feat(lint): close the run-status write surface (coupling-core Phase A)#463
Merged
Conversation
Run status transitions are decided by the pure step() function but were still written from 46 sites across 5 files, so nothing stopped a new writer from bypassing the transition policy. This change makes the write surface machine-checked: - Add semgrep rule run-status-write-surface: constructing/appending a run status event outside Daemon.updateStatus is an error. The 46 existing writers are frozen with per-line nosemgrep annotations (the whitelist may only shrink; Phase B consolidates them into step()). - Add semgrep rule no-ignored-status-append: discarding the error of a status append is an error (silent store/in-memory divergence). - Fix the 4 swallowed status-append errors in proto_handler.go master projections (now propagated fail-fast with run context) and the 2 in socket.go failOpenCodeRunBootstrap (error-recording path: original error preserved, append failures logged). - Wire `semgrep test .semgrep/run-status-write-surface` into make lint with ruleid/ok fixtures; CI (quality.yaml) picks it up via make lint. - Document coupling cores, change routing, the tripwire checklist, and the choice-space gate in AGENTS.md; add the living roadmap/watchlist at docs/design/coupling-core-roadmap.md. Verified: go build ./..., go test (daemon/cli pass; monitor's TestSessionNameForProject fails identically on main — pre-existing), make lint passes with 0 findings, and a synthetic 47th writer trips both rules. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase A of docs/design/coupling-core-roadmap.md: make the run-status write surface machine-checked so that delegated PRs cannot silently add status writers that bypass the
step()transition policy.A1 — semgrep rule
run-status-write-surfacemodel.NewStatusEvent/model.NewEvent(EventTypeStatus, …)/Type: "status"literals everywhere ininternal/(exceptinternal/model/).nosemgrepannotations. The whitelist may only shrink —grep -c 'nosemgrep: run-status-write-surface'is the Phase B progress meter.semgrep testfixtures wired intomake lint; CI picks it up via quality.yaml.A2 — fail-fast on status appends (
no-ignored-status-append)_ = st.AppendEvent(…NewStatusEvent…)master-projection sites in proto_handler.go now propagate append failures with run context.failOpenCodeRunBootstrap(socket.go): error-recording path keeps returning the original bootstrap error, but append failures are now logged instead of swallowed.A3 — routing rules in AGENTS.md
Coupling-core inventory, frontier/delegate routing rule, tripwire checklist for delegate PR review, choice-space gate, and the burn-in loop.
Verification
make lint: 0 findings (105 rules), new fixture tests 2/2 passgo build ./...clean;go test ./internal/daemon ./internal/clipassinternal/monitorTestSessionNameForProjectfails identically on main (environment-dependent session-name truncation) — pre-existing, untouched by this PR🤖 Generated with Claude Code