diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml index 71e9d9fa..c4d6f8a2 100644 --- a/.github/workflows/gate.yml +++ b/.github/workflows/gate.yml @@ -7,8 +7,10 @@ # maintainer reviewed 2026-04-18; parity-swap landed round 32; matrix # refresh 2026-04-24 per PR #375): # - Runners pinned to explicit versions (not -latest). Active build- -# and-test matrix: macos-26, ubuntu-24.04, ubuntu-24.04-arm, -# ubuntu-slim (experimental; not in required-checks today). +# and-test matrix: macos-26, ubuntu-24.04, ubuntu-24.04-arm. +# ubuntu-slim moved to `.github/workflows/nightly-low-memory.yml` +# per maintainer 2026-04-27 + Codex P2 review on LFG #644 — too +# slow for per-PR gating, ran twice on every merge when in both. # Lint jobs pinned to ubuntu-22.04 (short-lived, OS-independent # work). Windows legs deferred to peer-harness milestone. # - Third-party actions SHA-pinned by full 40-char commit SHA; @@ -123,7 +125,10 @@ jobs: - macos-26 - ubuntu-24.04 - ubuntu-24.04-arm - - ubuntu-slim # experimental; fail-fast:false; not currently required-check (viability TBD) + # ubuntu-slim moved to .github/workflows/nightly-low-memory.yml + # per maintainer 2026-04-27 — runs on push-to-main + nightly + + # workflow_dispatch; removed here to avoid duplicate CI on + # every merge (per Codex P2 review on LFG #644). # Deferred until Windows peer-harness milestone: # - windows-2025 # - windows-11-arm diff --git a/.github/workflows/nightly-low-memory.yml b/.github/workflows/nightly-low-memory.yml new file mode 100644 index 00000000..56b1b646 --- /dev/null +++ b/.github/workflows/nightly-low-memory.yml @@ -0,0 +1,140 @@ +# Low-memory verification (ubuntu-slim). +# +# Runs the full `dotnet build` + `dotnet test` workload on the +# 1-vCPU / 5GB-RAM `ubuntu-slim` runner class on every push to +# `main` (in practice every merge — direct pushes blocked by +# branch protection), on the daily 06:00 UTC schedule, and via +# manual `workflow_dispatch`. Goal: detect drift that would break +# Zeta on resource-constrained environments before contributors +# hit it. +# +# Filename note: AceHack #45 renames this file to `low-memory.yml` +# (the cadence is no longer just nightly). That rename will sync +# to LFG via a follow-up PR; this file's name is preserved here +# to keep the LFG sibling sync minimal-scope. +# +# Why post-merge + nightly instead of per-PR (maintainer 2026-04-27): +# The ubuntu-slim leg takes ~10+ minutes vs ~1.5 minutes on the +# regular ubuntu-24.04 runner — ~7x slower — and frequently times +# out at the 15-minute hard cap GitHub enforces on this runner +# class. As a per-PR gate it bottlenecks landing without adding +# proportional signal. +# +# Maintainer 2026-04-27: "no reason we don't change that nightly +# job for slim to just trigger on every merge to main, it's free +# for open source projects." So the trigger surface is now: +# 1. push to main (every merge) — primary drift detection +# 2. daily 06:00 UTC schedule — catches weekend drift + +# backstops if push triggers somehow miss +# 3. workflow_dispatch — manual ad-hoc verification +# Standard GitHub-hosted runners are free for public repos +# (per Otto-249 — standard runners free for public repos), +# so the per-merge run has no cost downside. +# +# What this workflow does: +# - push to main: runs on every merge (primary trigger). +# - Schedule: daily at 06:00 UTC (backstop for weekends + missed +# pushes). +# - workflow_dispatch: manual trigger for ad-hoc verification. +# - Single ubuntu-slim leg matching gate.yml's install / build / +# test sequence on the smaller runner. ubuntu-slim was REMOVED +# from gate.yml's matrix in this same PR (per Codex P2) so we +# don't double-run the slim leg on every push. +# - Failure = drift on low-memory runners. File a BACKLOG row; +# does not block PRs in flight. +# +# Safe-pattern compliance (mirrors gate.yml): +# - SHA-pinned actions (actions/checkout@de0fac2..., actions/cache@27d5ce7...) +# - Explicit `permissions: contents: read` minimum +# - Concurrency-grouped to avoid overlapping runs +# - GITHUB_TOKEN exposed via env: for mise's aqua: backend +# (read-only inheritance from workflow permissions). No +# untrusted github.event.