chore(hygiene): exclude .gemini/{launchd,service}/*.plist from machine-specific-content audit#3239
Merged
AceHack merged 2 commits intoMay 14, 2026
Conversation
…e-specific-content audit Plist files under .gemini/launchd/ and .gemini/service/ are the CANONICAL home for machine-specific paths by design. Each carries a maintainer-note comment explaining the paths must be regenerated per-machine before `launchctl load`. They are maintainer-only artifacts, not portable substrate. Before this change: audit flagged 4 plist files as gaps: - .gemini/launchd/com.zeta.backlog-ready-notifier.plist (just landed via #3221) - .gemini/launchd/com.zeta.lior-loop.plist - .gemini/launchd/com.zeta.missed-substrate-detector.plist - .gemini/service/com.lucent.zeta.lior.plist Each is a false-positive — flagging them creates ongoing audit noise without surfacing any actionable gap. Real gaps (e.g., tools/hygiene/audit-ci-cache-paths.ts:/home/<name>/, SKILL.md and memory files with C:\Users\<name>) continue to be flagged. Before: 50 gaps reported. After: 46 gaps reported. Exact delta = the 4 plist files; no other findings affected. The exclusion adds `\.gemini\/(launchd|service)\/.*\.plist` to the EXCLUDE_RE regex + a docstring entry explaining the rationale (so future contributors understand why these are excluded; cargo-culted exclusion without rationale is its own technical-debt class). Co-Authored-By: Claude <noreply@anthropic.com>
6 tasks
There was a problem hiding this comment.
Pull request overview
This PR reduces noise in the machine-specific-content hygiene audit by excluding .gemini/launchd/*.plist and .gemini/service/*.plist, which are intended to contain machine-specific paths and were producing consistent false-positives.
Changes:
- Expanded the audit’s exclusion regex to skip
.gemini/(launchd|service)/**/*.plist. - Added a doc comment explaining why these files are excluded (canonical, maintainer-only, machine-specific by design).
5 tasks
Copilot caught: the new `.gemini/(launchd|service)/.*\.plist` branch wasn't end-anchored. EXCLUDE_RE uses `.test()` (substring match against prefix-anchored regex), so `foo.plist.bak` or `foo.plist.md` would match `.*\.plist` and be over-excluded. Tightened to `\.gemini\/(launchd|service)\/[^/]+\.plist$`: - `[^/]+` — filename has no slashes (no subdir traversal) - `\.plist$` — end-anchored (true plist extension, not substring) Property tests (8/8 pass): - `.gemini/launchd/com.zeta.foo.plist` → excluded ✓ - `.gemini/service/bar.plist` → excluded ✓ - `.gemini/launchd/foo.plist.bak` → NOT excluded ✓ (Copilot's concern) - `.gemini/launchd/foo.plist.md` → NOT excluded ✓ (Copilot's concern) - `.gemini/launchd/sub/dir/foo.plist` → NOT excluded ✓ - `.gemini/other/foo.plist` → NOT excluded ✓ - Existing exclusions (hygiene-history, ROUND-HISTORY) → still excluded ✓ Audit total unchanged at 46 gaps — all 4 real plist files still excluded. Co-Authored-By: Claude <noreply@anthropic.com>
5 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…fic-content audit (#3240) * shard(tick): 2046Z — audit hygiene: exclude plists from machine-specific-content audit Tick output: - PR #3239 (chore(hygiene) plist exclusion): audit-machine-specific-content EXCLUDE_RE extended with \.gemini\/(launchd|service)\/.*\.plist + docstring rationale. Total: 50 -> 46 (exact delta = the 4 plist false-positives). All real findings preserved. Auto-merge armed. - This shard. Prior-tick PRs status: - #3233 (shard 2034Z) MERGED as 0bb9604 - #3235 (KSK personas) MERGED as 6224735 - #3231 / #3237 (shards 2030Z / 2038Z) wait-ci, autoMerge armed Session running tally (8 merged + 4 wait-ci): - Multi-Otto contamination defenses (5 PRs) - KSK personas (1 PR) - Audit hygiene (1 PR — this tick) Pattern for future audit-exclusion decisions (codified in the docstring + this shard): 1. Is the file's content canonically machine-specific by purpose? 2. Does the file carry a maintainer-note comment explaining why? 3. Is the file a maintainer-only artifact? All three must be YES. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): add blank line before list in 2046Z.md (MD032) markdownlint requires blank lines surrounding lists (MD032). Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
Merged
5 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
