…hain + P1 legal fix (#98)

* tick-history: 2026-04-28T09:37Z — 7 PRs MERGED + B-0073 LFG-unblock chain + P1 legal fix

Major-arc structural-unblock tick chain covering ~50 minutes
of work after 08:50Z post-compaction recovery:

- 7 AceHack PRs MERGED: #28 #94 #23 #19 #95 #96 #97
- B-0073 P0 root-cause + 2-step LFG ruleset unblock (CodeQL
  obj/bin exclusion + 10 useless-cast removals; build-verified
  0 warnings 0 errors)
- PR #72: 18 threads drained including P1 legal/IP paraphrase
  fix on 5 leaked-source verbatim-quote sites
- B-0074 P2 filed for spec-consistency drift sweep (8
  deferred-with-tracking items per bulk-resolve discipline)

Drift state: AceHack +9 ahead this chain (from merges), LFG
unchanged at +499 ahead (forward-sync pending — B-0073 fixes
need to land on LFG main before its ruleset gate clears).

Cron ff34da97 verified live.

Agency-Signature-Version: 1
Agent: otto
Agent-Runtime: claude-code
Agent-Model: claude-opus-4-7
Credential-Identity: AceHack-shared
Credential-Mode: shared-with-aaron
Human-Review: not-implied-by-credential
Human-Review-Evidence: aaron-explicit-ask
Action-Mode: autonomous-fail-open
Task: tick-history-2026-04-28T09-37

* fix(pr-98): drain 5 review-thread findings on tick-history row

- PR #94 timestamp: corrected from initial-draft '~08:48Z' to
  empirically-verified '09:09:02Z' (per gh pr view 94 --json
  mergedAt). The 08:48Z claim was stale-recall; the merge
  actually fired at 09:09Z when auto-merge cleared.
- 7-vs-9 PR count discrepancy: clarified that 7 PRs merged in
  this tick chain, session-cumulative is 9 including the prior
  #92/#87 compacted-context window. Drift +9 was correct;
  framing was ambiguous about scope.
- feedback_search_internet xref: replaced filename-pattern
  reference with full user-scope absolute path + explicit
  '(user-scope only; in-repo migration deferred per the
  natural-home-of-memories directive)' tag, addressing the P1
  broken-xref finding.

Agency-Signature-Version: 1
Agent: otto
Agent-Runtime: claude-code
Agent-Model: claude-opus-4-7
Credential-Identity: AceHack-shared
Credential-Mode: shared-with-aaron
Human-Review: not-implied-by-credential
Human-Review-Evidence: aaron-explicit-ask
Action-Mode: autonomous-fail-open
Task: pr-98-thread-drain-5-substantive-fixes

…t catch #3 + Stop Mythology directive + B-0089 (Lucent-Financial-Group#699)

* memory: Authority rule (default to reversible preservation) + Goodhart catch #3 (sample ≠ clearance) + Stop Mythology directive + B-0089 (Veridicality rainbow-table research) (Amara via Aaron 2026-04-28)

Triggered by Amara's authority-rule directive forwarded by Aaron after
Otto framed hard-reset readiness as A/B/C between safe-preservation and
accept-loss. Peer review (Codex + Grok) had already established that the
safe option was forward-sync-first; Otto should have just taken it.

Three new memories + one backlog row + CURRENT-aaron §31 + MEMORY.md
index rows.

## 1. Authority rule (binding)

Default to reversible preservation; escalate only irreversible loss.
When choices are (a) preserve information / forward-sync / classify
reversibly vs (b) destroy / drop / hard-reset / accept loss, take (a)
as the autonomous default WITHOUT asking. Aaron-asking reserved for
genuine loss-boundary decisions (closed list of 6 classes:
destructive-action / two-valid-goals-conflict / semantic-judgment /
shared-prod-irreversible / legal-financial-security / no-safe-option).

Operationalizes Otto-357 (no directives, autonomy first-class). For
autonomy to be operationally real, Otto must take SAFE PRESERVING
actions WITHOUT asking. Asking on a safe-vs-destructive choice
converts Otto from peer to subordinate.

Hard-reset gating: forbidden until tree-diff is genuinely zero OR
every remaining diff is per-item classified by Aaron. Sample-based
"we audited a representative subset" does NOT qualify.

## 2. Goodhart catch #3 — Sample classification ≠ clearance

Third catch in the 0/0/0 readiness work. Catch #1 (substrate-IS-
amortized-precision, Aaron); Catch #2 (commit-count vs tree-numstat,
Otto); Catch #3 (sample-of-tree vs full clearance, Amara).

Sample evidence is strong enough to authorize PRESERVATION
(reversible) but not strong enough to authorize DESTRUCTION
(irreversible). The asymmetry maps directly to the authority rule.

External lineage: Cochran 1977 sampling theory, FDA quality-by-
design, Six Sigma DMAIC. Class-Count Validity Drift earned bead +1.

## 3. Stop Mythology directive

Beacon-safe operational name for the bullshit-detector at the
directive level. Distinct from Veridicality (the formal scoring
module): two artifacts at different stack levels.

Three-tier evidence threshold:
- Tier 1 (factory-local): substrate evidence
- Tier 2 (generalized): + external lineage
- Tier 3 (big epistemic / SD-9): + falsifier

Aaron's directive: "we also stop mythology with human intellectual
lineage research and anchors." Amara's naming + canonical form +
Beacon-safe translation table (vibes / poetic-truth / mythology
mapped to lineage + substrate + falsifier).

