From e759c622bd08685e5135e538be94890c0801df24 Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Fri, 1 May 2026 00:03:22 -0400
Subject: [PATCH 1/6] =?UTF-8?q?backlog(B-0128):=20P2=20=E2=80=94=20general?=
 =?UTF-8?q?=20git=20content=20scrubber=20design=20(parent=20of=20B-0127;?=
 =?UTF-8?q?=20generalize-everything)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Aaron 2026-05-01: *"sibling-repo leak scrub-process design you
should generalize to in another backlog item into general git
content scrubber"*. Generalize-everything discipline per
`memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md`
Aaron's verbatim *"we generalizing everything as a discipline"*.

This row generalizes B-0127. The seven leak classes covered:
secrets/credentials, sibling-repo internals (B-0127's class),
PII, NDA/confidential, trademark/copyright, embarrassing/outdated
wording, operational identifiers. Design covers leak-class
taxonomy + decision-matrix (class × reach × detection-time ×
Aaron-context) + mechanism playbook (file-level safe →
branch-level → history-rewrite escalation with CLAUDE.md
"main is forbidden" rail) + audit-trail-preservation discipline.

Out-of-scope: implementation (this is a design row), write-time
prevention (parent rules), secret-rotation procedures (security-
ops surface), external-clone retroactive consistency (you cannot
un-leak from clones).

B-0127 stands as the seed worked-example for the sibling-repo
class; the general design references it without absorbing its
sibling-repo-specifics into the general layer.

Layer 3 of the 4-layer pattern: encode the class (general
scrubber covers all leak classes), not the instance (per-class
duplicate work). Aaron's pointer-at-substrate; implementer
generalizes-and-implements.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 ...ontent-scrubber-design-aaron-2026-05-01.md | 134 ++++++++++++++++++
 1 file changed, 134 insertions(+)
 create mode 100644 docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md

