coverage scripts
are evals — they validate checkers, not work product.
Path-depth fix: coverage.sh + merge-coverage.sh moved scripts/ (depth 1) →
evals/dispatch/ (depth 2); ROOT recomputed /.. → /../.. . Leaf delegation
repointed to $DISPATCH_HOME/audits and run_helper args drop the audit- prefix.
No-stutter inside evals/: resolver-evals → dispatch, llmevals → llms,
run-llmevals.sh → run.sh.
Verified green on the new tree: make audit, merge-coverage (+selftest),
test-audit (20 negatives), llmevals CHECK=1.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- ZIG_RULES/BUN_RULES: git rm (not git mv) — prose already merged into the façades in Stage 0; a mv would clobber the merged write_zig.md. (Indy catch.) - Stage 2 also git rm's the spent merge-coverage set (one-shot migration scaffolding, dead once the 15 cards are gone — RULE NDC). - Fix sweep artifact "Dispatch Dispatch" → "Dispatch table". Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
README now carries the canonical dispatch table — trigger → dispatch entry → latent .md content → deterministic check — so the routing model is documented at the repo root, not only in AGENTS.md. Marks migration status (4 authoring façades live; process pairs + write_http/write_auth landing in PR #18). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ades
First 3 process-dispatch pairs (model B, additive Stage 0). Each is a pure
latent playbook — judgment-only (🔵), no deterministic .sh half, because no
script can detect "about to claim done" / "about to name a stream" /
"editing the governance":
dispatch/verify.md ← absorbs docs/gates/verification.md (+ tiers)
dispatch/name_architecture.md ← absorbs docs/gates/architecture.md
dispatch/edit_rules.md ← absorbs docs/gates/invariance-suite.md;
its .sh half IS audits/agents-md.sh (the
self-checker), latent half is AGENTS_INVARIANCE.md
Additively safe: coverage.sh only constrains tagged façades, so untagged
prose playbooks don't perturb it; merge-coverage doesn't scan the 5 process
cards until the pre-Stage-2 extension. make audit stays green (10/10). The
docs/gates/ cards remain until the Stage-2 atomic switchover.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Completes all 10 dispatch entries (model B additive scaffolding):
write_spec.md ← merges docs/gates/spec-template.md (real dotfiles audit;
deterministic half audits/spec.sh runs in make lint)
write_http.md ← route-and-delegate to docs/REST_API_DESIGN_GUIDELINES.md
(761-line product-surface guide — referenced, not duplicated)
write_auth.md ← fully ⚪ delegated to product-repo docs/AUTH.md; carries the
always-forbidden credential rules that hold everywhere
Design nuance: write_http/write_auth are product-surface guides, so they
route-and-delegate rather than merge-and-delete like write_zig — the canonical
docs stay single-source. All additively safe (untagged latent prose); make
audit green (10/10). docs/gates/ cards remain until Stage-2 switchover.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Pairs the prompt-invariance layer (the questionnaire) with its deterministic
layer (audits/agents-md.sh): agents-md.{md,sh} are now the two co-located,
co-named halves of the Invariance Suite, both shipping via audits/. The
edit_rules dispatch façade points to it.
Repointed: agents-md.sh INV read path, both git-hook trigger regexes, README,
AGENTS.md gate index, data.sh DOTFILES_RESIDENT, edit_rules.md, and the
test-agents-md.sh sandbox (now places the questionnaire under $sb/audits/,
not flat — the move changed its path depth).
