aboutsummaryrefslogtreecommitdiff
path: root/todo.org
diff options
context:
space:
mode:
authorCraig Jennings <c@cjennings.net>2026-07-02 05:19:01 -0400
committerCraig Jennings <c@cjennings.net>2026-07-02 05:19:01 -0400
commitb6a977cec25fddf1e498896cec3ad9462fc149db (patch)
tree9bbd5a1ac2609c9d1b4cba719360fa7e319db85f /todo.org
parent78bbaae5d8634d52588c1a60d7b7f430bed238c7 (diff)
downloadrulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.tar.gz
rulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.zip
feat(rules): add the host-identity guard rule and startup probe
A tracked or synced doc asserting "this machine is X" is false on every machine but its origin, and an agent trusting it reasons backwards all session. It happened live: a stale "ratio" claim steered a session running on velox. The new rule bans fixed identity claims in tracked/synced docs and requires the runtime derivation instead (uname -n, since the hostname binary is often absent). Describing the fleet stays legal. Claiming the current member doesn't. startup gained a read-only probe that greps CLAUDE.md and notes.org for the pattern and surfaces hits as a judgment flag, never a block. Fixture-verified under bash and zsh.
Diffstat (limited to 'todo.org')
-rw-r--r--todo.org5
1 files changed, 4 insertions, 1 deletions
diff --git a/todo.org b/todo.org
index 3e54355..5ce251f 100644
--- a/todo.org
+++ b/todo.org
@@ -161,7 +161,8 @@ The work project edited two synced scripts locally as a stopgap (2026-06-17) and
Note (2026-06-24): the Anki =#+TITLE= deck-name fix landed (commit 060a938) — =default_deck_name= is now =default_deck_name(input_path, org_text)= with a new docstring. The preserved 2026-06-17 =to-anki.py= predates that, so *don't* copy it wholesale (it would revert the title-fix). Re-derive the multi-tag changes against the current canonical =flashcard-to-anki.py= and keep the =#+TITLE= behavior.
-** TODO [#C] Guard against hardcoded host identity in synced files :feature:solo:
+** DONE [#C] Guard against hardcoded host identity in synced files :feature:solo:
+CLOSED: [2026-07-02 Thu]
:PROPERTIES:
:CREATED: [2026-06-22 Mon]
:LAST_REVIEWED: 2026-06-24
@@ -170,6 +171,8 @@ A =CLAUDE.md= / notes file that asserts mutable environment identity as a fixed
2026-07-02 Thu @ 05:09:58 -0400 — Craig (speedrun pre-flight): rule + startup lint. A new claude-rules file plus a cheap grep probe in startup flagging host-identity claims in CLAUDE.md / notes.org fleet-wide.
+Resolution 2026-07-02: claude-rules/host-identity.md written (fixed-identity claims banned in tracked/synced docs, runtime derivation via uname -n, fleet-description carve-out, the archsetup worked failure) and linked machine-wide by make install. startup.org gained Phase A probe 13 (grep for "this machine/host/box is" claims in CLAUDE.md + notes.org, fixture-verified bash+zsh) and the Phase C host-identity flag line. Flags for judgment, never blocks.
+
** TODO [#C] coverage-summary.el documented as a local-only helper :chore:
:PROPERTIES:
:CREATED: [2026-06-22 Mon]