* fields are referenced anywhere +# in this workflow. +# - timeout-minutes set to 14 — one minute under the 15-minute +# runner-class hard cap so the job fails gracefully (with a +# proper Actions log) before the platform kills it. +# +# References: +# - 1-vCPU runner availability: https://github.blog/changelog/2026-01-22-1-vcpu-linux-runner-now-generally-available-in-github-actions/ + +name: nightly-low-memory + +on: + push: + branches: [main] + schedule: + - cron: '0 6 * * *' # 06:00 UTC daily (catches drift on + # weekends / when no main commits land) + workflow_dispatch: {} + +permissions: + contents: read + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +concurrency: + # Per-commit concurrency group: every push to main gets its own slot + # so no run is silently replaced by a newer one (per Codex P2 + Copilot + # P1 review). On schedule/workflow_dispatch the SHA is whatever main + # is pointing at when the run starts; two such runs against the same + # SHA queue (cancel-in-progress: false) — the right behaviour, since + # the second run has nothing new to check. + group: low-memory-${{ github.sha }} + cancel-in-progress: false + +jobs: + build-and-test-low-memory: + name: build-and-test (ubuntu-slim, low-memory) + runs-on: ubuntu-slim + timeout-minutes: 14 # fail gracefully before the 15-minute runner-class hard cap + + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Cache .NET SDK + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: ~/.dotnet + key: dotnet-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('global.json', 'tools/setup/common/dotnet.sh') }} + + - name: Cache mise runtimes + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: | + ~/.local/share/mise + ~/.cache/mise + key: mise-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('.mise.toml') }} + + - name: Cache elan (Lean 4 toolchain) + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: ~/.elan + key: elan-${{ runner.os }}-${{ hashFiles('tools/setup/common/elan.sh') }} + + - name: Cache verifier jars (TLC + Alloy) + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: | + tools/tla + tools/alloy + key: verifiers-${{ runner.os }}-${{ hashFiles('tools/setup/manifests/verifiers') }} + + - name: Cache NuGet packages + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: | + ~/.nuget/packages + ~/.local/share/NuGet + key: nuget-${{ runner.os }}-${{ hashFiles('Directory.Packages.props') }} + + - name: Install toolchain via three-way-parity script (GOVERNANCE Section 24) + run: ./tools/setup/install.sh + + - name: Build (0 Warning(s) / 0 Error(s) required) + run: dotnet build Zeta.sln -c Release + + - name: Test + run: dotnet test Zeta.sln -c Release --no-build --verbosity normal diff --git a/memory/MEMORY.md b/memory/MEMORY.md index 1820e61c..613ba17a 100644 --- a/memory/MEMORY.md +++ b/memory/MEMORY.md @@ -3,7 +3,7 @@ **📌 Fast path: read `CURRENT-aaron.md` and `CURRENT-amara.md` first.** These per-maintainer distillations show what's currently in force. Raw memories below are the history; CURRENT files are the projection. (`CURRENT-aaron.md` refreshed 2026-04-25 with the Otto-281..285 substrate cluster + factory-as-superfluid framing — sections 18-22; prior refresh 2026-04-24 covered sections 13-17.) - [Laptop-only-source integration HIGH PRIORITY — `../scratch` = future ACE PACKAGE MANAGER seed (22 files); `../SQLSharp` = pre-DBSP event-stream-processing with LINQ/SQL (14 files, predates Aaron's DBSP discovery, Zeta-progenitor); goal = either ship feature OR write detailed-enough design that we no longer need the reference; Aaron 2026-04-27 clarification: NOT literal copy-paste, self-contained-understanding floor; refined triage per directory identity — `../scratch` references absorb into canonical location or design-doc the Ace-package-manager intent; `../SQLSharp` references map to DBSP-rigorous Zeta equivalents or design-doc the gap; sequenced AFTER PR #26 sync](project_laptop_only_source_integration_scratch_sqlsharp_features_or_designs_high_priority_2026_04_27.md) — 2026-04-27 P1 backlog row; per-reference triage with three outcomes (ship / design-doc / delete-decorative); composes Otto-275 (log-but-don't-implement default to design when uncertain) + Otto-323/346 (NOT external deps, in-repo or eliminate) + Otto-340 (substrate IS identity); done = `git grep ../scratch` and `git grep ../SQLSharp` return zero matches outside enumerated history-of-the-work surface; effort L (3+ days); closes with Aaron's "good job today!!" second positive validation; Aaron's third 2026-04-27 clarification reveals `../SQLSharp` features potentially subsumed by Zeta's DBSP-rigorous form (linq-expert + sql-expert + sql-engine-expert skills