Verified: make audit (10/10), make test-audit (20 negatives + baseline),
gitleaks clean. Questionnaire content unchanged → llmevals golden-set intact.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The dispatch-model parity mechanic that replaces gate-parity at Stage 2, proven green + biting against a model-B sandbox WITHOUT touching the live gate-mode agents-md.sh (345/350 lines — no room for a second mode). - audits/data.sh: REQUIRED_DISPATCH — the 10-entry source of truth - audits/parity-dispatch.sh: check_dispatch_parity() — asserts dispatch/*.md ↔ AGENTS.md dispatch-table rows ↔ REQUIRED_DISPATCH agree, and docs/gates/ is empty (the old empty-set guard inverts). Sourced into agents-md.sh at Stage 2, line-neutral (the gate-parity block is deleted). - evals/test-dispatch-parity.sh + `make dispatch-parity`: builds the post-switchover sandbox; proves green AND bites on 4 regressions. Two bash gotchas fixed en route: backtick-in-regex held in a var; and a single-line `local root=$1 agents=$root/...` where $root hadn't expanded. make audit 10/10 · make test-audit 20 negatives · make dispatch-parity 5/5. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…proof landed) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
merge-coverage now scans the 5 process cards (verification, invariance-suite, spec-template, architecture, doc-read) in addition to the 15 authoring cards — the last green run that authorizes deleting ALL 20 at Stage 2. architecture.md was already fully covered by name_architecture.md. The other four leave 43 uncovered tokens — every one vocabulary/narrative, no enforced rule (verified): header words, connective prose, the M62_001 historical example, and doc-read's routing prose that dissolved into the dispatch TABLE (not a façade body). All 43 recorded as Indy-acked drops: > Indy (2026-06-05): "Ack all 43 — no rule lost" merge-coverage ✅ 20/20 · --selftest still bites · audit 10/10 · test-audit 20 negatives · dispatch-parity 5/5 · gitleaks clean. merge-coverage is now spent: Stage 2 deletes it together with the cards. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…s into 10 dispatch entries
Completes the model-B migration (DISPATCH_ARCHITECTURE.md → v3 EXECUTED): the 20
docs/gates/*.md cards + docs/ZIG_RULES.md + docs/BUN_RULES.md dissolve into the 10
dispatch/ façade entries. docs/gates/ no longer exists.
Self-checker (audits/agents-md.sh): gate-inventory → dispatch-inventory; gate-parity
(check 9b) → check_dispatch_parity (disk == AGENTS.md table == REQUIRED_DISPATCH, and
docs/gates/ empty); the empty-set guard + per-card gate-body check are removed (parity
now covers façade existence); hook-trigger check docs/gates → dispatch/. data.sh:
REQUIRED_GATES retired; DOTFILES_RESIDENT drops the Zig/Bun standards docs, adds the 10
façades. AGENTS.md: 20-row gate index → 10-row dispatch table.
References repointed to the dispatch façades across both git hooks, bin/sync-agents,
the 7 leaf-audit scripts, 6 standards docs, the invariance questionnaire (§11 rebases —
7.10/13.1/14.5/20.1/22.4/23.1/4.11, each verified still answerable-YES against façade
content), README, evals/llms/run.sh, evals/llms/fixtures.jsonl, and the Makefile. The
zero-dangling-ref grep = 0 (excl. the two DISPATCH_* design records).
Spent Stage-2 scaffolding removed (RULE NDC): the merge-coverage set
(merge-coverage.sh, merge_coverage.py, merge-coverage-drops.tsv,
fixtures/merge_orphan_card.md) + its Makefile target.
Boundary gates green: make audit (18/18 + dispatch coverage + 10/10 evals), make
test-audit (19 negatives, rewritten for the dispatch-model sandbox), make
dispatch-parity (5/5), make llmevals CHECK=1 (47 fixtures valid), gitleaks clean,
AGENTS.md 26210/29696 B.
Stage-2 authorized by Indy this session ("Execute + push", "Confirmed — I authorized
it", "yes commit") and architecture §15 ("stage-2 yes signed off"). sync-agents NOT run
and .githooks NOT propagated to product repos, per Indy ("Indy will verify the results
first"). Ephemeral HANDOFF.md removed per CHORE(close).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…_changelog entry, prune orphaned docs Dispatch-model polish on top of the Stage-2 switchover (362ceb9): Fix A — write_sql dispatch now reads docs/SCHEMA_CONVENTIONS.md (naming/type/ schema-qualification), the analogue of write_http → REST_API_DESIGN_GUIDELINES. Wired into the write_sql.md trigger + the EXECUTE_DOC_READS schema row. Corrects the line that wrongly claimed "SQL has no standalone source-of-truth RULES file". Fix B — new judgment-only dispatch entry write_changelog (the 11th), routing changelog `<Update>` authoring to docs/CHANGELOG_VOICE.md. Mirrors verify.md: pure 🔵 judgment, no .sh half, no enforcement-code tags (zero coverage debt). Wired into REQUIRED_DISPATCH + DOTFILES_RESIDENT (data.sh), the AGENTS.md dispatch table, the AGENTS.md Changelog-voice section, README, and