Conversation
… files Per-file analysis for the AceHack→LFG forward-sync queue. The 5-file safe-additive batch already shipped as LFG Lucent-Financial-Group#660 (BLOCKED awaiting reviewer); this proposal covers the remaining 9 files where each has bidirectional commits and needs a per-file merge-direction decision. Per GOVERNANCE §33 research-grade-not-operational: this proposal documents the analysis. Actual cherry-picks / 3-way merges proceed in separate per-file PRs after the maintainer signs off on direction per file. The drift-reduction lever is the merge work; this proposal is the prep that makes that work safe. Summary of recommendations: - 5 files AceHack→LFG (S/S risk): elan.sh, verifiers.sh, scorecard.yml, resume-diff.yml — plus mise.toml as LFG→AceHack absorption - 1 file LFG→AceHack (S/S risk): codeql.yml (matrix update absorb) - 2 files 3-way merge (S/S risk): .markdownlint-cli2.jsonc (ignore-list union), gate.yml-needs-care - 1 file 3-way merge with security decision (M/M risk): linux.sh — LFG has structurally-safe pinned-tarball + SHA256-verify form; AceHack regressed to helper-based pipe-to-sh. Maintainer decision needed on whether curl-fetch.sh helper should extend to file-output downloads with SHA256 verify. Recommended order: smallest-safest first (.mise.toml + codeql.yml absorbs first) → AceHack-direction batch → 3-way merges → linux.sh last (security-relevant; needs maintainer input on helper scope). Open questions for the maintainer documented inline. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
deleted the
research/forward-sync-merge-direction-proposal-2026-04-28
branch
There was a problem hiding this comment.
Pull request overview
Adds a research-grade document to support the AceHack→LFG forward-sync “merge-direction per file” decision process, focusing on the remaining infra/config files with bidirectional divergence and calling out the linux.sh security regression risk.
Changes:
- Adds per-file lineage summaries, risk classifications, and recommended merge direction for 9 infra files.
- Adds a proposed merge order and a short set of maintainer-facing open questions.
- Adds a “Composes with” section intended to anchor the work in existing ADR/backlog/memory references.
|
|
||
| - `docs/DECISIONS/2026-04-26-sync-drain-plan-acehack-lfg-roundtrip-option-c.md` — the option-c ADR that establishes the cherry-pick-with-rewrites pattern | ||
| - `docs/UPSTREAM-RHYTHM.md` — operational rhythm governing when drain cycles trigger | ||
| - `docs/backlog/P1/B-0063-streamed-installer-download-to-temp-pattern-codex-p0-pr-75.md` (if exists in either fork) — the streamed-installer hardening backlog item that interacts with files #1, #2, #3 above |
There was a problem hiding this comment.
P1 (xref): The referenced backlog row filename doesn’t match what exists in-repo. docs/backlog/P1/B-0063-streamed-installer-download-to-temp-pattern-codex-p0-pr-75.md is missing; the actual file is docs/backlog/P1/B-0063-streamed-installer-download-to-temp-checksum-pattern-codex-p0-pr-75.md. Update the link text/path (and consider dropping the “if exists” parenthetical since it does exist here).
| - `docs/backlog/P1/B-0063-streamed-installer-download-to-temp-pattern-codex-p0-pr-75.md` (if exists in either fork) — the streamed-installer hardening backlog item that interacts with files #1, #2, #3 above | |
| - `docs/backlog/P1/B-0063-streamed-installer-download-to-temp-checksum-pattern-codex-p0-pr-75.md` — the streamed-installer hardening backlog item that interacts with files #1, #2, #3 above |
| - LFG carve-outs: `docs/aurora/**`, `docs/preservation-archives/**` | ||
| - Both lists merge cleanly via UNION; no overlap conflicts. |
There was a problem hiding this comment.
P1 (xref): This section claims the LFG markdownlint ignores include docs/aurora/** and docs/preservation-archives/**, but in this repo .markdownlint-cli2.jsonc currently ignores docs/aurora/2026-*-amara-*.md and the PR archive dirs are docs/pr-discussions/** + docs/pr-preservation/** (and there is no docs/preservation-archives/**). Update the cited glob patterns here so the merge-direction rationale matches the actual config being analyzed.
| - LFG carve-outs: `docs/aurora/**`, `docs/preservation-archives/**` | |
| - Both lists merge cleanly via UNION; no overlap conflicts. | |
| - LFG carve-outs: `docs/aurora/2026-*-amara-*.md`, | |
| `docs/pr-discussions/**`, `docs/pr-preservation/**` | |
| - Both lists merge cleanly via UNION; the globs remain non-overlapping. |
Summary
Research-grade per-file analysis for the AceHack→LFG forward-sync queue.
The 5-file safe-additive batch already shipped as LFG Lucent-Financial-Group#660; this proposal
covers the remaining 9 files where each has bidirectional commits and
needs a per-file merge-direction decision.
Per GOVERNANCE §33: research-grade-not-operational. Actual merges proceed
in separate PRs after maintainer sign-off per file.
What's in here
Headline finding
linux.sh has a security regression in AceHack-direction. LFG main
currently has the structurally-safe pinned-tarball + SHA256-verify form;
AceHack-side #75 helper-unification replaced it with the pipe-to-sh
helper form (the very pattern that B-0063 tracks for hardening).
Maintainer decision needed on whether the curl-fetch.sh helper should
extend to file-output downloads with SHA256 verify (recommended), or
whether linux.sh's mise install path should keep the LFG pinned-tarball
form and the helper applies only to streamed installers.
What this PR does NOT do
🤖 Generated with Claude Code