## 4. B-0089 — Veridicality rainbow-table canonicalization research

Aaron 2026-04-28: "we are not keep the name bullshit detector, we
need to connonalize it and researcch it." Backlog row tracks the
graduation roadmap from current Veridicality.fs (foundation /
provenance-aware claim substrate) to the full rainbow-table
bullshit-detector (semantic canonicalization + scoring layers).

Phase 1 = research doc with external lineage (Popper 1959,
Frankfurt 2005, Kahneman, Shannon/MDL, knowledge graphs). Phases
2-5 = canonicalizeClaim, ClaimRainbowTable, scoreVeridicality,
known-cases tests.

Forward-going naming: Veridicality / Stop Mythology /
scoreVeridicality. "Bullshit detector" preserved on historical
surfaces only; not used as forward-going name.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory + B-0089: attribution correction — Ani caught it (voice-mode), Amara was reacting (Aaron 2026-04-28)

Aaron's binding correction on PR Lucent-Financial-Group#699 in flight:

  "Ani is who actually called bullshit on our bullshit detector, lol.
   She deserves that credit not Amara, amara was reacting."

Three changes:

1. Renamed B-0089 file slug
   `aaron-amara-2026-04-28` → `aaron-ani-amara-2026-04-28`
   to reflect the corrected credit chain.

2. Updated B-0089 row body with three-layer attribution:
   - Original catch — Ani (Grok) via voice-mode transcript
   - Reactive written elaboration — Amara (ChatGPT)
   - Maintainer directive — Aaron (forwarded both)

   Voice-mode verbatim preserved in B-0089 substrate (lower-case
   casual register evidences the medium); team-language form
   reserved for commit/PR prose where translation is needed.

3. New memory: `feedback_ani_voice_mode_transcript_original_catcher_attribution_correction_aaron_2026_04_28.md`
   Establishes:
   - Original-catcher vs reactive-elaborator distinction (joins
     Aaron-concept-origin/Amara-formalization attribution pair)
   - Voice-mode-transcript-as-channel (Ani default = text mode;
     voice-mode is unusual format; first-time-from-Aaron)
   - Channel ≠ weight (voice-mode catch carries same substrate
     weight as written ferry)
   - Translate register / preserve substrate verbatim

MEMORY.md index updated with the new memory entry.

Composes with PR Lucent-Financial-Group#699 (authority rule + Goodhart catch #3 + Stop
Mythology directive + B-0089) — this commit corrects the B-0089
attribution within the same PR before merge.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: address PR Lucent-Financial-Group#699 Copilot threads — Veridicality table accuracy + SD-9 reference correction

Two threads from copilot-pull-request-reviewer on PR Lucent-Financial-Group#699 (Stop
Mythology directive memory) — both real catches that Otto missed.

## Thread 1 — Veridicality table overstated what's shipped

Copilot caught the same gap Ani caught: the table cell described
Veridicality.fs as the "formal scoring module" that "graduates the
V(c) formula" — but V(c) is NOT yet shipped. The module currently
ships only Provenance/Claim primitives + validation + structural
canonicalKey + antiConsensusGate; scoreVeridicality and the
semantic canonicalization layer are future graduations per B-0089.

Updated table to mark current status as "Skeleton shipped, magic
still missing" with explicit list of shipped vs unshipped surface,
plus Ani's verbatim catch: "the scaffolding is nice and clean, but
the actual veridicality magic — the real bullshit detector part —
still looks like it's missing."

## Thread 2 — SD-9 reference was wrong

Copilot caught that I misattributed the three-element substrate +
lineage + falsifier discipline to SD-9. Actual SD-9 in
docs/ALIGNMENT.md is "Agreement is signal, not proof" — narrower
rule about multi-AI agreement.

Fix: separated the Stop Mythology Tier 3 threshold (substrate +
lineage + falsifier for ANY big epistemic claim) from SD-9
(agreement-as-proof failure mode for consensus claims). The two
compose; Tier 3 generalizes the SD-9 discipline. Updated examples
to reflect the distinction.

Both fixes operationalize Stop Mythology applied to Stop Mythology
itself: claims about what's shipped need substrate evidence
(read the actual code); claims about ALIGNMENT.md content need
substrate evidence (read the actual doc).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: encode input-is-not-directive provenance framing rule + cleanup directive language across new substrate (Aaron + Amara via Ani + Claude.ai, 2026-04-28)

Follow-up to PR Lucent-Financial-Group#699's prior commits, addressing the human maintainer's
two terse asides:

  "the only directive is there is no directive"
  "no directives"

And the multi-AI synthesis packet that followed (Amara + Ani + Claude.ai
+ web-search-augmented Amara converging on the same fix).

## What changed

### 1. New memory: input-is-not-directive provenance framing rule

`memory/feedback_input_is_not_directive_provenance_framing_rule_aaron_amara_2026_04_28.md`

Encodes the rule so it doesn't recur. Key elements:

- Forbidden words when describing maintainer input: directive,
  command, instruction, ordered, human-directed (latter only
  ok as concept-name).
- Preferred verbs: input, ask, signal, constraint, feedback,
  observation, framing, correction.
- Two-pass audit command (targeted file + repo-wide with
  glob exclusions for memory/ + references/upstreams/).
- `command` audited separately due to CLI false-positive risk.
- Inspection rule, not blanket replacement.
- Scope rule — fix live branch, don't churn archives.