diff --git a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
new file mode 100644
index 000000000..4a56525a6
--- /dev/null
+++ b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
@@ -0,0 +1,134 @@
+# B-0128 — General git content scrubber: design + decision-criteria + mechanism for any-class leak cleanup
+
+**Priority:** P2 (future-defensive; the generalized parent of B-0127. Leak-type-agnostic. Designed when first non-sibling-repo case lands.)
+
+**Filed:** 2026-05-01
+
+**Filed by:** Otto under delegated backlog-prioritization authority. Aaron's framing 2026-05-01: *"sibling-repo leak scrub-process design you should generalize to in another backlog item into general git content scrubber"*. Generalize-everything discipline (`memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md` Aaron's verbatim *"we generalizing everything as a discipline"*).
+
+**Effort:** M (1-3 days — leak-class taxonomy + decision-matrix + mechanism playbook + tooling-survey + audit-trail-discipline; design-only row, no implementation)
+
+## Why this exists
+
+B-0127 covers one specific leak-class (sibling-repo internals). The factory's generalize-everything discipline says: design the *general* pattern, then specific cases become applications of the general. This row is the parent generalization; B-0127 becomes the seed worked-example.
+
+Leak classes the general scrubber must cover:
+
+1. **Secrets/credentials/tokens** — API keys, passwords, OAuth tokens, signing keys accidentally committed. Most common case in industry; mature tooling exists (TruffleHog, Gitleaks, GitGuardian, BFG Repo-Cleaner, `git filter-repo`).
+2. **Sibling-repo internals** — the case B-0127 covers. Names, identifiers, architectural details from related projects.
+3. **PII / personal data** — names, addresses, email addresses, phone numbers committed against consent. GDPR/CCPA implications.
+4. **Confidential / NDA-class content** — customer-specific information, contract terms, embargoed product details.
+5. **Trademark / copyright issues** — third-party trademarks used without authorization, copyrighted content quoted past fair-use.
+6. **Embarrassing or outdated wording** — strong language, outdated taxonomies, framings that no longer match current understanding.
+7. **Operational identifiers** — internal hostnames, IP addresses, infra-topology details, runbook step orders.
+
+Each class has different severity / different reach-tolerance / different scrub-urgency / different audit-trail requirements.
+
+## What
+
+Design + document a general scrubber covering five load-bearing pieces:
+
+### 1. Leak-class taxonomy
+
+A canonical enumeration (the seven above plus an "other" escape hatch) with per-class:
+- **Detection signal** — what pattern identifies a leak of this class (regex, lint, manual review).
+- **Severity floor** — minimum harm assumption (secrets are always severe; outdated wording usually isn't).
+- **Reach-sensitivity** — how badly external propagation matters per class.
+- **Audit-trail style** — what record must remain after scrubbing (secrets need rotation receipts; sibling-repo leaks need un-scrubbed-exemplar acknowledgment when Aaron's frame applies).
+
+### 2. Decision-criteria — does this leak need scrubbing?
+
+A matrix combining:
+- **Class** (from taxonomy).
+- **Reach** (local branch / pushed branch / merged main / external mirror / external clones).
+- **Detection-time vs incident-time** (caught at write-time = prevention layer; caught later = cure layer; caught after external propagation = limited-cure).
+- **Aaron-context** (experimental space = leave-as-evidence per "we should leave this one even then"; production = scrub).
+- **External-actor implication** (does anyone OTHER than Aaron / the maintainer face material harm — third party, customer, regulator).
+
+Output: scrub / leave-and-record / hybrid (scrub-content-keep-audit-trail) / escalate-to-human.
+
+### 3. Scrub mechanism — how to safely remove content
+
+- **File-level scrub** (additive PR; rename + content rewrite). Always safe. Preferred when the leak's reach is local branch only or when commit-message-level cleanup isn't required.
+- **Branch / PR / commit-message scrub** — host-level edits (PR description rewrite, branch deletion, commit-message amend on un-pushed commits). Bounded safety.
+- **History rewrite** (`git filter-repo`, `git filter-branch`, BFG Repo-Cleaner) — destructive. Force-push required. Forbidden on `main` per CLAUDE.md without explicit Aaron sign-off; possible on feature branches with the same caution.
+- **External-mirror reality** — `git push --force-with-lease` updates the mirror, but anyone who *cloned* during the leak window keeps the leak in their local history. Communication + secret-rotation are the only real cures for already-propagated leaks.
+- **Tooling survey** — BFG Repo-Cleaner (specialized), `git filter-repo` (current canonical, deprecates filter-branch), GitHub's "Removing sensitive data" guidance, GitLab equivalent. Live-search authority discipline applies (CLAUDE.md): documented knowledge expires; check current upstream when implementing.
+
+### 4. Audit-trail preservation — scrubbing without lying
+
+When a leak is scrubbed, the *fact* of the scrub must remain as substrate:
+- **What** was scrubbed (class, surface, original commit / PR reference).
+- **When** the scrub happened.
+- **Who** authorized it.
+- **Why** the scrub-vs-leave decision went the way it did.
+- **What** mitigations downstream (secret rotation, external notifications, mirror-refresh).
+
+The audit record itself MUST NOT re-leak — naming the scrubbed content in the audit defeats the scrub. The audit references the leak by *class* and *surface*, not by content.
+
+Aaron's mistake-as-evidence framing applies here: in experimental spaces the leak-as-substrate IS the audit; the un-scrubbed exemplar IS the record. In production substrate the cleanup happens AND a separate audit record lands.
+
+### 5. Tooling: Zeta's actual scrub-helper script(s)
+
+Out of design scope for this row but seeded:
+
+- A `tools/scrub/` directory with helper scripts per mechanism level.
+- Pre-scrub linter that catches the leak and applies the decision-criteria automatically when possible.
+- A "did you mean to scrub?" git pre-push hook that surfaces suspicious patterns and forces human ack.
+- Mirror-refresh integration (`tools/mirror/` or whatever the AceHack-mirror tooling is called when this row is implemented) — scrubs on LFG must propagate consistently.
+
+## Why P2
+
+- **Not blocking critical-path.** Same as B-0127. Prevention layer is the parent rules; this is cure layer.
+- **Generalization adds real future value.** A general scrubber covers all seven leak classes from one design pass; per-class-only scrubbers are duplicate work.
+- **Higher than P3 because secret-leak-class is real industry risk.** The factory will eventually have a credentials-leak incident (every project does). When it happens, having the design ready turns hours of "what do we do" into minutes of "follow the playbook."
+
+## Why not P1
+
+- **No active general-class incident.** B-0127 had a specific incident (sibling-repo leak landed on main); this row's class is broader, no instance has fired beyond the sibling-repo one.
+- **Design without instances risks over-engineering.** P2 invites this row to wait for a second leak-class incident (likely a secret-leak when CI gets new tooling, or PII-leak when first user data flows through a demo) to inform the design with two real cases instead of one.
+
+## Acceptance criteria
+
+When this row is implemented:
+
+1. **Leak-class taxonomy landed** as a memory file or `docs/ops/` runbook, covering the seven classes above (or an updated count if implementation finds different boundaries).
+2. **Decision-matrix documented** — class × reach × detection-time × Aaron-context produces a scrub/leave/hybrid/escalate verdict.
+3. **Mechanism playbook documented** — file-level / branch-level / history-rewrite / mirror-aware paths with explicit safety rails per CLAUDE.md "force-push to LFG main is forbidden."
+4. **Tooling survey current** — live-search verified (per CLAUDE.md search-first authority) at implementation time; tools cited with dates.
+5. **Audit-trail-preservation rule documented** — every scrub leaves a record; the record does not re-leak.
+6. **B-0127 reframed as worked-example** — its content stays valid as the sibling-repo-class application; the general scrubber design references it as seed evidence.
+7. **Generalize-everything discipline honored** — the general design stands without sibling-repo-specifics bleeding into the general layer; sibling-repo-specifics live in B-0127, not here.
+
+## Out of scope
+
+- **Implementation** — this is a design row. Implementation is a separate task triggered when a non-sibling-repo leak class fires for the first time.
+- **Automated leak detection at write-time** — that's prevention layer; covered by the parent rules + write-time author discipline. If a CI lint is needed, file a separate row.
+- **Secret-rotation procedures** — overlap with security-ops runbooks. The scrubber design surfaces *that* rotation is required for secret-class leaks; the rotation steps themselves live in security-ops substrate.
+- **External-mirror retroactive consistency** — you cannot un-leak from clones; scrubber design surfaces this constraint, doesn't pretend to solve it.
+
+## Composes with
+
+- `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md`
+  — the parent prevention rule for the sibling-repo leak class. The general scrubber generalizes the cure side; the per-class prevention rules are independent.
+- `docs/backlog/P2/B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md`
+  — the seed worked-example. B-0127's content is the sibling-repo class application of this general design.
+- `memory/feedback_otto_363_substrate_or_it_didnt_happen_no_invisible_directives_aaron_amara_2026_04_29.md`
+  — substrate must be reachable + indexed. Audit-trail-preservation requirement is the substrate-form of "you scrubbed something, but the scrub itself becomes substrate."
+- Task #318 (`docs/ops` taxonomy) — implementation may live in `docs/ops/runbooks/` or `docs/ops/patterns/`.
+- Task #350 (Otto-357 mechanized auditor) — same surface family as the proposed pre-scrub linter; coordinate so the auditors don't duplicate detection logic.
+- The CLAUDE.md "LFG main is forbidden, host-enforced via non_fast_forward rule" — the canonical safety rail this design must respect.
+
+## How to apply (when implementing this row)
+
+The implementer reads the parent rules, B-0127 (the seed example), this row, and live-searches the current state of `git filter-repo` / BFG / GitHub guidance / GitLab guidance. The implementer writes fresh — no copying from prior incident-write-ups; generalize the pattern; sibling-repo-specifics stay in B-0127.
+
+The implementer asks Aaron explicitly before exercising any history-rewrite path on protected branches; the design surfaces the question even when the answer is "not now."
+
+## Status
+
+**Filed.** Implementation deferred. The next non-sibling-repo leak-class incident is the natural trigger for implementation.
+
+## Verify-before-deferring note
+
+B-0127 (the seed example) is verified to exist on the branch `backlog/B-0127-sibling-repo-leak-scrub-process-aaron-2026-05-01` (PR #1012 open). The parent prevention rule at `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md` is verified (235 lines, 2026-04-30). The deferral is valid: prevention layer is working; general cure layer can be designed when a second leak class arrives.

