sync: AceHack→LFG merge-needed batch (~33 files, ~500 lines; excludes in-flight-#50 files)

.claude/decision-proxies.yaml

@@ -31,7 +31,7 @@ maintainers:
         authority: advisory
         notes: |
           Amara is Aurora co-originator (see
-          docs/aurora/collaborators.md — landing in PR #149).
+          docs/aurora/collaborators.md).
           Her ChatGPT project: LucentAICloud.
           Aaron ferries a dedicated branched chat URL for agent
           access; URL lives in per-user proxy-access config, not

.claude/skills/github-surface-triage/SKILL.md

@@ -277,8 +277,11 @@ load-bearing for greps on archived fire-history).
   (shape definitions, rationale, Aaron directive quotes)
 - `docs/AGENT-ISSUE-WORKFLOW.md` — abstract dual-track
   principle for issues (GitHub / Jira / git-native)
-- `docs/FACTORY-HYGIENE.md` row #48 — ten-surface triage
-  cadence + fire-history requirement
+- `docs/FACTORY-HYGIENE.md` ten-surface triage
+  cadence + fire-history requirement (row #45 in
+  AceHack/Zeta layout; row #48 in LFG/Zeta layout —
+  resolve to actual row after FACTORY-HYGIENE.md
+  fork-divergence merge lands)
 - `docs/hygiene-history/pr-triage-history.md`
 - `docs/hygiene-history/issue-triage-history.md`
 - `docs/hygiene-history/wiki-history.md`

.github/workflows/backlog-index-integrity.yml

@@ -115,14 +115,25 @@ jobs:
             # closes that hole.
             extract_frontmatter_field() {
               local file="$1" field="$2"
+              # Per Copilot review on PR #26: build the regex via a
+              # named awk variable rather than juxtaposition-
+              # concatenating four string literals inline. The old
+              # form (`"^"field":[[:space:]]+"`) was valid POSIX awk
+              # but flagged by reviewers as ambiguous. The named
+              # `pattern` makes the regex constructed once at BEGIN
+              # time and reused unambiguously by both the match-
+              # guard and `sub()`.
               awk -v field="$field" '
-                BEGIN { state = 0 }
+                BEGIN {
+                  state = 0
+                  pattern = "^" field ":[[:space:]]+"
+                }
                 /^---$/ {
                   if (state == 0) { state = 1; next }
                   if (state == 1) { exit }
                 }
-                state == 1 && $0 ~ "^"field":[[:space:]]+" {
-                  sub("^"field":[[:space:]]+", "")
+                state == 1 && $0 ~ pattern {
+                  sub(pattern, "")
                   print
                   exit
                 }

.github/workflows/gate.yml

@@ -82,10 +82,12 @@ jobs:
     # so the prior fork/LFG cost-opt split (which kept macOS off LFG)
     # no longer applies.
     #
-    # Active legs (4):
+    # Active legs (3):
     #   - macos-26          macOS 26, Apple Silicon M1 (3 CPU, 7 GB)
     #   - ubuntu-24.04      Ubuntu 24.04 LTS x64 (4 CPU, 16 GB)
     #   - ubuntu-24.04-arm  Ubuntu 24.04 LTS arm64 (4 CPU, 16 GB)
+    #
+    # Moved-to-nightly leg (per maintainer 2026-04-27):
     #   - ubuntu-slim       Ubuntu slim x64 (1 vCPU, 5 GB RAM;
     #                       15-minute HARD job cap). Too slow for
     #                       per-PR gating (~10+ min vs ~1.5 min on

