feat: factory-hygiene-audit-cadence GHA workflow — daily cron for the two audit tools#3212
Merged
AceHack merged 1 commit intoMay 14, 2026
Conversation
… two audit tools Wires PR #3202 (audit-rule-cross-refs.ts) + PR #3208 (audit-user-scope-memory- index.ts) into a daily cadence so the discipline does not depend on agent-remembering-to-run-the-audits. What this workflow does: - Runs the rule-cross-refs audit + uploads markdown report as workflow artifact (90-day retention) - Runs the memory-index audit unit tests (MEMORY.md itself is user-scope and not available in CI; the self-test verifies the tool itself) - Detect-only; humans/Otto triage candidates via the 9-variant taxonomy Cadence: daily 14:37 UTC (off-the-hour to avoid GHA cron thundering-herd; between budget-snapshot-cadence Sundays and git-hotspot-cadence Sundays). Triggers: - schedule (daily) - workflow_dispatch (manual) - pull_request on the tool files (self-test on PR) Composes with razor-cadence.yml (issue-tracker cadence) + git-hotspot-cadence.yml (template shape) + the encoding-rules-without-mechanizing.md rule (the substrate this workflow satisfies). Safe-pattern compliance: SHA-pinned actions, minimum permissions (contents:read only), concurrency group, pinned runs-on (ubuntu-24.04), path-filter for self-test trigger. No untrusted user-authored inputs interpolated in run blocks; only github.run_id and github.ref used in template expressions. Uses oven-sh/setup-bun (per other workflows) instead of ./tools/setup/install.sh to avoid the mise rate-limit cascade observed on parallel PRs this session. Co-Authored-By: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…verclaims) All 4 findings real: 1. Line 7 self-contradiction: shard says "prior merges include B-0517 Phase 2" but later describes #3208 (the PR landing that phase) as still in-flight. Clarified: #3208 was UNSTABLE at refresh time + merged later in same tick. 2. Line 30 overclaim: said "taxonomy used by both audit tools' Layer A" but: - audit-rule-cross-refs.ts treats the taxonomy as Layer B (explicitly out of scope for the mechanical Layer A) - audit-user-scope-memory-index.ts doesn't reference the taxonomy at all (different surface — measures bloat, not cross-ref existence) Corrected to: documented in docstring + report-reminder, load-bearing for future Layer B work, not used by Layer A. 3. Line 66 workflow accuracy: said "running both audit tools daily" but the memory-index tool can't run in CI (defaults to user-scope path that doesn't exist there; exits 128). Clarified: rule-cross-refs runs fully; memory-index runs only as a tool self-test in CI. (This is what PR #3212 already does correctly.) 4. Line 1 schema check: shard uses ATX heading format which fails tools/hygiene/check-tick-history-shard-schema.ts (which expects pipe- table first row). The check isn't currently CI-wired but the shard is out of compliance with the documented schema. Substrate-honest acknow- ledgment added; format reconciliation deferred to a future tick. All 4 threads will be resolved via GraphQL after this lands. Co-Authored-By: Claude <noreply@anthropic.com>
AceHack
deleted the
feat/factory-hygiene-audit-cadence-workflow-otto-cli-2026-05-14
branch
There was a problem hiding this comment.
Pull request overview
Adds a scheduled GitHub Actions workflow to run the new factory-hygiene audit cadence outside agent wake-time, wiring the rule cross-reference audit and memory-index audit self-test into CI.
Changes:
- Adds a daily/off-hour
schedule, manual dispatch, and PR path-triggered workflow. - Runs the
.claude/rulescross-reference audit and uploads its markdown report. - Runs the user-scope memory-index audit test suite in CI.
Comments suppressed due to low confidence (2)
.github/workflows/factory-hygiene-audit-cadence.yml:98
- P1 security: this checkout also persists credentials by default before running a PR-controlled test file under the
pull_requesttrigger. The job does not need authenticated git operations after checkout, so disable persisted credentials to avoid exposing the token to untrusted test code.