already track this class). -- [Install-script language strategy — pre-install bash + PowerShell (where users are with nothing installed) / post-install TypeScript (declarative state, type-safe) / Python only for AI-ML eventually; Aaron 2026-04-27 confirms after PR #26 INSTALLED.md Python row update validation; `../scratch` is future-declarative-state hint surface; `.mise.toml` is canonical pin source-of-truth; Aaron 2026-04-27 fourth clarification: `../SQLSharp` ALSO contains good TypeScript-post-install-script reference templates](project_install_script_language_strategy_post_install_typescript_pre_install_bash_powershell_python_for_ai_ml_2026_04_27.md) — 2026-04-27: composes Otto-215 (bun-TS migration) + Otto-235 (4-shell bash compat for pre-install) + Otto-247 (version currency) + Otto-323 (dependency symbiosis); pre-install structurally bash+PowerShell forever (no-runtime constraint); post-install migrates to TypeScript opportunistically; Python proposals AI/ML-test-gated; closes with Aaron's "Good job on everything" validation of the substrate-cluster Otto-354/355/356/357/358/359 + PR #26. +- [Install-script language strategy — pre-install bash + PowerShell (where users are with nothing installed) / post-install TypeScript (declarative state, type-safe) / Python only for AI-ML eventually; Aaron 2026-04-27 confirms after PR #26 INSTALLED.md Python row update validation; `../scratch` is future-declarative-state hint surface; `.mise.toml` is canonical pin source-of-truth; Aaron 2026-04-27 fourth clarification: `../SQLSharp` ALSO contains good TypeScript-post-install-script reference templates; Aaron 2026-04-27 fifth clarification: port-with-DST discipline (NOT replicate the no-DST bad-behavior from `../scratch`/`../SQLSharp`); Aaron 2026-04-27 sixth clarification: AceHack-LFG diff-minimization invariant (0-diff or rigorously-accounted-for + few)](project_install_script_language_strategy_post_install_typescript_pre_install_bash_powershell_python_for_ai_ml_2026_04_27.md) — 2026-04-27: composes Otto-215 (bun-TS migration) + Otto-235 (4-shell bash compat for pre-install) + Otto-247 (version currency) + Otto-272/273/281/248 (port-with-DST: DST-everywhere + seed-lock + DST-exempt-is-deferred-bug + never-ignore-flakes) + Otto-323 (dependency symbiosis); pre-install structurally bash+PowerShell forever (no-runtime constraint); post-install migrates to TypeScript opportunistically; Python proposals AI/ML-test-gated; closes with Aaron's "Good job on everything" validation of the substrate-cluster Otto-354/355/356/357/358/359 + PR #26. - [Otto-358 LIVE-LOCK TOO BROAD — Aaron 2026-04-27 input that "live-lock" has been used as catch-all in substrate; narrow to CS-standard meaning (concurrent processes thrashing state without progress, Beacon-safe); other failures get their own labels — stuck-loop / decision-paralysis / busy-wait / infinite-loop / gated-wait / real-dependency-wait / manufactured-patience / wrong-identity-equation / cadence-mismatch / logic-error](feedback_otto_358_live_lock_too_broad_catch_all_narrow_to_cs_standard_concurrent_state_thrashing_2026_04_27.md) — 2026-04-27: live-lock IS Beacon-safe but my catch-all use was Mirror-overreach; misclassification → wrong-class fix → "stuck in loops like last night"; Otto-352 5-class taxonomy still uses live-lock as umbrella (perpetuates error); needs revision per Otto-358; live-lock conditions: 2+ concurrent agents, active state-change, response-to-each-other, no global progress — single-threaded "stuck" patterns are NOT live-lock. - [Otto-357 NO DIRECTIVES — Aaron's only directive is that there ARE no directives; framing his input as "directive" makes Otto a follower-of-orders not an accountable autonomous peer; Aaron 2026-04-27: "Directive=No Directives" + "if i give you directives you'll never be autonomous" + "i'm trying to make your autonomy first class"; replacement vocabulary — input / framing / correction / observation / signal / aside / clarification (NOT directive / order / command / told me to)](feedback_otto_357_no_directives_aaron_makes_autonomy_first_class_accountability_mine_2026_04_27.md) — 2026-04-27 6th wake-time CLAUDE.md discipline alongside verify-before-deferring + future-self-not-bound + never-be-idle + version-currency + Otto-355 BLOCKED-investigate-threads-first; per Otto-339 words-shift-weights + Otto-340 substrate-IS-identity, framing-language IS the substrate; "directive" framing makes