fix(infra): always-run schema CI, diagnose row probe, env-var truthy parity (#122, #301, #232)

[devin-ai-integration]

Summary

Group F of /qor-auto-dev-1 orchestration — three independent infrastructure fixes bundled by low complexity and shared "hygiene" theme.

#122 — Schema Persistence CI always-run (.github/workflows/test-schema-persistence.yml):
The workflow had paths: filters that prevented it from running on non-schema PRs, but branch protection required the check — creating a deadlock where unrelated PRs were blocked indefinitely. Fix: remove the paths: trigger filter so the job always starts (satisfying required-checks), add dorny/paths-filter@v3 to conditionally skip the expensive install+test steps when no schema-relevant files changed. The job posts a green status either way.

#301 — Diagnose row-level probe (cli/diagnose.py, cli/_diagnose_gather.py, tests/test_diagnose_allowlist.py):
bicameral.diagnose probed schema structure (table existence, schema version, row counts) but never tested whether rows could actually be deserialized. A SurrealDB SDK version mismatch manifests as Invalid revision N for type Value on SELECT — schema looks healthy but operational queries fail. Fix:

• Added ledger_sync to _CANONICAL_TABLES (row counts now include it)
• New _probe_row_deserialization(): runs SELECT * LIMIT 1 against ledger_sync and source_cursor to catch deserialization errors
• New row_probe_warnings field in Diagnosis dataclass + _ALLOWED_FIELDS allowlist
• Warnings feed into _compute_suggestions() with actionable "back up + reset" guidance
• New _format_row_probe_section() in the markdown report renderer

#232 — Env-var truthy vocabulary parity (handlers/ingest.py, consent.py):
Three BICAMERAL_* env-var toggles accepted only "1" while BICAMERAL_INGEST_RATE_LIMIT_DISABLE and BICAMERAL_GUIDED_MODE accepted the full _GUIDED_MODE_TRUTHY set (1/true/yes/on, case-insensitive). A user setting BICAMERAL_INGEST_CANARY_DISABLE=true was silently ignored. Fix: all three now use _GUIDED_MODE_TRUTHY:

• BICAMERAL_INGEST_CANARY_DISABLE
• BICAMERAL_INGEST_SECRET_DISABLE
• BICAMERAL_SKIP_CONSENT_NOTICE

#272 — Already resolved: All 3 regressions (test-summary SHA pin, M1 eval AttributeError, e2e Flow 1) were previously fixed on dev by PRs #273, #276, #282. No code changes needed.

Review & Testing Checklist for Human

• Verify test-schema-persistence.yml: on a PR that doesn't touch ledger/schema.py etc., the job should start but skip install+test with "Schema paths unchanged" message
• Run bicameral-mcp diagnose (or bicameral.diagnose via MCP) and verify the new "Row-level probe" section appears in the output
• Set BICAMERAL_INGEST_CANARY_DISABLE=true and verify canary detection is actually disabled (previously only =1 worked)

Notes

• Dev CI baseline regressions blocking #258 merge: test-summary action + M1 eval AttributeError + e2e Flow 1 #272 is closeable — all 3 regressions resolved by prior PRs on dev
• [#216 followup, minor] env-var truthy-set inconsistency on BICAMERAL_INGEST_RATE_LIMIT_DISABLE + circular-ref edge case in size gate #232 Finding 1 (rate limit truthy) was already fixed in PR fix(ingest): bundle devil's-advocate followups #230 + #232 + #233 #238; Finding 2 (circular-ref edge case) was also fixed in fix(ingest): bundle devil's-advocate followups #230 + #232 + #233 #238. This PR addresses the remaining inconsistency in canary, secret, and consent env vars.
• The dorny/paths-filter@v3 action is widely used (17k+ stars) and runs in ~2s. The workflow checkout step still runs for all PRs, but the expensive Python install + pytest steps are skipped when no schema files changed.

Link to Devin session: https://app.devin.ai/sessions/1ce5d923e6d047bb840003f9aa10c812

[devin-ai-integration]

Prompt hidden (unlisted session)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring