diff --git a/memory/MEMORY.md b/memory/MEMORY.md index 8688d7dc..b008ecc5 100644 --- a/memory/MEMORY.md +++ b/memory/MEMORY.md @@ -4,7 +4,7 @@ - [**Only "pushed" signal is Aaron typing in this environment; everything else is pull (Aaron 2026-04-28)**](feedback_only_pushed_signal_is_aaron_typing_everything_else_is_pull_aaron_2026_04_28.md) — In autonomous-loop mode, Aaron's direct typing is the ONLY push channel. CI / threads / mergeability / cron / peer-CLI replies are all PULL signals requiring active query. "No new signal" without pulling is wrong by construction. - [**Speculation LEADS investigation; it does NOT DEFINE root cause (Aaron 2026-04-28)**](feedback_speculation_leads_investigation_not_defines_root_cause_aaron_2026_04_28.md) — Aaron's binding correction after my LFG #661 "bullshit answer." Speculation generates hypotheses to direct investigation; speculation has no role in defining root cause. When asked "why?" / "what is the mechanism?", quote the primary source verbatim. Plausible-sounding causal narratives assembled from nearby facts ARE the failure mode. -- [**CodeQL umbrella check NEUTRAL while per-language Analyze legs SUCCESS — code_quality ruleset BLOCKED detection pattern (Aaron 2026-04-28)**](feedback_codeql_umbrella_neutral_vs_per_language_detection_pattern_aaron_2026_04_28.md) — When `code_quality:severity=all` ruleset says "Code quality results are pending for N analyzed languages" despite per-language `Analyze (X)` legs SUCCESS, check the umbrella `CodeQL` check (no language suffix) for NEUTRAL conclusion + "1 configuration not found" details. Industry-wide pattern; Aaron seen across other projects. +- [**CodeQL umbrella check NEUTRAL while per-language Analyze legs SUCCESS — code_quality ruleset BLOCKED detection pattern (Aaron 2026-04-28)**](feedback_codeql_umbrella_neutral_vs_per_language_detection_pattern_aaron_2026_04_28.md) — When `code_quality:severity=all` ruleset says "Code quality results are pending for N analyzed languages" despite per-language `Analyze (X)` legs SUCCESS, check the umbrella `CodeQL` check (no language suffix) for NEUTRAL conclusion + "1 configuration not found" details. Industry-wide pattern; Aaron seen across other projects. Mechanism RESOLVED 2026-04-28T14:32Z via primary-source query (see file body); structural fix landed via PR #662. - [**`gh workflow run --ref` on PR branch overwrites latest-by-name check-runs — branch-protection collateral risk (Aaron 2026-04-28)**](feedback_workflow_dispatch_overwrites_latest_byname_check_runs_branch_protection_caveat_2026_04_28.md) — Empirical 2026-04-28 LFG #660: dispatched gate.yml to populate missing macos-26; macos-26 succeeded but ubuntu legs flaked + OVERWROTE PR-run successes via latest-by-name; preferred recovery for "missing required check on PR" is `gh run rerun --failed` on the EXISTING PR-event run, NOT `gh workflow run --ref`. - [**Reviewer false-positive pattern catalog — 7-class taxonomy + per-class resolution forms + ROI-ranked prevention (Aaron 2026-04-28)**](feedback_reviewer_false_positive_pattern_catalog_aaron_2026_04_28.md) — Stale-snapshot / carve-out blind spot / schema drift / wrong-language parser / convention conflict / broken xref / recursive-CI-new-threads; speeds future thread classification; high-ROI prevention candidates listed. - [**CALIBRATION — `requiredApprovingReviewCount=0` on both Zeta forks; BLOCKED ≠ reviewer; 5-class taxonomy + complete enum coverage (Aaron 2026-04-28)**](feedback_no_required_approval_on_zeta_BLOCKED_means_threads_or_ci_aaron_2026_04_28.md) — 5 BLOCKED classes (threads / failing-or-pending CI / merge conflicts / required-check-MISSING-from-rollup / repository-ruleset gates); failed-conclusion enum covers FAILURE/CANCELLED/TIMED_OUT/ACTION_REQUIRED/STARTUP_FAILURE/STALE; pending-status enum covers IN_PROGRESS/QUEUED/WAITING/REQUESTED/PENDING; CheckRun.name vs StatusContext.context union extraction; always-double-check-after-CI rule. diff --git a/memory/feedback_codeql_umbrella_neutral_vs_per_language_detection_pattern_aaron_2026_04_28.md b/memory/feedback_codeql_umbrella_neutral_vs_per_language_detection_pattern_aaron_2026_04_28.md index afaa1d72..837a340f 100644 --- a/memory/feedback_codeql_umbrella_neutral_vs_per_language_detection_pattern_aaron_2026_04_28.md +++ b/memory/feedback_codeql_umbrella_neutral_vs_per_language_detection_pattern_aaron_2026_04_28.md @@ -73,15 +73,54 @@ oddity. — extends Otto-355's BLOCKED-investigate-first to include the umbrella-check interrogation when threads are clean and per-language CI is green. -## Open question (deferred) - -Why does AceHack's umbrella check go SUCCESS while LFG's goes NEUTRAL despite -identical default-setup state? Suspects: -- Different repo settings under `code-scanning/configurations` (org-level vs - repo-level) -- Different `paths-ignore` / `paths` config consumed by GitHub's umbrella - evaluator vs the workflow's evaluator -- Some ingestion-side flag that differs - -When the next PR hits this on LFG (or any other repo), grep for this memory file -and run the detection pattern first; investigate the asymmetry second. +## Open question — RESOLVED 2026-04-28T14:32Z (primary-source query, not speculation) + +The earlier-this-day "deferred" suspects (org-level inheritance, paths-ignore +divergence, ingestion-side flags) were **all speculation**. The actual +mechanism, verbatim from the umbrella check's own details URL via +`gh api repos/Lucent-Financial-Group/Zeta/check-runs/ --jq .output.summary`: + +> **Warning**: Code scanning cannot determine the alerts introduced by this +> pull request, because 1 configuration present on `refs/heads/main` was not +> found: +> +> ### Actions workflow (`codeql.yml`) +> * `/language:java-kotlin` + +**EVIDENCE-BASED resolution:** + +1. **`tools/alloy/AlloyRunner.java` is first-party Java** that the + `codeql.yml` workflow's matrix did NOT include — header comment claimed + "no Java/Kotlin source" which was wrong (Aaron 2026-04-28: *"we have java + in our codebase, it's just a little but it's there"*). +2. **Main has java-kotlin analyses** uploaded by (a) GitHub's default-setup + runner (older, `analysis_key=dynamic/github-code-scanning/codeql:analyze`, + non-deletable) and (b) our path-gate's empty-SARIF baseline upload + (`analysis_key=.github/workflows/codeql.yml:path-gate`, deletable). +3. **PR head's matrix had no java-kotlin leg** → umbrella couldn't compute + alert delta for that configuration → emits NEUTRAL. +4. **AceHack vs LFG asymmetry:** likely the SAME mechanism on both sides; + the visible asymmetry was probably a sampling artifact (specific PRs + measured) rather than a structural difference. *Speculation flag:* not + tested empirically. What would disconfirm: pull umbrella details URLs + for matched-pair PRs across forks and compare verbatim summaries. + +**The structural fix (PR #662, merged 2026-04-28T16:22:42Z):** + +- Added `java-kotlin` to the analyze matrix in `.github/workflows/codeql.yml` + with `build-mode: none` +- Removed `tools/alloy/**` from `paths-ignore` in + `.github/codeql/codeql-config.yml` so the extractor actually scans + AlloyRunner.java +- Added `*.java` to path-gate's code-changed patterns (extension to Kotlin / + Scala deferred to B-0081) + +The deeper structural cause: **runtime dependencies must be honestly +declared on every surface that touches them**. Java was already managed via +`.mise.toml:24` (`java = "26"`, round-34 brew/apt → mise migration) but the +codeql.yml workflow disowned it. Round-34's sweep was incomplete; the +inconsistency surfaced months later as cross-fork CI failure. + +When the next PR hits this on LFG (or any other repo), the detection +pattern still works as the entry point. The mechanism above is now the +expected explanation; org-level inheritance is not. diff --git a/memory/feedback_speculation_leads_investigation_not_defines_root_cause_aaron_2026_04_28.md b/memory/feedback_speculation_leads_investigation_not_defines_root_cause_aaron_2026_04_28.md index 701f4624..c33032fa 100644 --- a/memory/feedback_speculation_leads_investigation_not_defines_root_cause_aaron_2026_04_28.md +++ b/memory/feedback_speculation_leads_investigation_not_defines_root_cause_aaron_2026_04_28.md @@ -172,7 +172,7 @@ Why this matters across surfaces: - `feedback_otto_355_blocked_with_green_ci_means_investigate_review_threads_first_dont_wait_2026_04_27.md` — same family of failure: assuming a wait when the primary-source query (unresolved threads) gives the actual answer. -- `feedback_otto_352_live_lock_term_split_three_distinct_classes_2026_04_26.md` +- `feedback_otto_358_live_lock_too_broad_catch_all_narrow_to_cs_standard_concurrent_state_thrashing_2026_04_27.md` — Aaron's precision principle. Less broad framings, primary-source-grounded classifications, beat sweeping speculative narratives. - The "primary-source-first" line is now a CLAUDE.md candidate; promotion