From b30516eaa3f1c43868f1c2e0923eac8746a7ac43 Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Fri, 1 May 2026 01:11:12 -0400
Subject: [PATCH 2/6] backlog(B-0128): address 4 PR review findings (Codex
 P0/P1 + Copilot)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- **P0 frontmatter**: added required YAML (id, priority, status,
  title, created, last_updated) per `tools/backlog/README.md`
  schema.
- **P0 BACKLOG.md regen**: re-ran generate-index.sh to include
  B-0128 in the index. Drift check passes.
- **P1 B-0127 dead-link**: B-0127 file is on PR #1012 (sibling-
  branch), not on main yet. Replaced direct path with prose
  noting the path resolves once #1012 merges (regardless of
  merge order between #1012 and #1015).
- **P1 line-count off-by-one**: 235 → 236.

Same fix pattern as #1012 (B-0127); same recurring class
(verify-before-state-claim parent — file-existence + schema
verification at authoring time).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 docs/BACKLOG.md                                     | 10 +---------
 ...-git-content-scrubber-design-aaron-2026-05-01.md | 13 +++++++++++--
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/docs/BACKLOG.md b/docs/BACKLOG.md
index 363527eaf..4575a5be1 100644
--- a/docs/BACKLOG.md
+++ b/docs/BACKLOG.md
@@ -33,7 +33,6 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0110](backlog/P1/B-0110-acehack-mirror-protocol-drift-2026-04-30.md)** AceHack mirror-refresh protocol drift — Path 2 chosen, doctrine update landing in same PR (2026-04-30)
 - [ ] **[B-0125](backlog/P1/B-0125-skip-fsharp-analyze-on-docs-only-prs-2026-05-01.md)** Skip Analyze (csharp) on docs-only PRs without tripping `code_quality severity:all`
 - [ ] **[B-0126](backlog/P1/B-0126-port-meta-learning-4-layer-pattern-from-stcrm-aaron-2026-05-01.md)** Port the 4-layer meta-learning pattern from a sibling repo to Zeta
-- [ ] **[B-0140](backlog/P1/B-0140-bash-to-ts-migration-completion-debt-prevention-aaron-2026-05-01.md)** Bash → TS migration completion — debt-prevention prerequisite to B-0132 (CRDT-composition)
 