* shard(tick): 2055Z — B-0488 row close-out after PR #3235 merge Tick output: - PR #3244 (chore(b-0488) close-out row): status in-progress -> closed, closed_by frontmatter field added, all 6 DoD checkboxes ticked with specifics. Pure metadata edit; no behavioural changes. Auto-merge armed. - This shard. Prior-tick PRs merged this batch: - #3231 (shard 2030Z) MERGED as 00f4e9d - #3237 (shard 2038Z) MERGED as 8c7f799 Still wait-ci: #3239 (audit hygiene), #3240 (shard 2046Z). Session running tally: 10 merged + 4 wait-ci. Pattern codified: substantive PR sets open -> in-progress; close-out PR sets in-progress -> closed after the substantive PR merges. Separation isolates the deliverable review from row-metadata bookkeeping. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): add blank line before list in 2055Z.md (MD032) markdownlint requires blank lines surrounding lists (MD032). Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3245): correct git diff --stat format in 2055Z shard per Copilot review Copilot caught: the shard quoted `git diff --stat` output as `8/+7/-1 lines` which isn't the actual format. The real output is `1 file changed, 8 insertions(+), 7 deletions(-)`. Fixed for accuracy. Tick shards are historical record; format accuracy matters for future-Otto reading them. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…BACKLOG drift cleanup) (#3248) Tick output: - PR #3247 (chore(backlog) regen): closes BACKLOG.md drift caused by PR #3244 (B-0488 close-out) not including the regen. +2/-1 lines: B-0488 checkbox flip + B-0329 passive pickup. Auto-merge armed. - Commit 38771fb on PR #3245's branch: fixes `git diff --stat` format accuracy per Copilot review. Thread resolved. - Thread on PR #3244 (merged) acknowledged + resolved with reply pointing to #3247. - This shard. Both Copilot catches were substantive (not nits): - #3244: BACKLOG.md drift after status flip - #3245: incorrect quoted `git diff --stat` output format Patterns codified: - Row-close-out PRs should include BACKLOG.md regen in the same PR - Tick shards quoting command output should reproduce real format, not paraphrase PRs merged during the tick: #3239 + #3240 + #3244. Session tally: 13 merged + 4 wait-ci. Cron sentinel 12fb713e armed; recurring. Co-authored-by: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…regex) (#3246) * shard(tick): 2059Z — PR #3239 Copilot thread fix (end-anchored plist regex) Tick output: - PR #3239 (audit hygiene) Copilot review caught real regex bug: `\.gemini\/(launchd|service)\/.*\.plist` wasn't end-anchored, would over-exclude foo.plist.bak / foo.plist.md. Fixed in new commit 673fbd0 with end-anchored `[^/]+\.plist$`. Property-tested 8/8. Thread resolved via GraphQL mutation. - This shard. Rule blocked-green-ci-investigate-threads.md paid off: gate reported UNKNOWN/BLOCKED with green CI + autoMerge armed; investigated threads first, found the actionable Copilot finding. Prior-tick PRs: #3240 / #3244 / #3245 all still wait-ci with autoMerge armed. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3246): correct gh api graphql usage description in 2059Z shard Copilot caught: the shard described `gh api graphql resolveReviewThread` as if it were a subcommand. That's not valid `gh api graphql` invocation — `resolveReviewThread` is a GraphQL MUTATION FIELD, not a CLI subcommand. Corrected to show the canonical pattern: gh api graphql -f query='mutation { resolveReviewThread(input:{threadId:"<id>"}) { thread { isResolved } } }' The mutation is passed via `-f query=` (and parameters via `-f` for variables). Future readers can copy-paste a runnable example. The Verify section (line 57) already correctly said "GraphQL mutation" — only the earlier narrative text was misleading. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The machine-specific-content audit (tools/hygiene/audit-machine-specific-content.ts) was flagging 4 launchd / service
.plistfiles as gaps even though those files are the canonical home for machine-specific paths by design. Each plist carries a maintainer-note comment explaining the paths must be regenerated per-machine beforelaunchctl load— they are maintainer-only artifacts, not portable substrate.Change
Added
\.gemini\/(launchd|service)\/.*\.plistto theEXCLUDE_REregex + a docstring entry explaining the rationale (so future contributors don't cargo-cult the exclusion).Before / after
.gemini/launchd/com.zeta.{backlog-ready-notifier,lior-loop,missed-substrate-detector}.plist+.gemini/service/com.lucent.zeta.lior.plist)Exact delta = the 4 plist files. No other findings affected:
tools/hygiene/audit-ci-cache-paths.ts:/home/<name>/— still flagged (real gap).claude/skills/documentation-agent/SKILL.md:C:\Users\<name>— still flagged (real gap)memory/feedback_path_hygiene.md:C:\Users\<name>— still flagged (real gap)Test plan
bun tools/hygiene/audit-machine-specific-content.tsexits 0; total drops from 50 → 46bun tools/hygiene/audit-machine-specific-content.ts --enforcestill exits 2 (gaps remain) — audit behavior intactbun tools/hygiene/audit-machine-specific-content.ts --list | grep "\.plist"returns empty — false-positives gonegh pr create --headexplicit refWhy this is a hygiene win
Audit noise creates ongoing false-positive cost. Every PR's CI surfaces these 4 findings; every contributor reading the audit output learns to filter them mentally. The signal-to-noise improves by ~8% (4/50) — small but compounding across every audit run.
🤖 Generated with Claude Code
Co-Authored-By: Claude noreply@anthropic.com