Round 33 Track D — static analysis: shellcheck + actionlint + markdownlint + editor config + cspell + vscode#9
Merged
Conversation
Round 32 closed merged (PR #8) with CI fully green on the SQLSharp-proven pattern. Round 33 picks up: **Track A (product):** LawRunner checkBilinear + checkSinkTerminal + config-record refactor. **Track B (security follow-through):** packages.lock.json, verifier SHA-pin, safety-clause diff lint, CodeQL, branch protection trigger. **Track C (factory — round-32 surface):** openspec-gap-finder skill (Aaron's missing-spec ask); declarative-manifest tiering ratchet (scratch-shape, push hard each sprint); determinism rule observed in bash profile overlay landed mid round 32. ## Bash profile — deterministic scripts requirement Aaron: "we prefer deterministic scripts just like our tests, retries and polling are a smell and should be last resort." Landed as a new Requirement in `openspec/specs/repo-automation/profiles/bash.md` before the round-32 merge; reiterated here so round 33 starts with the rule as current state. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…nlint + editor config + cspell + vscode Aaron round 33: "in general this project should prefer as much static analysis as possible, look at ../SQLSharp and ../scratch for that too, they have all sorts of linters even for their markdown and some documents, we should be on par or surpass." ## Three new lint jobs in gate.yml - `lint-shell` — shellcheck at severity=style on tools/setup/ and tools/automation/ (excludes tools/lean4/.lake/ vendored Mathlib scripts). Caught a doctor.sh SC2295 bug; fixed. - `lint-workflows` — actionlint on .github/workflows/*.yml with SHA-pinned downloader (no third-party action). - `lint-markdown` — markdownlint-cli2 v0.18.1 across all *.md outside node_modules/memory/tools/lean4/references. Used `--fix` to auto-fix ~680 findings; remaining 6 real issues fixed (atx-closed false positives around F# get inline disable directives, table pipes escaped in O(|Δ|)). ## `.markdownlint-cli2.jsonc` SQLSharp-shape config. Disables noisy stylistic rules (MD013 line length, MD031 blank-around-code, MD033 inline HTML, MD034 bare URL, MD036 emphasis, MD040 fenced-lang, MD041 first-h1, MD060 table-pipe-style, MD028 blank-in-blockquote). Keeps MD020 enabled for real malformed closed-atx headings; inline disable on the 3 valid `F#` heading sites. MD024 set to siblings_only so ROUND-HISTORY.md's repeating `### Anchor` sub-sections under each `## Round N` don't fire. ## `.editorconfig` expanded Merged SQLSharp's dotnet_style_* + csharp_style_* + Zeta's F#-first conventions. Covers TOML, slnx, sln, props, targets, xml. Roslyn analyzers we already pull in (G-Research + Ionide + Meziantou) now have stronger editorconfig-driven guidance. ## `cspell.json` Project-wide custom dictionary. 50+ Zeta-specific words (persona names, DBSP, Mathlib, openspec, nosemgrep, tool names). IgnorePaths match markdownlint + scratch shape. ## `.vscode/extensions.json` Recommended VS Code extensions: Ionide, C# Dev Kit, EditorConfig, markdownlint, shellcheck, shell-format, yaml, github-actions, cspell, toml, semgrep, alloy. ## Backlog additions - `static-analysis-gap-finder` skill (Aaron round-33 ask) — parallel to openspec-gap-finder + skill-gap-finder; owned by the spec-zealot role wearing multiple gap-finding skills (Aarav pattern). - "Crank all lint configs to HIGH" pass — current shellcheck + markdownlint are mid-stringency; post-33 round should research recommended-strict presets per tool. ## Fallouts markdownlint --fix touched 100+ files fixing list-style, blank-line-around-lists, heading spacing. No content changes, only whitespace + structure. `doctor.sh` SC2295 fix landed the one real shellcheck finding. Local verify: `dotnet build -c Release` 0/0; `dotnet test` 510 passed; shellcheck exit 0; actionlint exit 0; markdownlint-cli2 0 findings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…of inline suppress Cleaner fix per Aaron: the linter is technically right (CommonMark spec eats trailing '#' as optional close marker), so writing 'F#' in a heading is genuine ambiguity. Backticks make F# render as inline code (canonically correct for language names) AND sidestep the ATX-close parse AND drop the inline markdownlint-disable directives. No change to rendered content, cleaner markdown. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…klog items
- `.markdownlint-cli2.jsonc` comment was still describing the
inline-disable-directive approach even after I switched to
backtick-wrapping `F#` in headings. Comment updated to match
reality. Surfaces Aaron's point: documentation-agent has no
cadence for catching drift like this.
