Skip to content

receipt(host-mutation): ruleset 15256879 / code_quality rule removed (Aaron-auth 2026-04-29) #861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AceHack merged 2 commits into from
Apr 29, 2026
Merged

receipt(host-mutation): ruleset 15256879 / code_quality rule removed (Aaron-auth 2026-04-29) #861

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
23fcfa2
receipt(host-mutation): ruleset 15256879 / code_quality rule removed …
AceHack Apr 29, 2026
8995885
fix(receipt): mark unlanded executable-host-settings xrefs + branch-n…
AceHack Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions memory/MEMORY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

**📌 Fast path: read `CURRENT-aaron.md` and `CURRENT-amara.md` first.** <!-- latest-paired-edit: fork-audit R/C/T diff-filter coverage + plumbing-vs-porcelain note (2026-04-29 round-10 Amara). NOTE: this comment is a single-slot "latest paired edit" marker (not a paired-edit log). Per the round-10 Amara framing the slot semantics are now explicit. -->

- [**Host mutation receipt — ruleset 15256879 code_quality rule removed (Aaron-authorized 2026-04-29)**](feedback_host_mutation_receipt_2026_04_29_ruleset_15256879_code_quality_removed.md) — Receipt for a live host (GitHub) mutation made before executable-host-settings tooling exists. PUT /repos/Lucent-Financial-Group/Zeta/rulesets/15256879 removed `code_quality severity=all` rule (host-side / non-git-declared CodeQL owner injecting `event=dynamic` "Code Quality" runs that bypassed the source-presence gate from PR #857). Made the git-visible advanced workflow `.github/workflows/codeql.yml` the sole CodeQL owner; resolved multi-master conflict that blocked PR #849. Aaron auth: *"if the org-recommended are legacy we can remove, declarative is better."* Per Amara *"Clickops used to restore declarative ownership must become a receipt, or it becomes the next drift"* — this receipt makes the live mutation visible to future executable-host-settings reconciler. NOT precedent for casual ruleset mutations; hook denial during episode was healthy; future apply path is host-reconciler-mediated with WorkClaim + policy + receipt; do NOT broaden `gh api ... rulesets/PUT` permission. Composes with executable-host-settings design packet, Otto-363, task #342 (completed) + #343.
- [**Standing authority — create public test git repos on AceHack + LFG, full admin, hourly billing tracking (Aaron, 2026-04-29)**](feedback_standing_authority_create_test_git_repos_public_only_track_billing_aaron_2026_04_29.md) — *"you have standing authority at any time to create git repos on acehack and lfg to test any features of git they just have to be public cause that's free... full admin... just track the billing every hour"* + clarification *"not noticing and stopping costs until we talk is the barrier, a mistaken accident spend is fine if you are auditing billing and catch the costs that way."* Standing grant: agent creates test repos on either org at any time (no per-creation Aaron sign-off), full admin to exercise any git/GitHub/CI/Actions/branch-protection/ruleset feature, with TWO binding constraints — keep test repos public so standard GitHub-hosted Actions / storage stay on the no-charge tier (private repos consume billed Actions minutes / storage / paid SKUs; the constraint avoids that billing mechanism, not "repo creation itself"; never create private), and hourly billing tracking must cover the new repos (audit-and-catch is the safety mechanism, not pre-perfect cost-zero). Failure mode is **silent spend**, not spend itself: audit-coverage is more load-bearing than spend-zero. Composes with Otto-365 "basically never ask" (test-repo creation IS invariant maintenance), branch-protection-settings-are-agent-call (delegated authority pattern), task #315 (hourly budget cadence — load-bearing safety latch), task #287 (cost visibility), AceHack mirror-not-peer doctrine (mirror constraint applies to AceHack/Zeta specifically; AceHack as ORG can host test repos), Aaron's visibility-constraint rule (test repos are inherently visible + billing surface = both legs hold).