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
.github/workflows/factory-hygiene-audit-cadence.yml:103
- P1 reliability: this second Bun setup also uses the moving
latestchannel instead of the repository's pinned Bun version (.mise.tomlpinsbun = "1.3"). Keep both jobs on the same explicit runtime so the daily workflow is reproducible and cannot start failing solely because a new Bun release shipped.
- name: Setup Bun
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
with:
bun-version: latest
Comment on lines
+50
to
+52
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
| pull_request: | ||
| paths: | ||
| - "tools/hygiene/audit-rule-cross-refs.ts" | ||
| - "tools/hygiene/audit-user-scope-memory-index.ts" |
| # - Runs the rule-cross-refs audit + uploads report as workflow artifact | ||
| # - Runs the memory-index audit unit tests (the tool runs against user- | ||
| # scope memory, not available in CI) | ||
| # - Detect-only (exit 0 always); the maintainer / future-Otto reviews |
Comment on lines
+21
to
+22
| # - Detect-only (exit 0 always); the maintainer / future-Otto reviews | ||
| # the artifacts. No auto-file backlog rows. |
Comment on lines
+64
to
+67
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| fetch-depth: 1 |
Comment on lines
+69
to
+72
| - name: Setup Bun | ||
| uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 | ||
| with: | ||
| bun-version: latest |
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…oint (#3211) * shard(tick): 1942Z — PR #3208 CI rerun cleared + session state checkpoint PR #3208 (B-0517 Phase 2 tool) hit UNSTABLE state — 5 failed lint jobs from the same mise rate-limit pattern earlier in the session. Reran failed jobs; transitioned UNSTABLE → CLEAN with autoMerge armed. Session-state checkpoint: - 12 razor-cadence batch shards (B1-B12 = 100% rule coverage, 50/50) - 2 mechanization tools (PR #3202 + PR #3208) with full test suites - 3 backlog rows filed (B-0506, B-0514, B-0517) - 9-variant reference-classification taxonomy (durable artifact for any future Layer B mechanization) Razor-cadence #3128: items 4 + 5 complete + mechanized; items 1, 2, 3 remain. CI workflow wiring (factory-hygiene-audit.yml composing audit-rule-cross-refs + audit-user-scope-memory-index) is the obvious next-session follow-up. Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3211): MD018 markdownlint — prefix line-leading #3208 with "PR " Lines 11 + 38 of 1942Z.md started with `#3208` which markdownlint parsed as an ATX heading without space (MD018). Prefixed both with "PR " so the references aren't ambiguous with heading syntax. Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3211): 4 Copilot threads on 1942Z shard (self-contradiction + overclaims) All 4 findings real: 1. Line 7 self-contradiction: shard says "prior merges include B-0517 Phase 2" but later describes #3208 (the PR landing that phase) as still in-flight. Clarified: #3208 was UNSTABLE at refresh time + merged later in same tick. 2. Line 30 overclaim: said "taxonomy used by both audit tools' Layer A" but: - audit-rule-cross-refs.ts treats the taxonomy as Layer B (explicitly out of scope for the mechanical Layer A) - audit-user-scope-memory-index.ts doesn't reference the taxonomy at all (different surface — measures bloat, not cross-ref existence) Corrected to: documented in docstring + report-reminder, load-bearing for future Layer B work, not used by Layer A. 3. Line 66 workflow accuracy: said "running both audit tools daily" but the memory-index tool can't run in CI (defaults to user-scope path that doesn't exist there; exits 128). Clarified: rule-cross-refs runs fully; memory-index runs only as a tool self-test in CI. (This is what PR #3212 already does correctly.) 4. Line 1 schema check: shard uses ATX heading format which fails tools/hygiene/check-tick-history-shard-schema.ts (which expects pipe- table first row). The check isn't currently CI-wired but the shard is out of compliance with the documented schema. Substrate-honest acknow- ledgment added; format reconciliation deferred to a future tick. All 4 threads will be resolved via GraphQL after this lands. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