 ## P2 — research-grade
 
@@ -97,10 +96,7 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0121](backlog/P2/B-0121-otto-kenji-peer-call-cross-harness-claude-cli-aaron-2026-04-30.md)** Otto + Kenji as externally-callable peers via claude-cli — cross-harness symmetry (Aaron 2026-04-30)
 - [ ] **[B-0124](backlog/P2/B-0124-claudeai-csap-conversation-distill-uber-arch-2026-05-01.md)** Distill the Claude.ai CSAP-pushback conversation into uber-architecture (deferred multi-week)
 - [ ] **[B-0127](backlog/P2/B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md)** Sibling-repo leak scrub-process — when scrubbing matters; future-defensive design
-- [ ] **[B-0131](backlog/P2/B-0131-formalize-zset-retraction-algebra-in-lean-aaron-2026-05-01.md)** Formalize Z-set retraction algebra in Lean (TRACTABLE START — formalization roadmap)
-- [ ] **[B-0132](backlog/P2/B-0132-crdt-composition-for-bft-propagation-aaron-2026-05-01.md)** CRDT-composition for BFT propagation — substrate events as composed CRDTs
-- [ ] **[B-0133](backlog/P2/B-0133-sequent-calculus-for-claim-retraction-attribution-aaron-2026-05-01.md)** Sequent calculus / labeled deductive systems for claim/retraction/attribution
-- [ ] **[B-0134](backlog/P2/B-0134-type-theoretic-orthogonality-discipline-encoding-aaron-2026-05-01.md)** Type-theoretic encoding of orthogonality discipline (extension vs creation as decidable judgment)
+- [ ] **[B-0128](backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md)** General git content scrubber — design + decision-criteria + mechanism for any-class leak cleanup
 
 ## P3 — convenience / deferred
 
@@ -146,9 +142,5 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0116](backlog/P3/B-0116-gh-jq-safe-wrapper-zsh-quoting-2026-04-30.md)** tools/gh-jq-safe.sh — wrap gh-jq calls to handle zsh quoting (Deepseek 2026-04-30 finding)
 - [ ] **[B-0119](backlog/P3/B-0119-peer-call-existing-scripts-role-ref-cleanup-2026-04-30.md)** Existing peer-call scripts (grok.sh / gemini.sh / codex.sh / amara.sh) — role-ref cleanup per copilot-instructions.md (Codex 2026-04-30 finding on PR #962)
 - [ ] **[B-0123](backlog/P3/B-0123-stacked-pr-create-tooling-gh-fallback-aaron-2026-04-30.md)** Stacked-PR creation tooling — `gh pr create --base <not-main>` fails with cryptic GraphQL error; needs a wrapper or doc (Aaron 2026-04-30)
-- [ ] **[B-0135](backlog/P3/B-0135-modal-logic-for-retractability-quantum-rodney-razor-aaron-2026-05-01.md)** Modal logic for retractability — Quantum-Rodney's-Razor in S4 or dynamic logic
-- [ ] **[B-0136](backlog/P3/B-0136-category-theoretic-compositional-structure-aaron-2026-05-01.md)** Category-theoretic compositional structure — operads + monoidal categories for substrate composition
-- [ ] **[B-0137](backlog/P3/B-0137-tarski-stratification-proof-aaron-2026-05-01.md)** Tarski-stratification proof — formal demonstration that Aaron's pirate-not-priest spot stratifies meta-language from object-language
-- [ ] **[B-0138](backlog/P3/B-0138-bft-resistance-theorem-aurora-composed-crdt-plus-consensus-aaron-2026-05-01.md)** BFT-resistance theorem for Aurora — composed-CRDT-plus-consensus formal guarantee
 
 <!-- END AUTO-GENERATED -->
diff --git a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
index 4a56525a6..e2eb6367d 100644
--- a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
+++ b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
@@ -1,3 +1,12 @@
+---
+id: B-0128
+priority: P2
+status: open
+title: General git content scrubber — design + decision-criteria + mechanism for any-class leak cleanup
+created: 2026-05-01
+last_updated: 2026-05-01
+---
+
 # B-0128 — General git content scrubber: design + decision-criteria + mechanism for any-class leak cleanup
 