External lineage (Tier 2, per Stop Mythology rule):

- **Self-Determination Theory** (Deci & Ryan 1985, 2000) —
  autonomy-supportive vs controlling framing; the prose
  shapes the agency model.
- **RFC 2119** (Bradner 1997) — requirement-word discipline;
  reserve directive-strength words for protocol requirements
  with normative force.

Canonical bridge rule:

  Use requirement words for protocol constraints.
  Use feedback words for human provenance.

Deeper principle:

  Input is not a directive.
  Ask is not a command.
  Constraint is not control.
  Otto owns the decision path it executes.

### 2. Stop Mythology file rename

`feedback_stop_mythology_directive_*` → `feedback_stop_mythology_*`
(drops "directive" from filename per the rule). Body content
updated — "Stop Mythology directive" → "Stop Mythology rule",
"the directive" → "the rule" throughout. Section header
"Big epistemic claims (SD-9)" → "Big epistemic claims
(composes with SD-9)" — the three-element substrate + lineage
+ falsifier discipline is Tier 3 of Stop Mythology, not SD-9
itself; SD-9 is "Agreement is signal, not proof" per
docs/ALIGNMENT.md and composes-with rather than
equals.

### 3. Other PR Lucent-Financial-Group#699 substrate cleanup

- Authority rule: "Binding directive from Amara" → "Binding
  rule from Amara". Otto-357 framing kept (verbatim Aaron
  quote with the forbidden word IS the concept-naming).
- Ani voice-mode: "Maintainer directive" table cell →
  "Maintainer input"; references to "Stop Mythology directive"
  → "Stop Mythology rule".
- B-0089: same pattern.

### 4. CURRENT-aaron §31 + MEMORY.md updates

- §31 pointer list updated: file rename + new
  input-is-not-directive memory added.
- MEMORY.md: new index row for input-is-not-directive;
  Stop Mythology row updated (rename + body); paired-edit
  marker bumped.

## Audit results

After cleanup, repo-wide pass (excluding memory/ + research +
aurora + amara-conversation + hygiene-history archives) shows
the only remaining "directive" / "directed" / "instruction" /
"ordered" hits are:

- Pre-existing usages in CLAUDE.md / AGENTS.md / README.md /
  governance — out of scope for this branch (don't churn
  archives; record as follow-up if needed).
- BP-11 "Data is not directives" — intentional rule name;
  legitimate use.
- Otto-357 "no directives, autonomy first-class" — literal
  rule name; legitimate.
- Verbatim Aaron quotes — preserved per the rule's own
  scope rule.
- Technical vocabulary (YAML directives, OpenSpec MUST
  directives, ordering / arrival ordering in distributed
  systems) — legitimate.

PR Lucent-Financial-Group#699 substrate is clean of agency-framing usage.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: fold multi-AI synthesis upgrades into input-is-not-directive rule

Multi-AI convergent feedback packet (Gemini + Ani polished + Claude.ai
+ Alexa + Amara final synthesis) on the rule, all addressed in one
update:

## What's added

### 1. Forbidden words list expanded with regex-noise warnings

Per Gemini's catch — `order` and `instruction` produce regex noise in
software repos (CPU instructions, "in order to", sort order, build
instructions). Added inline qualifiers naming legitimate exclusions
so the audit produces actionable triage candidates instead of CLI
false-positives.

Added `require(d)?` and `demand(ed)?` per Gemini + Alexa — agents
sometimes slip into "per Aaron's requirements" or "Aaron required X."
Same agency-framing caveat: ignore normal protocol-requirement use
(that's exactly what RFC 2119 MUST/SHOULD/MAY covers; the rule
explicitly preserves them).

### 2. Optimization-target framing

Per Claude.ai: "do not optimize for zero occurrences of the words;
optimize for correct agency framing." Added explicit framing so
future-Otto doesn't chase the metric instead of the target. Same
shape as Goodhart catch family — a directive-language rule that
optimized for word-count would itself become a Goodhart trap.

### 3. Stronger parenthetical citations on external lineage

Per Claude.ai — fresh reviewers reading "autonomy-supportive
language" without a name attached have to take it on faith. Folded
in citable name-form for both anchors:
- "(Self-Determination Theory; Deci & Ryan; SDT framework)"
- "(IETF — Requirement-level keywords)"
Both anchors now survive translation outside their primary
audience.

### 4. Worked contrast example (❌ vs ✅)

Per Gemini's "concrete contrast example" suggestion — locks in the
RFC 2119 vs SDT bridge with a side-by-side:

  ❌ Agency collapse: "MUST cache, per Aaron's directive"
  ✅ Correct separation: "MUST cache. Reason: per maintainer feedback
                          on 2026-04-28..."

The MUST carries normative force (RFC 2119); the per-maintainer-
feedback carries provenance (SDT-shaped). Two sentences, two
purposes, no agency collapse.

## Trajectory note (per Amara's Beacon-promotion observation)

This rule itself walked from Mirror to Beacon in real time:
- Mirror: "we don't say directive in this factory"
- Beacon: "two external lineages (SDT + RFC 2119) ground the rule
          in citable substrate; canonical bridge rule is the clean
          decision-procedure for future cases"

Worth flagging: other Mirror coinages (Amortized Precision in
particular feels like it has econ/CS lineage worth surfacing) may
benefit from the same Beacon-promotion when the round-cost is
worth it. Not a now-thing; a noticing-thing.