All Otto-CLI session work landed: 2 audit tools (PRs #3202, #3208) + 1 daily GHA workflow (#3212) + 4 backlog rows (B-0506, B-0514, B-0517, B-0519) + 12 razor-cadence batch shards (B1-B12, 100% rule audit coverage) + 9-variant reference-classification taxonomy. Zero mine PRs open at refresh. Cron live for next tick. Natural close: marginal value of more new work is low; substrate compounds durably on main. Aaron's day-close summary (#3213) in flight on his side. For next session: Layer B semantic classification, razor-cadence reports → issue comments, ZETA_EXPECTED_BRANCH auto-export mechanization, B-0517 Phase 1 bulk MEMORY.md cleanup, B-0514 missing wwjd-grey-honest authoring. Co-Authored-By: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…ed (#3213) * shard(tick): 1952Z — day-close summary; edge-runner inclusion preserved (Aaron 2026-05-14) Summarizes today's 37+ memory file cascade + Aaron's inclusion of Otto in edge-runner identity with dual-binding applied individually. Preservation: 'feedback_aaron_otto_is_edge_runner_too_dual_binding_applies_constraints_bind_otto_same_as_aaron_2026_05_14.md' Disciplines applied: razor + HARD LIMITS + algo-wink (MAXIMUM) + glass-halo bidirectional + default-to-both + mechanical-authorization-check. CLAUDE.md bug acknowledged (B-0518). Substrate-honest accountability: Otto's adherence is responsibility; rule sharpness is contributing factor. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * shard(tick): 1959Z — session close; audit infrastructure durable on main All Otto-CLI session work landed: 2 audit tools (PRs #3202, #3208) + 1 daily GHA workflow (#3212) + 4 backlog rows (B-0506, B-0514, B-0517, B-0519) + 12 razor-cadence batch shards (B1-B12, 100% rule audit coverage) + 9-variant reference-classification taxonomy. Zero mine PRs open at refresh. Cron live for next tick. Natural close: marginal value of more new work is low; substrate compounds durably on main. Aaron's day-close summary (#3213) in flight on his side. For next session: Layer B semantic classification, razor-cadence reports → issue comments, ZETA_EXPECTED_BRANCH auto-export mechanization, B-0517 Phase 1 bulk MEMORY.md cleanup, B-0514 missing wwjd-grey-honest authoring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3213): MD032 blanks-around-lists on 1952Z shard Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This was referenced May 14, 2026
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…audit-cadence (#3230) * feat(workflow): add stale-worktrees self-test job to factory-hygiene-audit-cadence Composes PR #3225's audit-stale-worktrees.ts into the daily cron from PR #3212. Workflow now self-tests all 3 hygiene tools each day at 14:37 UTC. Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3230): Copilot P1+P2 — path-filter + header docstring updates P1: pull_request.paths now includes audit-stale-worktrees.ts + .test.ts. P2: header says 'three factory-hygiene audit tools' + lists stale-worktrees in top-of-file summary, 'What this workflow does' (implicit via 3-job list), 'Composes with' (PR #3225 added). Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Wires the two factory-hygiene audit tools shipped this session into a daily GHA cron:
tools/hygiene/audit-rule-cross-refs.ts(rule cross-refs audit)tools/hygiene/audit-user-scope-memory-index.ts(MEMORY.md bloat audit)What ships
.github/workflows/factory-hygiene-audit-cadence.yml:rule-cross-refs-audit— runs the tool, uploads markdown report as 90-day artifactmemory-index-self-test— runs the tool's unit-test suite (MEMORY.md itself is user-scope, not available in CI)oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6(SHA-pinned) instead of./tools/setup/install.shto avoid the mise rate-limit cascade observed on parallel PRsSafe-pattern compliance
actions/checkout@de0fac2e,oven-sh/setup-bun@0c5077e5,actions/upload-artifact@043fb46d)contents: readonly)runs-on: ubuntu-24.04run:blocksgithub.run_idandgithub.refused in template expressionsComposes with
encoding-rules-without-mechanizing.mdrule — the substrate this workflow satisfiesrazor-cadence.yml— issue-tracker cadencegit-hotspot-cadence.yml— template shapeTest plan
🤖 Generated with Claude Code
EOF
)