- [**Otto-364 — Search-first for authoritative claims, not training data, not project memory (Aaron, 2026-04-29)**](feedback_otto_364_search_first_authority_not_training_data_not_project_memory_aaron_2026_04_29.md) — *"Training data is historical. Project state is historical. Current upstream docs are the test. Search first. Cite second. Assert third."* Generalises Otto-247 (version-currency) to ALL authoritative claims (tools / standards / APIs / runtimes / libraries / CI services / security policies). When asserting a load-bearing claim about anything upstream, WebSearch first, cite (URL + date searched), then assert. Project-state grep is a cross-check input, NOT a substitute. Demonstration via 4 web-search verifications of Amara's CI-classifier claims (Bun ci/lockfile, GitHub Actions paths-ignore + outputs, mise config) — each search produced a *sharper finding* than training-data recall. Verbatim packet + verifications at `docs/research/2026-04-29-aaron-search-first-authority-not-training-data-not-project-memory.md`. Composes with Otto-247 (version-specific predecessor — NOT superseded), Otto-363 (search results in chat = weather; cited in research doc = substrate), Otto-362 (stale claims must be refreshed — Otto-364 is upstream-vs-recall version), best-practices-evidence-lineage rule.
- [**Otto-363 — Substrate or it didn't happen — no invisible directives (Aaron + Amara, 2026-04-29; refined by 5-AI review)**](feedback_otto_363_substrate_or_it_didnt_happen_no_invisible_directives_aaron_amara_2026_04_29.md) — *"A directive that lives only in a conversation is not a directive. It is weather. Substrate or it didn't happen. But also: indexed, reachable, and reconstructable — or it is not substrate yet. If you cannot point to the substrate, you are not done. You are just currently convinced."* Substrate is committed + reachable + indexed (all three legs). 5-tier channel taxonomy: ephemeral (chat/TaskUpdate/`/tmp`/`/var/tmp` — NEVER call done) / local-parked (named stash, local WIP) / remote-parked (pushed WIP branch, draft PR — *"if it matters enough to come back to, it deserves a git ref"*) / host-durable-not-git-canonical (GitHub Issues, PR comments) / git-native-preserved (committed + reachable-from-long-lived-ref + indexed repo files). 8-mechanism remediation: detector / verbatim-preservation paired with structured extraction / magnitude classifier (small/implementation/doctrine/superseding) / supersession protocol (bidirectional `supersedes:`/`superseded_by:` metadata, top-of-file stale banner OR quarantine to archive — NOT bottom-append; per Otto-362 generalisation) / cold-start proof (six questions including context-loss check) / "done"-vocabulary lock (captured ≠ parked ≠ preserved ≠ canonical ≠ operational, plus preserved-but-disputed) / CLAUDE.md+AGENTS.md bootstrap pointer / vocabulary-enforcement trailer (`Durability:`/`Substrate:`) eventually lintable. Default preservation route when uncertain: `docs/research/` first. Verbatim packets at `docs/research/2026-04-29-amara-substrate-or-it-didnt-happen-mechanisms-against-substrate-loss.md` (original) and `docs/research/2026-04-29-amara-substrate-or-it-didnt-happen-5ai-review-wave-corrections.md` (5-AI review wave + 10 review corrections; numbering matches the structured extraction). Composes with Otto-362 (intra-file supersession), channel-verbatim preservation, no-directives-otto-prose lint, verify-before-deferring/future-self-not-bound/never-be-idle/version-currency (all CLAUDE.md-tier), AND task #321 (git-recovery process — `wip/<topic>-<date>` parking branches are discoverable by name pattern; recovery process treats them as WIP-INTENTIONAL, not lost; complete parking + recovery loop is mechanical not vigilance-based).
Expand Down
107 changes: 107 additions & 0 deletions ...dback_host_mutation_receipt_2026_04_29_ruleset_15256879_code_quality_removed.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
---
name: Host mutation receipt — ruleset 15256879 code_quality rule removed (Aaron-authorized 2026-04-29)
description: Receipt for a live host (GitHub) mutation made before the executable-host-settings tooling exists. PUT /repos/Lucent-Financial-Group/Zeta/rulesets/15256879 removed the `code_quality severity=all` rule that had been injecting `event=dynamic` "Code Quality" CodeQL runs (the host-side / non-git-declared CodeQL owner). This made the git-visible advanced workflow `.github/workflows/codeql.yml` (with the source-presence gate from PR #857) the sole CodeQL owner — resolving the multi-master conflict that blocked PR #849. Per Amara 2026-04-29 ("Clickops used to restore declarative ownership must become a receipt, or it becomes the next drift"), this receipt records the live mutation so that future executable-host-settings tooling can absorb it into the desired-state declaration at `.zeta/hosts/github/lfg-zeta.yaml` (parked on `doctrine/executable-declarative-host-settings-2026-04-29` branch pending Aaron's research-first directive).
type: feedback
---

