diff options
| author | Craig Jennings <c@cjennings.net> | 2026-07-02 05:19:01 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-07-02 05:19:01 -0400 |
| commit | b6a977cec25fddf1e498896cec3ad9462fc149db (patch) | |
| tree | 9bbd5a1ac2609c9d1b4cba719360fa7e319db85f /todo.org | |
| parent | 78bbaae5d8634d52588c1a60d7b7f430bed238c7 (diff) | |
| download | rulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.tar.gz rulesets-b6a977cec25fddf1e498896cec3ad9462fc149db.zip | |
feat(rules): add the host-identity guard rule and startup probe
A tracked or synced doc asserting "this machine is X" is false on every machine but its origin, and an agent trusting it reasons backwards all session. It happened live: a stale "ratio" claim steered a session running on velox. The new rule bans fixed identity claims in tracked/synced docs and requires the runtime derivation instead (uname -n, since the hostname binary is often absent). Describing the fleet stays legal. Claiming the current member doesn't.
startup gained a read-only probe that greps CLAUDE.md and notes.org for the pattern and surfaces hits as a judgment flag, never a block. Fixture-verified under bash and zsh.
Diffstat (limited to 'todo.org')
| -rw-r--r-- | todo.org | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -161,7 +161,8 @@ The work project edited two synced scripts locally as a stopgap (2026-06-17) and Note (2026-06-24): the Anki =#+TITLE= deck-name fix landed (commit 060a938) — =default_deck_name= is now =default_deck_name(input_path, org_text)= with a new docstring. The preserved 2026-06-17 =to-anki.py= predates that, so *don't* copy it wholesale (it would revert the title-fix). Re-derive the multi-tag changes against the current canonical =flashcard-to-anki.py= and keep the =#+TITLE= behavior. -** TODO [#C] Guard against hardcoded host identity in synced files :feature:solo: +** DONE [#C] Guard against hardcoded host identity in synced files :feature:solo: +CLOSED: [2026-07-02 Thu] :PROPERTIES: :CREATED: [2026-06-22 Mon] :LAST_REVIEWED: 2026-06-24 @@ -170,6 +171,8 @@ A =CLAUDE.md= / notes file that asserts mutable environment identity as a fixed 2026-07-02 Thu @ 05:09:58 -0400 — Craig (speedrun pre-flight): rule + startup lint. A new claude-rules file plus a cheap grep probe in startup flagging host-identity claims in CLAUDE.md / notes.org fleet-wide. +Resolution 2026-07-02: claude-rules/host-identity.md written (fixed-identity claims banned in tracked/synced docs, runtime derivation via uname -n, fleet-description carve-out, the archsetup worked failure) and linked machine-wide by make install. startup.org gained Phase A probe 13 (grep for "this machine/host/box is" claims in CLAUDE.md + notes.org, fixture-verified bash+zsh) and the Phase C host-identity flag line. Flags for judgment, never blocks. + ** TODO [#C] coverage-summary.el documented as a local-only helper :chore: :PROPERTIES: :CREATED: [2026-06-22 Mon] |
