…(Amara action #2) (#223)

Amara's 4th ferry (PR #221) action item #2: pin Claude model
snapshot + loaded memory state + prompt bundle hash so "Claude"
is not a moving target across model version shifts (3.5 → 3.7 →
4 → 4.x all have materially different system-prompt bundles +
knowledge cutoffs + memory-retention language per archived Drive
artifacts).

Three-part scaffolding (v0):

1. tools/hygiene/capture-tick-snapshot.sh
   - Captures mechanically-accessible state:
     * Claude Code CLI version (`claude --version`)
     * CLAUDE.md + AGENTS.md + memory/MEMORY.md SHAs
     * Memory index byte count
     * Git HEAD + branch + repo
     * Date UTC
     * Per-user ~/.claude/CLAUDE.md SHA if present
   - Outputs YAML (default) or JSON (`--json`)
   - Agent fills model_snapshot + prompt_bundle_hash from
     session context (not CLI-accessible today)

2. docs/hygiene-history/session-snapshots.md
   - Session-level + significant-event pins (not per-tick)
   - Append-only row format: session_id / captured_utc /
     event (session-open | mid-session-pin | session-close |
     compaction) / agent / model / CLI version / git state /
     files SHAs / notes / prompt_bundle_hash
   - Seeded with one mid-session-pin for this tick's Otto-70
     capture (the session has been running ~70 ticks; actual
     session-open is earlier and unreachable for pins)

3. docs/hygiene-history/loop-tick-history.md schema extension
   - New "On snapshot pinning" subsection documenting the
     relationship: per-tick pins optional + inline in `notes`;
     session-level pins go in the sidecar file.
   - Snapshot capture is discipline, not gate — don't slow
     the autonomous-loop tick-close for every fire.

What the snapshot does NOT capture yet:

- model_snapshot — known to the agent from session context,
  not exposed by `claude --version` (which gives CLI version
  only). Agent fills.
- prompt_bundle_hash — no current tool reconstructs the
  system prompt bundle. Placeholder null until such a tool
  lands. Amara's Determinize-stage work potentially.
- Active permissions / skill set — session-specific; not
  captured in v0.

First run of the tool on this branch surfaced a separate
drift: memory/MEMORY.md is at 58842 bytes (~58KB, over the
FACTORY-HYGIENE row #11 24976-byte cap). Not fixed in this
PR — known-separately tracked drift.

Amara Stabilize-stage: 3/3 landed (with this PR).
  ✓ Action #3 — decision-proxy-evidence schema (PR #222)
  ✓ Action #4 — branch-chat non-canonical framing (PR #222)
  ✓ Action #2 — snapshot pinning scaffolding (this PR)

"Deterministic reconciliation" framing (Otto-67 endorsement):
snapshot pinning is the mechanism that reconciles "what Claude
knew" with "what Claude did" across time — essential for any
future audit, tuning, or Amara-style drift analysis.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

…BP-25 promotion candidate (#224)

Amara's 4th ferry (PR #221 absorb) Determinize-stage item:
document "live-state-before-policy" as an explicit rule. The
decision-proxy-evidence schema (PR #222) already has the
`live_state_checks:` field that enforces it per-record; this PR
adds the explicit principle section + candidates the rule for
BP-25 promotion.

What landed:

1. docs/decision-proxy-evidence/README.md — new section
   "Live-state-before-policy" covering:
   - Why the rule exists (Amara's HB-004 commit-sample showing
     same-day propose-from-symptoms → policy-stance → empirical-
     correction)
   - How the schema enforces it (live_state_checks: required for
     settings-change and branch-shaping task classes; examples
     from DP-001 worked record)
   - Scope (settings / branch-shaping / authority claims /
     roadmap assumptions)
   - What's excluded (pure reads, mechanical fixes)
   - BP-NN promotion candidacy note

2. docs/BACKLOG.md — new P2 row candidating BP-25 promotion via
   ADR. Aarav's call per BP-NN-promotion-cadence FACTORY-HYGIENE
   row. Rule text candidate provided; owner mapped to Aarav +
   Kenji + Rune; effort S.

Not a unilateral promotion — just the candidate row. Promotion
requires Aarav ADR drafting.

Amara's Determinize-stage progress: 1/5 (this PR).
  ✓ Live-state-before-policy schema-enforcement + BP candidate
  Remaining:
  - Memory reference-existence lint (S)
  - Memory duplicate-title lint enforcement (partial via #220/AceHack#12)
  - Generated CURRENT-*.md views (L)
  - Memory reconciliation algorithm (L)

Per Aaron Otto-72: "don't wait on me approved, mark down your
decisions". This PR acts under standing authority (Otto-67 full
GitHub grant); BP-25 consideration is logged as BACKLOG candidate
for Aarav's promotion call. Frontier UI (future, Otto-63) will
be Aaron's batch-review surface.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

…phase sequence, Aminata blocking gate) (#233)

Aaron Otto-76 named-agent-email-ownership directive crystallises
three memory layers + task #240 into an executable path:

- 2026-04-20 four hard rules (never Aaron address; disclose
  agent-not-human; name project + why-contacted; recipient-UX-
  first).
- 2026-04-22 two-lanes + standing Playwright signup
  authorisation + free-tier constraint + provider-choice
  autonomy.
- 2026-04-23 autonomy-envelope with email carve-out (agents
  own their email; parallel ownership allowed;
  aaron_bond@yahoo.com test target; "don't be a dick" soft
  constraint).
- Task #240 signup-terrain mapping (complete).