# Host mutation receipt — ruleset 15256879 / code_quality rule removed

**This is a receipt, not a doctrine memory.** The rule it records: *Clickops used to restore declarative ownership must become a receipt, or it becomes the next drift* (Amara 2026-04-29). The receipt's purpose is to make the live host change visible to future agents and to the future executable-host-settings reconciler.

## What changed

**Operation**: `PUT /repos/Lucent-Financial-Group/Zeta/rulesets/15256879`

**Diff** (rules array):
- BEFORE (6 rules): `deletion`, `non_fast_forward`, `copilot_code_review`, `pull_request`, `required_linear_history`, **`code_quality severity=all`**
- AFTER (5 rules): `deletion`, `non_fast_forward`, `copilot_code_review`, `pull_request`, `required_linear_history`

The `code_quality severity=all` rule was the *only* item removed.

**Ruleset metadata after change**:
- `id: 15256879`
- `name: "Default"`
- `target: branch`
- `source_type: Repository` (NOT inherited from org)
- `source: Lucent-Financial-Group/Zeta`
- `enforcement: active`
- `conditions.ref_name.include: ["~DEFAULT_BRANCH"]`
- `updated_at: 2026-04-29T17:05:06.670-04:00` (= 2026-04-29T21:05:06.670Z UTC)

## Why

### The failure mode

The repo's `code_quality severity=all` rule (a public-preview GitHub Code Quality feature, NOT marked "legacy" in GitHub's product taxonomy — only legacy *relative to Zeta's desired declarative architecture*) was injecting `event=dynamic` runs named `"Code Quality: PR #849"` whose `workflowName: "CodeQL"` matched the repo's advanced-setup workflow but ran with a different shape — without the `path-gate` job and without the per-language source-presence gate that PR #857 added.

For PR #849 (Python tools retiring after the TS port), the live CodeQL extractor on the dynamic run failed with the documented "no source code seen during build" error (exit 32) because no first-party `*.py` files remained. The PR was BLOCKED on `Analyze (python) FAILURE` from this dynamic run, even though the parallel `event=pull_request` run from the advanced workflow showed `Analyze (python) SUCCESS` via the no-source baseline path.

### Multi-master CodeQL

Per Amara 2026-04-29 ("Choose one owner: Default Setup only OR Advanced Setup only. Do not multi-master CodeQL"), the two paths can't peacefully co-own one analysis surface. GitHub aggregates per-language status by check-name across runs and takes the worst, so even when the advanced setup succeeds, a parallel host-side dynamic run failing keeps the PR blocked.

### Aaron's signal

Aaron 2026-04-29: *"if the org-recommended are legacy we can remove, declarative is better."* Aaron's "GitHub legacy = non-declarative" framing — whenever GitHub offers two paths for one capability (declarative + API-driven), prefer declarative; if no declarative path exists, wrap the API. The `code_quality` rule is the API-driven path; `.github/workflows/codeql.yml` is the declarative path with the source-presence gate.

## Authorization chain

1. **Aaron 2026-04-29**: *"if the org-recommended are legacy we can remove, declarative is better"* — explicit signal authorizing removal.
2. **Amara 2026-04-29**: *"Make advanced setup the sole CodeQL owner for Zeta right now. Disable Default Setup / dynamic CodeQL owner"* — design recommendation prior to Aaron's signal.
3. **Standing-authority memory** (`feedback_standing_authority_create_test_git_repos_public_only_track_billing_aaron_2026_04_29.md`) and **branch-protection-is-agent-call** (Aaron 2026-04-23) — delegated authority pattern that this mutation falls under.
Comment thread
AceHack marked this conversation as resolved.

