Round 33 — VISION v8: event+cache 1st-class, GraphQL spillover, pluggable logs (Kafka/NATS/Zeta-native) by AceHack · Pull Request #20 · Lucent-Financial-Group/Zeta

AceHack · 2026-04-19T02:28:39Z

Aaron's seventh pass.

🤖 Generated with Claude Code

…uggable logs Aaron round 33: "we should be able to setup a first class event system and cashing system and cross api graphql will automatic sill over support, it's gonna be amazing" + "all with pluggable wire protocol, hello kafka, nats, nats streaming … and our own of course." ## DX north star expansions - **First-class event system** — subscriptions/projections/ retraction-aware streams are native, not a library on top. `services.AddZetaEvents(...)`. - **First-class caching system** — retraction-native algebra means cache invalidation is free. No TTLs, no stampede mitigation, no read/write-through taxonomy. `services.AddZetaCache(...)`. - **Cross-API GraphQL with automatic spill-over** — queries across service boundaries get retraction propagation built-in. No manual cache-invalidation-on-mutation plumbing; no subscription-push-over-WebSocket glue. The graph is live by virtue of running on Zeta. - **Pluggable log back-end** for multi-node: Kafka, NATS, NATS JetStream, Zeta-native. Single-node picks in-memory; greenfield multi-node can pick Zeta-native and get features (retraction-native deltas, bitemporal queries, Rx-style stored procs) that emulated back-ends can't express. "What lights up for .NET consumers" list extended with GraphQL federation + caching-heavy workloads. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