 **Priority:** P2 (future-defensive; the generalized parent of B-0127. Leak-type-agnostic. Designed when first non-sibling-repo case lands.)
@@ -111,7 +120,7 @@ When this row is implemented:
 
 - `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md`
   — the parent prevention rule for the sibling-repo leak class. The general scrubber generalizes the cure side; the per-class prevention rules are independent.
-- `docs/backlog/P2/B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md`
+- `docs/backlog/P2/B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md (landing via PR #1012; sibling-branch — file path resolves once #1012 merges, regardless of which sibling-PR merges first)`
   — the seed worked-example. B-0127's content is the sibling-repo class application of this general design.
 - `memory/feedback_otto_363_substrate_or_it_didnt_happen_no_invisible_directives_aaron_amara_2026_04_29.md`
   — substrate must be reachable + indexed. Audit-trail-preservation requirement is the substrate-form of "you scrubbed something, but the scrub itself becomes substrate."
@@ -131,4 +140,4 @@ The implementer asks Aaron explicitly before exercising any history-rewrite path
 
 ## Verify-before-deferring note
 
-B-0127 (the seed example) is verified to exist on the branch `backlog/B-0127-sibling-repo-leak-scrub-process-aaron-2026-05-01` (PR #1012 open). The parent prevention rule at `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md` is verified (235 lines, 2026-04-30). The deferral is valid: prevention layer is working; general cure layer can be designed when a second leak class arrives.
+B-0127 (the seed example) is verified to exist on the branch `backlog/B-0127-sibling-repo-leak-scrub-process-aaron-2026-05-01` (PR #1012 open). The parent prevention rule at `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md` is verified (236 lines, 2026-04-30). The deferral is valid: prevention layer is working; general cure layer can be designed when a second leak class arrives.

From 0938b7198f0bd8d9e148ed889caf82e2f475a033 Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Fri, 1 May 2026 02:58:54 -0400
Subject: [PATCH 3/6] =?UTF-8?q?backlog(B-0128):=20drain=20PR=20#1015=20rev?=
 =?UTF-8?q?iew=20threads=20=E2=80=94=20fix=20force-push=20claim=20+=20B-01?=
 =?UTF-8?q?27=20cross-ref=20durability?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three findings addressed:

(1) **History rewrite force-push claim incorrect** (Copilot P1):
    The row said force-push is "forbidden on main per CLAUDE.md
    without explicit Aaron sign-off; possible on feature branches
    with the same caution." Per CLAUDE.md the host
    `non_fast_forward` ruleset blocks force-push UNIFORMLY on
    both forks (LFG and AceHack), no bypass actors — not just
    main. Updated to name the uniform blocking, list the actual
    reconciliation paths (PR-based reset, delete-and-recreate,
    coordinated ruleset lift), and explicitly state the design
    must not rely on force-push as a routine option.

(2) **Forward reference to B-0127 not durable** (Copilot P2):
    The row referenced
    `docs/backlog/P2/B-0127-...md` as a file path that resolves
    via PR #1012's merge — but the path doesn't resolve on this
    branch and the inline annotation depended on commit-order
    knowledge. Reframed as "B-0127 (row ID)" with the path noted
    parenthetically as future-resolving — the row reference is
    durable across merge orders.

(3) **BACKLOG.md regenerated** (Copilot P1): verified via
    `tools/backlog/generate-index.sh --check` (no-op; was already
    in sync). The Copilot finding was about hand-edit drift; this
    PR's BACKLOG.md edit was via the regenerator, but the lint
    fires on any direct edit. The auto-generator path is the
    durable pattern.

Same finding-class as PR #1031/#986/#1030/#1018 drains — claim/
reality mismatch in substrate's claims about its own structure
(here: a backlog row claiming a force-push capability the host
ruleset doesn't allow).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 ...8-general-git-content-scrubber-design-aaron-2026-05-01.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
index e2eb6367d..f56e66883 100644
--- a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
+++ b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
@@ -60,7 +60,7 @@ Output: scrub / leave-and-record / hybrid (scrub-content-keep-audit-trail) / esc
 
