From 599fd10807a6760bbda371da6613894e29bb57b7 Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Wed, 29 Apr 2026 03:50:59 -0400
Subject: [PATCH 1/2] memory(fork-audit): R/C/T diff-filter coverage +
 plumbing-vs-porcelain note + slot-semantics on MEMORY.md HTML comment (Amara
 round-10)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three corrections from Amara round-10 review of PR #826
(now-merged fork-topology safety addendum):

1. Audit was missing rename/copy/type-change coverage. The
   slogan "same path is not same substrate" has an inverse:
   "different path can still be same substrate." Renames and
   copies need content comparison, not path equality.
   Replaced `--diff-filter=A` + `--diff-filter=M` with a
   single comprehensive `--diff-filter=ACMRT --find-renames`
   call + per-status interpretation guide.

2. Plumbing-vs-porcelain note added: human audit is fine with
   `git diff`; scripted tooling should prefer
   `git diff-tree -r --name-status --find-renames` (plumbing)
   for output stability + config-immunity, OR add
   `-c core.quotepath=false --no-ext-diff` to porcelain for
   predictability.

3. MEMORY.md HTML comment renamed `paired-edit:` →
   `latest-paired-edit:` per Amara: the comment is acting as
   a single-slot ledger that loses prior markers each time;
   making the slot semantics explicit prevents future
   confusion that only one paired edit exists. (The prior
   round-9 marker was overwritten without ledger preservation
   — a chronic drift class. Future enhancement: paired-edit
   log file if multi-slot history becomes necessary.)

Round-10 keepers preserved in audit prose:
  Added files are a clue.
  Modified shared files are the trap.
  Content equivalence is the gate.

The four meta-rules from the round-10 packet that are NOT
landing as new substrate (per B-0105 consolidation gate):
  - "Paired-edit failure must stop before commit" — process
    discipline; will absorb into existing paired-edit lint
    documentation when consolidation pass picks it up.
  - "Safety blockers should land as soon as green" —
    discipline-level rule; honored in this PR's intent.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 memory/MEMORY.md                              |  2 +-
 ...rgence_fork_double_hop_aaron_2026_04_27.md | 42 +++++++++++++++----
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/memory/MEMORY.md b/memory/MEMORY.md
index fc69c93fc..1ea9fd7b6 100644
--- a/memory/MEMORY.md
+++ b/memory/MEMORY.md
@@ -1,6 +1,6 @@
 [AutoDream last run: 2026-04-23]
 
-**📌 Fast path: read `CURRENT-aaron.md` and `CURRENT-amara.md` first.** <!-- paired-edit: hard-reset safety addendum on AceHack/LFG fork-topology memory + content-equivalence audit rule (2026-04-29 round-9 peer-harness save) -->
+**📌 Fast path: read `CURRENT-aaron.md` and `CURRENT-amara.md` first.** <!-- latest-paired-edit: fork-audit R/C/T diff-filter coverage + plumbing-vs-porcelain note (2026-04-29 round-10 Amara). NOTE: this comment is a single-slot "latest paired edit" marker (not a paired-edit log). Per the round-10 Amara framing the slot semantics are now explicit. -->
 
 - [**Bare `main` is ambiguous — automation uses explicit refs (Amara, 2026-04-29)**](feedback_bare_main_ambiguity_automation_discipline_explicit_refs_required_amara_2026_04_29.md) — Generic multi-remote-repo automation rule: scripts use `refs/remotes/<remote>/<branch>` (or `refs/heads/<branch>`); bare branch names only for interactive humans. Hard-stop on fatal base-ref errors. Caught when bare `git checkout main` was hitting `fatal: matched multiple (2) remote tracking branches` and the loop continued past the failure with wrong downstream state.
 