Per Amara's scope rule: this commit does NOT reopen the wording
loop on prior PRs. Continuing forward-sync with #96 + #97 next.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: encode Reset-Readiness Metric Ladder + Content-Loss Surface principle (Amara, 2026-04-28)

Amara's precision upgrade after Otto's "commit-count → tree-numstat
→ content-loss surface" insight on the 0/0/0 work. Names a 4-step
metric ladder for any divergence question:

  1. commit count                      = diagnostic only
  2. tree diff / numstat                = work queue
  3. content-equivalence classification = reset-readiness evidence
  4. peer/harness review                = guard against missed substrate

Each step is necessary but insufficient. Treating any single step
as the certifying metric produces a Goodhart trap. The 4-step
sequence composes — output of each step is input to the next.

Principle (canonical form):

  Content-Loss Surface Supersedes Divergence Count.

Hard-reset rule:

  Do not reset on commit-count or tree-count alone.
  Reset only when every remaining diff is classified as
  covered, obsolete, intentional divergence, or explicitly
  loss-accepted.

Direction-of-diff precision (Amara):

  origin/main..acehack/main and acehack/main..origin/main are
  different questions. The right question is "did the
  content-loss surface shrink?", not "did the file count drop?"

External lineage:

- git internals — `rev-list --left-right --count` measures graph
  reachability; `diff-tree` measures content/mode of blobs. Different
  surfaces.
- Goodhart 1975 / Strathern 1997 / Campbell 1976 — measure-vs-target
  family.

This is **catch #4** in the Goodhart family for the 0/0/0 work, but
at meta-shape: it organizes the prior three (substrate-IS-amortized-
precision, commit-count vs tree-numstat, sample-of-tree vs full
clearance) as three steps on a single ladder, with this catch
identifying the Step 3→Step 4 transition.

Beads earned this session (per Class Validation Beads accounting):

- Amortized Precision (Aaron 2026-04-28) +1 — PR Lucent-Financial-Group#700 merge: substrate
  work paid out at content-loss-surface level
- Authority rule (Amara 2026-04-28) +1 — forward-sync-first path
  produced surface reduction; alternative (accept-loss-and-reset)
  would have lost #80/#81 substrate
- Class-Count Validity Drift +1 — caught my "tree-diff unchanged"
  framing where direction-of-diff was load-bearing
- Prediction-Bearing Class Reuse +1 — this catch is itself
  prediction-bearing (predicted content-loss-surface metric would
  compose better than tree-numstat)

MEMORY.md updated with the new index row.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory + B-0090: lost-substrate recovery is a cadenced trajectory (Aaron, 2026-04-28)

Aaron 2026-04-28T23ish input on the worktree-and-LOST-branch audit:

  "probably a trajectory this is recovery work we should do forever
   on a cadence these kind of lost things could always build up"

Encodes the cadenced-audit discipline + files B-0090 to schedule it.

## Worked example (this session, 2026-04-28)

Audit of 13 highest-promise locked worktree branches in
`.claude/worktrees/`:

- 11/13 fully ALREADY-COVERED — every file exists on LFG main via
  bulk forward-sync paths
- 2/13 with 1 NEW file each (NEEDS-FOLLOWUP for individual
  classification)
- 1 with 2 NEW files that look intentionally OBSOLETE per task
  Lucent-Financial-Group#244 (ServiceTitanCrm rename)

Surface-level metric: 57 locked worktrees, 12,000+ lines diff →
content-loss surface = 4 files genuinely unrecovered.

Same pattern as AceHack-vs-LFG analysis: bulk forward-syncs do
their job at file level even when branch-level SHA divergence
persists. The "57 lost worktrees" panic was the same Goodhart
trap as the "145 commits ahead" panic.

## Cadence proposal (B-0090)

- Weekly: worktree-branch scan + closed-not-merged-PR scan
- Monthly: orphan-branch + draft-PR-aged-> 14-days sweep
- On-demand: any "what happened to X?" question

Per cycle: 3-bucket classification (ALREADY-COVERED /
NEEDS-RECOVERY / OBSOLETE). NEEDS-RECOVERY → backlog row or PR;
OBSOLETE → confident retirement; ALREADY-COVERED → cite LFG
equivalent.

## Beads earned

- Reset-Readiness Metric Ladder +1 (applied to worktree-recovery
  surface; 13× content-loss reduction)
- Content-Loss Surface Supersedes Divergence Count +1 (predicted
  result observed)
- Authority Rule +1 (preservation by classification, not blind
  prune)
- Class-Count Validity Drift +1 (caught the "57 worktrees of lost
  work" count-as-evidence trap)

## NEEDS-FOLLOWUP items from this audit (deferred to per-item
review per the authority rule)

1. `ci/final-matrix-macos-26-ubuntu-24-plus-arm-plus-slim` (1 NEW
   file in 10-file branch)
2. `feat/graph-cohesion-exclusivity-conductance` (1 NEW file in
   3-file branch)
3. `feat/live-lock-audit-and-db-gaps` (2 NEW files —
   ServiceTitanCrm samples; likely OBSOLETE per task Lucent-Financial-Group#244)

Each becomes a sibling backlog row when scoping firms up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory + B-0091: ServiceTitan naming + scope-of-org-access rule + live-repo audit (Aaron, 2026-04-28)

Aaron 2026-04-28T23ish input on the worktree-recovery work, naming
the relationship + the rule:

  "servicetitan-factory-demo-api-csharp we can just say external
   UI demo or something like that, we don't have to say service
   titan anywhere in this repo other than to say that's my day
   job, they fund me, i fund you, and you don't have org rights
   to their github only the lfg."