 - **File-level scrub** (additive PR; rename + content rewrite). Always safe. Preferred when the leak's reach is local branch only or when commit-message-level cleanup isn't required.
 - **Branch / PR / commit-message scrub** — host-level edits (PR description rewrite, branch deletion, commit-message amend on un-pushed commits). Bounded safety.
-- **History rewrite** (`git filter-repo`, `git filter-branch`, BFG Repo-Cleaner) — destructive. Force-push required. Forbidden on `main` per CLAUDE.md without explicit Aaron sign-off; possible on feature branches with the same caution.
+- **History rewrite** (`git filter-repo`, `git filter-branch`, BFG Repo-Cleaner) — destructive. Force-push required. **Blocked uniformly by the host `non_fast_forward` ruleset on both forks (LFG and AceHack), no bypass actors** per CLAUDE.md. Reconciliation paths when history rewrite is genuinely needed: PR-based reset, delete-and-recreate of the affected branch (or fork, in the AceHack mirror case), or coordination with the maintainer to lift the ruleset rule for a specific window. The mechanism design must NOT rely on force-push as a routine option.
 - **External-mirror reality** — `git push --force-with-lease` updates the mirror, but anyone who *cloned* during the leak window keeps the leak in their local history. Communication + secret-rotation are the only real cures for already-propagated leaks.
 - **Tooling survey** — BFG Repo-Cleaner (specialized), `git filter-repo` (current canonical, deprecates filter-branch), GitHub's "Removing sensitive data" guidance, GitLab equivalent. Live-search authority discipline applies (CLAUDE.md): documented knowledge expires; check current upstream when implementing.
 
@@ -120,8 +120,7 @@ When this row is implemented:
 
 - `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md`
   — the parent prevention rule for the sibling-repo leak class. The general scrubber generalizes the cure side; the per-class prevention rules are independent.
-- `docs/backlog/P2/B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md (landing via PR #1012; sibling-branch — file path resolves once #1012 merges, regardless of which sibling-PR merges first)`
-  — the seed worked-example. B-0127's content is the sibling-repo class application of this general design.
+- B-0127 (sibling-repo leak scrub-process) — the seed worked-example. B-0127's content is the sibling-repo class application of this general design. (Path is `docs/backlog/P2/B-0127-...` once that file lands via PR #1012; sibling-branch, so the path is not yet resolvable on this branch — referenced by row ID rather than path to keep the cross-reference durable across merge order.)
 - `memory/feedback_otto_363_substrate_or_it_didnt_happen_no_invisible_directives_aaron_amara_2026_04_29.md`
   — substrate must be reachable + indexed. Audit-trail-preservation requirement is the substrate-form of "you scrubbed something, but the scrub itself becomes substrate."
 - Task #318 (`docs/ops` taxonomy) — implementation may live in `docs/ops/runbooks/` or `docs/ops/patterns/`.

From 6d68e9ceb15ddc1ce30bb2eee6698f02812e51fc Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Fri, 1 May 2026 03:22:01 -0400
Subject: [PATCH 4/6] =?UTF-8?q?backlog(B-0128):=20fix=20MD032=20markdownli?=
 =?UTF-8?q?nt=20=E2=80=94=20blanks=20around=203=20lists?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

3 markdownlint MD032 errors fixed (lines 43, 51, 70 originally):
each enumerated list missing a blank line between intro
sentence and first list item. Added the blank line in each
case. Verified clean via markdownlint-cli2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 ...128-general-git-content-scrubber-design-aaron-2026-05-01.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
index f56e66883..43c2faa57 100644
--- a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
+++ b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
@@ -40,6 +40,7 @@ Design + document a general scrubber covering five load-bearing pieces:
 ### 1. Leak-class taxonomy
 
 A canonical enumeration (the seven above plus an "other" escape hatch) with per-class:
+
 - **Detection signal** — what pattern identifies a leak of this class (regex, lint, manual review).
 - **Severity floor** — minimum harm assumption (secrets are always severe; outdated wording usually isn't).
 - **Reach-sensitivity** — how badly external propagation matters per class.
@@ -48,6 +49,7 @@ A canonical enumeration (the seven above plus an "other" escape hatch) with per-
 ### 2. Decision-criteria — does this leak need scrubbing?
 
 A matrix combining:
+
 - **Class** (from taxonomy).
 - **Reach** (local branch / pushed branch / merged main / external mirror / external clones).
 - **Detection-time vs incident-time** (caught at write-time = prevention layer; caught later = cure layer; caught after external propagation = limited-cure).
@@ -67,6 +69,7 @@ Output: scrub / leave-and-record / hybrid (scrub-content-keep-audit-trail) / esc
 ### 4. Audit-trail preservation — scrubbing without lying
 
 When a leak is scrubbed, the *fact* of the scrub must remain as substrate:
+
 - **What** was scrubbed (class, surface, original commit / PR reference).
 - **When** the scrub happened.
 - **Who** authorized it.

From e64b3a076f45541991f6ea11cdaec810c7f35bd3 Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Fri, 1 May 2026 05:22:14 -0400
Subject: [PATCH 5/6] =?UTF-8?q?backlog(B-0128):=20address=20PR=20#1015=20r?=
 =?UTF-8?q?eview=20threads=20=E2=80=94=20ruleset-lift=20removal=20+=20B-01?=
 =?UTF-8?q?27=20cross-reference=20fix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two real fixes (Copilot):

1. **Mechanism description conflicted with CLAUDE.md safety rail**: the
   reconciliation-paths list included "coordination with the maintainer
   to lift the ruleset rule for a specific window" as one of three
   options. CLAUDE.md's canonical reviewer principle is *"the protocol
   bends to the security ruleset; the ruleset does not bend to the
   protocol"* — lifting the ruleset to enable a scrub inverts that.
   Removed the lift-option; kept only PR-based reset and
   delete-and-recreate. Made the principle conflict explicit in the
   text so future readers can't propose the same loophole.

