memory: action SHA hallucination — check repo first (#1417 lesson)#1422
Merged
memory: action SHA hallucination — check repo first (#1417 lesson)#1422
Conversation
Captures the author-time discipline lesson from #1417's stryker workflow failure (hallucinated upload-artifact SHA). Discriminating signal + carved sentence + composition with Otto-364 search-first + Otto-247 version-currency. Generalises to all `uses: <action>@<SHA> # <version>` pins: grep repo first (existing pin is authoritative-by-use), WebSearch upstream releases page second, never generate a SHA from training data. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds a new “feedback” memory capturing the CI failure mode where a GitHub Action is pinned to a hallucinated/non-existent SHA, and links it from the main memory/MEMORY.md index so it’s discoverable.
Changes:
- Add new memory file documenting the action-SHA hallucination failure class and an author-time mitigation workflow.
- Add a new top-level index entry in
memory/MEMORY.mdpointing to the memory.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| memory/feedback_action_sha_hallucination_check_repo_first_aaron_2026_05_03.md | New memory describing the failure class + mitigation steps for action SHA pinning. |
| memory/MEMORY.md | Adds an index link to the new memory with a short synopsis. |
| <!-- paired-edit log (NOT the single-slot latest-marker — that lives on line 3 above): PR #986 lands carved-sentence fixed-point stability + Zeta soul-file executor architecture (Infer.NET-style Bayesian inference, NOT LLMs) + carved sentences ≈ formal specs provable in DST + Deepseek CSAP review absorption (Aaron 2026-04-30 → 2026-05-01, eight-message chain across two autonomous-loop ticks per the file body's section header). Architectural disclosure: substrate IS the priors; alignment IS substrate. The single-slot latest-marker on line 3 (forever-home Aaron 2026-05-01) takes precedence as the chronologically-latest paired edit; this PR's work is earlier. --> | ||
| **📌 Fast path: read `CURRENT-aaron.md` and `CURRENT-amara.md` first.** <!-- paired-edit: PR #690 scheduled-workflow-null-result-hygiene-scan tier-1 promotion 2026-04-28 --> These per-maintainer distillations show what's currently in force. Raw memories below are the history; CURRENT files are the projection. (`CURRENT-aaron.md` refreshed 2026-04-28 with sections 26-30 — speculation rule + EVIDENCE-BASED labeling + JVM preference + dependency honesty + threading lineage Albahari/Toub/Fowler + TypeScript/Bun-default discipline.) | ||
|
|
||
| - [**Action SHA hallucination — check repo first before pinning (2026-05-03)**](feedback_action_sha_hallucination_check_repo_first_aaron_2026_05_03.md) — PR #1417 stryker-mutation.yml pinned a hallucinated SHA for actions/upload-artifact (claimed v5.1.0 but doesn't resolve); every workflow run failed at Set-up-job. Discipline: grep repo first for existing authoritative pins (scorecard.yml had real v7.0.1 SHA); WebSearch upstream releases second; never generate a SHA from training data. SHA + version pair must come from one lookup; generating both from training guarantees inconsistency. |
Comment on lines
+42
to
+49
| 1. **Grep the repo first.** `grep -rn "<action>@" .github/workflows/` | ||
| — if the action is already pinned somewhere, that pin is | ||
| authoritative-by-use (it's been working in CI). Copy the SHA + | ||
| version verbatim. | ||
| 2. **If not in repo, WebSearch the upstream releases page.** Per | ||
| Otto-364 search-first-authority. Get the SHA from | ||
| `https://github.com/<owner>/<action>/releases/tag/<version>` | ||
| directly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Discipline lesson from #1417's stryker-mutation.yml failure (hallucinated SHA for
actions/upload-artifact). Substrate-or-it-didn't-happen — landing as durable memory file with MEMORY.md pointer so future-Otto inherits the lesson without re-discovering it the hard way.Discriminating signal
When the very first CI run on a new workflow fails at
Set up jobwithUnable to resolve action, the failure class is action-SHA hallucination. Resolution-time errors on action pins point at SHA + version mismatch.Carved sentence
Composes with
🤖 Generated with Claude Code