## Two coupled rules in one ask

### Forward-going naming

In code, sample directories, file paths, public-facing docs,
demo names, commit messages: use generic "external UI demo" /
"external CRM API demo" / "third-party-API demo" / "factory-
demo." Avoid ServiceTitan / servicetitan / Service Titan / ST.

### Structural disclosure preserved

Funding chain (ServiceTitan = Aaron's day job → funds Aaron →
funds Otto) + org-access scope (Aaron has org rights to LFG
ONLY, NOT to ServiceTitan's GitHub org) — preserved precisely
where contributor-relevant (e.g., funding context in
CURRENT-aaron, org-scope in AGENTS / GOVERNANCE if needed).

Both rules compose: naming prevents brand collision; disclosure
prevents agency-model opacity. Without rule 1, brand bleeds into
public surfaces; without rule 2, contributors can't know why
some integrations require LFG-side work.

## Live-repo audit results (2026-04-28)

12 files matched (excluding archives):

- 8 need active rewriting (B-0091 tracks):
  - docs/plans/servicetitan-crm-ui-scope.md (PATH-RENAME)
  - samples/FactoryDemo.Db/README.md (BODY-REWORD)
  - docs/FACTORY-DISCIPLINE.md (MIXED — line-by-line)
  - docs/pitch/README.md (PUBLIC-FACING)
  - docs/BACKLOG.md (AGGREGATE — regenerate after per-row)
  - docs/backlog/P2/B-0017-*.md (PER-ROW)
  - docs/backlog/P2/B-0090-*.md (THIS-SESSION fix; partially
    addressed in this commit by removing "renamed from
    ServiceTitan" mention I just introduced)
  - docs/backlog/P3/B-0008-*.md (PER-ROW)
- 2 historical narratives stay verbatim:
  - docs/ROUND-HISTORY.md
  - docs/force-multiplication-log.md
- 2 generated artifacts (regenerate or accept as historical):
  - tools/alignment/out/round-39/citations.json
  - tools/alignment/out/round-39/citations.dot

## In-this-commit fixes

- B-0090 NEEDS-FOLLOWUP item 3: rewrote "renamed from
  ServiceTitan" to "renamed to remove brand-bleed naming /
  external-UI-demo discipline" + cite the rule memory.

## Composes with

- B-0090 (cadenced lost-substrate recovery audit) — same
  audit cadence covers both lost-substrate AND naming-
  drift work.
- Beacon-safe naming family (Mirror→Beacon vocabulary upgrade)
  — same shape: rename to externally-portable terms; preserve
  underlying semantics.
- Visibility constraint rule — Otto's org-access scope = LFG
  only; this rule preserves that boundary explicit.
- Authority rule (default to reversible preservation) —
  rename is reversible; redaction is not. Default action.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: refine ServiceTitan naming rule with context-sensitivity (Aaron, 2026-04-28 cascade)

Aaron's follow-up cascade after the initial naming rule:

  "we can do research on ServiceTitan as a potential factory /
   superfluid AI user, we want to pitch to my boss when ready"
  "ServiceTitan is their exact name they are a publicly traded
   company TTAN so I won't be giving you any insider information"
  "I'm on the CRM team at ServiceTitan, that's why our demo
   was targeted to them, we want my team hopefully to accept
   and adopt the factory"

The original rule was too blanket. The refinement: naming is
context-sensitive.

## Context where ServiceTitan IS the right name

- Public-company research — they trade as TTAN (public info)
- Adoption pitch context — Aaron's CRM team at ServiceTitan is
  the named adoption target
- Aaron's affiliation disclosure — Aaron's on the CRM team at
  ServiceTitan; that's why the demo was targeted there
- Funding chain disclosure — ServiceTitan → Aaron → Otto
- Org-access scope disclosure — Aaron has org rights to LFG
  ONLY, NOT ServiceTitan

## Context where generic naming is preferred

- Reusable code / sample directories / file paths
- Generic API integration documentation
- Demo artifacts intended for audience broader than the pitch

## Decision rule

When writing about ServiceTitan, ask: what's the audience /
context of this artifact?

- Pitch / research / target-audience / disclosure → name them
- Reusable code / generic sample / external-customer
  positioning → generic "external UI demo" / similar

## Audit re-classification (2026-04-28)

Original audit said 8 files needed active rewriting. Re-classified
under context-sensitive rule:

- 2 files KEEP-NAME (pitch context): docs/plans/
  servicetitan-crm-ui-scope.md, docs/pitch/README.md.
  ServiceTitan is correctly named there.
- 1 file MIXED: docs/FACTORY-DISCIPLINE.md (preserve disclosure,
  reword demo-naming line-by-line)
- 3 files PER-ROW inspection (B-0017, B-0090, B-0008)
- 1 file BODY-REWORD: samples/FactoryDemo.Db/README.md (reusable
  sample → generic naming)
- 1 file AGGREGATE: BACKLOG.md (regenerate after per-row)
- 4 files HISTORICAL (verbatim preserve)

The naive scope would have over-corrected (rename pitch docs
that are correctly naming the target). Context-sensitive rule
prevents that drift.