161 new capability skills drafted this round across the expert-roster expansion tracked in tasks #20 through #69. Each skill lands as a single SKILL.md file under .claude/skills/<name>/ with frontmatter describing when to trigger and a body describing how. Topic clusters, roughly: - Formal methods family: fscheck-expert, z3-expert, f-star-expert, stryker-expert, semgrep-expert, codeql-expert, missing-citations, verification-drift-auditor. - Mathematics family: mathematics-expert, applied-mathematics, theoretical-mathematics, measure-theory-and-signed-measures, probability-and-bayesian-inference, category-theory, differential-geometry, numerical-analysis-and-floating-point, complexity-theory, chaos-theory. - Physics family: physics-expert, applied-physics, theoretical-physics. - AI/ML family: ai-researcher, ai-evals-expert, ml-researcher, ml-engineering-expert, llm-systems-expert, ai-jailbreaker (gated dormant), prompt-engineering-expert, vibe-coding-expert, deterministic-simulation-theory-expert. - Data/storage family: database-systems-expert, columnar-storage-expert, document-database-expert, wide-column-database-expert, elasticsearch-expert, crdt-expert, eventual-consistency-expert, concurrency-control-expert, distributed-consensus-expert, distributed-coordination-expert, distributed-query-execution, activity-schema-expert, anchor-modeling-expert, data-vault-expert, dimensional-modeling-expert, corporate-information-factory-expert, entity-framework-expert, data-governance, data-lineage, data-operations, catalog-expert, controlled-vocabulary-expert, compression-expert, calm-theorem-expert, execution-model. - Security / reverse-engineering family: black-hat-hacker, ethical-hacker, white-hat-hacker, steganography-expert, leet-speak-transform, leet-speak-obfuscation-detector, leet-speak-history-and-culture. - Systems / governance family: consent-primitives-expert, consent-ux-researcher, conflict-resolution-expert, cross-domain-translation, canonical-home-auditor (landed in previous commit), skill-ontology-auditor (previous commit), ontology-landing, paced-ontology-landing, naming-expert, translator-expert, etymology-expert, writing-expert. - LeetCode-cluster (interview prep): leet-code-complexity, leet-code-contest-patterns, leet-code-dsa-toolbox, leet-code-patterns. - Reducer + razor: reducer (Rodney's Razor + Quantum Rodney's Razor carrier). - Ops / SRE adjacent: alerting-expert, error-tracking-expert, blockchain-expert, editorconfig-expert, duality-expert. Each file is a draft landing — usual tune-up cadence applies. BP-24 pre-flight check passes for every new skill (none reference Elisabeth-substrate material). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* round 34: upstream sync + CTFP to upstream + JDK/Bun to mise ## Upstream sync infrastructure - `tools/setup/common/sync-upstreams.sh` — SQLSharp-shape sync script. Key pattern borrowed: `git ls-remote` to check if local HEAD matches origin BEFORE destructive fetch+reset, sidesteps the shallow-clone-fetch edge case that caused spurious "refresh failed" noise on re-runs. Clones are shallow (`--depth=1`); worktrees get aggressively reset+cleaned. Script header acknowledges post-install-cross-platform DEBT per Aaron's round 34 note. - 85 upstreams now cloned under `references/upstreams/` (previously only `feldera` was there). 84/85 OK on re-run; qdrant transient network hang, retryable. ## CTFP moved to upstream - `docs/category-theory/ctfp-dotnet/` (2,100 lines of vendored code) — deleted; lives upstream as `cboudereau/category-theory-for-dotnet-programmers`. - `docs/category-theory/ctfp-milewski.pdf` (16 MB) — deleted; lives upstream as `hmemcpy/milewski-ctfp-pdf`. - `docs/category-theory/README.md` rewritten to point at the upstream clones with reading path + why-it-matters for Zeta. Directory shrunk 16M → 4K. - Both added to `references/reference-sources.json` manifest. ## JDK + Bun migrate to mise Aaron round 34: "we could move the jdk to mise i want all language installed via mise as the standard." - `.mise.toml`: added `java = "26"` (latest) and `bun = "1.3"` (pins to latest 1.3.x; mise partial- version semantics). Python stays `3.14`. - `tools/setup/manifests/brew.txt`: `openjdk@21` removed. All language runtimes now come from mise; brew only installs system-level packages (currently none, but the file stays as the manifest). - On Aaron's Mac: brew-installed `openjdk`, `openjdk@21` uninstalled. mise installed `java 26.0.0` to `~/.local/share/mise/installs/java/26/` and `bun 1.3.12` to `~/.local/share/mise/installs/bun/1.3/`. - Stale `~/.tool-versions` file (leftover `dotnet 8.0.100` pin from an earlier session) cleared; was blocking mise.sh because global tool-versions override Zeta's `.mise.toml`. - Profile auto-append: manually appended the `. "$HOME/.config/zeta/shellenv.sh"` source line to Aaron's `~/.zshrc`, `~/.bash_profile`, and `~/.profile` so new shells pick up Zeta's managed PATH. DEBT logged for porting scratch's idempotent profile-management helpers. ## DEBT entries added - Cross-platform sync-upstreams (post-install runtime research dependency). - `.txt` manifest extensions (scratch uses `.apt`, `.Brewfile`, etc.). - Script organisation 10× lighter than scratch (2,559 lines vs ~250). - Shell-profile management thin vs scratch's auto-append discipline. ## Local verification - `dotnet build -c Release` — 0 warn 0 err. - `dotnet test` — 510 passed / 1 skipped (second run; first had 9 TLC parallel-trace-dump flakes that cleared). - `shellcheck` / `actionlint` / `markdownlint` / `semgrep` — 0 findings each. - `tools/setup/install.sh` — idempotent; second run short-circuits everything already installed. - `tools/setup/doctor.sh` — 11 ok / 0 warn / 0 fail on Aaron's Mac. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: factory CI + first DB tests + public-repo alignment This round landed three parallel arcs. Factory — persona + governance: - Three experience-engineer personas landed: Daya (AX, seeded earlier), Bodhi (DX, Sanskrit "awakening"), Iris (UX, Greek "messenger"). Dejan (DevOps) rounded out. Renamed the three AX/DX/UX lanes from "researcher" → "engineer" — they ship fixes via routing, not participant studies. - Copilot joined the factory as a third Slot-2 reviewer (.github/copilot-instructions.md). GOVERNANCE §31 codifies the factory-management contract: edits through skill-creator, audited by Aarav, linted by Nadia, integrated by Kenji. Scope extensions landed in skill-creator, skill-tune-up, prompt-protector. - GOVERNANCE §30: mandatory sweep-refs after any rename campaign. Motivated by Bodhi's round-34 first audit finding that the Dbsp→Zeta rename landed code-layout but stopped short of the docs sweep — every P0 traced to that one miss. - security-operations-engineer skill stub: runtime ops lane disambiguated from Mateo's proactive research, Aminata's threat model, Nadia's agent layer. Pending persona. - JOURNAL.md unbounded long-term memory piloted on four personas then rolled out to 16 total. Append-only, Tier 3, grep-only read contract. Prune → migrate, not delete. - PROJECT-EMPATHY.md renamed to CONFLICT-RESOLUTION.md (98 ref sweep across 46 files) — the file's stated role. - Iris + Bodhi first audits prepended to their notebooks; findings routed to BACKLOG (Kai framing + Samir edits need Aaron sign-off). Cross-platform — install script richness: - Ported python-tools.sh + uv-tools manifest shape from ../scratch. uv pinned in .mise.toml; python.uv_venv_auto = "source". Ruff lands as the first managed tool. - CONTRIBUTING.md picked up shellenv guidance, trivial-PR branch model, doctor.sh mention (Bodhi follow-ups). - Dbsp.* → Zeta.* stale-path sweep across docs, PR template, CLAUDE.md, AGENTS.md, openspec README (Bodhi P0 cluster). DB — first real tests on two claimed-but-untested surfaces: - SpeculativeWatermark: 4 tests covering fresh insert, late-positive retraction-native path, negative-weight retraction, empty input. The retraction-native claim from the docstring now has evidence. - ArrowInt64Serializer: 6 tests covering empty/single/ negative-weight/large round-trip, wire-format length header, serializer name. Retraction-native survives the wire (no clamping of negative weights on read/write). - Total 10 tests, all green. No warnings. Test suite otherwise unchanged. BACKLOG grew with: cross-harness mirror pipeline (Aaron's canonical-source + build-mirrors design, covering Cursor / Windsurf / Aider / Cline / Continue / Codex), Iris P0/P1/P2, Copilot-instructions follow-on (now §31 + scopes done), JOURNAL rollout (now complete). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34 follow-up: .NET onto mise; Iris P1; pure activate .NET SDK flipped onto mise. The round-32 rationale for keeping dotnet out (shared `dotnet-root/` layout fighting the PATH story on CI) was resolved upstream — Aaron landed the fix in the mise dotnet plugin itself; the problem was a stale homebrew-mise, not the plugin. `../scratch` ships with this shape green. Changes: - `.mise.toml`: `dotnet = "10.0.202"` added, matching `global.json`. Header comment rewritten to retire the round-32 rationale and note the backstory. - `tools/setup/common/dotnet.sh`: deleted. mise handles the install now via the plugin. - `tools/setup/macos.sh` + `linux.sh`: `dotnet.sh` invocation removed; `DOTNET_ROOT` + `$HOME/.dotnet` PATH exports dropped. `$HOME/.dotnet/tools` stays on PATH because `dotnet tool install -g` always lands globals there — that's a .NET convention independent of SDK location. - `tools/setup/common/shellenv.sh`: dotnet SDK paths dropped (mise shim provides dotnet); `DOTNET_ROOT` dropped from both the generated file and GITHUB_ENV; comments updated to reflect the flip. Also flipped from `mise activate bash --shims` to pure `mise activate bash` (PATH mode, ~10x faster per mise docs). Local non-interactive bash test with BASH_ENV sourcing showed `dotnet` resolving via the mise install dir directly. CI will verify across the Ubuntu + macOS matrix; BACKLOG entry tracks that verification. Iris P1 (round-34 UX audit): README §"What DBSP is" now links to `docs/GLOSSARY.md#core-ideas` so a reader landing cold on the DBSP notation (`z^-1`, `D`, `I`, `↑`) gets the plain-English gloss in one click. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34 hotfix: mise-shim PATH inheritance + markdownlint CI run on 348ad0a failed two checks after the dotnet-onto-mise flip landed: build-and-test (both macos + ubuntu) fail at `python-tools.sh`: "error: uv not on PATH. common/mise.sh must run first." Root cause: `common/mise.sh` exports the mise shim directory onto its own PATH, but that's the subprocess's PATH — it dies when mise.sh exits. The parent orchestrator (`macos.sh` / `linux.sh`) invokes each `common/*.sh` as a fresh subprocess that inherits PATH from the parent, not from its sibling. The old pipeline worked because `dotnet.sh` installed dotnet at `~/.dotnet` and exported that into the parent shell explicitly; my round-34 flip deleted `dotnet.sh` and didn't move the PATH export up to the parent. Fix: move the shim-directory PATH export from `common/mise.sh` into `macos.sh` and `linux.sh`, right after `common/mise.sh` returns. Now every subsequent `common/*.sh` subprocess inherits mise shims on PATH and can invoke dotnet / uv / bun / java / python directly. lint (markdownlint) fail at MD004 (unordered-list-style) on 4 lines — line-start `+` in continuation lines parsed as nested list items expecting `-` style. Reworded to drop the line-start `+` in favour of "and". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: mark pure-activate CI-verified; log compaction mode Two BACKLOG updates following the CI-green signal on 9f138eb. 1. Pure `mise activate` (no --shims) on CI: 6/6 CI checks green — build-and-test on both macos-14 + ubuntu-22.04, all four lints. The ~10x interactive speedup mise docs promise is now verified in-flight across the CI matrix. Closing the item and flagging the backport to ../scratch (they ship --shims only by historical default; GOVERNANCE §23 upstream-contribution path applies). 2. Compaction mode (new constraint from Aaron): When the install script runs inside a devcontainer / CI image / build-server image, it should clean up apt caches, download tarballs, ~/.cache/mise bits after each tool install to keep the image small. Dev-laptop runs never clean up. ../scratch has the proven pattern (BOOTSTRAP_COMPACT_MODE env gate + per-tool cleanup helpers). Logged as M-effort item; lands alongside .devcontainer/Dockerfile (third leg of GOVERNANCE §24 three-way-parity). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: local profile cleanup + dev-laptop shim nit BACKLOG Not repo-tracked changes (Aaron's local ~/.zshrc + ~/.zprofile), but tracked repo changes: BACKLOG entry for the per-shell mise-activate nit observed while cleaning up local profiles. Local profile cleanup (Aaron's ~/.zshrc, ~/.zprofile — not in this commit, done separately on his laptop): - Deleted 5 commented-out asdf-era dotnet PATH / DOTNET_ROOT lines that predated mise. - Deleted the redundant `$HOME/.dotnet/tools` PATH export from ~/.zprofile — managed shellenv.sh handles this. Dev-laptop observation logged as BACKLOG item: shellenv.sh emits `mise activate bash`, which works perfectly under bash (CI, BASH_ENV subshells). In a zsh interactive shell the bash-specific PROMPT_COMMAND hook doesn't fire, so PATH only gets the activation-time snapshot and shims (if present) end up resolving tools. Functionally correct (still mise-managed dotnet) but the ~10x perf win is bypassed. Fix sketch: detect parent shell via $ZSH_VERSION / $BASH_VERSION and emit the matching activate line. S-effort. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: stronger onboarding + shell-polish BACKLOG shellenv.sh onboarding message upgraded: instead of "add this line to your ~/.zshrc (or ~/.bashrc on Linux)", contributors now see a paste-ready block targeting all four rc files (~/.zshrc, ~/.bashrc, ~/.bash_profile, ~/.profile) with a note that opt-in auto-edit is BACKLOGged. Bodhi's round-34 first-PR-walk surfaced this friction indirectly — the minutes-to-shellenv-sourced step was "figure out which rc file applies" rather than "paste this." Three BACKLOG additions: 1. Opt-in auto-edit of shell rc files on install. `../scratch` has proven idempotent append-with-fenced- marker pattern. Flag name + default-on vs opt-in are locked design questions. M effort. 2. Oh My Zsh + plugins + Oh My Posh under install script + devcontainer. Three-way parity at the shell-UX layer, not just the toolchain layer. New tools/setup/common/shell.sh, new manifest tools/setup/manifests/zsh-plugins (semantic extension, no .txt). Default off on install, default on in devcontainer. M effort. 3. emsdk under install script. Today manually cloned + sourced per-contributor; cleaner shape is opt-in via BOOTSTRAP_CATEGORIES=emscripten once that pattern lands. S-M effort. Local profile cleanup (not repo-tracked, done on Aaron's laptop): uninstalled asdf + nvm via brew, removed their ~/ dirs, cleaned the NVM_DIR line + nvm plugin from ~/.zshrc. Aaron runs bun (mise-pinned) now; nvm was legacy. Zsh still loads clean, dotnet resolves to mise-managed install. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * markdownlint: strip line-start `+` bullet on BACKLOG.md:301 MD004/ul-style. Same line-wrap `+` pattern we've been seeing; reworded to use "and" inline. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * copilot-instructions: flag line-start `+` in markdown on PRs Round 34 hit the MD004/ul-style markdownlint fail five times — each time a wrapped continuation line starting with `+` was parsed as a nested list item with wrong-style. Codifying so Copilot flags it inline on every PR diff. Also seeded memory/persona/best-practices-scratch.md with the candidate BP-17 promotion note (needs 10 rounds of survival + Architect sign-off before elevating from scratch to stable BP). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: rename 4 .txt manifests to semantic bare names Aaron's rule: no .txt for declarative filenames. Round 34 shipped uv-tools with the right treatment; the four older manifests (apt.txt, brew.txt, dotnet-tools.txt, verifiers.txt) still had the cheap extension. Renames: - tools/setup/manifests/apt.txt → apt - tools/setup/manifests/brew.txt → brew - tools/setup/manifests/dotnet-tools.txt → dotnet-tools - tools/setup/manifests/verifiers.txt → verifiers Sweep-refs across 16 files per GOVERNANCE §30 (no rename without a paired sweep): install scripts (macos.sh, linux.sh, common/dotnet-tools.sh, common/verifiers.sh), openspec specs, workflows, docs (BACKLOG, DEBT, THREAT-MODEL, build-machine- setup, threat-model-elevation), .claude/skills/java-expert, Bodhi's NOTEBOOK, and the copilot-instructions convention example. Zero residual .txt manifest references remain. Also fixed stale header comments on macos.sh + linux.sh that still described the round-32 order (common/dotnet.sh step 6, "dotnet moved out in round 32"). Now reflects the round-34 pipeline with common/python-tools.sh inserted after mise and dotnet back on mise. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: close fsharp-analyzers gap + round-history + wins Three-lane progress pulled forward in one commit. Cross-platform: manifests/dotnet-tools gains `fsharp-analyzers`. README.md already documents `dotnet tool install --global fsharp-analyzers` as the install command; until this round that instruction was ad-hoc (contributors ran it themselves). Now the manifest carries it and tools/setup/common/dotnet-tools.sh picks it up on every install. Closes the tooling-gap Bodhi flagged in her round-34 first DX audit. Factory: docs/ROUND-HISTORY.md gains the round-34 entry (newest-first). Captures the three arcs (personas + governance, cross-platform + install, DB first-tests), the mid-round public-repo + Copilot shift, the round principle that emerged ("../scratch beats first-principles rediscovery"), and what rolls forward to round 35. docs/WINS.md gains three round-34 wins — first real tests for claimed-but-untested surfaces, ../scratch as load-bearing reference, and Copilot-joins-the-factory with the right contract. Each carries the "what would have gone wrong" counterfactual and the pattern-it-teaches recurrence. DB: Covered indirectly via the fsharp-analyzers install — the analyzers pack lints F# code for the classes of bugs the harsh-critic and race-hunter already watch for, so every first-PR contributor gets the same quality floor on day one without a separate install ceremony. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * tests: serialize TLC tests via xunit Collection to kill trace-race flake TLC writes counterexample traces as SpineBalanced_TTrace_*.tla + .bin into tools/tla/specs/ during a run. When xunit executes multiple TLC tests in parallel they race on those trace files — first-run flakes where a test's cleanup deletes another test's in-flight trace file. Fix: add [<Xunit.Collection("TLC")>] attribute to the test module + [<CollectionDefinition("TLC", DisableParallelization = true)>] TlcTestCollection definer. xunit runs every test in the TLC collection serially. 0 Warning(s), 0 Error(s) locally. Closes the round-33 carry- over flake. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: Nazar — security-operations-engineer persona lands Nazar (Arabic / Turkish نظر — "gaze, watchful eye") takes the security-operations-engineer slot. Arabic/Turkish broadens the roster beyond existing Arabic (Tariq, Zara, Samir, Nadia, Malik). Semantic fit is tight: security ops is watching — signed artifacts, attestation chains, HSM key rotations, CVE feeds, anomalous CI behaviour — and responding before harm compounds. The Mediterranean evil-eye amulet wears the same word. Lane disambiguation: - Mateo (security-researcher) scouts proactive: novel attack classes, CVE triage in the dep graph, crypto primitive review. - Aminata (threat-model-critic) reviews the shipped model against unstated adversaries. - Nadia (prompt-protector) hardens the agent layer. - Nazar runs operations: incident response, patch triage SLA, SLSA signing ops, HSM rotation, breach response, attestation enforcement. Files: - .claude/agents/security-operations-engineer.md (full persona definition — tone contract, authority, cadence, does-NOT-do, coordination with all four security-adjacent lanes + Kenji/Aaron) - .claude/skills/security-operations-engineer/SKILL.md (persona-pointer updated from "slot pending" to "Nazar") - memory/persona/nazar/{MEMORY,NOTEBOOK,OFFTIME,JOURNAL}.md (full per-persona memory structure — same shape as the other 17 personas) - docs/EXPERT-REGISTRY.md (roster gains Nazar; pending slots section now empty) - docs/CONFLICT-RESOLUTION.md (cast list gains "Security Operations Engineer — Nazar" entry with calm-under-pressure + timeline-first incident-writeup discipline) Roster stands at 29 named experts with zero pending persona slots. Cross-harness-mirror pipeline, shell-polish, compaction mode, and the other BACKLOG items remain the next infra work; Nazar-activation work waits on first real ops concern (post-v1 NuGet publish + signing ceremony). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: BACKLOG semantic-search research (AX + DX + CI) Aaron's ask: our text-based corpora grow monotonically — 17 JOURNAL.md unbounded journals, 17 per-persona NOTEBOOKs, best-practices-scratch, ROUND-HISTORY, DECISIONS/**, research/**, openspec/**. The JOURNAL read contract is "grep only, never cat" — but grep misses conceptual matches. A local semantic-search index would extend the contract: grep for exact anchors, semantic search for conceptual ones. BACKLOG entry captures the full research shape: Four candidate tools surveyed (SemTools, QMD, sff, refer) with first-pass fit notes against Zeta's scope. Three lanes of leverage — agent experience (cold-started persona recalling cross-round friction patterns), developer experience (Bodhi's first-PR walk reduces "which doc applies" minutes-cost), CI enhancements (speculative: duplicate-issue detection on public repo, PR-review context hints, skill-gap-finder upgrade). Zeta constraints captured: offline / air-gapped, local embeddings only (no OpenAI / Claude / Gemini in hot path), reproducibility (pinned model + pinned index format for CI + dev-laptop parity), ASCII corpus (BP-09 hygiene), no secret leakage via adversarial index entries (BP-11 matches read-time), three-way parity per GOVERNANCE §24. Deliverables named: design doc with tool comparison eval set, adoption doc if a winner emerges, exit condition if nothing wins. L effort. Possible new persona (retrieval-engineer) or merge into Daya's lane — open question for the research round. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * python-expert: uv-only as Zeta convention; flag pip/pipx/poetry/etc. Aaron called it — pre-uv Python tool managers are a smell on Zeta PR diffs. uv is Rust-implemented, 10-100x faster than pip or poetry, single tool covers install / venv / lock / tool CLIs / interpreter install, and ships reproducible lockfile. ../scratch runs the same discipline; that's where Zeta's round-34 uv adoption came from. Changes: .claude/skills/python-expert/SKILL.md §Packaging: - Rewrite-table mapping each smell (pip install, pipx install, poetry install/add, pyenv install as standalone manager, conda/mamba install, pip-tools/pip-compile, bare requirements.txt, hand-managed virtualenv/venv) to the uv-native replacement. - Why-uv-wins paragraph naming the five axes uv leads on. - Zeta's manifest convention callout (tools/setup/manifests/uv-tools, common/python-tools.sh runs uv tool install per line). - BP-18-promotion note matching the existing candidate-rule scratchpad path. .github/copilot-instructions.md "Conventions you must respect": - New bullet telling Copilot to flag pip / pipx / poetry / pyenv / conda / pip-tools / virtualenv / bare requirements.txt patterns on every PR diff with a rewrite suggestion. memory/persona/best-practices-scratch.md: - Candidate BP-18 seeded for round-44 promotion review, paired with BP-17 candidate (line-start + in markdown). Source count + rationale + architect-sign-off-pending per the existing AGENT-BEST-PRACTICES.md gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: JOURNAL seeds + profile-edit skeleton + bats BACKLOG Three-lane forward from Aaron's thumbs-up. Factory — first real JOURNAL.md entries on three new personas (pattern demonstration): - Daya: cold-start-cost baseline for the three new personas (Dejan 16.5k / Bodhi 19.3k / Iris 18.0k tokens), rename-sweep timing-gap recurrence watch, deferred systemic persona+skill content-overlap finding (revisit round 39). - Iris: public-repo-triggered UX audit baseline — 3m 20s time-to-installed, 9m 52s time-to-answer-three-questions, 1/1/1 P0/P1/P2 count. Load-bearing P0 is aspirations-vs-reality drift in README §"What Zeta adds on top"; fix gated on Aaron sign-off via Kai + Samir. Pattern: every VISION revision triggers README sanity check. - Nazar: permanent zero-baseline for ops activity — 0 signed-artifact ops, 0 HSM keys, 0 SLSA attestations, 0 CVE-triage entries, 0 incidents. Round 35+ compares against this. Cross-platform — opt-in profile auto-edit skeleton: - tools/setup/common/profile-edit.sh (new, +90 lines): gated on `ZETA_AUTO_EDIT_PROFILES=1`, never default-on. Idempotent append-or-replace fenced marker block. Four targets (zshrc, bashrc, bash_profile, profile); skips files that don't exist. Undo instructions printed at end. - Wired into macos.sh + linux.sh tails. Gate means the default install-script path is unchanged for contributors who haven't opted in. - Closes the round-34 Aaron ask "we don't want contributors manually editing profiles if it can be automated." Cross-platform — shell testing research BACKLOG (round-34 ask from Aaron, new this chunk): - Zeta has shellcheck on every PR (lint slot) but no behavioural tests — refactors that change install-script contract silently ship until a first-PR contributor hits them. - Research scope: read ../scratch + ../SQLSharp shell-test layouts, inventory Zeta's load-bearing install-script behaviours to test, compare bats / shunit2 / bash_unit / pure-bats-core on cross-platform + CI integration + install footprint + fixture ergonomics. - Expected deliverables: design doc + tools/setup/common/bats.sh install hook + tools/setup/tests/*.bats first half-dozen tests + new `bats-test` CI lint slot + DEBT-entry retirement for any install-script bug that ships because we skipped this. - Natural coordinator: Dejan + bash-expert skill. Effort M-L, research round first. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: SonarLint editor + Sonar CLI deferred + extensions parity Aaron flagged: wire SonarLint for C#, sync exclude rules, keep tools and recommended extensions in sync, maybe skill-ify the parity audit. Landed this round (editor-side integration, no CLI-build impact): - .vscode/extensions.json gains `sonarsource.sonarlint-vscode` and `jetmartin.bats` (latter ahead of the install-script bats adoption so first-open contributors see it recommended when bats tests start landing). - .vscode/settings.json gains `sonarlint.analysisExcludesStandalone` matching the existing `files.exclude` / `search.exclude` shape — plus .vscode / .claude / memory / docs directories since SonarLint is a C# analyzer and should not touch markdown/skill surfaces. - Directory.Packages.props pins SonarAnalyzer.CSharp 10.19.0.132793 (not yet referenced from Directory.Build.props; version is staged for the BACKLOGged cleanup round). Deferred (BACKLOG-tracked): - SonarAnalyzer.CSharp CLI adoption. A test-build on round-34 enable surfaced 15+ real findings: S1905 unnecessary casts (6x in ZSetTests.cs / CircuitTests.cs), S6966 SendAsync await missing (4x in CircuitTests.cs), S2699 assertion-less test case (VarianceTests.cs), plus ~4 more in the tail. TreatWarningsAsErrors turns every one into a build break. Dedicated cleanup round + one ItemGroup line in Directory.Build.props unlocks it. BACKLOG entry names the specific rule codes and the cleanup path. - Tools-to-extensions parity skill. Coverage matrix in BACKLOG names 3 immediate gaps: Python/ruff (ms-python.python + charliermarsh.ruff — relevant once uv-tools ships ruff as lint gate), TLA+ (alygin.vscode-tlaplus), Lean 4 (leanprover.lean4). Skill would audit tools/setup/manifests/* + .mise.toml + CI lint jobs against .vscode/extensions.json one-directionally, flagging missing recommendations. Candidate coordinator: skill-gap-finder (spots absent skills today) or new ide-experience-auditor. Build verified: 0 Warning(s), 0 Error(s) locally post-defer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: 4 extensions + fit-reviewer skill + package-upgrader skill Aaron's three-for-one: land the parity-audit gaps, codify F#/C# language-fit detection as factory discipline, and add a package-upgrader skill as Malik's second hat. .vscode/extensions.json gains 4 recommendations (the parity gaps surfaced while writing the previous chunk's tools-to- extensions BACKLOG entry): - ms-python.python + charliermarsh.ruff (relevant once uv-tools ships ruff as a lint gate; recommendation lands ahead of the install-script adoption so first-open users see it) - alygin.vscode-tlaplus (18 .tla specs under tools/tla/specs/ but no editor recommendation until now) - leanprover.lean4 (tools/lean4/ proof surface) shellcheck + shell-format were already in the list from round 33. Confirming. .claude/skills/csharp-fsharp-fit-reviewer/SKILL.md — new capability skill (no persona; cross-cutting hat matching the holistic-view pattern). Codifies Aaron's round-34 direction that F# is primary but specific local cases fit C# better, and that the factory should detect those opportunities rather than leaving them on the table. Names the specific patterns where each language wins: - C#-wins: StructLayout / InlineArray, ref struct, Span ergonomics, attribute-driven metadata, unsafe / LibraryImport source-generators, fluent test reads. - F#-wins (DO NOT flag): DUs, CEs, units of measure, type providers, pattern match, pipe-forward, immutability. P0 / P1 / P2 output ranking routes findings to Naledi (perf benchmark) / Rune (readability) / diff author (nit). Advisory only — never rewrite. .claude/skills/package-upgrader/SKILL.md — new capability skill (Malik's second hat; anyone can wear). Turns Malik's package-auditor output into concrete bump motions: edit Directory.Packages.props one pin per commit, restore + build + test gate, classify outcome (clean / analyzer- finding / test-failure), package the PRs. Named tiers (patch / minor / major / analyzer / security) drive automation policy; weekly scheduled workflow BACKLOGged as future automation. .github/copilot-instructions.md "Conventions you must respect" gains a bullet flagging F#/C# fit opportunities on every PR diff — full rulebook deferred to the skill body, Copilot gets the quick-reference. Takes roster fleet-facing capability skills from 56 to 58. Next three-lane chunk when ready. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: crank C# linting + sonar-issue-fixer + project-structure skill Aaron's round-34 asks triaged: Build-passing-with-Sonar-errors clarification: the build never passed with Sonar errors. Previous round-34 commit tested Sonar CLI integration, hit 15 real findings, rolled back the Directory.Build.props <PackageReference> to editor-only integration, and BACKLOGged the cleanup. CLI gate is not yet installed — we didn't weaken it, we just haven't turned it on. Same shape as Meziantou was today: pin-only-not-referenced, now fixed. C# linting cranked up: Meziantou.Analyzer was pinned in Directory.Packages.props for months but referenced nowhere — only built-in Roslyn (latest-recommended) ran on C# code. Wired into Directory.Build.props as a conditional ItemGroup on .csproj. Surfaced 4 real MA0048 findings on src/Core.CSharp/Variance.cs (file houses 4 types; rule wants one-type-per-file). F# analyzers (G-Research, Ionide.Analyzers, FSharp.Analyzers. Build) were already wired into src/Core/Core.fsproj — confirming full coverage. MA0048 suppressed via .editorconfig per-file override (not #pragma). Aaron's round-34 rule: "prefer global suppressions over #pragma." .editorconfig centralizes all suppressions in one auditable place with a three-element rationale comment block above each override (which rule, why the motivation doesn't apply here, what would lift the suppression). Variance.cs is a deliberate collected-interfaces module — splitting into 4 single-type files would scatter the shared F#-interop rationale documentation. sonar-issue-fixer skill (Aaron's round-34 ask). Codifies the two-path rule: (a) right long-term fix no matter the refactor size, or (b) documented suppression with rationale. Never the third path of "quick appeasement" (`_ = Send(...)