.github/workflows/low-memory.yml

@@ -35,14 +35,16 @@
 #   so the per-merge run has no cost downside.
 #
 # What this workflow does:
-#   - push to main: runs on every merge (primary trigger).
+#   - push to main: runs on every push to main (in practice every
+#     merge; primary trigger).
 #   - Schedule: daily at 06:00 UTC (backstop for weekends + missed
 #     pushes).
 #   - workflow_dispatch: manual trigger for ad-hoc verification.
 #   - Single ubuntu-slim leg matching gate.yml's install / build /
 #     test sequence on the smaller runner. ubuntu-slim was REMOVED
-#     from gate.yml's matrix in this same PR (per Codex P2) so we
-#     don't double-run the slim leg on every push.
+#     from gate.yml's matrix when the per-merge trigger landed (per
+#     Codex P2 review on LFG #644) so we don't double-run the slim
+#     leg on every push.
 #   - Failure = drift on low-memory runners. File a BACKLOG row;
 #     does not block PRs in flight.
 #

.github/workflows/resume-diff.yml

@@ -115,7 +115,7 @@ jobs:
 
                 CLAIM_LINES="$(printf '%s\n' "$RAW_DIFF" \
                   | grep -E '^[+-][^+-]' \
-                  | grep -E '^[+-]\s*(- \*\*|\| |#{2,4} |.*\b(ships?|shipped|verified|proven|complete[ds]?|honest|already absorbed|implement(ed|s)?|in[- ]repo evidence)\b)' \
+                  | grep -P '^[+-]\s*(- \*\*|\| |#{2,4} |.*\b(ships?|shipped|verified|proven|complete[ds]?|honest|already absorbed|implement(ed|s)?|in[- ]repo evidence)\b)' \
                   || true)"
 
                 if [ -n "$CLAIM_LINES" ]; then
@@ -156,11 +156,65 @@ jobs:
             echo "has_changes=$HAS_CHANGES"
           } >> "$GITHUB_OUTPUT"
 
-      - name: Post PR comment
+      - name: Post or update PR comment
         env:
           GH_TOKEN: ${{ github.token }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           DIFF_FILE: ${{ steps.diff.outputs.diff_file }}
         run: |
           set -euo pipefail
-          gh pr comment "$PR_NUMBER" --body-file "$DIFF_FILE"
+
+          # Per Copilot review on PR #26: avoid posting a fresh
+          # comment on every PR sync — that creates spam on actively-
+          # updated PRs. Find an existing bot comment by a unique
+          # marker header and edit-in-place; create a new comment
+          # only if no marker is found. Marker is the HTML comment
+          # `<!-- resume-diff-bot-marker -->` which is stable across
+          # runs but invisible in the rendered comment.
+          MARKER='<!-- resume-diff-bot-marker -->'
+
+          # Prepend marker to the body so future runs can find it.
+          BODY_FILE="$(mktemp)"
+          {
+            printf '%s\n' "$MARKER"
+            cat "$DIFF_FILE"
+          } > "$BODY_FILE"
+
+          # Look for an existing comment containing the marker.
+          # Per Codex review on LFG #649 (P1): `gh pr view --json
+          # comments` returns GraphQL node IDs (e.g. `IC_xxx`), but
+          # the PATCH endpoint at `/repos/.../issues/comments/{id}`
+          # requires the REST integer comment_id. Using the node ID
+          # 404s and breaks the anti-spam edit-in-place behavior on
+          # synchronized PRs. Fix: query the REST API directly via
+          # `gh api repos/.../issues/{pr}/comments` which returns the
+          # integer `id` field that PATCH accepts.
+          existing_id=$(gh api \
+              "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \
+              --paginate \
+              --jq ".[] | select(.body | contains(\"$MARKER\")) | .id" \
+              | head -n 1 || true)
+
+          if [ -n "$existing_id" ]; then
+            # Edit the existing comment via the REST API. `gh pr
+            # comment` does not yet support --edit by id directly,
+            # so fall through to the api wrapper.
+            #
+            # Per Copilot review on PR #26: pass the body via stdin
+            # (jq-built JSON payload) rather than command-substituting
+            # the file contents into a -f flag. The substituted form
+            # risks ARG_MAX (~2 MB on Linux) for large diffs and is
+            # brittle around shell escaping. The stdin form streams
+            # the body and isn't subject to argv size limits.
+            jq -n --rawfile body "$BODY_FILE" '{body: $body}' \
+              | gh api \
+                  --method PATCH \
+                  -H "Accept: application/vnd.github+json" \
+                  --input - \
+                  "/repos/${GITHUB_REPOSITORY}/issues/comments/${existing_id}" \
+                  >/dev/null
+            echo "updated existing resume-diff comment ($existing_id)"
+          else
+            gh pr comment "$PR_NUMBER" --body-file "$BODY_FILE"
+            echo "posted new resume-diff comment"
+          fi