## What this receipt is NOT

- **NOT a doctrine adoption.** Removing the rule is invariant maintenance. The doctrine that should govern future ruleset mutations is the executable-host-settings design — verbatim packet currently parked on branch `doctrine/executable-declarative-host-settings-2026-04-29` (unlanded on main pending Aaron's "research-first" lane; will land at `docs/research/2026-04-29-amara-executable-declarative-host-settings.md` and `memory/feedback_executable_declarative_host_settings_design_packet_research_first_aaron_amara_2026_04_29.md` when the space-survey research lands). **Research-first; NO active adoption yet** per Aaron's *"we should research it first i think the whole space"* signal.
- **NOT a precedent for casual ruleset mutations.** The hook denial during this episode was **healthy**: it required explicit authorization and refused the broad-permission shortcut. Per Amara: future ruleset apply path is host-reconciler-mediated with WorkClaim + policy + receipt, NOT direct `gh api ... rulesets/PUT` from the agent. Do NOT broaden the `Bash:gh api -X PUT repos/.../rulesets/*` permission in `.claude/settings.json`.
- **NOT a permanent erasure of GitHub Code Quality.** GitHub Code Quality is a current public-preview feature — it's "legacy" only relative to Zeta's desired architecture. If the executable-host-settings design later determines the host-side rule should re-enable in a different form (e.g., as a non-blocking advisory check), the desired-state declaration at `.zeta/hosts/github/lfg-zeta.yaml` will say so and the reconciler will converge.

## Future-state record (for the executable-host-settings reconciler)

When `.zeta/hosts/github/lfg-zeta.yaml` lands (per Amara's MVP "PR 1"), the desired-state declaration should include:

```yaml
rulesets:
- id: 15256879
name: Default
target: branch
enforcement: active
include:
- "~DEFAULT_BRANCH" # matches the live ruleset condition; resolves to refs/heads/main on this repo today
rules:
- type: deletion
- type: non_fast_forward
- type: copilot_code_review
parameters:
review_on_push: true
review_draft_pull_requests: true
- type: pull_request
parameters:
required_approving_review_count: 0
dismiss_stale_reviews_on_push: false
required_review_thread_resolution: true
allowed_merge_methods: ["squash"]
- type: required_linear_history
# NOTE: `code_quality` rule intentionally absent — see receipt
# `feedback_host_mutation_receipt_2026_04_29_ruleset_15256879_
# code_quality_removed.md` for the live-mutation history.
# The git-visible `.github/workflows/codeql.yml` is the sole
# CodeQL owner for this repo.
```

When the reconciler runs `hosts:diff` for the first time, this receipt should resolve the would-be `unauthorized_drift` finding (live host has 5 rules; pre-mutation history would expect 6) into `expected_drift` with this receipt as the proof.

## Composes with

- **`feedback_otto_363_substrate_or_it_didnt_happen_no_invisible_directives_aaron_amara_2026_04_29.md`** — substrate-or-it-didn't-happen demands this receipt land as durable substrate so git can remember the change.
- **Executable-host-settings design** (parked on `doctrine/executable-declarative-host-settings-2026-04-29` branch; will land at `memory/feedback_executable_declarative_host_settings_design_packet_research_first_aaron_amara_2026_04_29.md` after the space-survey research) — the design that this receipt is the first concrete artifact for. The reconciler tooling will read this receipt as input once the lane lands.
- **PR #857** (codeql per-language source-presence gate) — the source-presence gate that this mutation makes the sole CodeQL owner.
- **PR #849** (TS hygiene-port) — the PR that surfaced the multi-master conflict and triggered the mutation.
- **Task #342 (completed)** — multi-master CodeQL conflict resolution.
- **Task #343** — drift-debt receipt task this file fulfils.

## Carved blade (Amara, preserved verbatim)

> *Clickops used to restore declarative ownership must become a receipt, or it becomes the next drift.*

> *The host was disagreeing with git. We made git the owner again. Now record the host mutation so git can remember it.*
Loading