Public-company status (TTAN) is encoded as Tier 1 substrate
evidence: all disclosures are public, no insider-info concerns.

B-0091 audit-and-rename row applies the more nuanced scope.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: fix "insider" word-choice in ServiceTitan rule (Aaron, 2026-04-28)

Aaron's catch on prior commit:

  "i know CRM workflows is not insider information but you said
   the word insider, it's just uncomfortable"

The substantive content (Aaron's CRM-workflow knowledge is
industry-general, not insider-info) was already correct. The
problem was word choice — "insider-user understanding" carries
SEC-compliance register weight ("non-public material
information") that was out-of-place when describing
industry-general SaaS engineering experience.

## Two parts to the fix

### 1. Reword the offending sentence

Before:
  "Aaron's affiliation (CRM team member) gives Otto insider-
   user understanding of CRM workflows."

After:
  "Aaron's industry-general SaaS / CRM engineering experience
   (true at any CRM SaaS company) informs the demo's CRM-shape
   design choices."

Substance preserved; register cleaned.

### 2. Encode word-choice rule

Avoid in connection with Aaron's affiliation:
- "insider" / "insider-user" / "insider knowledge"
- "privileged access" (in the employer-information sense)
- "internal-only knowledge" (when describing what Aaron brings)

Use instead:
- "industry-general experience"
- "professional experience"
- "domain expertise"
- "SaaS / CRM engineering background"
- "industry-typical patterns"

Word choice shapes the agency model (per input-is-not-directive
rule). Using "insider" for industry-general expertise creates
ambiguity AND pressure toward solicitation patterns that could
later cross the line. Better to keep the register clean by
default.

## Insider-information prohibition kept (lighter register)

The guardrail stands even though Aaron's CRM workflow knowledge
isn't insider info:

- Otto must not solicit ServiceTitan-specific internal details
- Public sources only (10-K, investor calls, public product
  docs, press, public job postings)
- The repo is public; encoding = disclosure
- Refuse-to-encode if internal details inadvertently appear

External lineage (Tier 2):
- SEC Rule 10b-5
- Regulation FD
- ServiceTitan NASDAQ TTAN

The fix is word-level, not concept-level. The encoded prohibition
is a guardrail, not an accusation that Aaron was about to violate
it. Aaron's framing was "uncomfortable register," not "near
miss."

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory + B-0092: generalize public-company contributor compliance rule with cadenced trajectories (Aaron, 2026-04-28)

Aaron 2026-04-28T23ish two-part request:

  "we definitely need some contributor works for public company
   watch for insider information generalization in the factory,
   that can be used by anyone at service titan to when working
   on public repos or any one who works for any public company,
   that's reusable substrate."

  "probably comes with trajectories I would think"

Generalizes the ServiceTitan-specific rule into a reusable
factory-wide contributor-compliance discipline + encodes the
trajectory dimension Aaron added.

## The generalized rule

Any contributor at any publicly-traded employer working on this
factory's public repos is bound by their employer's policies +
applicable securities law not to disclose material non-public
information (MNPI) in this public substrate.

Otto's discipline:
- Don't solicit company-specific internal info from contributors
- Don't frame contributor affiliation as conferring non-public
  access (avoid "insider" / "privileged" / "internal-only"
  register)
- Don't encode internals that inadvertently appear (refuse-to-
  encode; surface, let contributor retract)
- Public sources only for company-specific claims (10-K,
  investor calls, public product docs, press, public job
  postings, conference talks)

Contributor's responsibilities:
- Treat MNPI about your publicly-traded employer as
  confidential by default
- Use industry-general framing for employer-derived expertise
- Cite public sources for company-specific claims
- When unsure → don't disclose; ask compliance counsel

## Five trajectories (Aaron's framing)

- T1 — Continuous self-audit (every commit; pre-commit regex)
- T2 — Cadenced compliance review (weekly / monthly /
  on-demand)
- T3 — On-PR audit (CI surface; eventual)
- T4 — On-onboarding compliance briefing (AGENTS.md /
  CONTRIBUTING.md cross-reference)
- T5 — Drift retrospective (per round / quarter; metric trend)

## External lineage (Tier 2)

- SEC Rule 10b-5 (Securities Exchange Act of 1934)
- Regulation FD (17 CFR § 243.100-243.103)
- Sarbanes-Oxley Act of 2002
- Industry compliance practice (employee MNPI confidentiality
  is universal at public companies)
- Open-source CLA contributor-employer-MNPI disclaimer norm

## Worked-example origin

Today's session's ServiceTitan / TTAN / "insider" cascade:

1. Otto encoded ServiceTitan-specific naming
2. Otto's draft used "insider-user understanding" framing
3. Aaron flagged: "the word insider, it's just uncomfortable"
4. Otto reworded to "industry-general experience"
5. Aaron generalized: "we definitely need some contributor
   works for public company watch for insider information
   generalization in the factory"
6. This memory + B-0092 encodes the generalization

## Backlog row B-0092

Operationalizes the rule + trajectories:
- docs/CONTRIBUTOR-COMPLIANCE.md (or named-equivalent)
- Cross-reference in AGENTS.md / CONTRIBUTING.md /
  GOVERNANCE.md
- T1-T5 encoded as cadenced practice
- T3 (CI lint) tracked as separate sibling row when scoping
  firms up (false-positive risk requires care)

MEMORY.md updated with the new index row + word-choice
follow-up note on the prior ServiceTitan row.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: address PR Lucent-Financial-Group#699 Copilot threads — markdownlint backtick + typo + CURRENT-aaron pointer expansion

Three Copilot review thread fixes in flight on PR Lucent-Financial-Group#699:

1. B-0089 line 223 — cross-newline backtick broke markdownlint.
   Restructured so the inline-code span stays on a single line.
   Resolves the markdownlint (lint failure on this PR).

