chore(rule): extend zeta-expected-branch with primary defenses (cold-boot substrate)#3232
Merged
AceHack merged 1 commit intoMay 14, 2026
Conversation
…t substrate) Field-tested 2026-05-14 (ticks 2010Z + 2026Z + 2030Z). The env-var-based ZETA_EXPECTED_BRANCH hook is unreliable in this harness because env vars don't persist across separate Bash-tool calls — each invocation may spawn a fresh shell. The hook is therefore defense-in-depth only. Promote two primary defenses from B-0519 RCA (backlog row, grep-discoverable) to .claude/rules/ (auto-loaded at cold-boot): - `git branch --show-current` immediately before `git commit` — direct git-state query; survives any harness shell-environment quirk. - `gh pr create --head <my-branch> --base main` with EXPLICIT head ref — removes implicit dependency on current-branch state, which can be poisoned by parallel-Otto checkouts between `git push` and `gh pr create`. Per claude-code-loading-taxonomy.md: "I keep forgetting to do X" is the goldfish-ontology failure mode that needs direct-load surface (rule files), not router-loaded skills or grep-discoverable backlog rows. Per skill-router-as-substrate-inventory.md: extend the existing rule rather than mint a new one — same failure mode (wrong-branch commits at git operations under multi-Otto-one-checkout topology). Cross-references to B-0519 RCA added in the Full reasoning section. Co-Authored-By: Claude <noreply@anthropic.com>
5 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…-boot substrate) (#3233) Tick output: - PR #3232 (chore(rule) extend zeta-expected-branch.md): promotes the two primary defenses from B-0519 RCA (grep-discoverable backlog row) to .claude/rules/ (auto-loaded at cold-boot). Plus field-test caveat on env-var-hook reliability. Plus composite operator-discipline snippet. Auto-merge armed. - This shard. Prior-tick PRs: 3 merged this batch. - #3222 (shard 2010Z) MERGED as 82edec5 - #3227 (shard 2026Z) MERGED as 8b59343 - #3228 (B-0519 update) MERGED as 36fbe4c - #3231 (shard 2030Z) wait-ci, autoMerge armed Composite-guard used + survived this tick for substantive PR + this shard: test "$(git branch --show-current)" = "<expected>" && git commit gh pr create --head <my-branch> --base main Cron sentinel 12fb713e armed; recurring. Co-authored-by: Claude <noreply@anthropic.com>
AceHack
deleted the
otto/extend-zeta-branch-rule-primary-defenses-2026-05-14
branch
There was a problem hiding this comment.
Pull request overview
This PR promotes branch-contamination defenses into the cold-boot .claude/rules/ substrate so fresh sessions see the expected-branch discipline before commit/PR operations.
Changes:
- Adds a caveat that the
ZETA_EXPECTED_BRANCHenv-var hook is defense-in-depth because shell env may not persist across Bash-tool calls. - Adds primary operator defenses: query current branch before commit and use
gh pr create --head. - Links the rule back to the B-0519 RCA.
Comments suppressed due to low confidence (1)
.claude/rules/zeta-expected-branch.md:117
- This parenthetical says the RCA has 2010Z/2026Z/2030Z field-test shards, but the referenced RCA only documents 2010Z and 2026Z, and there is no
docs/hygiene-history/ticks/2026/05/14/2030Z.mdin the tree. The cross-reference should not name a non-existent shard.
(RCA capturing the multi-Otto contamination patterns + the primary defenses
this rule operationalizes; field-test tick shards 2010Z/2026Z/2030Z)
| shell-environment quirk because it's a direct query of git state, not | ||
| a query of the agent's belief about git state. | ||
|
|
||
| Field-tested on ticks 2010Z + 2026Z + 2030Z (2026-05-14); survived |
Comment on lines
+116
to
+117
| (RCA capturing the multi-Otto contamination patterns + the primary defenses | ||
| this rule operationalizes; field-test tick shards 2010Z/2026Z/2030Z) |
Comment on lines
+79
to
+81
| # Before each git commit: | ||
| test "$(git branch --show-current)" = "<expected>" || exit 1 | ||
| git commit -m "..." |
5 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…ated) (#3237) * shard(tick): 2038Z — B-0488 KSK persona map (orthogonal lane re-activated) Tick output: - PR #3235 (feat(b-0488) KSK persona map): 7 personas including 2 refused with HARD LIMITS rationale (autonomous-weapons "consent UI" wrapper + nation-state APT privilege-oracle abuse). Closes B-0429.4. Auto-merge armed. - This shard. Prior-tick PRs status: - #3232 (rule promotion) MERGED as d9cdf50 - #3231 / #3233 (shards) wait-ci, autoMerge armed Branch-state contamination this tick: - Branch poisoned to fix-otto-cli-1 mid-edit; phantom `D bun.lock` modification appeared - B-0488 status edit lost (made on poisoned branch) - Composite guard caught the wrong-branch case on FIRST commit attempt (exit-1 fired correctly) — defense working as designed - Both incidents worked around with git restore + checkout Session lane balance: 5 contamination-defense PRs + 1 substantive KSK personas PR + this shard. Orthogonal lane re-activated. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(shard): fix MD032 markdownlint in 2038Z shard Line 81 started with `+` which Markdown parsed as a list item without surrounding blank lines (MD032). Rewrote the continuation clause to not start with `+`: "... (4 merged + 1 wait), 1 substantive KSK-persona-map PR, and this shard." — same meaning, no parser ambiguity. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extends
.claude/rules/zeta-expected-branch.mdwith two primary defenses for multi-Otto-one-checkout topology. Promotes them from B-0519 RCA (grep-discoverable backlog row) to.claude/rules/(auto-loaded at cold-boot for every fresh session).Why promote from RCA to rule
Per claude-code-loading-taxonomy.md: "I keep forgetting to do X" is the goldfish-ontology failure mode that needs direct-load surface (rule files), not router-loaded skills or grep-discoverable backlog rows. The defenses fire on every commit/PR call — every cold-boot Otto needs them in context from session start, not via grep.
Per skill-router-as-substrate-inventory.md: extend the existing rule rather than mint a new one — same failure mode (wrong-branch commits under multi-Otto contention).
What's added
Field-test caveat on the env-var hook
ZETA_EXPECTED_BRANCHset in one Bash-tool call doesn't reliably persist to the call that runsgit commit— each invocation may spawn a fresh shell. The hook is therefore defense-in-depth only. Observed on tick 2010Z (2026-05-14): the hook did NOT catch a wrong-branch commit.Primary defense 1 —
git branch --show-currentbeforegit commitDirect git-state query; survives any harness shell-environment quirk. Field-tested ticks 2010Z + 2026Z + 2030Z + this tick.
Primary defense 2 —
gh pr create --head <my-branch>explicit head refRemoves implicit current-branch dependency, which can be poisoned by parallel-Otto checkouts between
git pushandgh pr create. Field-tested ticks 2026Z + 2030Z + this tick.Composite operator-discipline snippet
Test plan
test = "<expected>" && git commit) — branch verifiedgh pr create --headexplicit ref for THIS PR🤖 Generated with Claude Code
Co-Authored-By: Claude noreply@anthropic.com