2. **Stale B-0127 cross-reference**: the parenthetical "Path is …
   once that file lands via PR #1012; sibling-branch, so the path is
   not yet resolvable on this branch" was correct at filing time but
   B-0127 has since landed on main. Updated to a direct relative-path
   markdown link.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 ...28-general-git-content-scrubber-design-aaron-2026-05-01.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
index 43c2faa57..2018c1f43 100644
--- a/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
+++ b/docs/backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md
@@ -62,7 +62,7 @@ Output: scrub / leave-and-record / hybrid (scrub-content-keep-audit-trail) / esc
 
 - **File-level scrub** (additive PR; rename + content rewrite). Always safe. Preferred when the leak's reach is local branch only or when commit-message-level cleanup isn't required.
 - **Branch / PR / commit-message scrub** — host-level edits (PR description rewrite, branch deletion, commit-message amend on un-pushed commits). Bounded safety.
-- **History rewrite** (`git filter-repo`, `git filter-branch`, BFG Repo-Cleaner) — destructive. Force-push required. **Blocked uniformly by the host `non_fast_forward` ruleset on both forks (LFG and AceHack), no bypass actors** per CLAUDE.md. Reconciliation paths when history rewrite is genuinely needed: PR-based reset, delete-and-recreate of the affected branch (or fork, in the AceHack mirror case), or coordination with the maintainer to lift the ruleset rule for a specific window. The mechanism design must NOT rely on force-push as a routine option.
+- **History rewrite** (`git filter-repo`, `git filter-branch`, BFG Repo-Cleaner) — destructive. Force-push required. **Blocked uniformly by the host `non_fast_forward` ruleset on both forks (LFG and AceHack), no bypass actors** per CLAUDE.md. Reconciliation paths when history rewrite is genuinely needed: **PR-based reset** (open a PR that resets the branch to a clean point) or **delete-and-recreate** of the affected branch (or fork, in the AceHack mirror case). The mechanism design must NOT rely on force-push as a routine option AND must NOT propose lifting the `non_fast_forward` ruleset — per CLAUDE.md's canonical reviewer principle: *"the protocol bends to the security ruleset; the ruleset does not bend to the protocol."* Lifting the ruleset to enable a scrub mechanism inverts that principle.
 - **External-mirror reality** — `git push --force-with-lease` updates the mirror, but anyone who *cloned* during the leak window keeps the leak in their local history. Communication + secret-rotation are the only real cures for already-propagated leaks.
 - **Tooling survey** — BFG Repo-Cleaner (specialized), `git filter-repo` (current canonical, deprecates filter-branch), GitHub's "Removing sensitive data" guidance, GitLab equivalent. Live-search authority discipline applies (CLAUDE.md): documented knowledge expires; check current upstream when implementing.
 
@@ -123,7 +123,7 @@ When this row is implemented:
 
 - `memory/feedback_no_copy_only_learning_from_sibling_repos_aaron_2026_04_30.md`
   — the parent prevention rule for the sibling-repo leak class. The general scrubber generalizes the cure side; the per-class prevention rules are independent.
-- B-0127 (sibling-repo leak scrub-process) — the seed worked-example. B-0127's content is the sibling-repo class application of this general design. (Path is `docs/backlog/P2/B-0127-...` once that file lands via PR #1012; sibling-branch, so the path is not yet resolvable on this branch — referenced by row ID rather than path to keep the cross-reference durable across merge order.)
+- [B-0127 (sibling-repo leak scrub-process)](B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md) — the seed worked-example. B-0127's content is the sibling-repo class application of this general design.
 - `memory/feedback_otto_363_substrate_or_it_didnt_happen_no_invisible_directives_aaron_amara_2026_04_29.md`
   — substrate must be reachable + indexed. Audit-trail-preservation requirement is the substrate-form of "you scrubbed something, but the scrub itself becomes substrate."
 - Task #318 (`docs/ops` taxonomy) — implementation may live in `docs/ops/runbooks/` or `docs/ops/patterns/`.