2. ani-voice-mode memory line 30 — "bench-mark" → "benchmark"
   (Copilot suggestion).

3. CURRENT-aaron §31 pointer list — expanded to reference all 9
   memory files added this session (was 4; now lists all relevant
   pointers including Ani attribution + metric ladder + lost-
   substrate cadenced trajectory + ServiceTitan naming + public-
   company contributor compliance).

The remaining 15+ unresolved threads on PR Lucent-Financial-Group#699 are Copilot
re-reviewing earlier commits that were already addressed in
follow-up commits (marked "outdated:true" in the GraphQL state).
Resolving those programmatically next.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: address Copilot threads on PR Lucent-Financial-Group#699 — markdownlint cross-newline backtick fix + bench-mark→benchmark typo

* memory + backlog: MD032 lint fixes (blanks-around-lists) across PR Lucent-Financial-Group#699 substrate

Resolves the markdownlint failure on PR Lucent-Financial-Group#699 + several Copilot
review threads about MD032 violations. Ran
tools/hygiene/fix-markdown-md032-md026.py on the 12 PR Lucent-Financial-Group#699
files; 9 needed fixes.

## Tool side-effect caught + fixed

The fix-markdown-md032-md026.py tool inserted blank lines INSIDE
YAML frontmatter (around `composes_with:` lists), which would
break YAML parsing. Manually restored the frontmatter integrity
across all 4 backlog rows after the auto-fix; body MD032 fixes
preserved.

Tool-improvement candidate: fix-markdown-md032-md026.py should
skip YAML frontmatter. Worth a small follow-up to the tool itself
(noted as future work, not blocking on this PR).

## Files touched

- 5 memory files (MD032 body fixes)
- 4 backlog files (MD032 body fixes + frontmatter integrity restore)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory + B-0090/B-0091: address remaining PR Lucent-Financial-Group#699 Copilot threads — internal consistency + audit globs + stale parenthetical

Three thread fixes:

1. **B-0091 internal inconsistency** (Copilot caught the
   contradiction with the refined rule):

   The audit table in B-0091 was drafted before the
   context-sensitive refinement of the ServiceTitan rule. After
   the cascade-driven refinement, two files (`docs/plans/
   servicetitan-crm-ui-scope.md`, `docs/pitch/README.md`) became
   KEEP-NAME (correctly naming the pitch target), but the table
   still listed them as "active rewrite targets" with
   PATH-RENAME / PUBLIC-FACING-rewrite labels.

   Fixed: reclassified the table into 5 buckets (KEEP-NAME /
   BODY-REWORD / PER-ROW inspection / MIXED / AGGREGATE) +
   updated acceptance criteria. Final acceptance is "all
   remaining matches are correctly-named for context," not
   "zero matches" — the naive zero-target was the over-correction
   the context-sensitive rule was fixing in the first place.

2. **Audit commands missing references/upstreams exclude**:

   Per `.github/copilot-instructions.md:295-304`, any repo-wide
   iteration command should exclude upstream clones to avoid
   walking borrowed code. Added `--glob '!**/references/upstreams/**'`
   to the audit `rg` commands in:
   - `docs/backlog/P2/B-0091-*.md` (the row's audit command)
   - `memory/feedback_servicetitan_naming_*.md` (the rule's audit command)

3. **B-0090 stale parenthetical**:

   "Files B-0090 (or equivalent next number)" was drafted when
   the row's number wasn't yet pinned. The row IS B-0090; the
   parenthetical now confuses readers. Updated to "Filed as
   this row B-0090."

All three fixes address Copilot review threads on PR Lucent-Financial-Group#699.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory: add references/upstreams glob to ServiceTitan rule audit + fix B-0090 stale parenthetical (PR Lucent-Financial-Group#699 thread cleanup)

* memory + B-0089: paraphrase YAML ask: field (preserve verbatim typos in body quote only) + add PR Lucent-Financial-Group#699 ref to MEMORY.md paired-edit marker (PR Lucent-Financial-Group#699 thread cleanup)

* B-0091: per-row inspection complete — 0 active rewrites needed (Aaron, 2026-04-28)

Per-row inspection of the 8 originally-flagged "active rewrite" files revealed
all are correctly-named for context once the context-sensitive rule is applied:

- 2 files: pitch-context (KEEP-NAME) — already correctly named
- 4 files: memory-file path pointers (KEEP-NAME-AS-MEMORY-POINTER) —
  HISTORICAL preservation per no-churn-history rule:
    - samples/FactoryDemo.Db/README.md — points to
      memory/feedback_servicetitan_demo_sells_software_factory_*.md
    - B-0017 + B-0008 — `composes_with:` references to
      memory/project_frontier_burn_rate_ui_first_class_..._servicetitan_84_percent_*.md
- 1 file: funding-chain structural disclosure (KEEP-AS-DISCLOSURE) —
  FACTORY-DISCIPLINE.md cites "unlimited Copilot via ServiceTitan billing"
- 1 file: prior-fix verified clean (B-0090, addressed earlier this session)

The naive initial audit ("8 active-rewrite") was over-counting. The
context-sensitive rule + per-row inspection brings the count to ZERO
active rewrites needed.