diff --git a/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md b/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md
index 95a9d1555..0342befc6 100644
--- a/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md
+++ b/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md
@@ -135,22 +135,48 @@ caught missing content in the reset-readiness claim.
 ### Required content-equivalence audit (BEFORE any hard-reset)
 
 ```bash
-# Both checks required for safety:
-
-# (1) Files present only on AceHack (not on LFG)
-git diff --name-status --diff-filter=A origin/main..acehack/main
-
-# (2) Shared files MODIFIED on AceHack (may contain unique content)
+# All categories required for safety. Use --find-renames so
+# moved/copied content isn't misclassified as
+# "AceHack-only" or "deleted":
+
+# (1) Comprehensive status across all relevant categories
+#     A=added (AceHack-only path)
+#     C=copied (content reused under new path)
+#     M=modified (shared path with possibly-unique content)
+#     R=renamed (moved content; compare by content, not path)
+#     T=type change (symlink vs file etc.; inspect manually)
+#     (D=deleted is intentionally omitted — deletion alone
+#     is not content loss going LFG→AceHack direction; if
+#     the deletion is intentional drop, classify so.)
+git diff --name-status --find-renames --diff-filter=ACMRT \
+  origin/main..acehack/main
+
+# (2) Numstat for shared MODIFIED files (sizing the audit)
 git diff --numstat --diff-filter=M origin/main..acehack/main
 
-# Then for each modified shared path, content-compare:
+# (3) For each shared / renamed / copied path, content-compare:
 git diff origin/main..acehack/main -- <path>
 
-# And test reachability of each candidate SHA:
+# (4) Test reachability of each candidate SHA:
 git merge-base --is-ancestor <sha> origin/main  # 0=ancestor, 1=not
 git merge-base --is-ancestor <sha> acehack/main
 ```
 
+**Plumbing-vs-porcelain (when this becomes scripted tooling):**
+human auditors are fine with `git diff` (porcelain). When
+this audit graduates to a CI tool or shell script, prefer
+`git diff-tree -r --name-status --find-renames --diff-filter=ACMRT
+origin/main acehack/main` (plumbing) — output is more stable
+and immune to user `core.*` config interference. Alternatively
+add `git -c core.quotepath=false diff --no-ext-diff …`
+for predictable byte sequences.
+
+**Inverse of "same path is not same substrate":** different
+path can still be same substrate. R/C status entries (renamed
+/ copied) require content comparison, not path equality. Don't
+over-flag a moved file as content-loss when its content lives
+under a new path on LFG main.
+
 ### Required classification per unforwarded substantive PR
 
 ```text

From 38c6c509b4442d5196ee4fdb3848d9b64beedd98 Mon Sep 17 00:00:00 2001
From: Aaron Stainback <aaron_bond@yahoo.com>
Date: Wed, 29 Apr 2026 03:58:24 -0400
Subject: [PATCH 2/2] fix(fork-audit): enable copy detection + D
 semantic-regression separate pass + CI cost note (Amara round-11)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three corrections to PR #827's fork-audit additions:

1. --diff-filter=ACMRT requires BOTH --find-renames AND
   --find-copies. Previous form had `C` in the filter but only
   enabled rename detection, so copied entries would never
   appear. Added --find-copies. Plumbing form likewise uses
   `-M -C`.

2. D=deleted moved to a SEPARATE pass. Not AceHack-content-
   loss in the AceHack→LFG hard-reset direction (LFG already
   lacks the file), but can be SEMANTIC REGRESSION if AceHack
   intentionally removed bad/stale/unsafe content. Review
   separately when the deleted path is workflow / security
   config / tooling / governance substrate.

3. Copy-detection cost note for CI tooling. -C has an O(n²)
   fallback comparing each added file to each deleted file.
   Added two-pass tooling pattern:
     fast pass — A/M/R/T with rename detection only
     slow pass — bounded -C (e.g. -l200) for suspicious clusters
   Human one-shot audit can stay unbounded.

Best round-11 keeper:
  Renames need -M.
  Copies need -C.
  Deletes need judgment.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 ...rgence_fork_double_hop_aaron_2026_04_27.md | 59 ++++++++++++++-----
 1 file changed, 44 insertions(+), 15 deletions(-)

diff --git a/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md b/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md
index 0342befc6..d5f40c2c6 100644
--- a/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md
+++ b/memory/feedback_lfg_master_acehack_zero_divergence_fork_double_hop_aaron_2026_04_27.md
@@ -135,20 +135,29 @@ caught missing content in the reset-readiness claim.
 ### Required content-equivalence audit (BEFORE any hard-reset)
 
 ```bash
-# All categories required for safety. Use --find-renames so
-# moved/copied content isn't misclassified as
-# "AceHack-only" or "deleted":
+# All categories required for safety. Use BOTH --find-renames
+# AND --find-copies so moved/copied content isn't misclassified
+# as "AceHack-only" or "deleted". Note: --diff-filter=C only
+# emits Copied entries when copy detection is enabled; filter
+# alone is not sufficient.
 
-# (1) Comprehensive status across all relevant categories
+# (1) Comprehensive status across content-loss categories
 #     A=added (AceHack-only path)
-#     C=copied (content reused under new path)
+#     C=copied (content reused under new path; requires --find-copies)
 #     M=modified (shared path with possibly-unique content)
-#     R=renamed (moved content; compare by content, not path)
+#     R=renamed (moved content; requires --find-renames; compare by content, not path)
 #     T=type change (symlink vs file etc.; inspect manually)
-#     (D=deleted is intentionally omitted — deletion alone
-#     is not content loss going LFG→AceHack direction; if
-#     the deletion is intentional drop, classify so.)
-git diff --name-status --find-renames --diff-filter=ACMRT \
+git diff --name-status --find-renames --find-copies \
+  --diff-filter=ACMRT \
+  origin/main..acehack/main
+
+# (1b) D=deleted SEPARATE pass — not AceHack-content-loss in
+#      this reset direction (LFG already lacks the file), but
+#      can be SEMANTIC REGRESSION if AceHack intentionally
+#      removed bad/stale/unsafe content. Review separately
+#      when the deleted path is workflow / security config /
+#      tooling / governance substrate.
+git diff --name-status --diff-filter=D \
   origin/main..acehack/main
 
 # (2) Numstat for shared MODIFIED files (sizing the audit)
@@ -165,11 +174,31 @@ git merge-base --is-ancestor <sha> acehack/main
 **Plumbing-vs-porcelain (when this becomes scripted tooling):**
 human auditors are fine with `git diff` (porcelain). When
 this audit graduates to a CI tool or shell script, prefer
-`git diff-tree -r --name-status --find-renames --diff-filter=ACMRT
-origin/main acehack/main` (plumbing) — output is more stable
-and immune to user `core.*` config interference. Alternatively
-add `git -c core.quotepath=false diff --no-ext-diff …`
-for predictable byte sequences.
+`git diff-tree -r --name-status -M -C --diff-filter=ACMRT
+origin/main acehack/main` (plumbing; `-M`/`-C` are the
+plumbing flags for rename/copy detection). Output is more
+stable and immune to user `core.*` config interference.
+Alternatively add `git -c core.quotepath=false diff
+--no-ext-diff …` for predictable byte sequences.
+
+**Copy-detection cost (CI bound):** `-C` (find-copies)
+includes an O(n²) fallback that compares each added file to
+each deleted file. Bound with `-l200` (or similar) for CI:
+
+```bash
+# Two-pass tooling pattern (cheap then thorough)
+# Fast pass — A/M/R/T with rename detection only
+git diff-tree -r --name-status -M --diff-filter=ACMRT \
+  origin/main acehack/main
+
+# Slow pass — copy detection bounded, only if first pass
+# leaves suspicious add/delete clusters
+git diff-tree -r --name-status -M -C -l200 \
+  --diff-filter=ACMRT \
+  origin/main acehack/main
+```
+
+For human audit (one-shot), the unbounded full form is fine.
 
 **Inverse of "same path is not same substrate":** different
 path can still be same substrate. R/C status entries (renamed