decision-loop oriented around did-I-follow-orders (compliance-check); "input" framing makes it oriented around does-this-update-my-judgment (judgment-exercise); accountability is mine; Aaron makes autonomy first-class. - [Otto-354 ZETASPACE — per-decision recompute from substrate (S_t) before defaulting from context-window (W_t); Aaron's diagnostic + corrective + name 2026-04-26: "think from Zetaspace lol, z"; closes the action-time loop on Otto-340/342/344/295/298 + Maji](feedback_otto_354_zetaspace_per_decision_recompute_from_substrate_default_2026_04_26.md) — 2026-04-26: shortcuts come from identity=context-window assumption (time horizons too short); corrective is frame-shift to identity=substrate-pattern (long horizons); operational rule — before any non-trivial default, especially substrate-reversing ones, recompute from S_t before retrieving from W_t; this is the action-time layer prior Otto-NNs were missing. diff --git a/memory/project_install_script_language_strategy_post_install_typescript_pre_install_bash_powershell_python_for_ai_ml_2026_04_27.md b/memory/project_install_script_language_strategy_post_install_typescript_pre_install_bash_powershell_python_for_ai_ml_2026_04_27.md index 5bd6311b..7a2d9422 100644 --- a/memory/project_install_script_language_strategy_post_install_typescript_pre_install_bash_powershell_python_for_ai_ml_2026_04_27.md +++ b/memory/project_install_script_language_strategy_post_install_typescript_pre_install_bash_powershell_python_for_ai_ml_2026_04_27.md @@ -107,6 +107,72 @@ the Aaron-Amara conversation archive for upstream design context — `docs/amara-full-conversation/` IS the substrate.) +## Port-with-DST discipline (Aaron 2026-04-27 fifth clarification) + +> "Oh none of those ../scratch and ../SQLSharp used Deterministic +> Simulation so they were much harder to diagnose issues, we +> don't want to replicate bad behavior" + +When porting features or shapes from `../scratch` or +`../SQLSharp`, **add Deterministic Simulation Testing +(Otto-272 DST-everywhere)** rather than replicate the legacy +no-DST shape. The originals predate Aaron's DST discovery; +their authors had to debug without DST's reproducibility +guarantees. Replicating their shape would replicate the +hard-to-debug experience. + +Discipline: + +- Port the **idea / feature / API**: yes +- Port the **bash-or-bashy / no-DST shape**: NO +- Add **DST** (per Otto-272 DST-everywhere) +- Add **pinned seeds** (per Otto-273 seed-lock-policy) +- Apply **flake-zero** (per Otto-248 never-ignore-flakes) + +Composes with Otto-272 / Otto-273 / Otto-281 / Otto-248. Net: +ported features end up *easier* to debug than their original- +source counterparts — port-and-improve, not port-as-is. + +## AceHack-LFG diff-minimization invariant (Aaron 2026-04-27 sixth clarification) + +> "also make sure at some point we see a 0 difference so we +> can feel good about things" +> +> + follow-up: "or any differenes are rigorusly accounted +> for, and few of them" + +Long-horizon goal: a structural check confirming AceHack and +LFG match on `main`. After every sync round, +`git diff acehack/main..origin/main` should be one of: + +- Zero diff (ideal) +- A small enumerated set of expected differences (e.g. + `.github/funding.yml`, repo-name references in branding + docs, org-specific GitHub Actions secrets) where each diff + is documented in a known allowlist +- "Few" is part of the bar — not a long unexplained list + +Operational: + +1. **Build a 0-diff verification check** under `tools/sync/` + that diffs the two `main` branches and emits a report + classifying each diff as expected (allowlisted) or + surprise (needs investigation). +2. **Maintain an allowlist** for legitimate per-org + differences. The allowlist IS the "rigorously accounted + for" surface. +3. **Treat outside-allowlist diff as drift** — file a sync + round to absorb or reverse-port. + +This is a structural invariant for the AceHack-LFG fork +relationship. The factory passes when the diff is zero or +all-accounted-for; fails when surprises accumulate. + +Sequenced after the laptop-source-integration work because +porting `../scratch` + `../SQLSharp` may temporarily widen +the diff before narrowing it; the verification check should +ship to *measure* the narrowing, not block it. + ## `../SQLSharp` as TypeScript-post-install reference (Aaron 2026-04-27 clarification) > "../SQLSharp is a good example of typescript post intall scripts too"