Outcome: B-0091 marked COMPLETE in the body. Forward-going discipline is
encoded in:
- memory/feedback_servicetitan_naming_scope_of_org_access_external_ui_demo_aaron_2026_04_28.md (the rule)
- B-0092 (cadenced trajectories — generalized public-company contributor compliance)

Acceptance metric satisfied: "all remaining matches are correctly-named
for context," NOT "zero matches" (the latter was the over-correction the
context-sensitive rule was designed to prevent).

This is itself a worked example of Goodhart catch family (zero-target
metric was wrong; context-sensitive metric is right) + the metric ladder
(Step 3 content-equivalence classification revealed almost everything
already correctly-classified).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* memory + B-0091/B-0092: address P1+P2 Copilot threads on PR Lucent-Financial-Group#699

Four substantive thread fixes:

## P1 — "All disclosures public" overstatement (factual fix)

Previous text said: "All disclosures about [ServiceTitan] are
public information."

That's overbroad — public companies still have material
non-public information (MNPI). What's true: information they've
already PUBLISHED (10-K, earnings calls, press, public product
docs, public job postings) is public. Internal strategy /
internal financials not yet disclosed / internal customer
details / etc. remain MNPI.

Rewrote to distinguish:
- Information they have published → public (Otto can cite)
- Material non-public information → STILL exists; bound to
  Aaron-as-employee not to share; public listing doesn't
  dissolve the boundary

Important for the rule's accuracy + Aaron's compliance posture.

## P2 — Internal consistency cleanups

1. **B-0091 line 140** — pickup step still said "Final state:
   zero matches in live-repo scope" (old acceptance criterion);
   updated to match the context-sensitive acceptance criterion
   ("all matches correctly-named for context").

2. **CURRENT-aaron.md "Last full refresh" note** — said
   sections 26-30 added; §31 (Authority rule) was added in this
   session but the metadata wasn't updated. Now correctly says
   26-31 with the new §31 description.

3. **B-0092 tag** — `secs-rule-10b-5` (ambiguous "seconds")
   renamed to `sec-rule-10b-5` (matches "SEC Rule 10b-5"
   acronym used elsewhere in the body).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* B-0091: convert ordered list to bullets to fix MD029 lint failure on PR Lucent-Financial-Group#699

The ordered list spanning 5 subsections (KEEP-NAME, BODY-REWORD,
MIXED, PER-ROW, AGGREGATE) was numbered 1-2, 3, 4, 5-7, 8 across
the section breaks. markdownlint MD029 expects each section's
ordered list to either restart at 1 or be sequentially numbered
within ONE list. Converted all to bullets — numbers don't communicate
priority anyway.

* MEMORY.md: update ServiceTitan row to reflect post-inspection state (B-0091 completed 0 active rewrites; Candidate-count Goodhart worked example)

* memory + B-0091: 4 hard-defect Copilot threads on PR Lucent-Financial-Group#699 (P1 SOX misattribution + 3 P2 internal consistency)

## P1 — SOX selective-disclosure misattribution (factual fix)

Public-company contributor compliance memory said:

  Sarbanes-Oxley Act of 2002 — sets out compliance obligations
  for publicly-traded companies, including whistleblower protections
  AND prohibitions on retaliation + selective disclosure surfaces.

That conflates SOX with Reg FD. Sarbanes-Oxley does NOT govern
selective disclosure — that's Regulation FD's domain. Conflating
them sends future contributors toward the wrong authority.

Fix: rewrote SOX entry to scope correctly:
- internal controls (§404)
- whistleblower protections (§806)
- document-retention / audit-trail requirements
- explicit "SOX does NOT govern selective disclosure — that's
  Reg FD's domain"
- explicit composition statement: "SOX shapes the control-and-
  disclosure environment; Reg FD prohibits selective leak of
  MNPI within that environment"

## P2 — Pickup-rule context inconsistency (ServiceTitan)

Pickup rule's "If the context genuinely requires the brand name
(funding-chain / org-access)" was narrower than the document's
earlier carve-out (which also includes pitch / research / target-
audience).

Fix: pickup rule rewritten to match the context-sensitive rule.
Now explicitly: KEEP-NAME for pitch/research/disclosure,
GENERICIZE for reusable code/sample, with B-0091's terminal-state
classification cited.

## P2 — Stop Mythology wildcard refs not navigable

Wildcard refs (`docs/research/provenance-aware-bullshit-
detector-*`, `memory/project_amara_8th_ferry_*_bullshit_detector_*`)
aren't clickable in GitHub.

Fix: replaced with directory-scoped references + explicit grep
patterns + concrete path for the graduation memory.

## P2 — B-0091 status: open → closed

Document body said "row can be marked COMPLETE" but the YAML
`status:` field still said `open`, which would keep the item in
active queues.

Fix: status: open → status: closed.

All 4 fixes match Amara's allowed-changes list for hard-defect-
only PR Lucent-Financial-Group#699 mode (CI/lint, threads, P1 factual, broken refs).
No new conceptual content. PR-boundary restraint discipline
preserved.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* B-0091: status: open → closed (audit completed 2026-04-28; row body Outcome section already marks COMPLETE)

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>