fix(rules): add push-time explicit-branch-push mitigation to sub-case 5#3916
Merged
Merged
Conversation
When peer Otto's git switch race moves HEAD between commit and push, the standard 'git push -u origin <branch>' reads CURRENT HEAD which may have moved off my branch. The safer pattern: git branch <name> <sha> git push origin <name>:<name> This bypasses HEAD-state confusion because (1) git branch creates the ref without changing HEAD, (2) git push origin <src>:<dst> reads the source ref directly, (3) the commit SHA is the durable handle. Empirical anchor: session 2026-05-16T16:30Z-16:40Z had >=3 mid-commit HEAD-contamination events; the final successful pattern (PR #3910) used this explicit-branch-push sequence. Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Updates the standing-by-failure rule to document a push-time mitigation for avoiding incorrect remote pushes when local branch/HEAD state is unstable in a shared worktree.
Changes:
- Adds a new “Push-time mitigation — explicit-branch-push” subsection with an explicit refspec push pattern.
- Records an empirical anchor tying the mitigation to a specific session window and prior PR experience.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1da161878c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Two substantive findings from Copilot + chatgpt-codex-connector on #3916: 1. Persona-name in rule: replaced 'peer Otto' with 'a peer agent' in my newly-added section (pre-existing 'peer Otto' instances at lines 90 + 174 are out-of-scope for this PR) 2. Technical correctness on git push semantics: - 'git push -u origin <branch>' pushes the NAMED local ref refs/heads/<branch>, NOT current HEAD - The footgun was misdiagnosed in my prior text as 'reads CURRENT HEAD' - True failure mode: peer-agent operations CONTAMINATE the local ref (refs/heads/<branch>) between commit and push, so push correctly pushes the now-poisoned ref - Mitigation still works: 'git branch <fresh-name> <sha>' creates a ref peer agents don't write to Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f777071382
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…3916 thread) Vera (chatgpt-codex-connector) caught that bullet 2 of the push-time mitigation section claimed `git push origin <src>:<dst>` reads the source "by hash, not by name resolution" — but per git-push(1), <src> is a SHA-1 expression Git resolves through the local ref namespace before updating the remote when <src> is a branch name. The refspec syntax does NOT inherently bypass ref-name races. Substrate-honest rewrite: - Bullet 1: name the actual protection — the fresh UNIQUE ref name that peers don't know to write to. - Bullet 2: correct the overclaim. The explicit refspec form removes the implicit current-branch dependency, but race-resistance comes from bullet 1's name-uniqueness, not from the syntax. - Bullet 3: document the literal-SHA form (git push origin <sha>:<dst> or git push origin $(git rev-parse <name>):<dst>) as the strongest defense — that form genuinely bypasses local ref resolution at push time. Composes with verify-before-fix discipline in .claude/rules/blocked-green-ci-investigate-threads.md — direct inspection of git-push(1) confirmed Vera's finding was substantive, not a false positive. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 16, 2026
…ion (#3928) Empirical anchor from PR #3916: Codex P2 finding addressed in parallel by peer Otto (1f15c5d) and this Otto-CLI (c9925df). Git's non-fast-forward rejection IS the signal — peer's fix stands as canonical; don't force-push. Operational discipline: when git push is rejected with cannot lock ref ... is at <sha> but expected <sha>, check what peer landed; if same review finding, stand down; if different substrate, separate PR. Composes with claim-acquire-before-worktree-work (sub-cases 1-5), holding-without-named-dependency (named-dep counter reset), PR #3890 (duplicate-PR pattern), and PR #3916 (explicit-branch-push). Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Extends sub-case 5 of `.claude/rules/holding-without-named-dependency-is-standing-by-failure.md` with a push-time mitigation pattern empirically validated this session.
The pattern
When peer Otto's `git switch` race moves HEAD between commit and push, the standard `git push -u origin ` reads CURRENT HEAD at push time (which may have moved off your branch) and pushes the wrong branch to your intended remote ref. The safer pattern:
```bash
git branch
git push origin :
```
This bypasses HEAD-state confusion because:
Empirical anchor
Session 2026-05-16T16:30Z-16:40Z had ≥3 mid-commit HEAD-contamination events while attempting to push a rule edit. The first 2 push attempts (`git switch -c` + `git push -u`) failed by pushing the wrong content to the named remote ref. PR #3910's successful merge used the explicit-branch-push sequence on the third attempt.
Self-applying
This PR itself uses the pattern: commit landed on `otto-cli-explicit-push-mitigation-...-1712z`; the branch ref pushed via `git branch otto-cli-explicit-push-applied-...-1713z ` + `git push origin :`. No HEAD movement during push step.