diff options
| author | Craig Jennings <c@cjennings.net> | 2026-07-02 05:19:01 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-07-02 05:19:01 -0400 |
| commit | b6a977cec25fddf1e498896cec3ad9462fc149db (patch) | |
| tree | 9bbd5a1ac2609c9d1b4cba719360fa7e319db85f /docs/specs/wrapup-routing-spec.org | |
| parent | 78bbaae5d8634d52588c1a60d7b7f430bed238c7 (diff) | |
| download | rulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.tar.gz rulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.zip | |
feat(rules): add the host-identity guard rule and startup probe
A tracked or synced doc asserting "this machine is X" is false on every machine but its origin, and an agent trusting it reasons backwards all session. It happened live: a stale "ratio" claim steered a session running on velox. The new rule bans fixed identity claims in tracked/synced docs and requires the runtime derivation instead (uname -n, since the hostname binary is often absent). Describing the fleet stays legal. Claiming the current member doesn't.
startup gained a read-only probe that greps CLAUDE.md and notes.org for the pattern and surfaces hits as a judgment flag, never a block. Fixture-verified under bash and zsh.
Diffstat (limited to 'docs/specs/wrapup-routing-spec.org')
0 files changed, 0 insertions, 0 deletions