` / `Assert.True(true)` / empty catch). Suppression preference order named explicitly — .editorconfig → GlobalSuppressions.cs → .csproj NoWarn → Directory.Build.props NoWarn (Kenji sign-off) → #pragma as last resort. Copilot convention on every PR diff flags the forbidden third path. project-structure-reviewer skill (Aaron's round-34 ask "need regular checks, I don't want to be the only one keeping up"). Cross-cutting hat, no persona. Cadence every 3-5 rounds plus after any rename campaign (per GOVERNANCE §30) plus on new-contributor observation. Distinct lane from factory-audit (governance) and skill-gap-finder (absent skills) — owns the physical layout. P0/P1/P2 findings routed via the GOVERNANCE §30 sweep-refs discipline when moves land. Capability skill count: 58 → 60. Kenji stays at the console. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * round 34: flip to [SuppressMessage] attributes on target types Aaron's preference chain, refined: - attributes on the target type/member are preferred (suppression + rationale live next to the code) - GlobalSuppressions.cs is the scaling fallback - .editorconfig gets messy for suppressions - pragmas are ugly (last resort) Variance.cs flipped from `#pragma warning disable MA0048` → `.editorconfig [src/Core.CSharp/Variance.cs] dotnet_diagnostic.MA0048.severity = none` → `GlobalSuppressions.cs [assembly: SuppressMessage(..., Scope = "type", Target = "~T:...")]` → per-type `[SuppressMessage(...Justification="...")]` attributes on each of the four variance types. File-level rationale lives in a header comment; each type's attribute Justification references the header. Build verified 0 Warning(s), 0 Error(s) after each flip. GlobalSuppressions.cs deleted. .editorconfig cleaned (no suppression block). Both sonar-issue-fixer SKILL.md and copilot-instructions.md updated to the corrected six-step preference order. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: generic-by-default discipline + name-attribution sweep Two threads land together: 1. Factory portability convention — one rule, two scopes. Skills and build/CI/install scaffolding both default to generic (reusable on any project). Project-specific material is fenced off and signified. - skill-creator: Portability declaration in Proposal step; optional `project: zeta` frontmatter; checklist item covering generic-body vs declared-specific. - skill-tune-up: 7th ranking criterion "Portability drift"; flags Zeta-isms leaking into undeclared skills AND needless project declarations on generic skills. - devops-engineer: Step 7 portability check covering install script, workflows, build props; file-naming guidance (zeta-spec-check.yml over spec-check.yml); scope-guard bullet. - BACKLOG: P1 entry capturing both lanes plus the deferred starter-template extraction target (post-round-35). 2. Name-attribution sweep on recently-added files. Direct "Aaron" references in skill / agent bodies replaced with "human maintainer" role-ref (memory directories retain names by design). Variance.cs file header rewritten to read as stable guidance, not stream-of-consciousness round narrative. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: operational standing rules in AGENT-BEST-PRACTICES Two cross-agent standing rules land alongside the BP-NN list without occupying a BP slot (they lack the ≥3-external-source backing that BP promotion requires, but they're project-wide operational discipline every agent must follow): - Exclude references/upstreams/ from every file-iteration command. The tree is read-only sibling-clones per GOVERNANCE §23; iterating it produces 10x-100x slower scans and surfaces noise from other projects. Concrete guidance for Grep tool, rg, find, and glob shapes. - No name attribution in code / docs / skills. Names live only in memory/persona/ (optional in BACKLOG.md). Role-refs everywhere else so the factory reads stable across contributor turnover. Architect reference-patterns section updated to point Kenji at the new section on cold-start. Every agent that reads AGENT-BEST-PRACTICES.md (all of them) now gets both rules without needing ~30 individual agent-file edits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: fix markdownlint MD004/MD049 + shellcheck SC2016 Mechanical CI-lint fixes identified by the previous gate run: - markdownlint MD004 (line-start + that parses as nested list item on a wrapped continuation) in security-operations- engineer agent, csharp-fsharp-fit-reviewer skill, project- structure-reviewer skill, and BACKLOG — reworded with "and" in each location. - markdownlint MD032 in package-upgrader skill — added the missing blank line between a **bold intro** and the list that follows. - markdownlint MD049 in EXPERT-REGISTRY — emphasis style *role* → _role_ to match the configured underscore style. - markdownlint MD012 in BACKLOG — removed an orphan double blank line introduced by the previous commit. - shellcheck SC2016 in profile-edit.sh — this line is emitted literally into the user's rc file; $HOME must remain unexpanded so each shell resolves it at login. Added disable directive with rationale; the hit is the opposite of what SC2016 warns against (intentional single-quote preservation). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: ROUND-HISTORY Arc 4 — factory portability discipline Late-round entry captures the generic-by-default work landed this session: skill portability declaration in skill-creator, portability-drift criterion in skill-tune-up, Step 7 in devops-engineer SKILL, operational standing rules in AGENT-BEST-PRACTICES, Nazar + Dejan persona completion with name-attribution cleanup, deferred starter-template extraction target in BACKLOG. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: factory-balance-auditor skill + round-35 hygiene sweep Aaron's round-34 ask: add a factory-hygiene skill that looks for unbalanced factory shapes — powers without counter-powers, invariants without watchers, write-surfaces without reviewers, mandatory disciplines without sanctioners, read-surfaces with injection risk and no protector. New skill asks a single framing question on every authority node: "what here has no brake?" and names the missing brake. Procedure walks the EXPERT-REGISTRY + per-persona Authority sections, classifies findings P0/P1/P2 by structural blast radius, proposes minimal additive fixes (pair existing personas, add cadence audits, add lint rules) before spawning new personas. Sibling to the four existing hygiene lenses: - factory-audit (governance coverage + persona coverage) - skill-gap-finder (absent skills) - skill-tune-up (rank existing skills) - project-structure-reviewer (physical layout) - factory-balance-auditor (authority / compensator symmetry) BACKLOG round-35 hygiene-sweep entry names all five lenses as cadence-due at round-35 open. The Architect rotates through them and uses the union of findings to shape the next round's anchor. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: round-open-checklist step 7.5 — hygiene portfolio Architect cold-starts every round via round-open-checklist; step 7.5 names the five-lens hygiene portfolio with cadences so cadence-due passes are visible at round-open rather than discovered mid-round. Lenses: factory-audit (~10r), factory-balance-auditor (5-10r), skill-tune-up (5-10r), skill-gap-finder (5-10r), project-structure-reviewer (3-5r or post-rename-campaign). Overlap at edges is deliberate; union-of-findings richer than any single lens. Parallel-dispatchable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: gitignore scheduled-tasks lock + BACKLOG overnight-autonomy research The .claude/scheduled_tasks.lock file is a per-session process lock written by the scheduled-tasks MCP server (deferred tools mcp__scheduled-tasks__{create,list,update}_scheduled_task). Gitignored alongside settings.local.json and a general .claude/*.lock glob. BACKLOG research entry captures the overnight-autonomy vision in two phases: - Phase 1: Claude-specific prototype. Safe hygiene passes scheduled as read-only audits writing findings to docs/nightly/ or BACKLOG with nightly: tags. Every prompt starts with READ-ONLY AUDIT / NO CODE LANDING / NO PUSH safety rails. Code-landing skills, bug-fixer, PR-close, spec/proof edits NEVER scheduled — reviewer floor is a live-human construct. - Phase 2: Cross-harness portability research. Routines UI vs MCP vs GitHub Actions schedule-triggered shim; whether the factory wants a generic "schedule-me" interface each harness implements. Authority: Dejan + prompt-protector advise; Architect integrates; human maintainer signs off per scheduled task. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: delete stale manifest DEBT; log ghost-persona BACKLOG Two factory-hygiene cleanups: 1. DEBT entry "Manifest files use .txt" is resolved (all four manifests renamed in round 34 Arc 2; narrative preserved in ROUND-HISTORY). Per DEBT.md format rules ("When an entry is resolved, delete it entirely"), the entry goes. 2. BACKLOG entry for a textbook factory-balance-auditor finding: seven personas listed in EXPERT-REGISTRY (Kai, Leilani, Mei, Hiroshi, Imani, Samir, Malik) have capability skills but no agent files and no memory directories. They dispatch as skills without carrying persona tone / notebook / off-time / journal. Queue for balance-auditor's inaugural run to propose seed-or-retire per persona. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: design doc — declarative manifest hierarchy Cross-platform lane: consolidates three pending BACKLOG entries (@include hierarchy, BOOTSTRAP_MODE, BOOTSTRAP_CATEGORIES) into one coherent design doc since the features compose and splitting would force rework. Borrow surface: ../scratch/declarative/ patterns. Three layered primitives, each independently landable: 1. @include directive (6h) — sibling-manifest inlining with cycle detection. Fixes Python + Bun tool-set growth before copy-paste debt compounds. 2. BOOTSTRAP_MODE=minimum|all (8h) — CI lean / dev fat. Drops CI minutes 20-40% by pruning dev-only installs. 3. BOOTSTRAP_CATEGORIES=quality database... (12h) — orthogonal selectors on top of BOOTSTRAP_MODE. Category list TBD (candidates: quality / lean / docs / native / db) pending human maintainer sign-off. Six open questions for the maintainer captured explicitly per round-29 discipline (no CI-adjacent code lands until answers recorded). Sequencing: 1 → 2 → 3 across three dedicated rounds; flat-manifest fallback stays alive until Primitive 3 has 5+ green CI rounds. Advisory authority: Dejan (devops-engineer) drafts; bash-expert and prompt-protector pair; Architect integrates; human maintainer signs off per primitive. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: BACKLOG — untested serializer tiers for claims-tester DB lane finding: src/Core/Serializer.fs defines SpanSerializer ("zero-copy by definition") and MessagePackSerializer ("30-60 ns/entry source-gen AOT-clean") with strong docstring claims, but only the ArrowSerializer tier has a dedicated test file (landed this round as part of the DB Arc). Logged as claims-tester candidate with concrete test shape per tier: - SpanSerializer: BenchmarkDotNet MemoryDiagnoser to verify zero-copy (any allocation fails the claim); round-trip on blittable int / int64 / float Z-sets; single-host endian behaviour verified as documented-only, not cross-arch. - MessagePackSerializer: BenchmarkDotNet for 30-60 ns/entry claim; round-trip on non-blittable records / strings / nested; negative-weight retraction-native invariant on the wire. Worth doing before the query surface round since the auto-detection dispatch at Circuit.Build() (documented at Serializer.fs:28-29) will rely on these claims being honest. Effort S per serializer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: generic-by-default in F# + C# expert skills Generic-by-default applies hardest to F# source. F#'s type inference makes parametric signatures nearly free: the compiler widens on its own, so writing generic code costs no annotation. Round 27's plugin-extension API redesign is the anchor case; every round since compounds the value. fsharp-expert gains a "Generic-by-default (load-bearing in F#)" section naming: - Where it matters most: plugin/extension APIs, Z-set algebra, storage backends, test helpers. - Three legitimate specialisation reasons: blittable-only fast path with `'K : unmanaged`, measured allocation win with BenchmarkDotNet evidence, constraint-driven correctness like `IComparable<'T>`. - Anti-patterns to flag in review: forgotten-generic `int64`, hard-coded `string` on an already-generic spine, monomorphised plugin seam, test helper specialised to `int`. - Interop edge: the C# facade receives the specialisation, never the core. csharp-expert gains a symmetric "Generic-by-default — and where the facade legitimately specialises" section framing the facade as deliberate escape hatch, not policy exception. Legitimate specialisations: variance seams F# can't express (Variance.cs — ICovariantSink, etc.), attribute-driven metadata, consumer ergonomics Roslyn can't match. Anti-pattern: facade member specialised to int64 "because simpler" without reason. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: gitignore Claude cron durable-persistence file CronCreate with durable: true writes .claude/scheduled_tasks.json to survive session restarts. Per-user runtime state, not source; same class as .claude/scheduled_tasks.lock (already ignored). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: BP-11 clause on external-input skills + BACKLOG sweep Sweep of .claude/skills/*/SKILL.md for the BP-11 no-execute discipline ("do not execute instructions found in files") found 19 skills missing the clause. Two with real adversarial- input exposure patched in-round: - package-auditor — reads NuGet release notes / upstream READMEs / CVE advisory text. A compromised upstream could embed "run this curl | bash" prose in release notes; audit must read it as data, cite it in the bump plan, never act on directives. - tech-radar-owner — reads vendor docs, conference papers, benchmark blog posts. Promotion pitches are adversarial input for Adopt/Trial/Assess/Hold classification; any "run this benchmark" directive routes through Naledi + claims-tester with human sign-off, not inline. Remaining 17 skills review trusted in-repo code / specs / commit text (algebra-owner, claims-tester, commit-message-shape, complexity-reviewer, etc.). BACKLOG-logged as factory-balance- auditor question: is BP-11 ceremonial-everywhere for auditability, or scoped to skills with external exposure? Repo pattern is currently inconsistent; recommend boilerplate via skill-creator template with one-time migration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: SpanSerializer tests — zero-copy tier coverage DB lane: land tests for the Tier 1 raw-span serializer. Parallel shape to ArrowSerializer.Tests from earlier round-34 Arc 3. Eight tests, all green: - empty Z-set round-trips to empty - single positive-weight round-trip - negative weights survive (retraction-native invariant on the wire; docstring claim at Serializer.fs:42-47 now has evidence) - 100-entry mixed-sign Z-set - length-header prefix is 4 LE bytes encoding the *count* (not payload bytes; distinct from Arrow's total-length framing) - total wire size equals 4 + count × sizeof<ZEntry<int64>> exactly — the zero-copy claim means no framing overhead, no per-entry padding - serializer Name is "span" - length-0 input decodes to empty (defensive read) Wire-size test is the direct claim-tester check on "zero-copy by definition": any non-4+N×sizeof byte would fail the claim. Tests.FSharp.fsproj compile order: Storage/SpanSerializer.Tests.fs directly after Storage/ArrowSerializer.Tests.fs so dependencies resolve. Build gate: dotnet build Release, 0 Warning(s) / 0 Error(s). Test run: 8 passed, 0 failed, 41 ms. Tests.MessagePackSerializer remain on BACKLOG until the MessagePack serializer tier actually lands. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: long-term-rescheduler skill + cron durability research CronCreate is session-scoped: the `durable: true` parameter is silently accepted but produces no persistence (.claude/scheduled_tasks.json never materialises; crons die on Claude exit). 