aboutsummaryrefslogtreecommitdiff
path: root/pairwise-tests
diff options
context:
space:
mode:
authorCraig Jennings <c@cjennings.net>2026-07-02 05:19:01 -0400
committerCraig Jennings <c@cjennings.net>2026-07-02 05:19:01 -0400
commitb6a977cec25fddf1e498896cec3ad9462fc149db (patch)
tree9bbd5a1ac2609c9d1b4cba719360fa7e319db85f /pairwise-tests
parent78bbaae5d8634d52588c1a60d7b7f430bed238c7 (diff)
downloadrulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.tar.gz
rulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.zip
feat(rules): add the host-identity guard rule and startup probe
A tracked or synced doc asserting "this machine is X" is false on every machine but its origin, and an agent trusting it reasons backwards all session. It happened live: a stale "ratio" claim steered a session running on velox. The new rule bans fixed identity claims in tracked/synced docs and requires the runtime derivation instead (uname -n, since the hostname binary is often absent). Describing the fleet stays legal. Claiming the current member doesn't. startup gained a read-only probe that greps CLAUDE.md and notes.org for the pattern and surfaces hits as a judgment flag, never a block. Fixture-verified under bash and zsh.
Diffstat (limited to 'pairwise-tests')
0 files changed, 0 insertions, 0 deletions