chore(b-0519): add Pattern 5/6 contamination defenses to RCA#3228
Merged
AceHack merged 1 commit intoMay 14, 2026
Conversation
Field-tested 2026-05-14T20:10Z + 20:26Z. Two new multi-Otto-one-checkout contamination patterns surfaced that weren't in the original RCA: - Pattern 5: HEAD detached at origin/main between `git push` and `gh pr create` (another Otto checked out origin/main in the same physical worktree). Recovery: re-checkout my branch. - Pattern 6: HEAD on a different Otto's branch between recovery checkout and `gh pr create`. Recovery: `gh pr create --head <my-branch>` with EXPLICIT head ref. New cheap defenses (zero-code, operator discipline; field-tested first-try): - `git branch --show-current` immediately before `git commit` — primary catch for wrong-branch commits. - `gh pr create --head <my-branch>` with explicit head ref — removes dependency on current-branch state. Also noted: the ZETA_EXPECTED_BRANCH env-var hook is defense-in-depth only, because env vars don't persist reliably across separate Bash-tool calls in this harness (each invocation may spawn a fresh shell). Field-test ticks referenced: - 2010Z.md (first untangle field-test + env-var-hook secondary failure) - 2026Z.md (Pattern 5 + Pattern 6; new defenses validated) Pure additive update to B-0519 RCA — no per-row metadata changes. Co-Authored-By: Claude <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Pull request overview
Additive documentation update to the B-0519 RCA row, appending two newly-observed multi-Otto branch-state contamination patterns and the zero-code defenses that worked in field-test.
Changes:
- Adds Pattern 5 (HEAD detached at
origin/mainbetweengit pushandgh pr create) and Pattern 6 (HEAD on another Otto's branch between recovery checkout andgh pr create). - Documents new cheap defenses:
git branch --show-currentimmediately beforegit commit, andgh pr create --head <branch>with explicit head ref. - Notes env-var
ZETA_EXPECTED_BRANCHhook is defense-in-depth only (doesn't persist across Bash-tool calls), and links the 2010Z/2026Z field-test ticks.
This was referenced May 14, 2026
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…-boot substrate) (#3233) Tick output: - PR #3232 (chore(rule) extend zeta-expected-branch.md): promotes the two primary defenses from B-0519 RCA (grep-discoverable backlog row) to .claude/rules/ (auto-loaded at cold-boot). Plus field-test caveat on env-var-hook reliability. Plus composite operator-discipline snippet. Auto-merge armed. - This shard. Prior-tick PRs: 3 merged this batch. - #3222 (shard 2010Z) MERGED as 82edec5 - #3227 (shard 2026Z) MERGED as 8b59343 - #3228 (B-0519 update) MERGED as 36fbe4c - #3231 (shard 2030Z) wait-ci, autoMerge armed Composite-guard used + survived this tick for substantive PR + this shard: test "$(git branch --show-current)" = "<expected>" && git commit gh pr create --head <my-branch> --base main Cron sentinel 12fb713e armed; recurring. Co-authored-by: Claude <noreply@anthropic.com>
5 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…6 defenses) (#3231) * shard(tick): 2030Z — B-0519 RCA additive update (Pattern 5 + Pattern 6 defenses) Tick output: - PR #3228 (chore(b-0519) additive update): adds Pattern 5 + Pattern 6 contamination patterns + new cheap defenses (git branch --show-current before commit + gh pr create --head explicit ref) + caveat on ZETA_EXPECTED_BRANCH env-var hook reliability. Pure additive update; no per-row metadata changes. Auto-merge armed. - This shard. Prior-tick PRs status: - #3226 (BACKLOG.md regen) — MERGED as fe8a845. - #3227 (shard 2026Z) — wait-ci, autoMerge armed. - #3222 (shard 2010Z) — wait-ci, autoMerge armed. Observed but not yet RCA'd: working-tree files from a different Otto's branch surviving `git checkout -f origin/main`. Caught + corrected via git checkout origin/main -- <leaked-file>. Repro needed before RCA. Both new defenses survived field-test this tick + last: - git branch --show-current immediately before git commit - gh pr create --head <branch> explicit ref Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(shard-2030Z): add blank line before list (MD032 markdownlint) Co-Authored-By: Claude <noreply@anthropic.com> * fix(shard-2030Z): reflow line to avoid leading '+' triggering MD032 The soft-wrap broke at '+ 2026Z + 2010Z).' causing markdownlint to treat it as a list item. Reflow the paragraph so no line starts with '+'. Co-Authored-By: Claude <noreply@anthropic.com> * fix(shard): clarify 2030Z session tally heading — 2 merged + 3 wait-ci Copilot reviewer noted the "Three landing tally" heading was ambiguous: only 2 PRs were merged; the other 3 were still wait-ci. Renames the heading to "Session PR tally (2 merged, 3 wait-ci)" so future-Otto session archaeology reads unambiguously. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Additive update to B-0519 RCA adding two contamination patterns surfaced today via field-test, plus the new cheap defenses that worked.
Patterns added
origin/mainbetweengit pushandgh pr create(parallel-Otto check-out oforigin/mainin the same physical worktree).checkoutandgh pr create.New cheap defenses (zero-code; field-tested first-try)
git branch --show-currentimmediately beforegit commit— primary catch for wrong-branch commits. Validated on ticks 2010Z and 2026Z.gh pr create --head <my-branch>with explicit head ref — removes dependency on current-branch state, which can be poisoned by parallel-Otto checkouts.Caveat on env-var hook
Also noted in the RCA: the
ZETA_EXPECTED_BRANCHPreToolUsehook is defense-in-depth only — env vars don't persist reliably across separate Bash-tool calls (each invocation may spawn a fresh shell). The substrate-honest primary catch isgit branch --show-currentimmediately beforegit commit.Field-test ticks referenced
docs/hygiene-history/ticks/2026/05/14/2010Z.md— first untangle field-testdocs/hygiene-history/ticks/2026/05/14/2026Z.md— Pattern 5 + Pattern 6 validationTest plan
git branch --show-currentconfirmed before commit + after commitgh pr create --headexplicit ref used🤖 Generated with Claude Code
Co-Authored-By: Claude noreply@anthropic.com