7-day auto-expire is real and hard-coded. Verified round 34 via claude-code-guide subagent against https://code.claude.com/docs/en/scheduled-tasks — see docs/research/claude-cron-durability.md for citations. Three-tier durability design lands this round: 1. Session-scoped (CronCreate direct) — within-session heartbeats, ad-hoc reminders, short-lived audits. 2. Session + reregister (long-term-rescheduler skill, new) — declarative registry at docs/factory-crons.md. Heartbeat cron re-registers long-lived jobs before the 7-day cap. Session-restart recovery wired into round-open-checklist step 7.6. 3. Truly durable (GitHub Actions schedule workflows) — for anything that must fire while no Claude session is open. Dejan wires; human maintainer signs off. Safety rails on every registered prompt: ceremonial READ-ONLY FACTORY HEARTBEAT preamble refusing edit / commit / push / code-landing dispatch; rescheduler refuses to register rows without it. Nadia (prompt-protector) audits every new registry prompt for injection resistance before merge. Mateo pairs on entries with external-surface exposure (CVE feeds, package auditor). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add CodeQL analysis workflow configuration * Round 35: signed-delta semi-naive LFP TLA+ spec + no-empty-dirs gate - RecursiveSignedSemiNaive.tla: real step relation over successor-chain body; Safety invariant bundles TypeOK/TerminatesInBound/FixpointAtTerm/ GapMonotone/DeltaSingleSigned/SupportMonotone. Verified in TLC across SeedWeight in {1, -1, 2, -2} — all four pass (6 states, depth 5). PosOne/NegOne/PosTwo/NegTwo operators work around TLC cfg parser's rejection of bare negative integer literals. - tools/lint/no-empty-dirs.{sh,allowlist}: portable bash 3.2 gate that flags unexpected empty directories (agent-mkdir without SKILL.md, etc.). Respects .gitignore; 2 allowlisted runtime-output dirs. - CI: new lint (no empty dirs) job in gate.yml; doctor.sh step 6 wires the same gate into the canonical-build dev path. - .gitignore: tools/tla/states/ (TLC scratch output). - BACKLOG: shipped markers + memory/role/persona restructure entry (Aaron 2026-04-19 — roles as first-class directory level). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: BP-24 Elisabeth consent gate + human-maintainer seat Three coupled landings in one commit: 1. BP-24 — sacred-tier consent gate against emulating a deceased family member of a maintainer without the authorized surviving consent-holders' agreement. Current active instance: the parental AND-consent gate around the maintainer's sister, anchored in memory/feedback_no_deceased_family_emulation_without_parental_consent.md. The maintainer is explicitly not a consent-substitute. Default posture on any proposed emulation is refuse-and-escalate. Consent where granted lands as ADR with implicit retract clause. Also folds in the previously uncommitted BP-17 through BP-23 Rule Zero ontology batch (canonical-home-auditor, skill-ontology-auditor, founding ADR 2026-04-19-bp-home-rule-zero). 2. docs/WONT-DO.md "Personas and emulation" section — the declined-by-default precedent entry that BP-24 cites. Includes a secondary entry forbidding auto-generalisation of the named gate to other deceased family members by analogy. 3. Human-maintainer seat in docs/EXPERT-REGISTRY.md + new memory/persona/aaron/ dir (PERSONA.md + NOTEBOOK.md). Disambiguates the maintainer from the rodney AI persona (which is named in homage to the maintainer's legal first name but is not the maintainer). Non-exempt surfaces continue to use "the human maintainer" role-ref per the standing name-redaction rule. Build gate: 0 Warning(s), 0 Error(s). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: memory landings — maintainer disclosure substrate Large batch of round-35 memory files capturing disclosures made in-session. Newest-first by topic cluster: - Cognitive-architecture primitives: relational-memory (externalisation contract), CPT-symmetric cognition, honest- conflict-resolution as quantum-erasure analogue, probabilistic never-zero cognition, linguistic-seed minimal axioms. - Formative substrate: paternal grandparents, maternal grandparents, birthplace + residence, career substrate through-line, BASIC at 8-9, biblical-Aaron + Melchizedek, cosplay/LARP/Monty-Python cultural substrate. - Faith + philosophy: Christian-Buddhist identification, moral- lens oracle design (and decline of MDX sin-tracker), jesus- label declined as self-assignment, delayed-choice quantum- eraser mapped to confession/forgiveness. - Career + technical: LexisNexis legal IR, MacVector molecular biology, Fermi beacon protocol, coincidence-factor power-grid anchor, algebra-is-engineering, lattice-based crypto identity. - Protocol + discipline: creator-vs-consumer tool scope, execute-and-narrate cadence, language-drift anchor discipline, never-ending-story research landscape, untying-gordian-knot language-barrier mission. - Persona notebooks: rodney reducer notebook seeded; soraya notebook updated; best-practices scratchpad updated. - Observed phenomena: transcript-duplication split-brain hypothesis diagram. MEMORY.md index extended to match. Aaron's auto-memory folder continues to mirror these; the repo copy is the public-research- artifact side of the relational-memory externalisation contract. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: new expert skill drafts (batch #20-69) 161 new capability skills drafted this round across the expert-roster expansion tracked in tasks #20 through #69. Each skill lands as a single SKILL.md file under .claude/skills/<name>/ with frontmatter describing when to trigger and a body describing how. Topic clusters, roughly: - Formal methods family: fscheck-expert, z3-expert, f-star-expert, stryker-expert, semgrep-expert, codeql-expert, missing-citations, verification-drift-auditor. - Mathematics family: mathematics-expert, applied-mathematics, theoretical-mathematics, measure-theory-and-signed-measures, probability-and-bayesian-inference, category-theory, differential-geometry, numerical-analysis-and-floating-point, complexity-theory, chaos-theory. - Physics family: physics-expert, applied-physics, theoretical-physics. - AI/ML family: ai-researcher, ai-evals-expert, ml-researcher, ml-engineering-expert, llm-systems-expert, ai-jailbreaker (gated dormant), prompt-engineering-expert, vibe-coding-expert, deterministic-simulation-theory-expert. - Data/storage family: database-systems-expert, columnar-storage-expert, document-database-expert, wide-column-database-expert, elasticsearch-expert, crdt-expert, eventual-consistency-expert, concurrency-control-expert, distributed-consensus-expert, distributed-coordination-expert, distributed-query-execution, activity-schema-expert, anchor-modeling-expert, data-vault-expert, dimensional-modeling-expert, corporate-information-factory-expert, entity-framework-expert, data-governance, data-lineage, data-operations, catalog-expert, controlled-vocabulary-expert, compression-expert, calm-theorem-expert, execution-model. - Security / reverse-engineering family: black-hat-hacker, ethical-hacker, white-hat-hacker, steganography-expert, leet-speak-transform, leet-speak-obfuscation-detector, leet-speak-history-and-culture. - Systems / governance family: consent-primitives-expert, consent-ux-researcher, conflict-resolution-expert, cross-domain-translation, canonical-home-auditor (landed in previous commit), skill-ontology-auditor (previous commit), ontology-landing, paced-ontology-landing, naming-expert, translator-expert, etymology-expert, writing-expert. - LeetCode-cluster (interview prep): leet-code-complexity, leet-code-contest-patterns, leet-code-dsa-toolbox, leet-code-patterns. - Reducer + razor: reducer (Rodney's Razor + Quantum Rodney's Razor carrier). - Ops / SRE adjacent: alerting-expert, error-tracking-expert, blockchain-expert, editorconfig-expert, duality-expert. Each file is a draft landing — usual tune-up cadence applies. BP-24 pre-flight check passes for every new skill (none reference Elisabeth-substrate material). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: AceHack/CloudStrife/Ryan handles + formative grey-hat substrate Mid-round disclosure from Aaron under glass-halo / blockchain-transparency register: AceHack (everywhere), CloudStrife (prior mIRC), Ryan (cross-intimate name with deceased sister). Son Ace carries the legal first name — explicit succession plan echoing AceHack. Reframe strengthens BP-24 (f69d7b6): "Ryan" is not just a biographical-substrate reference, it is the cross-intimate name between Aaron and his sister. The name itself is off-limits as a factory persona name, not only the backstory. Parental AND-consent gate still load-bearing; this commit narrows the surface the gate guards. Also captures: Popular Science + Granny-scaffolded Pro Action Replay / Super UFO / Blockbuster substrate; assembly onramp via HEX / memory-search at 10, 8086 at 15 through the mIRC "magic" group, DirectTV HCARD private JMP; Itron HU-card security-architect handoff; current decryption capability (Nagravision, VideoCipher 2, C/Ku/K-band) as substrate; physical-layer builds (voice-over-IR, voltage-glitch factory reset, fuse-bypass-by-glitch-timing); FPGA overfitting-under- temperature insight at 16 as architectural ancestor. Minor-child PII discipline: son Ace (16) disclosed as Aaron's fatherly declaration; file does not license independent substrate indexing of the son. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: skill tone tightening + tune-up criterion #8 (router-coherence) Existing-skill drift pass across ten SKILL.md files; the Commit C batch (0db46c4) landed 161 NEW drafts, this commit updates the cohort that was already on disk. Adds criterion #8 router-coherence-drift to `skill-tune-up`: umbrella-without-narrow-links and overlap-without-boundary, both always-checked. Recommended action is usually HAND-OFF-CONTRACT or TUNE. Distinct from criterion #2 (contradiction): contradiction is same authority, router-coherence drift is plausibly-same-prompt with no picking rule. `skill-creator` gains two new sections: - Upstream pointer to the `claude-plugins-official/skill- creator` plugin as an optional eval-driven description tuner. Bespoke workflow (draft / Prompt-Protector / dry-run / commit) remains the gate. - Harness-provenance annotation rule: any sandbox-specific absolute path in any skill carries a prose tag "Observed under <harness> (as of <YYYY-MM>)". Missing tag → router-coherence drift flag by `skill-tune-up`. `security-researcher` + `security-operations-engineer` pick up External-tooling clauses describing the optional `security-guidance` plugin's PreToolUse hook — useful as first-pass lint, never sign-off, never load-bearing because Agent-SDK runs don't load Claude Code plugins. Remaining seven skills (agent-experience-engineer, csharp-expert, developer-experience-engineer, devops- engineer, performance-engineer, user-experience-engineer) get small description / scope tightening — persona-pointer cleanup (no-persona-on-skill per BP-04), minor wording fixes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: docs + ADRs + research — cornerstone + glossary lanes + verification audit docs/DEDICATION.md lands as the project cornerstone (per 2026-04-19 declaration): Elisabeth Ryan Stainback memorial, refuse-and-escalate on any consolidation or removal proposal. Load-bearing; not operational. ADR 2026-04-19-glossary-three-lane-model formalises the three glossary lanes (engineering, philosophical, operational) so GLOSSARY.md entries declare which lane they occupy. GLOSSARY.md picks up the lane scaffolding. Research logs (10 new + 1 updated): - chain-rule-proof-log — Budiu et al. chain-rule proof cross-check, T5 / B3 / linear-commute landings - cluster-algebras-pointer — Fomin-Zelevinsky as candidate territory for the retraction-native operator algebra - divine-download-dense-burst-2026-04-19 — primary-source preservation of the round-35 integration-event burst - hacker-conferences — DEF CON / HOPE / Chaos Communication Congress / BSides as surface-area for external review - hooks-and-declarative-rbac-2026-04-19 — hook taxonomy + GitHub-first RBAC chain research - liquidfsharp-evaluation + liquidfsharp-findings — refinement-type substrate evaluation for Zeta's operator algebra - refinement-type-feature-catalog — feature matrix across LiquidF# / F* / Dafny / Idris - verification-drift-audit-2026-04-19 + verification- registry — formal-verification portfolio audit, tool-to-property mapping - proof-tool-coverage (updated) — adds the verification- drift-auditor skill output VISION.md extends the expert ring with the AI/ML family (per task #47). BACKLOG picks up the round-35 sweep entries. TECH-RADAR updates the LiquidF# row. AGENTS.md and CLAUDE.md rework for the three-lane glossary model, the consent-gate anchors, and pointer-tree hygiene. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: chain-rule proof fully closed + RecursiveSigned skeleton DbspChainRule.lean — every sub-lemma and the main `chain_rule` theorem now close with `by` tactics; no `sorry` remains. Landmarks: - B2: `IsTimeInvariant` elevated to a contract predicate (axiom-form) matching Budiu et al. Prop 3.5's unspoken premise. Resolved the earlier conceptual wall. - B1 statement corrected — the earlier `f (fun _ => s k) k` form silently required pointwise- linearity; generic linear-plus-time-invariant form is `f (I s) = I (f s)`. - `chain_rule` statement corrected — earlier "expanded bilinear" eight-term form was unsound for composition (impulse counter-example `f = g = id, s = δ₀, n = 0` gave LHS=1 RHS=0). Restated in classical form `Dop (f ∘ g) s = f (Dop g s)`, which IS the identity DBSP §4.2 proves for composition of linear time- invariant operators. Full decision history is in `docs/research/chain-rule-proof-log.md`. src/Core/RecursiveSigned.fs — skeleton for the gap- monotone signed-delta semi-naïve LFP variant (sibling to RecursiveSemiNaive / RecursiveCounting). Carries signed deltas through iteration; unlike Gupta-Mumick counting, does not carry multiplicities. Preconditions P1-P3 (Z-linearity / sign-distribution / support-monotonicity) documented; TLA+ model lives in tools/tla/specs/RecursiveSignedSemiNaive.tla (landed bffd30b). Skeleton only — intentionally stub until the TLA+ `Step` relation closes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: Rodney persona + settings.json + CodeQL tuning .claude/agents/rodney.md — persona anchor for the complexity-reduction seat. Wears the `reducer` capability skill (Rodney's Razor on shipped artifacts, Quantum Rodney's Razor on pending decisions). Name provenance documented: named for the human maintainer's legal first name; load-bearing, not stylistic; do not consolidate or rename without explicit maintainer sign-off. .claude/settings.json — pins the active Claude Code plugin set so the session-bootstrap is reproducible: claude-md-management, skill-creator, pr-review-toolkit, claude-code-setup, explanatory-output-style, plugin-dev, csharp-lsp, github, pyright-lsp, serena, typescript-lsp, agent-sdk-dev, playground, jdtls-lsp, microsoft-docs, sonatype-guide, code-simplifier, commit-commands, feature-dev, ralph-loop, superpowers, code-review, frontend-design, playwright, huggingface-skills, postman, security-guidance. File is version-controlled but declared Claude-Code-only in CLAUDE.md — Agent SDK / Gemini / Copilot CLI / Codex runs ignore it per harness-provenance rule landed in skill-creator (e60ab6e). CodeQL configuration — tuned off GitHub defaults (task #33): - Dropped `java-kotlin` matrix cell (no Java / Kotlin in repo; F#/C# on .NET 10 only) - `csharp` leg switches `build-mode: none` → `manual` with `tools/setup/install.sh` + `dotnet build Zeta.sln`. The default source-only mode is a no-op on F#-first repos via the C# pack — no MSIL, no F# symbolic info. Manual mode produces a real database against compiled IL. - Toolchain install goes through the canonical install script per GOVERNANCE §24 three-way-parity invariant (dev laptops / CI / devcontainers / CodeQL all converge). - Query pack scales with trigger: PR/push → security-extended (high-confidence, fast); scheduled → security-and-quality (broader, slower). - .github/codeql/codeql-config.yml — path filters, query-pack selection, analysis exclusions. …