EXECUTE_DOC_READS. Parity holds at 11 (disk == table == REQUIRED_DISPATCH). Pruned two docs orphaned from the dispatch graph (recoverable via git history): - docs/CLI_DX_PILLARS.md (622 lines) — the CLI "7 Pillars" Architecture Decision Record (ADR). Its summary is preserved inline in docs/TEMPLATE.md Prior-Art; the spec skill repointed there. /review flagged the magnitude; Indy confirmed delete ("yes commit, push the batch as-is"). - docs/ZIG_STATIC_OPENSSL.md (172 lines) — static-OpenSSL build how-to; only sync-agents shipped it, no façade/audit/spec referenced it. README "Agent dispatch model" section rewritten in plain English (front-desk analogy + simple "if you're about to X, read Y" table) with an elaborate pointer to docs/DISPATCH_ARCHITECTURE.md for the full design. Gates green: make audit (parity 11/11/11 + coverage 27 codes + dispatch-evals 10/10), make test-audit (19 negatives + baseline), make dispatch-parity (5/5), zero-dangling-ref = 0, gitleaks clean, AGENTS.md 26589/29696 B. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…m script AGENTS.md EXECUTE pointed DOC READ GATE at `audits/doc-reads.sh`, a script that never existed on any branch (the prior `scripts/audit-doc-reads.sh` form was equally absent). The gate is proof-line enforced — the agent emits a `📖 DOC READ: <path>` line per triggered doc — not script-mechanised, so the reference was a phantom enforcer the zero-dangling-ref check (scoped to `docs/gates/*.md`) could not catch. Reword to state the actual enforcement, matching the former gate-card body: emit the proof-line per triggered doc, citing §N applied or skip-with-reason. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This was referenced Jun 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Completes Stage 0 of the resolver façade-pair migration (the last pt5 piece) and relocates the eval harnesses to a top-level
evals/. Stage 0 is additive:make auditstays green throughout; nodocs/gates/card is deleted (that is the Stage-2 atomic switchover).A resolver is a façade pair — a latent
.mdthe agent reads + a deterministic.shthe machine runs — over one gate set. This Pull Request (PR) adds the two coherence proofs that keep the pair honest.What's in it
Coherence audit —
scripts/audit-resolver-coverage.sh(RESOLVER_ARCHITECTURE.md 6.3 + 6.4), wired intomake audit:[DETERMINISTIC]tag has a.shrow (universal-code carve-out); every run-enforced code has a pass+fail fixture; every[JUDGMENT]tag has a comprehension probe; no orphan rows; leaf helpers present+executable; no naked codes; RULES.md canonical gloss legend ==lib.shRESOLVER_GLOSSbyte-for-byte.RULES.md: new canonical 27-code gloss legend.Merge-loss proof —
scripts/audit-merge-coverage.sh+evals/resolver-evals/merge_coverage.py(6.5), a Stage-2 deletion gate (deliberately NOT inmake audit):resolvers/*.mdor a per-card Indy-acked drop.--selftestproves an orphaned sentence's discriminators are flagged.Comprehension probes — 11 resolver-judgment probes added to
evals/llmevals/fixtures.jsonl(47 total, 5 YES / 6 NO so a constant-answer agent can't game the grader);build_contextrepointed to embedresolvers/*.md.Relocation —
scripts/{resolver-evals,llmevals}/→evals/{resolver-evals,llmevals}/; drops ledger moved out of the syncedresolvers/payload.Pre-PR review (
/reviewas a multi-agent find→verify workflow)11 confirmed findings, all P2/nit, zero P0/P1 (nothing produced a wrong green). All addressed in
97dcc7d:| realfilter on fixture-coverage; aligned code char-classes.run.sh; ARCH probe re-anchored; FSD probe softened.Test evidence
make audit→ ALL CHECKS PASSED (agents-md + resolver-coverage + resolver-evals 10/10).merge-coveragegreen via 40 per-card acked drops;--selftestbites.llmevals --check: 47 fixtures valid.Known / deferred
msid_violation.zigtrips the Milestone-ID (MSID) guard onM42_007— but that is an intentional negative fixture (it must contain a milestone id to test the detector).audit-msid-ui.shis not wired intomake audit/hooks, so no Continuous Integration (CI) impact. Decision for Indy: add the user-onlyMILESTONE ID ALLOWEDmarker, or carveevals/.../fixtures/out of the guard — left as-is pending your call (I won't patch the harness or break the fixture unilaterally).make auditcheck — the 15 cards still exist at Stage 0 ("a card is not deleted until its assertion is green").Session notes
evals/; merge-coverage scoped as a Stage-2 deletion gate. Both-orphan-directions-global andNEW:*-exempt settled per Decision 6.write_zig.md), and chose to keep the ledger. Per guard 2, only Indy can ack drops.AGENTS.mdis unchanged vs master (0 diff), so the invariance questionnaire stays all-YES by construction; signoff written for97dcc7d./write-unit-test: the audit infrastructure's tests are the negative-bite harness (7/7 → 8/8), the merge-coverage--selftest, andresolver-evals(10/10) — stronger than generic generation for this changeset.🤖 Generated with Claude Code