Five explicit phase gates:

- Phase 0: complete (signup terrain mapped).
- Phase 1: persona-email-identity design doc (8 questions —
  persona choice, handle, provider, recovery cascade, 2FA,
  lanes, signature, reputation posture).
- Phase 2: Aminata threat-model pass (BLOCKING gate — new
  attack surface, recovery abuse, phishing attribution,
  employer-policy interaction).
- Phase 3: Playwright signup execution (bounded; single
  persona, single provider, DP-NNN.yaml evidence record).
- Phase 4: Test send to aaron_bond@yahoo.com.
- Phase 5: Memory capture + BP-NN promotion review.

Scope limits explicit:
- Does NOT authorise execution this tick.
- Does NOT authorise email use bypassing maintainer visibility.
- Does NOT allow parallel acquisition without explicit Phase 1
  design choice.
- Does NOT bypass Aminata blocking gate.

Composes with: PR #230 (multi-account Phase-2 gating is
sibling pattern); PR #231 (Codex is harness-neutral);
decision-proxy-evidence (PR #222) for Phase 3 records;
persona roster for persona-choice question.

Filed under `## P2 — research-grade`. Effort M total;
spread across 3-5 ticks.

Otto-77 tick deliverable.

…rows (Amara Govern-stage 1/2)

Amara's 4th ferry (PR #221 absorb) named populating
docs/CONTRIBUTOR-CONFLICTS.md as the Govern-stage action: the
schema has existed since PR #166 but the Resolved table was
empty despite multiple session-observed contributor-level
disagreements that closed with evidence.

Backfills three genuine contributor-level conflicts observed
this session (narrow scope — not maintainer-directives,
which are out-of-scope per the schema's contributor-level
disagreement definition):

- CC-001: Copilot (PR reviewer) vs Aaron on no-name-attribution
  rule scope (history-file exemption). Resolved in Aaron's
  favor via Otto-52 clarification; policy BACKLOG row filed
  in PR #210.
- CC-002: Amara (4th ferry) vs Otto (pre-Otto-67 pattern) on
  Stabilize-vs-keep-opening-new-frames. Resolved in Amara's
  favor; Otto pivoted at Otto-68 to execute her roadmap;
  3/3 Stabilize + 3/5 Determinize landed via PRs
  #222/#223/#224/#225/#226.
- CC-003: Codex (PR reviewer) vs Otto (initial framing) on
  citing-absent-artifacts. Resolved in Codex's favor via fix
  commits 29872af/1c7f97d on PRs #207/#208; pattern now
  discipline (distinguish merged-on-main from
  proposed-in-PR-open).

All three rows follow the schema's 8-column layout and include
the full Resolution-so-far / Scope / Source cells the schema
requires. No retroactive Aaron→human-maintainer sweep of prior
rows; schema's rule 1 (resolutions are additive) honored.

This is 1/2 of Amara's Govern-stage work. 2/2 is the
authority-envelope + escalation-path ADR (deferred, M-effort).

Part of Amara's 4-stage remediation roadmap
(Stabilize → Determinize → Govern → Assure).

Otto-75 tick.

…rows (Amara Govern 1/2) (#227)

* govern: CONTRIBUTOR-CONFLICTS backfill — 3 resolved session-observed rows (Amara Govern-stage 1/2)

Amara's 4th ferry (PR #221 absorb) named populating
docs/CONTRIBUTOR-CONFLICTS.md as the Govern-stage action: the
schema has existed since PR #166 but the Resolved table was
empty despite multiple session-observed contributor-level
disagreements that closed with evidence.

Backfills three genuine contributor-level conflicts observed
this session (narrow scope — not maintainer-directives,
which are out-of-scope per the schema's contributor-level
disagreement definition):

- CC-001: Copilot (PR reviewer) vs Aaron on no-name-attribution
  rule scope (history-file exemption). Resolved in Aaron's
  favor via Otto-52 clarification; policy BACKLOG row filed
  in PR #210.
- CC-002: Amara (4th ferry) vs Otto (pre-Otto-67 pattern) on
  Stabilize-vs-keep-opening-new-frames. Resolved in Amara's
  favor; Otto pivoted at Otto-68 to execute her roadmap;
  3/3 Stabilize + 3/5 Determinize landed via PRs
  #222/#223/#224/#225/#226.
- CC-003: Codex (PR reviewer) vs Otto (initial framing) on
  citing-absent-artifacts. Resolved in Codex's favor via fix
  commits 29872af/1c7f97d on PRs #207/#208; pattern now
  discipline (distinguish merged-on-main from
  proposed-in-PR-open).

All three rows follow the schema's 8-column layout and include
the full Resolution-so-far / Scope / Source cells the schema
requires. No retroactive Aaron→human-maintainer sweep of prior
rows; schema's rule 1 (resolutions are additive) honored.

This is 1/2 of Amara's Govern-stage work. 2/2 is the
authority-envelope + escalation-path ADR (deferred, M-effort).

Part of Amara's 4-stage remediation roadmap
(Stabilize → Determinize → Govern → Assure).

Otto-75 tick.

* govern: annotate CC-002/CC-003 Source cells — PR #221/#219 open, not yet on main

Applies CC-003's own discipline (cite-as-open-not-landed) to CC-002 and CC-003
themselves. Both rows cited `docs/aurora/2026-04-23-amara-memory-drift-*` and
`docs/aurora/2026-04-23-amara-decision-proxy-*` without the "not yet on main"
marker — the files are added by PRs #221 / #219 which are still open.

Drain for PR #227 review threads PRRT_kwDOSF9kNM59RFIx and
PRRT_kwDOSF9kNM59RFJE (dangling file refs at lines 132, 133).

* fix: markdownlint auto-fixes on governance doc

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>