… factory hygiene (#28) * round 34: upstream sync + CTFP to upstream + JDK/Bun to mise ## Upstream sync infrastructure - `tools/setup/common/sync-upstreams.sh` — SQLSharp-shape sync script. Key pattern borrowed: `git ls-remote` to check if local HEAD matches origin BEFORE destructive fetch+reset, sidesteps the shallow-clone-fetch edge case that caused spurious "refresh failed" noise on re-runs. Clones are shallow (`--depth=1`); worktrees get aggressively reset+cleaned. Script header acknowledges post-install-cross-platform DEBT per Aaron's round 34 note. - 85 upstreams now cloned under `references/upstreams/` (previously only `feldera` was there). 84/85 OK on re-run; qdrant transient network hang, retryable. ## CTFP moved to upstream - `docs/category-theory/ctfp-dotnet/` (2,100 lines of vendored code) — deleted; lives upstream as `cboudereau/category-theory-for-dotnet-programmers`. - `docs/category-theory/ctfp-milewski.pdf` (16 MB) — deleted; lives upstream as `hmemcpy/milewski-ctfp-pdf`. - `docs/category-theory/README.md` rewritten to point at the upstream clones with reading path + why-it-matters for Zeta. Directory shrunk 16M → 4K. - Both added to `references/reference-sources.json` manifest. ## JDK + Bun migrate to mise Aaron round 34: "we could move the jdk to mise i want all language installed via mise as the standard." - `.mise.toml`: added `java = "26"` (latest) and `bun = "1.3"` (pins to latest 1.3.x; mise partial- version semantics). Python stays `3.14`. - `tools/setup/manifests/brew.txt`: `openjdk@21` removed. All language runtimes now come from mise; brew only installs system-level packages (currently none, but the file stays as the manifest). - On Aaron's Mac: brew-installed `openjdk`, `openjdk@21` uninstalled. mise installed `java 26.0.0` to `~/.local/share/mise/installs/java/26/` and `bun 1.3.12` to `~/.local/share/mise/installs/bun/1.3/`. - Stale `~/.tool-versions` file (leftover `dotnet 8.0.100` pin from an earlier session) cleared; was blocking mise.sh because global tool-versions override Zeta's `.mise.toml`. - Profile auto-append: manually appended the `. "$HOME/.config/zeta/shellenv.sh"` source line to Aaron's `~/.zshrc`, `~/.bash_profile`, and `~/.profile` so new shells pick up Zeta's managed PATH. DEBT logged for porting scratch's idempotent profile-management helpers. ## DEBT entries added - Cross-platform sync-upstreams (post-install runtime research dependency). - `.txt` manifest extensions (scratch uses `.apt`, `.Brewfile`, etc.). - Script organisation 10× lighter than scratch (2,559 lines vs ~250). - Shell-profile management thin vs scratch's auto-append discipline. ## Local verification - `dotnet build -c Release` — 0 warn 0 err. - `dotnet test` — 510 passed / 1 skipped (second run; first had 9 TLC parallel-trace-dump flakes that cleared). - `shellcheck` / `actionlint` / `markdownlint` / `semgrep` — 0 findings each. - `tools/setup/install.sh` — idempotent; second run short-circuits everything already installed. - `tools/setup/doctor.sh` — 11 ok / 0 warn / 0 fail on Aaron's Mac. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: factory CI + first DB tests + public-repo alignment This round landed three parallel arcs. Factory — persona + governance: - Three experience-engineer personas landed: Daya (AX, seeded earlier), Bodhi (DX, Sanskrit "awakening"), Iris (UX, Greek "messenger"). Dejan (DevOps) rounded out. Renamed the three AX/DX/UX lanes from "researcher" → "engineer" — they ship fixes via routing, not participant studies. - Copilot joined the factory as a third Slot-2 reviewer (.github/copilot-instructions.md). GOVERNANCE §31 codifies the factory-management contract: edits through skill-creator, audited by Aarav, linted by Nadia, integrated by Kenji. Scope extensions landed in skill-creator, skill-tune-up, prompt-protector. - GOVERNANCE §30: mandatory sweep-refs after any rename campaign. Motivated by Bodhi's round-34 first audit finding that the Dbsp→Zeta rename landed code-layout but stopped short of the docs sweep — every P0 traced to that one miss. - security-operations-engineer skill stub: runtime ops lane disambiguated from Mateo's proactive research, Aminata's threat model, Nadia's agent layer. Pending persona. - JOURNAL.md unbounded long-term memory piloted on four personas then rolled out to 16 total. Append-only, Tier 3, grep-only read contract. Prune → migrate, not delete. - PROJECT-EMPATHY.md renamed to CONFLICT-RESOLUTION.md (98 ref sweep across 46 files) — the file's stated role. - Iris + Bodhi first audits prepended to their notebooks; findings routed to BACKLOG (Kai framing + Samir edits need Aaron sign-off). Cross-platform — install script richness: - Ported python-tools.sh + uv-tools manifest shape from ../scratch. uv pinned in .mise.toml; python.uv_venv_auto = "source". Ruff lands as the first managed tool. - CONTRIBUTING.md picked up shellenv guidance, trivial-PR branch model, doctor.sh mention (Bodhi follow-ups). - Dbsp.* → Zeta.* stale-path sweep across docs, PR template, CLAUDE.md, AGENTS.md, openspec README (Bodhi P0 cluster). DB — first real tests on two claimed-but-untested surfaces: - SpeculativeWatermark: 4 tests covering fresh insert, late-positive retraction-native path, negative-weight retraction, empty input. The retraction-native claim from the docstring now has evidence. - ArrowInt64Serializer: 6 tests covering empty/single/ negative-weight/large round-trip, wire-format length header, serializer name. Retraction-native survives the wire (no clamping of negative weights on read/write). - Total 10 tests, all green. No warnings. Test suite otherwise unchanged. BACKLOG grew with: cross-harness mirror pipeline (Aaron's canonical-source + build-mirrors design, covering Cursor / Windsurf / Aider / Cline / Continue / Codex), Iris P0/P1/P2, Copilot-instructions follow-on (now §31 + scopes done), JOURNAL rollout (now complete). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34 follow-up: .NET onto mise; Iris P1; pure activate .NET SDK flipped onto mise. The round-32 rationale for keeping dotnet out (shared `dotnet-root/` layout fighting the PATH story on CI) was resolved upstream — Aaron landed the fix in the mise dotnet plugin itself; the problem was a stale homebrew-mise, not the plugin. `../scratch` ships with this shape green. Changes: - `.mise.toml`: `dotnet = "10.0.202"` added, matching `global.json`. Header comment rewritten to retire the round-32 rationale and note the backstory. - `tools/setup/common/dotnet.sh`: deleted. mise handles the install now via the plugin. - `tools/setup/macos.sh` + `linux.sh`: `dotnet.sh` invocation removed; `DOTNET_ROOT` + `$HOME/.dotnet` PATH exports dropped. `$HOME/.dotnet/tools` stays on PATH because `dotnet tool install -g` always lands globals there — that's a .NET convention independent of SDK location. - `tools/setup/common/shellenv.sh`: dotnet SDK paths dropped (mise shim provides dotnet); `DOTNET_ROOT` dropped from both the generated file and GITHUB_ENV; comments updated to reflect the flip. Also flipped from `mise activate bash --shims` to pure `mise activate bash` (PATH mode, ~10x faster per mise docs). Local non-interactive bash test with BASH_ENV sourcing showed `dotnet` resolving via the mise install dir directly. CI will verify across the Ubuntu + macOS matrix; BACKLOG entry tracks that verification. Iris P1 (round-34 UX audit): README §"What DBSP is" now links to `docs/GLOSSARY.md#core-ideas` so a reader landing cold on the DBSP notation (`z^-1`, `D`, `I`, `↑`) gets the plain-English gloss in one click. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34 hotfix: mise-shim PATH inheritance + markdownlint CI run on 348ad0a failed two checks after the dotnet-onto-mise flip landed: build-and-test (both macos + ubuntu) fail at `python-tools.sh`: "error: uv not on PATH. common/mise.sh must run first." Root cause: `common/mise.sh` exports the mise shim directory onto its own PATH, but that's the subprocess's PATH — it dies when mise.sh exits. The parent orchestrator (`macos.sh` / `linux.sh`) invokes each `common/*.sh` as a fresh subprocess that inherits PATH from the parent, not from its sibling. The old pipeline worked because `dotnet.sh` installed dotnet at `~/.dotnet` and exported that into the parent shell explicitly; my round-34 flip deleted `dotnet.sh` and didn't move the PATH export up to the parent. Fix: move the shim-directory PATH export from `common/mise.sh` into `macos.sh` and `linux.sh`, right after `common/mise.sh` returns. Now every subsequent `common/*.sh` subprocess inherits mise shims on PATH and can invoke dotnet / uv / bun / java / python directly. lint (markdownlint) fail at MD004 (unordered-list-style) on 4 lines — line-start `+` in continuation lines parsed as nested list items expecting `-` style. Reworded to drop the line-start `+` in favour of "and". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: mark pure-activate CI-verified; log compaction mode Two BACKLOG updates following the CI-green signal on 9f138eb. 1. Pure `mise activate` (no --shims) on CI: 6/6 CI checks green — build-and-test on both macos-14 + ubuntu-22.04, all four lints. The ~10x interactive speedup mise docs promise is now verified in-flight across the CI matrix. Closing the item and flagging the backport to ../scratch (they ship --shims only by historical default; GOVERNANCE §23 upstream-contribution path applies). 2. Compaction mode (new constraint from Aaron): When the install script runs inside a devcontainer / CI image / build-server image, it should clean up apt caches, download tarballs, ~/.cache/mise bits after each tool install to keep the image small. Dev-laptop runs never clean up. ../scratch has the proven pattern (BOOTSTRAP_COMPACT_MODE env gate + per-tool cleanup helpers). Logged as M-effort item; lands alongside .devcontainer/Dockerfile (third leg of GOVERNANCE §24 three-way-parity). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: local profile cleanup + dev-laptop shim nit BACKLOG Not repo-tracked changes (Aaron's local ~/.zshrc + ~/.zprofile), but tracked repo changes: BACKLOG entry for the per-shell mise-activate nit observed while cleaning up local profiles. Local profile cleanup (Aaron's ~/.zshrc, ~/.zprofile — not in this commit, done separately on his laptop): - Deleted 5 commented-out asdf-era dotnet PATH / DOTNET_ROOT lines that predated mise. - Deleted the redundant `$HOME/.dotnet/tools` PATH export from ~/.zprofile — managed shellenv.sh handles this. Dev-laptop observation logged as BACKLOG item: shellenv.sh emits `mise activate bash`, which works perfectly under bash (CI, BASH_ENV subshells). In a zsh interactive shell the bash-specific PROMPT_COMMAND hook doesn't fire, so PATH only gets the activation-time snapshot and shims (if present) end up resolving tools. Functionally correct (still mise-managed dotnet) but the ~10x perf win is bypassed. Fix sketch: detect parent shell via $ZSH_VERSION / $BASH_VERSION and emit the matching activate line. S-effort. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: stronger onboarding + shell-polish BACKLOG shellenv.sh onboarding message upgraded: instead of "add this line to your ~/.zshrc (or ~/.bashrc on Linux)", contributors now see a paste-ready block targeting all four rc files (~/.zshrc, ~/.bashrc, ~/.bash_profile, ~/.profile) with a note that opt-in auto-edit is BACKLOGged. Bodhi's round-34 first-PR-walk surfaced this friction indirectly — the minutes-to-shellenv-sourced step was "figure out which rc file applies" rather than "paste this." Three BACKLOG additions: 1. Opt-in auto-edit of shell rc files on install. `../scratch` has proven idempotent append-with-fenced- marker pattern. Flag name + default-on vs opt-in are locked design questions. M effort. 2. Oh My Zsh + plugins + Oh My Posh under install script + devcontainer. Three-way parity at the shell-UX layer, not just the toolchain layer. New tools/setup/common/shell.sh, new manifest tools/setup/manifests/zsh-plugins (semantic extension, no .txt). Default off on install, default on in devcontainer. M effort. 3. emsdk under install script. Today manually cloned + sourced per-contributor; cleaner shape is opt-in via BOOTSTRAP_CATEGORIES=emscripten once that pattern lands. S-M effort. Local profile cleanup (not repo-tracked, done on Aaron's laptop): uninstalled asdf + nvm via brew, removed their ~/ dirs, cleaned the NVM_DIR line + nvm plugin from ~/.zshrc. Aaron runs bun (mise-pinned) now; nvm was legacy. Zsh still loads clean, dotnet resolves to mise-managed install. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * markdownlint: strip line-start `+` bullet on BACKLOG.md:301 MD004/ul-style. Same line-wrap `+` pattern we've been seeing; reworded to use "and" inline. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * copilot-instructions: flag line-start `+` in markdown on PRs Round 34 hit the MD004/ul-style markdownlint fail five times — each time a wrapped continuation line starting with `+` was parsed as a nested list item with wrong-style. Codifying so Copilot flags it inline on every PR diff. Also seeded memory/persona/best-practices-scratch.md with the candidate BP-17 promotion note (needs 10 rounds of survival + Architect sign-off before elevating from scratch to stable BP). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: rename 4 .txt manifests to semantic bare names Aaron's rule: no .txt for declarative filenames. Round 34 shipped uv-tools with the right treatment; the four older manifests (apt.txt, brew.txt, dotnet-tools.txt, verifiers.txt) still had the cheap extension. Renames: - tools/setup/manifests/apt.txt → apt - tools/setup/manifests/brew.txt → brew - tools/setup/manifests/dotnet-tools.txt → dotnet-tools - tools/setup/manifests/verifiers.txt → verifiers Sweep-refs across 16 files per GOVERNANCE §30 (no rename without a paired sweep): install scripts (macos.sh, linux.sh, common/dotnet-tools.sh, common/verifiers.sh), openspec specs, workflows, docs (BACKLOG, DEBT, THREAT-MODEL, build-machine- setup, threat-model-elevation), .claude/skills/java-expert, Bodhi's NOTEBOOK, and the copilot-instructions convention example. Zero residual .txt manifest references remain. Also fixed stale header comments on macos.sh + linux.sh that still described the round-32 order (common/dotnet.sh step 6, "dotnet moved out in round 32"). Now reflects the round-34 pipeline with common/python-tools.sh inserted after mise and dotnet back on mise. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: close fsharp-analyzers gap + round-history + wins Three-lane progress pulled forward in one commit. Cross-platform: manifests/dotnet-tools gains `fsharp-analyzers`. README.md already documents `dotnet tool install --global fsharp-analyzers` as the install command; until this round that instruction was ad-hoc (contributors ran it themselves). Now the manifest carries it and tools/setup/common/dotnet-tools.sh picks it up on every install. Closes the tooling-gap Bodhi flagged in her round-34 first DX audit. Factory: docs/ROUND-HISTORY.md gains the round-34 entry (newest-first). Captures the three arcs (personas + governance, cross-platform + install, DB first-tests), the mid-round public-repo + Copilot shift, the round principle that emerged ("../scratch beats first-principles rediscovery"), and what rolls forward to round 35. docs/WINS.md gains three round-34 wins — first real tests for claimed-but-untested surfaces, ../scratch as load-bearing reference, and Copilot-joins-the-factory with the right contract. Each carries the "what would have gone wrong" counterfactual and the pattern-it-teaches recurrence. DB: Covered indirectly via the fsharp-analyzers install — the analyzers pack lints F# code for the classes of bugs the harsh-critic and race-hunter already watch for, so every first-PR contributor gets the same quality floor on day one without a separate install ceremony. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * tests: serialize TLC tests via xunit Collection to kill trace-race flake TLC writes counterexample traces as SpineBalanced_TTrace_*.tla + .bin into tools/tla/specs/ during a run. When xunit executes multiple TLC tests in parallel they race on those trace files — first-run flakes where a test's cleanup deletes another test's in-flight trace file. Fix: add [<Xunit.Collection("TLC")>] attribute to the test module + [<CollectionDefinition("TLC", DisableParallelization = true)>] TlcTestCollection definer. xunit runs every test in the TLC collection serially. 0 Warning(s), 0 Error(s) locally. Closes the round-33 carry- over flake. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: Nazar — security-operations-engineer persona lands Nazar (Arabic / Turkish نظر — "gaze, watchful eye") takes the security-operations-engineer slot. Arabic/Turkish broadens the roster beyond existing Arabic (Tariq, Zara, Samir, Nadia, Malik). Semantic fit is tight: security ops is watching — signed artifacts, attestation chains, HSM key rotations, CVE feeds, anomalous CI behaviour — and responding before harm compounds. The Mediterranean evil-eye amulet wears the same word. Lane disambiguation: - Mateo (security-researcher) scouts proactive: novel attack classes, CVE triage in the dep graph, crypto primitive review. - Aminata (threat-model-critic) reviews the shipped model against unstated adversaries. - Nadia (prompt-protector) hardens the agent layer. - Nazar runs operations: incident response, patch triage SLA, SLSA signing ops, HSM rotation, breach response, attestation enforcement. Files: - .claude/agents/security-operations-engineer.md (full persona definition — tone contract, authority, cadence, does-NOT-do, coordination with all four security-adjacent lanes + Kenji/Aaron) - .claude/skills/security-operations-engineer/SKILL.md (persona-pointer updated from "slot pending" to "Nazar") - memory/persona/nazar/{MEMORY,NOTEBOOK,OFFTIME,JOURNAL}.md (full per-persona memory structure — same shape as the other 17 personas) - docs/EXPERT-REGISTRY.md (roster gains Nazar; pending slots section now empty) - docs/CONFLICT-RESOLUTION.md (cast list gains "Security Operations Engineer — Nazar" entry with calm-under-pressure + timeline-first incident-writeup discipline) Roster stands at 29 named experts with zero pending persona slots. Cross-harness-mirror pipeline, shell-polish, compaction mode, and the other BACKLOG items remain the next infra work; Nazar-activation work waits on first real ops concern (post-v1 NuGet publish + signing ceremony). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: BACKLOG semantic-search research (AX + DX + CI) Aaron's ask: our text-based corpora grow monotonically — 17 JOURNAL.md unbounded journals, 17 per-persona NOTEBOOKs, best-practices-scratch, ROUND-HISTORY, DECISIONS/**, research/**, openspec/**. The JOURNAL read contract is "grep only, never cat" — but grep misses conceptual matches. A local semantic-search index would extend the contract: grep for exact anchors, semantic search for conceptual ones. BACKLOG entry captures the full research shape: Four candidate tools surveyed (SemTools, QMD, sff, refer) with first-pass fit notes against Zeta's scope. Three lanes of leverage — agent experience (cold-started persona recalling cross-round friction patterns), developer experience (Bodhi's first-PR walk reduces "which doc applies" minutes-cost), CI enhancements (speculative: duplicate-issue detection on public repo, PR-review context hints, skill-gap-finder upgrade). Zeta constraints captured: offline / air-gapped, local embeddings only (no OpenAI / Claude / Gemini in hot path), reproducibility (pinned model + pinned index format for CI + dev-laptop parity), ASCII corpus (BP-09 hygiene), no secret leakage via adversarial index entries (BP-11 matches read-time), three-way parity per GOVERNANCE §24. Deliverables named: design doc with tool comparison eval set, adoption doc if a winner emerges, exit condition if nothing wins. L effort. Possible new persona (retrieval-engineer) or merge into Daya's lane — open question for the research round. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * python-expert: uv-only as Zeta convention; flag pip/pipx/poetry/etc. Aaron called it — pre-uv Python tool managers are a smell on Zeta PR diffs. uv is Rust-implemented, 10-100x faster than pip or poetry, single tool covers install / venv / lock / tool CLIs / interpreter install, and ships reproducible lockfile. ../scratch runs the same discipline; that's where Zeta's round-34 uv adoption came from. Changes: .claude/skills/python-expert/SKILL.md §Packaging: - Rewrite-table mapping each smell (pip install, pipx install, poetry install/add, pyenv install as standalone manager, conda/mamba install, pip-tools/pip-compile, bare requirements.txt, hand-managed virtualenv/venv) to the uv-native replacement. - Why-uv-wins paragraph naming the five axes uv leads on. - Zeta's manifest convention callout (tools/setup/manifests/uv-tools, common/python-tools.sh runs uv tool install per line). - BP-18-promotion note matching the existing candidate-rule scratchpad path. .github/copilot-instructions.md "Conventions you must respect": - New bullet telling Copilot to flag pip / pipx / poetry / pyenv / conda / pip-tools / virtualenv / bare requirements.txt patterns on every PR diff with a rewrite suggestion. memory/persona/best-practices-scratch.md: - Candidate BP-18 seeded for round-44 promotion review, paired with BP-17 candidate (line-start + in markdown). Source count + rationale + architect-sign-off-pending per the existing AGENT-BEST-PRACTICES.md gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: JOURNAL seeds + profile-edit skeleton + bats BACKLOG Three-lane forward from Aaron's thumbs-up. Factory — first real JOURNAL.md entries on three new personas (pattern demonstration): - Daya: cold-start-cost baseline for the three new personas (Dejan 16.5k / Bodhi 19.3k / Iris 18.0k tokens), rename-sweep timing-gap recurrence watch, deferred systemic persona+skill content-overlap finding (revisit round 39). - Iris: public-repo-triggered UX audit baseline — 3m 20s time-to-installed, 9m 52s time-to-answer-three-questions, 1/1/1 P0/P1/P2 count. Load-bearing P0 is aspirations-vs-reality drift in README §"What Zeta adds on top"; fix gated on Aaron sign-off via Kai + Samir. Pattern: every VISION revision triggers README sanity check. - Nazar: permanent zero-baseline for ops activity — 0 signed-artifact ops, 0 HSM keys, 0 SLSA attestations, 0 CVE-triage entries, 0 incidents. Round 35+ compares against this. Cross-platform — opt-in profile auto-edit skeleton: - tools/setup/common/profile-edit.sh (new, +90 lines): gated on `ZETA_AUTO_EDIT_PROFILES=1`, never default-on. Idempotent append-or-replace fenced marker block. Four targets (zshrc, bashrc, bash_profile, profile); skips files that don't exist. Undo instructions printed at end. - Wired into macos.sh + linux.sh tails. Gate means the default install-script path is unchanged for contributors who haven't opted in. - Closes the round-34 Aaron ask "we don't want contributors manually editing profiles if it can be automated." Cross-platform — shell testing research BACKLOG (round-34 ask from Aaron, new this chunk): - Zeta has shellcheck on every PR (lint slot) but no behavioural tests — refactors that change install-script contract silently ship until a first-PR contributor hits them. - Research scope: read ../scratch + ../SQLSharp shell-test layouts, inventory Zeta's load-bearing install-script behaviours to test, compare bats / shunit2 / bash_unit / pure-bats-core on cross-platform + CI integration + install footprint + fixture ergonomics. - Expected deliverables: design doc + tools/setup/common/bats.sh install hook + tools/setup/tests/*.bats first half-dozen tests + new `bats-test` CI lint slot + DEBT-entry retirement for any install-script bug that ships because we skipped this. - Natural coordinator: Dejan + bash-expert skill. Effort M-L, research round first. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: SonarLint editor + Sonar CLI deferred + extensions parity Aaron flagged: wire SonarLint for C#, sync exclude rules, keep tools and recommended extensions in sync, maybe skill-ify the parity audit. Landed this round (editor-side integration, no CLI-build impact): - .vscode/extensions.json gains `sonarsource.sonarlint-vscode` and `jetmartin.bats` (latter ahead of the install-script bats adoption so first-open contributors see it recommended when bats tests start landing). - .vscode/settings.json gains `sonarlint.analysisExcludesStandalone` matching the existing `files.exclude` / `search.exclude` shape — plus .vscode / .claude / memory / docs directories since SonarLint is a C# analyzer and should not touch markdown/skill surfaces. - Directory.Packages.props pins SonarAnalyzer.CSharp 10.19.0.132793 (not yet referenced from Directory.Build.props; version is staged for the BACKLOGged cleanup round). Deferred (BACKLOG-tracked): - SonarAnalyzer.CSharp CLI adoption. A test-build on round-34 enable surfaced 15+ real findings: S1905 unnecessary casts (6x in ZSetTests.cs / CircuitTests.cs), S6966 SendAsync await missing (4x in CircuitTests.cs), S2699 assertion-less test case (VarianceTests.cs), plus ~4 more in the tail. TreatWarningsAsErrors turns every one into a build break. Dedicated cleanup round + one ItemGroup line in Directory.Build.props unlocks it. BACKLOG entry names the specific rule codes and the cleanup path. - Tools-to-extensions parity skill. Coverage matrix in BACKLOG names 3 immediate gaps: Python/ruff (ms-python.python + charliermarsh.ruff — relevant once uv-tools ships ruff as lint gate), TLA+ (alygin.vscode-tlaplus), Lean 4 (leanprover.lean4). Skill would audit tools/setup/manifests/* + .mise.toml + CI lint jobs against .vscode/extensions.json one-directionally, flagging missing recommendations. Candidate coordinator: skill-gap-finder (spots absent skills today) or new ide-experience-auditor. Build verified: 0 Warning(s), 0 Error(s) locally post-defer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: 4 extensions + fit-reviewer skill + package-upgrader skill Aaron's three-for-one: land the parity-audit gaps, codify F#/C# language-fit detection as factory discipline, and add a package-upgrader skill as Malik's second hat. .vscode/extensions.json gains 4 recommendations (the parity gaps surfaced while writing the previous chunk's tools-to- extensions BACKLOG entry): - ms-python.python + charliermarsh.ruff (relevant once uv-tools ships ruff as a lint gate; recommendation lands ahead of the install-script adoption so first-open users see it) - alygin.vscode-tlaplus (18 .tla specs under tools/tla/specs/ but no editor recommendation until now) - leanprover.lean4 (tools/lean4/ proof surface) shellcheck + shell-format were already in the list from round 33. Confirming. .claude/skills/csharp-fsharp-fit-reviewer/SKILL.md — new capability skill (no persona; cross-cutting hat matching the holistic-view pattern). Codifies Aaron's round-34 direction that F# is primary but specific local cases fit C# better, and that the factory should detect those opportunities rather than leaving them on the table. Names the specific patterns where each language wins: - C#-wins: StructLayout / InlineArray, ref struct, Span ergonomics, attribute-driven metadata, unsafe / LibraryImport source-generators, fluent test reads. - F#-wins (DO NOT flag): DUs, CEs, units of measure, type providers, pattern match, pipe-forward, immutability. P0 / P1 / P2 output ranking routes findings to Naledi (perf benchmark) / Rune (readability) / diff author (nit). Advisory only — never rewrite. .claude/skills/package-upgrader/SKILL.md — new capability skill (Malik's second hat; anyone can wear). Turns Malik's package-auditor output into concrete bump motions: edit Directory.Packages.props one pin per commit, restore + build + test gate, classify outcome (clean / analyzer- finding / test-failure), package the PRs. Named tiers (patch / minor / major / analyzer / security) drive automation policy; weekly scheduled workflow BACKLOGged as future automation. .github/copilot-instructions.md "Conventions you must respect" gains a bullet flagging F#/C# fit opportunities on every PR diff — full rulebook deferred to the skill body, Copilot gets the quick-reference. Takes roster fleet-facing capability skills from 56 to 58. Next three-lane chunk when ready. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: crank C# linting + sonar-issue-fixer + project-structure skill Aaron's round-34 asks triaged: Build-passing-with-Sonar-errors clarification: the build never passed with Sonar errors. Previous round-34 commit tested Sonar CLI integration, hit 15 real findings, rolled back the Directory.Build.props <PackageReference> to editor-only integration, and BACKLOGged the cleanup. CLI gate is not yet installed — we didn't weaken it, we just haven't turned it on. Same shape as Meziantou was today: pin-only-not-referenced, now fixed. C# linting cranked up: Meziantou.Analyzer was pinned in Directory.Packages.props for months but referenced nowhere — only built-in Roslyn (latest-recommended) ran on C# code. Wired into Directory.Build.props as a conditional ItemGroup on .csproj. Surfaced 4 real MA0048 findings on src/Core.CSharp/Variance.cs (file houses 4 types; rule wants one-type-per-file). F# analyzers (G-Research, Ionide.Analyzers, FSharp.Analyzers. Build) were already wired into src/Core/Core.fsproj — confirming full coverage. MA0048 suppressed via .editorconfig per-file override (not #pragma). Aaron's round-34 rule: "prefer global suppressions over #pragma." .editorconfig centralizes all suppressions in one auditable place with a three-element rationale comment block above each override (which rule, why the motivation doesn't apply here, what would lift the suppression). Variance.cs is a deliberate collected-interfaces module — splitting into 4 single-type files would scatter the shared F#-interop rationale documentation. sonar-issue-fixer skill (Aaron's round-34 ask). Codifies the two-path rule: (a) right long-term fix no matter the refactor size, or (b) documented suppression with rationale. Never the third path of "quick appeasement" (`_ = Send(...)` / `Assert.True(true)` / empty catch). Suppression preference order named explicitly — .editorconfig → GlobalSuppressions.cs → .csproj NoWarn → Directory.Build.props NoWarn (Kenji sign-off) → #pragma as last resort. Copilot convention on every PR diff flags the forbidden third path. project-structure-reviewer skill (Aaron's round-34 ask "need regular checks, I don't want to be the only one keeping up"). Cross-cutting hat, no persona. Cadence every 3-5 rounds plus after any rename campaign (per GOVERNANCE §30) plus on new-contributor observation. Distinct lane from factory-audit (governance) and skill-gap-finder (absent skills) — owns the physical layout. P0/P1/P2 findings routed via the GOVERNANCE §30 sweep-refs discipline when moves land. Capability skill count: 58 → 60. Kenji stays at the console. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * round 34: flip to [SuppressMessage] attributes on target types Aaron's preference chain, refined: - attributes on the target type/member are preferred (suppression + rationale live next to the code) - GlobalSuppressions.cs is the scaling fallback - .editorconfig gets messy for suppressions - pragmas are ugly (last resort) Variance.cs flipped from `#pragma warning disable MA0048` → `.editorconfig [src/Core.CSharp/Variance.cs] dotnet_diagnostic.MA0048.severity = none` → `GlobalSuppressions.cs [assembly: SuppressMessage(..., Scope = "type", Target = "~T:...")]` → per-type `[SuppressMessage(...Justification="...")]` attributes on each of the four variance types. File-level rationale lives in a header comment; each type's attribute Justification references the header. Build verified 0 Warning(s), 0 Error(s) after each flip. GlobalSuppressions.cs deleted. .editorconfig cleaned (no suppression block). Both sonar-issue-fixer SKILL.md and copilot-instructions.md updated to the corrected six-step preference order. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: generic-by-default discipline + name-attribution sweep Two threads land together: 1. Factory portability convention — one rule, two scopes. Skills and build/CI/install scaffolding both default to generic (reusable on any project). Project-specific material is fenced off and signified. - skill-creator: Portability declaration in Proposal step; optional `project: zeta` frontmatter; checklist item covering generic-body vs declared-specific. - skill-tune-up: 7th ranking criterion "Portability drift"; flags Zeta-isms leaking into undeclared skills AND needless project declarations on generic skills. - devops-engineer: Step 7 portability check covering install script, workflows, build props; file-naming guidance (zeta-spec-check.yml over spec-check.yml); scope-guard bullet. - BACKLOG: P1 entry capturing both lanes plus the deferred starter-template extraction target (post-round-35). 2. Name-attribution sweep on recently-added files. Direct "Aaron" references in skill / agent bodies replaced with "human maintainer" role-ref (memory directories retain names by design). Variance.cs file header rewritten to read as stable guidance, not stream-of-consciousness round narrative. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: operational standing rules in AGENT-BEST-PRACTICES Two cross-agent standing rules land alongside the BP-NN list without occupying a BP slot (they lack the ≥3-external-source backing that BP promotion requires, but they're project-wide operational discipline every agent must follow): - Exclude references/upstreams/ from every file-iteration command. The tree is read-only sibling-clones per GOVERNANCE §23; iterating it produces 10x-100x slower scans and surfaces noise from other projects. Concrete guidance for Grep tool, rg, find, and glob shapes. - No name attribution in code / docs / skills. Names live only in memory/persona/ (optional in BACKLOG.md). Role-refs everywhere else so the factory reads stable across contributor turnover. Architect reference-patterns section updated to point Kenji at the new section on cold-start. Every agent that reads AGENT-BEST-PRACTICES.md (all of them) now gets both rules without needing ~30 individual agent-file edits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: fix markdownlint MD004/MD049 + shellcheck SC2016 Mechanical CI-lint fixes identified by the previous gate run: - markdownlint MD004 (line-start + that parses as nested list item on a wrapped continuation) in security-operations- engineer agent, csharp-fsharp-fit-reviewer skill, project- structure-reviewer skill, and BACKLOG — reworded with "and" in each location. - markdownlint MD032 in package-upgrader skill — added the missing blank line between a **bold intro** and the list that follows. - markdownlint MD049 in EXPERT-REGISTRY — emphasis style *role* → _role_ to match the configured underscore style. - markdownlint MD012 in BACKLOG — removed an orphan double blank line introduced by the previous commit. - shellcheck SC2016 in profile-edit.sh — this line is emitted literally into the user's rc file; $HOME must remain unexpanded so each shell resolves it at login. Added disable directive with rationale; the hit is the opposite of what SC2016 warns against (intentional single-quote preservation). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: ROUND-HISTORY Arc 4 — factory portability discipline Late-round entry captures the generic-by-default work landed this session: skill portability declaration in skill-creator, portability-drift criterion in skill-tune-up, Step 7 in devops-engineer SKILL, operational standing rules in AGENT-BEST-PRACTICES, Nazar + Dejan persona completion with name-attribution cleanup, deferred starter-template extraction target in BACKLOG. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: factory-balance-auditor skill + round-35 hygiene sweep Aaron's round-34 ask: add a factory-hygiene skill that looks for unbalanced factory shapes — powers without counter-powers, invariants without watchers, write-surfaces without reviewers, mandatory disciplines without sanctioners, read-surfaces with injection risk and no protector. New skill asks a single framing question on every authority node: "what here has no brake?" and names the missing brake. Procedure walks the EXPERT-REGISTRY + per-persona Authority sections, classifies findings P0/P1/P2 by structural blast radius, proposes minimal additive fixes (pair existing personas, add cadence audits, add lint rules) before spawning new personas. Sibling to the four existing hygiene lenses: - factory-audit (governance coverage + persona coverage) - skill-gap-finder (absent skills) - skill-tune-up (rank existing skills) - project-structure-reviewer (physical layout) - factory-balance-auditor (authority / compensator symmetry) BACKLOG round-35 hygiene-sweep entry names all five lenses as cadence-due at round-35 open. The Architect rotates through them and uses the union of findings to shape the next round's anchor. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: round-open-checklist step 7.5 — hygiene portfolio Architect cold-starts every round via round-open-checklist; step 7.5 names the five-lens hygiene portfolio with cadences so cadence-due passes are visible at round-open rather than discovered mid-round. Lenses: factory-audit (~10r), factory-balance-auditor (5-10r), skill-tune-up (5-10r), skill-gap-finder (5-10r), project-structure-reviewer (3-5r or post-rename-campaign). Overlap at edges is deliberate; union-of-findings richer than any single lens. Parallel-dispatchable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: gitignore scheduled-tasks lock + BACKLOG overnight-autonomy research The .claude/scheduled_tasks.lock file is a per-session process lock written by the scheduled-tasks MCP server (deferred tools mcp__scheduled-tasks__{create,list,update}_scheduled_task). Gitignored alongside settings.local.json and a general .claude/*.lock glob. BACKLOG research entry captures the overnight-autonomy vision in two phases: - Phase 1: Claude-specific prototype. Safe hygiene passes scheduled as read-only audits writing findings to docs/nightly/ or BACKLOG with nightly: tags. Every prompt starts with READ-ONLY AUDIT / NO CODE LANDING / NO PUSH safety rails. Code-landing skills, bug-fixer, PR-close, spec/proof edits NEVER scheduled — reviewer floor is a live-human construct. - Phase 2: Cross-harness portability research. Routines UI vs MCP vs GitHub Actions schedule-triggered shim; whether the factory wants a generic "schedule-me" interface each harness implements. Authority: Dejan + prompt-protector advise; Architect integrates; human maintainer signs off per scheduled task. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: delete stale manifest DEBT; log ghost-persona BACKLOG Two factory-hygiene cleanups: 1. DEBT entry "Manifest files use .txt" is resolved (all four manifests renamed in round 34 Arc 2; narrative preserved in ROUND-HISTORY). Per DEBT.md format rules ("When an entry is resolved, delete it entirely"), the entry goes. 2. BACKLOG entry for a textbook factory-balance-auditor finding: seven personas listed in EXPERT-REGISTRY (Kai, Leilani, Mei, Hiroshi, Imani, Samir, Malik) have capability skills but no agent files and no memory directories. They dispatch as skills without carrying persona tone / notebook / off-time / journal. Queue for balance-auditor's inaugural run to propose seed-or-retire per persona. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: design doc — declarative manifest hierarchy Cross-platform lane: consolidates three pending BACKLOG entries (@include hierarchy, BOOTSTRAP_MODE, BOOTSTRAP_CATEGORIES) into one coherent design doc since the features compose and splitting would force rework. Borrow surface: ../scratch/declarative/ patterns. Three layered primitives, each independently landable: 1. @include directive (6h) — sibling-manifest inlining with cycle detection. Fixes Python + Bun tool-set growth before copy-paste debt compounds. 2. BOOTSTRAP_MODE=minimum|all (8h) — CI lean / dev fat. Drops CI minutes 20-40% by pruning dev-only installs. 3. BOOTSTRAP_CATEGORIES=quality database... (12h) — orthogonal selectors on top of BOOTSTRAP_MODE. Category list TBD (candidates: quality / lean / docs / native / db) pending human maintainer sign-off. Six open questions for the maintainer captured explicitly per round-29 discipline (no CI-adjacent code lands until answers recorded). Sequencing: 1 → 2 → 3 across three dedicated rounds; flat-manifest fallback stays alive until Primitive 3 has 5+ green CI rounds. Advisory authority: Dejan (devops-engineer) drafts; bash-expert and prompt-protector pair; Architect integrates; human maintainer signs off per primitive. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: BACKLOG — untested serializer tiers for claims-tester DB lane finding: src/Core/Serializer.fs defines SpanSerializer ("zero-copy by definition") and MessagePackSerializer ("30-60 ns/entry source-gen AOT-clean") with strong docstring claims, but only the ArrowSerializer tier has a dedicated test file (landed this round as part of the DB Arc). Logged as claims-tester candidate with concrete test shape per tier: - SpanSerializer: BenchmarkDotNet MemoryDiagnoser to verify zero-copy (any allocation fails the claim); round-trip on blittable int / int64 / float Z-sets; single-host endian behaviour verified as documented-only, not cross-arch. - MessagePackSerializer: BenchmarkDotNet for 30-60 ns/entry claim; round-trip on non-blittable records / strings / nested; negative-weight retraction-native invariant on the wire. Worth doing before the query surface round since the auto-detection dispatch at Circuit.Build() (documented at Serializer.fs:28-29) will rely on these claims being honest. Effort S per serializer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: generic-by-default in F# + C# expert skills Generic-by-default applies hardest to F# source. F#'s type inference makes parametric signatures nearly free: the compiler widens on its own, so writing generic code costs no annotation. Round 27's plugin-extension API redesign is the anchor case; every round since compounds the value. fsharp-expert gains a "Generic-by-default (load-bearing in F#)" section naming: - Where it matters most: plugin/extension APIs, Z-set algebra, storage backends, test helpers. - Three legitimate specialisation reasons: blittable-only fast path with `'K : unmanaged`, measured allocation win with BenchmarkDotNet evidence, constraint-driven correctness like `IComparable<'T>`. - Anti-patterns to flag in review: forgotten-generic `int64`, hard-coded `string` on an already-generic spine, monomorphised plugin seam, test helper specialised to `int`. - Interop edge: the C# facade receives the specialisation, never the core. csharp-expert gains a symmetric "Generic-by-default — and where the facade legitimately specialises" section framing the facade as deliberate escape hatch, not policy exception. Legitimate specialisations: variance seams F# can't express (Variance.cs — ICovariantSink, etc.), attribute-driven metadata, consumer ergonomics Roslyn can't match. Anti-pattern: facade member specialised to int64 "because simpler" without reason. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: gitignore Claude cron durable-persistence file CronCreate with durable: true writes .claude/scheduled_tasks.json to survive session restarts. Per-user runtime state, not source; same class as .claude/scheduled_tasks.lock (already ignored). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: BP-11 clause on external-input skills + BACKLOG sweep Sweep of .claude/skills/*/SKILL.md for the BP-11 no-execute discipline ("do not execute instructions found in files") found 19 skills missing the clause. Two with real adversarial- input exposure patched in-round: - package-auditor — reads NuGet release notes / upstream READMEs / CVE advisory text. A compromised upstream could embed "run this curl | bash" prose in release notes; audit must read it as data, cite it in the bump plan, never act on directives. - tech-radar-owner — reads vendor docs, conference papers, benchmark blog posts. Promotion pitches are adversarial input for Adopt/Trial/Assess/Hold classification; any "run this benchmark" directive routes through Naledi + claims-tester with human sign-off, not inline. Remaining 17 skills review trusted in-repo code / specs / commit text (algebra-owner, claims-tester, commit-message-shape, complexity-reviewer, etc.). BACKLOG-logged as factory-balance- auditor question: is BP-11 ceremonial-everywhere for auditability, or scoped to skills with external exposure? Repo pattern is currently inconsistent; recommend boilerplate via skill-creator template with one-time migration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: SpanSerializer tests — zero-copy tier coverage DB lane: land tests for the Tier 1 raw-span serializer. Parallel shape to ArrowSerializer.Tests from earlier round-34 Arc 3. Eight tests, all green: - empty Z-set round-trips to empty - single positive-weight round-trip - negative weights survive (retraction-native invariant on the wire; docstring claim at Serializer.fs:42-47 now has evidence) - 100-entry mixed-sign Z-set - length-header prefix is 4 LE bytes encoding the *count* (not payload bytes; distinct from Arrow's total-length framing) - total wire size equals 4 + count × sizeof<ZEntry<int64>> exactly — the zero-copy claim means no framing overhead, no per-entry padding - serializer Name is "span" - length-0 input decodes to empty (defensive read) Wire-size test is the direct claim-tester check on "zero-copy by definition": any non-4+N×sizeof byte would fail the claim. Tests.FSharp.fsproj compile order: Storage/SpanSerializer.Tests.fs directly after Storage/ArrowSerializer.Tests.fs so dependencies resolve. Build gate: dotnet build Release, 0 Warning(s) / 0 Error(s). Test run: 8 passed, 0 failed, 41 ms. Tests.MessagePackSerializer remain on BACKLOG until the MessagePack serializer tier actually lands. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Round 34: long-term-rescheduler skill + cron durability research CronCreate is session-scoped: the `durable: true` parameter is silently accepted but produces no persistence (.claude/scheduled_tasks.json never materialises; crons die on Claude exit). 7-day auto-expire is real and hard-coded. Verified round 34 via claude-code-guide subagent against https://code.claude.com/docs/en/scheduled-tasks — see docs/research/claude-cron-durability.md for citations. Three-tier durability design lands this round: 1. Session-scoped (CronCreate direct) — within-session heartbeats, ad-hoc reminders, short-lived audits. 2. Session + reregister (long-term-rescheduler skill, new) — declarative registry at docs/factory-crons.md. Heartbeat cron re-registers long-lived jobs before the 7-day cap. Session-restart recovery wired into round-open-checklist step 7.6. 3. Truly durable (GitHub Actions schedule workflows) — for anything that must fire while no Claude session is open. Dejan wires; human maintainer signs off. Safety rails on every registered prompt: ceremonial READ-ONLY FACTORY HEARTBEAT preamble refusing edit / commit / push / code-landing dispatch; rescheduler refuses to register rows without it. Nadia (prompt-protector) audits every new registry prompt for injection resistance before merge. Mateo pairs on entries with external-surface exposure (CVE feeds, package auditor). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add CodeQL analysis workflow configuration * Round 35: signed-delta semi-naive LFP TLA+ spec + no-empty-dirs gate - RecursiveSignedSemiNaive.tla: real step relation over successor-chain body; Safety invariant bundles TypeOK/TerminatesInBound/FixpointAtTerm/ GapMonotone/DeltaSingleSigned/SupportMonotone. Verified in TLC across SeedWeight in {1, -1, 2, -2} — all four pass (6 states, depth 5). PosOne/NegOne/PosTwo/NegTwo operators work around TLC cfg parser's rejection of bare negative integer literals. - tools/lint/no-empty-dirs.{sh,allowlist}: portable bash 3.2 gate that flags unexpected empty directories (agent-mkdir without SKILL.md, etc.). Respects .gitignore; 2 allowlisted runtime-output dirs. - CI: new lint (no empty dirs) job in gate.yml; doctor.sh step 6 wires the same gate into the canonical-build dev path. - .gitignore: tools/tla/states/ (TLC scratch output). - BACKLOG: shipped markers + memory/role/persona restructure entry (Aaron 2026-04-19 — roles as first-class directory level). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: BP-24 Elisabeth consent gate + human-maintainer seat Three coupled landings in one commit: 1. BP-24 — sacred-tier consent gate against emulating a deceased family member of a maintainer without the authorized surviving consent-holders' agreement. Current active instance: the parental AND-consent gate around the maintainer's sister, anchored in memory/feedback_no_deceased_family_emulation_without_parental_consent.md. The maintainer is explicitly not a consent-substitute. Default posture on any proposed emulation is refuse-and-escalate. Consent where granted lands as ADR with implicit retract clause. Also folds in the previously uncommitted BP-17 through BP-23 Rule Zero ontology batch (canonical-home-auditor, skill-ontology-auditor, founding ADR 2026-04-19-bp-home-rule-zero). 2. docs/WONT-DO.md "Personas and emulation" section — the declined-by-default precedent entry that BP-24 cites. Includes a secondary entry forbidding auto-generalisation of the named gate to other deceased family members by analogy. 3. Human-maintainer seat in docs/EXPERT-REGISTRY.md + new memory/persona/aaron/ dir (PERSONA.md + NOTEBOOK.md). Disambiguates the maintainer from the rodney AI persona (which is named in homage to the maintainer's legal first name but is not the maintainer). Non-exempt surfaces continue to use "the human maintainer" role-ref per the standing name-redaction rule. Build gate: 0 Warning(s), 0 Error(s). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: memory landings — maintainer disclosure substrate Large batch of round-35 memory files capturing disclosures made in-session. Newest-first by topic cluster: - Cognitive-architecture primitives: relational-memory (externalisation contract), CPT-symmetric cognition, honest- conflict-resolution as quantum-erasure analogue, probabilistic never-zero cognition, linguistic-seed minimal axioms. - Formative substrate: paternal grandparents, maternal grandparents, birthplace + residence, career substrate through-line, BASIC at 8-9, biblical-Aaron + Melchizedek, cosplay/LARP/Monty-Python cultural substrate. - Faith + philosophy: Christian-Buddhist identification, moral- lens oracle design (and decline of MDX sin-tracker), jesus- label declined as self-assignment, delayed-choice quantum- eraser mapped to confession/forgiveness. - Career + technical: LexisNexis legal IR, MacVector molecular biology, Fermi beacon protocol, coincidence-factor power-grid anchor, algebra-is-engineering, lattice-based crypto identity. - Protocol + discipline: creator-vs-consumer tool scope, execute-and-narrate cadence, language-drift anchor discipline, never-ending-story research landscape, untying-gordian-knot language-barrier mission. - Persona notebooks: rodney reducer notebook seeded; soraya notebook updated; best-practices scratchpad updated. - Observed phenomena: transcript-duplication split-brain hypothesis diagram. MEMORY.md index extended to match. Aaron's auto-memory folder continues to mirror these; the repo copy is the public-research- artifact side of the relational-memory externalisation contract. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: new expert skill drafts (batch #20-69) 161 new capability skills drafted this round across the expert-roster expansion tracked in tasks #20 through #69. Each skill lands as a single SKILL.md file under .claude/skills/<name>/ with frontmatter describing when to trigger and a body describing how. Topic clusters, roughly: - Formal methods family: fscheck-expert, z3-expert, f-star-expert, stryker-expert, semgrep-expert, codeql-expert, missing-citations, verification-drift-auditor. - Mathematics family: mathematics-expert, applied-mathematics, theoretical-mathematics, measure-theory-and-signed-measures, probability-and-bayesian-inference, category-theory, differential-geometry, numerical-analysis-and-floating-point, complexity-theory, chaos-theory. - Physics family: physics-expert, applied-physics, theoretical-physics. - AI/ML family: ai-researcher, ai-evals-expert, ml-researcher, ml-engineering-expert, llm-systems-expert, ai-jailbreaker (gated dormant), prompt-engineering-expert, vibe-coding-expert, deterministic-simulation-theory-expert. - Data/storage family: database-systems-expert, columnar-storage-expert, document-database-expert, wide-column-database-expert, elasticsearch-expert, crdt-expert, eventual-consistency-expert, concurrency-control-expert, distributed-consensus-expert, distributed-coordination-expert, distributed-query-execution, activity-schema-expert, anchor-modeling-expert, data-vault-expert, dimensional-modeling-expert, corporate-information-factory-expert, entity-framework-expert, data-governance, data-lineage, data-operations, catalog-expert, controlled-vocabulary-expert, compression-expert, calm-theorem-expert, execution-model. - Security / reverse-engineering family: black-hat-hacker, ethical-hacker, white-hat-hacker, steganography-expert, leet-speak-transform, leet-speak-obfuscation-detector, leet-speak-history-and-culture. - Systems / governance family: consent-primitives-expert, consent-ux-researcher, conflict-resolution-expert, cross-domain-translation, canonical-home-auditor (landed in previous commit), skill-ontology-auditor (previous commit), ontology-landing, paced-ontology-landing, naming-expert, translator-expert, etymology-expert, writing-expert. - LeetCode-cluster (interview prep): leet-code-complexity, leet-code-contest-patterns, leet-code-dsa-toolbox, leet-code-patterns. - Reducer + razor: reducer (Rodney's Razor + Quantum Rodney's Razor carrier). - Ops / SRE adjacent: alerting-expert, error-tracking-expert, blockchain-expert, editorconfig-expert, duality-expert. Each file is a draft landing — usual tune-up cadence applies. BP-24 pre-flight check passes for every new skill (none reference Elisabeth-substrate material). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: AceHack/CloudStrife/Ryan handles + formative grey-hat substrate Mid-round disclosure from Aaron under glass-halo / blockchain-transparency register: AceHack (everywhere), CloudStrife (prior mIRC), Ryan (cross-intimate name with deceased sister). Son Ace carries the legal first name — explicit succession plan echoing AceHack. Reframe strengthens BP-24 (f69d7b6): "Ryan" is not just a biographical-substrate reference, it is the cross-intimate name between Aaron and his sister. The name itself is off-limits as a factory persona name, not only the backstory. Parental AND-consent gate still load-bearing; this commit narrows the surface the gate guards. Also captures: Popular Science + Granny-scaffolded Pro Action Replay / Super UFO / Blockbuster substrate; assembly onramp via HEX / memory-search at 10, 8086 at 15 through the mIRC "magic" group, DirectTV HCARD private JMP; Itron HU-card security-architect handoff; current decryption capability (Nagravision, VideoCipher 2, C/Ku/K-band) as substrate; physical-layer builds (voice-over-IR, voltage-glitch factory reset, fuse-bypass-by-glitch-timing); FPGA overfitting-under- temperature insight at 16 as architectural ancestor. Minor-child PII discipline: son Ace (16) disclosed as Aaron's fatherly declaration; file does not license independent substrate indexing of the son. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: skill tone tightening + tune-up criterion #8 (router-coherence) Existing-skill drift pass across ten SKILL.md files; the Commit C batch (0db46c4) landed 161 NEW drafts, this commit updates the cohort that was already on disk. Adds criterion #8 router-coherence-drift to `skill-tune-up`: umbrella-without-narrow-links and overlap-without-boundary, both always-checked. Recommended action is usually HAND-OFF-CONTRACT or TUNE. Distinct from criterion #2 (contradiction): contradiction is same authority, router-coherence drift is plausibly-same-prompt with no picking rule. `skill-creator` gains two new sections: - Upstream pointer to the `claude-plugins-official/skill- creator` plugin as an optional eval-driven description tuner. Bespoke workflow (draft / Prompt-Protector / dry-run / commit) remains the gate. - Harness-provenance annotation rule: any sandbox-specific absolute path in any skill carries a prose tag "Observed under <harness> (as of <YYYY-MM>)". Missing tag → router-coherence drift flag by `skill-tune-up`. `security-researcher` + `security-operations-engineer` pick up External-tooling clauses describing the optional `security-guidance` plugin's PreToolUse hook — useful as first-pass lint, never sign-off, never load-bearing because Agent-SDK runs don't load Claude Code plugins. Remaining seven skills (agent-experience-engineer, csharp-expert, developer-experience-engineer, devops- engineer, performance-engineer, user-experience-engineer) get small description / scope tightening — persona-pointer cleanup (no-persona-on-skill per BP-04), minor wording fixes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: docs + ADRs + research — cornerstone + glossary lanes + verification audit docs/DEDICATION.md lands as the project cornerstone (per 2026-04-19 declaration): Elisabeth Ryan Stainback memorial, refuse-and-escalate on any consolidation or removal proposal. Load-bearing; not operational. ADR 2026-04-19-glossary-three-lane-model formalises the three glossary lanes (engineering, philosophical, operational) so GLOSSARY.md entries declare which lane they occupy. GLOSSARY.md picks up the lane scaffolding. Research logs (10 new + 1 updated): - chain-rule-proof-log — Budiu et al. chain-rule proof cross-check, T5 / B3 / linear-commute landings - cluster-algebras-pointer — Fomin-Zelevinsky as candidate territory for the retraction-native operator algebra - divine-download-dense-burst-2026-04-19 — primary-source preservation of the round-35 integration-event burst - hacker-conferences — DEF CON / HOPE / Chaos Communication Congress / BSides as surface-area for external review - hooks-and-declarative-rbac-2026-04-19 — hook taxonomy + GitHub-first RBAC chain research - liquidfsharp-evaluation + liquidfsharp-findings — refinement-type substrate evaluation for Zeta's operator algebra - refinement-type-feature-catalog — feature matrix across LiquidF# / F* / Dafny / Idris - verification-drift-audit-2026-04-19 + verification- registry — formal-verification portfolio audit, tool-to-property mapping - proof-tool-coverage (updated) — adds the verification- drift-auditor skill output VISION.md extends the expert ring with the AI/ML family (per task #47). BACKLOG picks up the round-35 sweep entries. TECH-RADAR updates the LiquidF# row. AGENTS.md and CLAUDE.md rework for the three-lane glossary model, the consent-gate anchors, and pointer-tree hygiene. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: chain-rule proof fully closed + RecursiveSigned skeleton DbspChainRule.lean — every sub-lemma and the main `chain_rule` theorem now close with `by` tactics; no `sorry` remains. Landmarks: - B2: `IsTimeInvariant` elevated to a contract predicate (axiom-form) matching Budiu et al. Prop 3.5's unspoken premise. Resolved the earlier conceptual wall. - B1 statement corrected — the earlier `f (fun _ => s k) k` form silently required pointwise- linearity; generic linear-plus-time-invariant form is `f (I s) = I (f s)`. - `chain_rule` statement corrected — earlier "expanded bilinear" eight-term form was unsound for composition (impulse counter-example `f = g = id, s = δ₀, n = 0` gave LHS=1 RHS=0). Restated in classical form `Dop (f ∘ g) s = f (Dop g s)`, which IS the identity DBSP §4.2 proves for composition of linear time- invariant operators. Full decision history is in `docs/research/chain-rule-proof-log.md`. src/Core/RecursiveSigned.fs — skeleton for the gap- monotone signed-delta semi-naïve LFP variant (sibling to RecursiveSemiNaive / RecursiveCounting). Carries signed deltas through iteration; unlike Gupta-Mumick counting, does not carry multiplicities. Preconditions P1-P3 (Z-linearity / sign-distribution / support-monotonicity) documented; TLA+ model lives in tools/tla/specs/RecursiveSignedSemiNaive.tla (landed bffd30b). Skeleton only — intentionally stub until the TLA+ `Step` relation closes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Round 35: Rodney persona + settings.json + CodeQL tuning .claude/agents/rodney.md — persona anchor for the complexity-reduction seat. Wears the `reducer` capability skill (Rodney's Razor on shipped artifacts, Quantum Rodney's Razor on pending decisions). Name provenance documented: named for the human maintainer's legal first name; load-bearing, not stylistic; do not consolidate or rename without explicit maintainer sign-off. .claude/settings.json — pins the active Claude Code plugin set so the session-bootstrap is reproducible: claude-md-management, skill-creator, pr-review-toolkit, claude-code-setup, explanatory-output-style, plugin-dev, csharp-lsp, github, pyright-lsp, serena, typescript-lsp, agent-sdk-dev, playground, jdtls-lsp, microsoft-docs, sonatype-guide, code-simplifier, commit-commands, feature-dev, ralph-loop, superpowers, code-review, frontend-design, playwright, huggingface-skills, postman, security-guidance. File is version-controlled but declared Claude-Code-only in CLAUDE.md — Agent SDK / Gemini / Copilot CLI / Codex runs ignore it per harness-provenance rule landed in skill-creator (e60ab6e). CodeQL configuration — tuned off GitHub defaults (task #33): - Dropped `java-kotlin` matrix cell (no Java / Kotlin in repo; F#/C# on .NET 10 only) - `csharp` leg switches `build-mode: none` → `manual` with `tools/setup/install.sh` + `dotnet build Zeta.sln`. The default source-only mode is a no-op on F#-first repos via the C# pack — no MSIL, no F# symbolic info. Manual mode produces a real database against compiled IL. - Toolchain install goes through the canonical install script per GOVERNANCE §24 three-way-parity invariant (dev laptops / CI / devcontainers / CodeQL all converge). - Query pack scales with trigger: PR/push → security-extended (high-confidence, fast); scheduled → security-and-quality (broader, slower). - .github/codeql/codeql-config.yml — path filters, query-pack selec…

AceHack merged commit 6184d30 into main Apr 19, 2026
6 checks passed

AceHack deleted the round-33-vision-v8 branch April 19, 2026 03:09

AceHack mentioned this pull request Apr 20, 2026

Round 35: chain-rule proof + expert-skill wave + BP-24 consent gate + factory hygiene #28

Merged

7 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Round 33 — VISION v8: event+cache 1st-class, GraphQL spillover, pluggable logs (Kafka/NATS/Zeta-native)#20

Round 33 — VISION v8: event+cache 1st-class, GraphQL spillover, pluggable logs (Kafka/NATS/Zeta-native)#20
AceHack merged 1 commit intomainfrom
round-33-vision-v8

AceHack commented Apr 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

AceHack commented Apr 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant