Conversation
…sh assertion (Aaron 2026-04-27) Aaron 2026-04-27: Otto-247 wake-time discipline #4 (CLAUDE.md version-currency rule) applies whenever a version pin LANDS in a new file, NOT just when proposing a fresh version number. Inheriting the existing repo pin (e.g. 'actions/checkout@de0fac2... # v6.0.2') without WebSearch-verifying it's still latest counts as the failure mode. The rule reads 'search before asserting'; pasting a pin into a new workflow IS asserting it's current. Verification approach: query upstream API's releases/latest endpoint (authoritative) rather than Web-search narrative (often stale). Caught when Otto inherited actions/checkout@de0fac2... from gate.yml into budget-snapshot-cadence.yml without WebSearch — pin happened to be correct (v6.0.2 IS latest stable per API), but the discipline-skip was the failure mode. Rebased from PR #656 (4-commit branch had stale-base MEMORY.md conflicts on each commit; clean-extract from branch-tip avoids the rebase-conflict-cascade per the 5-pre-flight-disciplines discipline 1 lesson). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds a new durable memory clarifying that the CLAUDE.md version-currency discipline applies when copying existing version pins into a new file (i.e., inheriting a pin is still a fresh assertion of currency), and updates the memory index accordingly.
Changes:
- Add a new memory entry documenting the “inherited pins still require currency verification” refinement to Otto-247.
- Prepend a corresponding index entry in
memory/MEMORY.md.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| memory/feedback_version_currency_covers_inheriting_existing_pins_not_just_fresh_assertions_aaron_2026_04_27.md | New memory documenting the refined version-currency rule and an application workflow for action pin verification. |
| memory/MEMORY.md | Adds a newest-first index link to the new memory entry. |
Comment on lines
+55
to
+56
| 3. **Get the SHA:** | ||
| `gh api repos/<owner>/<repo>/git/ref/tags/<vN.N.N> --jq '.object.sha'` |
There was a problem hiding this comment.
The suggested command to “Get the SHA” via .../git/ref/tags/<vN.N.N> --jq '.object.sha' is not reliable: for annotated tags it returns the tag-object SHA, not the commit SHA needed for uses: owner/repo@<sha> pins (and can break checkouts). Prefer resolving the tag to a commit SHA (e.g., via the commits endpoint for the tag, or by dereferencing tag objects when .object.type == "tag").
Suggested change
| 3. **Get the SHA:** | |
| `gh api repos/<owner>/<repo>/git/ref/tags/<vN.N.N> --jq '.object.sha'` | |
| 3. **Get the commit SHA (not the tag-object SHA):** | |
| ``TAG_JSON=$(gh api repos/<owner>/<repo>/git/ref/tags/<vN.N.N>) && | |
| TAG_TYPE=$(printf '%s' "$TAG_JSON" | jq -r '.object.type') && | |
| TAG_SHA=$(printf '%s' "$TAG_JSON" | jq -r '.object.sha') && | |
| if [ "$TAG_TYPE" = "tag" ]; then | |
| gh api repos/<owner>/<repo>/git/tags/"$TAG_SHA" --jq '.object.sha' | |
| else | |
| printf '%s\n' "$TAG_SHA" | |
| fi`` |
Comment on lines
+59
to
+60
| (two-space gap before the trailing comment matches the | ||
| existing pins in `gate.yml`, `codeql.yml`, etc.) |
There was a problem hiding this comment.
This note claims the two-space gap before the trailing # vN.N.N comment “matches the existing pins in gate.yml, codeql.yml, etc.”, but the repo is inconsistent (e.g., gate.yml uses a single space while codeql.yml uses two). Please either avoid asserting a repo-wide spacing convention here, or align the claim to the actual current state (and/or point at a single canonical example).
Suggested change
| (two-space gap before the trailing comment matches the | |
| existing pins in `gate.yml`, `codeql.yml`, etc.) | |
| (include the trailing `# vN.N.N` comment after the SHA.) |
Comment on lines
+31
to
+55
| The Web-search Otto ran *after* the correction surfaced two | ||
| distinct things: | ||
|
|
||
| 1. v6.0.2 (the existing repo pin) IS the actual latest stable | ||
| release per `gh api repos/actions/checkout/releases/latest` | ||
| (published 2026-01-09). The pin was correct. | ||
| 2. A Web-search top result was a stale community discussion | ||
| claiming "v6.0.2 not marked as latest" — which, if Otto | ||
| had treated as authoritative without verifying against the | ||
| API, would have led to using v6.0.1 (older). | ||
|
|
||
| Both failure modes (a) skipping the search entirely and | ||
| (b) trusting stale narrative results without API verification | ||
| land in the same place: an asserted-current pin that isn't. | ||
|
|
||
| ## How to apply | ||
|
|
||
| Workflow when adding a third-party action pin: | ||
|
|
||
| 1. **WebSearch upstream's release page / latest tag** — | ||
| `<owner>/<repo>` releases. | ||
| 2. **Verify against the API:** | ||
| `gh api repos/<owner>/<repo>/releases/latest --jq '{tag_name, published_at}'` | ||
| The API answer wins over Web-search narrative. | ||
| 3. **Get the SHA:** |
There was a problem hiding this comment.
The term is used inconsistently as “Web-search” here, but elsewhere (e.g., CLAUDE.md) the tool name is consistently WebSearch. To avoid confusion between the tool name and generic “web search”, please standardize these occurrences (either use WebSearch in code spans when referring to the tool, or plain “web search” when not).
AceHack
deleted the
memory/version-currency-inherit-pins-2026-04-27-rebased
branch
This was referenced Apr 28, 2026
AceHack
added a commit
that referenced
this pull request
Apr 28, 2026
Captures the 11-PR landing arc since PR #674's 17:47Z row: PRs MERGED this arc: - #675 pull-queue scope-broadening + recurrence - #676 Elisabeth→Elizabeth in-prose - #677 5 pre-flight disciplines for destructive git ops - #678 Elizabeth §33 carve-out + verbatim-quote meta-marker - #679 Scorecard TokenPermissions job-level scoping - #680 Atari B-0083 + CodeQL B-0084 + 3 trajectory memories - #681 version-currency-inherits-pins (clean-extracted from #656) Plus PR #656 closed-as-superseded by #681 with 5-disciplines audit. Aaron substrate-input arc captured verbatim: - Elizabeth canonical-spelling correction - Atari ROM canonical-naming ask - TOSEC/Good-Tools dependency-first framing - 'build-our-own as last resort' end-goal sharpening - 'did you fix what it was complaining about?' speculation-catch - 'do the right long term thing' corrective - self-healing metrics affirmation - elisabeth-causes-confusion §33 carve-out Multiple self-correction cascades caught + documented: - Python-heredoc replace failing on backtick-rich content - Block-quoted-verbatim guard missing multi-line quotes - Single-category SARIF snippet vs live per-language matrix - Self-referential rule containing the word it removes Composes with: 5-disciplines memory, self-healing-metrics memory, emit-empty-security-result memory, absorb-and-contribute end-goal sharpening, Elizabeth §33 carve-out, version-currency-inherits-pins. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Aaron 2026-04-27: Otto-247 wake-time discipline #4 (CLAUDE.md
version-currency rule) applies whenever a version pin LANDS in a
new file, NOT just when proposing a fresh version number.
Rebased from PR #656 (
acehack/memory/version-currency-inherit-pins-lesson-2026-04-27).The original PR's 4-commit branch had stale-base MEMORY.md conflicts
on each commit; clean-extracting from branch-tip avoided the
rebase-conflict-cascade per the 5-pre-flight-disciplines lesson.
Composes with:
PR #656 will be closed-as-superseded by this PR after merge.
🤖 Generated with Claude Code