From 38dbdb1266bf9c0fadb498d2ad26c47c7841ea3b Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Fri, 1 May 2026 05:26:15 -0400
Subject: [PATCH 6/6] hygiene(BACKLOG.md): regenerate after rebase against main
 (fast-forward delta)

---
 docs/BACKLOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/BACKLOG.md b/docs/BACKLOG.md
index 4575a5be1..489c3e544 100644
--- a/docs/BACKLOG.md
+++ b/docs/BACKLOG.md
@@ -33,6 +33,7 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0110](backlog/P1/B-0110-acehack-mirror-protocol-drift-2026-04-30.md)** AceHack mirror-refresh protocol drift — Path 2 chosen, doctrine update landing in same PR (2026-04-30)
 - [ ] **[B-0125](backlog/P1/B-0125-skip-fsharp-analyze-on-docs-only-prs-2026-05-01.md)** Skip Analyze (csharp) on docs-only PRs without tripping `code_quality severity:all`
 - [ ] **[B-0126](backlog/P1/B-0126-port-meta-learning-4-layer-pattern-from-stcrm-aaron-2026-05-01.md)** Port the 4-layer meta-learning pattern from a sibling repo to Zeta
+- [ ] **[B-0140](backlog/P1/B-0140-bash-to-ts-migration-completion-debt-prevention-aaron-2026-05-01.md)** Bash → TS migration completion — debt-prevention prerequisite to B-0132 (CRDT-composition)
 
 ## P2 — research-grade
 
@@ -97,6 +98,10 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0124](backlog/P2/B-0124-claudeai-csap-conversation-distill-uber-arch-2026-05-01.md)** Distill the Claude.ai CSAP-pushback conversation into uber-architecture (deferred multi-week)
 - [ ] **[B-0127](backlog/P2/B-0127-sibling-repo-leak-scrub-process-when-it-matters-aaron-2026-05-01.md)** Sibling-repo leak scrub-process — when scrubbing matters; future-defensive design
 - [ ] **[B-0128](backlog/P2/B-0128-general-git-content-scrubber-design-aaron-2026-05-01.md)** General git content scrubber — design + decision-criteria + mechanism for any-class leak cleanup
+- [ ] **[B-0131](backlog/P2/B-0131-formalize-zset-retraction-algebra-in-lean-aaron-2026-05-01.md)** Formalize Z-set retraction algebra in Lean (TRACTABLE START — formalization roadmap)
+- [ ] **[B-0132](backlog/P2/B-0132-crdt-composition-for-bft-propagation-aaron-2026-05-01.md)** CRDT-composition for BFT propagation — substrate events as composed CRDTs
+- [ ] **[B-0133](backlog/P2/B-0133-sequent-calculus-for-claim-retraction-attribution-aaron-2026-05-01.md)** Sequent calculus / labeled deductive systems for claim/retraction/attribution
+- [ ] **[B-0134](backlog/P2/B-0134-type-theoretic-orthogonality-discipline-encoding-aaron-2026-05-01.md)** Type-theoretic encoding of orthogonality discipline (extension vs creation as decidable judgment)
 
 ## P3 — convenience / deferred
 
@@ -142,5 +147,9 @@ are closed (status: closed in frontmatter)._
 - [ ] **[B-0116](backlog/P3/B-0116-gh-jq-safe-wrapper-zsh-quoting-2026-04-30.md)** tools/gh-jq-safe.sh — wrap gh-jq calls to handle zsh quoting (Deepseek 2026-04-30 finding)
 - [ ] **[B-0119](backlog/P3/B-0119-peer-call-existing-scripts-role-ref-cleanup-2026-04-30.md)** Existing peer-call scripts (grok.sh / gemini.sh / codex.sh / amara.sh) — role-ref cleanup per copilot-instructions.md (Codex 2026-04-30 finding on PR #962)
 - [ ] **[B-0123](backlog/P3/B-0123-stacked-pr-create-tooling-gh-fallback-aaron-2026-04-30.md)** Stacked-PR creation tooling — `gh pr create --base <not-main>` fails with cryptic GraphQL error; needs a wrapper or doc (Aaron 2026-04-30)
+- [ ] **[B-0135](backlog/P3/B-0135-modal-logic-for-retractability-quantum-rodney-razor-aaron-2026-05-01.md)** Modal logic for retractability — Quantum-Rodney's-Razor in S4 or dynamic logic
+- [ ] **[B-0136](backlog/P3/B-0136-category-theoretic-compositional-structure-aaron-2026-05-01.md)** Category-theoretic compositional structure — operads + monoidal categories for substrate composition
+- [ ] **[B-0137](backlog/P3/B-0137-tarski-stratification-proof-aaron-2026-05-01.md)** Tarski-stratification proof — formal demonstration that Aaron's pirate-not-priest spot stratifies meta-language from object-language
+- [ ] **[B-0138](backlog/P3/B-0138-bft-resistance-theorem-aurora-composed-crdt-plus-consensus-aaron-2026-05-01.md)** BFT-resistance theorem for Aurora — composed-CRDT-plus-consensus formal guarantee
 
 <!-- END AUTO-GENERATED -->