.markdownlint-cli2.jsonc

@@ -16,8 +16,18 @@
     "obj/**",
     // Upstream reference repos under `../` are not part of Zeta.
     "references/upstreams/**",
-    // Memory directory is agent-written append-logs; treating it
-    // as source content would add drift to every OFFTIME entry.
+    // Memory directory is mostly agent-written append-logs (623+
+    // top-level files at the time of writing); treating it as
+    // source content would add drift to every OFFTIME entry.
+    // Acknowledged trade-off (per Copilot review on PR #26):
+    // curated memory docs (memory/CURRENT-aaron.md,
+    // memory/CURRENT-amara.md, memory/MEMORY.md, memory/README.md)
+    // are also covered by this broad ignore. Tightening this to
+    // `memory/persona/**` only — so the curated docs become
+    // lintable — is the right long-horizon move but requires a
+    // bulk-cleanup pass on the 600+ existing memory files first
+    // (deferred to a separate PR per Otto-275 log-but-don't-
+    // implement-yet discipline; tracked at task #267-adjacent).
     "memory/**",
     // Lean proof dir has its own idioms.
     "tools/lean4/**",

.semgrep.yml

@@ -349,7 +349,11 @@ rules:
   # Matches single-line `run: ... ${{ github.<unsafe-path> }} ...`
   # forms for the attacker-controlled contexts enumerated in
   # docs/security/GITHUB-ACTIONS-SAFE-PATTERNS.md. Multi-line `run:
-  # |` blocks are covered by actionlint's YAML-aware parser.
+  # |` blocks are NOT covered by this rule and are also NOT covered
+  # by actionlint (which validates workflow/YAML correctness, not
+  # shell-injection patterns inside script contents). Multi-line
+  # coverage is owed via a separate semgrep rule (or shellcheck-
+  # over-extracted-script-bodies) — tracked under §rule-17-followups.
   # Fix: bind the value to an `env:` entry on the step and read it
   # as `"$VAR"` in the shell. See the safe-patterns doc.
   # ────────────────────────────────────────────────────────────────

GOVERNANCE.md

@@ -786,7 +786,10 @@ than renumbering the rest.
     **Scope of this rule.**
 
     - **In scope:** `docs/aurora/**` absorb docs (courier
-      ferries; cross-AI reviews), any future `docs/archive/**`
+      ferries; cross-AI reviews), `docs/amara-full-conversation/**`
+      verbatim conversation archive (per glass-halo directive —
+      preserved-verbatim register; per-month chunks land via
+      the absorb cadence), any future `docs/archive/**`
       directory, and `docs/research/**` files whose content
       is an import of external conversation rather than
       internal research.

docs/AGENT-ISSUE-WORKFLOW.md

@@ -78,21 +78,25 @@ picked at setup time:
   (`git show origin/claim/<slug>:docs/claims/<slug>.md`);
   `ls docs/claims/` on `main` only shows merged-but-not-
   released claims, not active ones still in flight.
-- Backlog row markers (`[in-progress ...]`, `[blocked ...]`)
-  remain useful as **row-local annotations** on the durable
-  backlog row, but they are not the locking mechanism — the
-  claim file is. Adopters who want backlog-only claims (no
-  separate `docs/claims/` directory) can document that
-  divergence in their own ADR.
+- Backlog row markers (`[in-progress 2026-04-22 by session X]`,
+  `[blocked on ...]`, `[done in SHA]`) remain useful as
+  **row-local annotations** on the durable backlog row, but
+  they are not the locking mechanism — the claim file is.
+  Adopters who want backlog-only claims (no separate
+  `docs/claims/` directory) can document that divergence in
+  their own ADR; in that simpler mode, claims happen via
+  short status-marker commits visible to parallel agents
+  running `git log docs/BACKLOG.md`.
 
 ### Choosing at setup
 
 The canonical setup script under `tools/setup/` currently does
-not prompt for this. **TODO:** file a BACKLOG row to add the
-prompt: "Which issue tracker will this project use?
-[GitHub Issues / Jira / git-native] — agent workflow defaults
-adapt." Until that lands, Zeta's default is (1) and adopters
-copying the factory should read this doc and choose consciously.
+not prompt for this. Tracked at task #267-adjacent (factory-
+adoption configuration prompts) — the planned prompt: "Which
+issue tracker will this project use? [GitHub Issues / Jira /
+git-native] — agent workflow defaults adapt." Until that lands,
+Zeta's default is (1) and adopters copying the factory should
+read this doc and choose consciously.
 
 ## The claim / lock protocol (adapter-neutral)
 
@@ -111,6 +115,7 @@ the other two adapters mirror.
 | GitHub Issues | Comment `claimed by session <id> <UTC-ts> — ETA <...>` + add `in-progress` label | Comment `releasing — landed in <SHA>` + remove label + close (if done) | `gh issue list --label in-progress` |
 | Jira | Transition to `In Progress` state + assign to self + add comment | Transition to `Done` / `Released` + comment with commit | `jql: status = "In Progress"` |
 | Git-native | Claim file at `docs/claims/<slug>.md` on a `claim/<slug>` branch pushed to `origin` (directory tracked on `main`, `README.md` placeholder); commit `claim: <slug> - <scope>` (see [`AGENT-CLAIM-PROTOCOL.md`](AGENT-CLAIM-PROTOCOL.md) for the full shape) | Delete the claim file; commit `release: <slug> - landed in <SHA>` | `git fetch origin && git branch -r --list 'origin/claim/*'` (active claims) plus `ls docs/claims/` (claims merged to `main`) |
+| Git-native (legacy row-marker variant) | Short commit touching the row: `BACKLOG: claim row #42 — session <id> <UTC-ts>` | Commit touching the row: `BACKLOG: release row #42 — landed in <SHA>` | `git log --grep="claim row" docs/BACKLOG.md` |
 
 ### Claim windows and stale-claim force-release
 

docs/CONFLICT-RESOLUTION.md

@@ -201,10 +201,8 @@ sign-off.
   (Complexity Theory Reviewer, on paper) and empirical
   measurement (Claims Tester, at `n = 10³..10⁶`). Standing
   resolution: the two-stage pipeline in
-  `docs/DECISIONS/2026-04-21-router-coherence-v2.md`
-  (v1 at `docs/DECISIONS/2026-04-21-router-coherence-claims-vs-complexity.md`
-  retained as historical record) —
-  analytic-first on new claims; reverse trigger (Claims Tester
+  `docs/DECISIONS/2026-04-21-router-coherence-claims-vs-complexity.md`
+  — analytic-first on new claims; reverse trigger (Claims Tester
   first) on benchmark surprise. If the two disagree on a
   reconciliation, the conflict escalates to this document's
   deadlock clause (human maintainer decides).

docs/CONTRIBUTOR-CONFLICTS.md

@@ -1,6 +1,6 @@
 # Contributor conflicts log
 
-Durable log of differences of opinion / external requirement
+Durable log of differences of opinion / external requirements
 between contributors (human maintainers + external AI
 maintainers + factory-internal personas + external human
 contributors once they arrive). Captures both the conflict