- Added SECURITY-BACKLOG entries:
- `documentation-agent` cadence (round 34 P1) — every-10-
rounds walk scope for doc-state + config-comment drift.
- Replace `tools/alloy/AlloyRunner.java` with shell driver
(P2) — possible simplification; the 65-line Java shim
normalizes Alloy counter-example parsing, could be shell
if someone understands Alloy's output format well.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ssion - Remove SECURITY-BACKLOG 'Replace AlloyRunner.java' entry per Aaron: A4Reporter is the real reason Java is needed there. - markdownlint --fix on SECURITY-BACKLOG.md to fix MD022/MD032 blanks-around findings from my prior edit (I handwrote entries without the blank lines the config enforces). CI was right; local missed it until I re-ran with the exact config. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
Apr 19, 2026
.claude/agents/rodney.md — persona anchor for the complexity-reduction seat. Wears the `reducer` capability skill (Rodney's Razor on shipped artifacts, Quantum Rodney's Razor on pending decisions). Name provenance documented: named for the human maintainer's legal first name; load-bearing, not stylistic; do not consolidate or rename without explicit maintainer sign-off. .claude/settings.json — pins the active Claude Code plugin set so the session-bootstrap is reproducible: claude-md-management, skill-creator, pr-review-toolkit, claude-code-setup, explanatory-output-style, plugin-dev, csharp-lsp, github, pyright-lsp, serena, typescript-lsp, agent-sdk-dev, playground, jdtls-lsp, microsoft-docs, sonatype-guide, code-simplifier, commit-commands, feature-dev, ralph-loop, superpowers, code-review, frontend-design, playwright, huggingface-skills, postman, security-guidance. File is version-controlled but declared Claude-Code-only in CLAUDE.md — Agent SDK / Gemini / Copilot CLI / Codex runs ignore it per harness-provenance rule landed in skill-creator (e60ab6e). CodeQL configuration — tuned off GitHub defaults (task #33): - Dropped `java-kotlin` matrix cell (no Java / Kotlin in repo; F#/C# on .NET 10 only) - `csharp` leg switches `build-mode: none` → `manual` with `tools/setup/install.sh` + `dotnet build Zeta.sln`. The default source-only mode is a no-op on F#-first repos via the C# pack — no MSIL, no F# symbolic info. Manual mode produces a real database against compiled IL. - Toolchain install goes through the canonical install script per GOVERNANCE §24 three-way-parity invariant (dev laptops / CI / devcontainers / CodeQL all converge). - Query pack scales with trigger: PR/push → security-extended (high-confidence, fast); scheduled → security-and-quality (broader, slower). - .github/codeql/codeql-config.yml — path filters, query-pack selection, analysis exclusions. Triaged by security-researcher (Mateo) per GOVERNANCE §22; runtime alert ops by security-operations-engineer (Nazar). Satisfies SDL practice #9 for the semantic / taint-flow slice that Semgrep (syntactic) and the F# compiler (type-level) do not cover. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
Apr 19, 2026
Post-merge CI failures on PR #27: - semgrep gha-action-mutable-tag on github/codeql-action@v4 - markdownlint: 181 errors across skill + research + memory files Fixes: - codeql-action init + analyze pinned to 95e58e9 (v4.35.2), matching the CVE-2025-30066-era discipline of SHA-pinning all GitHub Actions. - markdownlint-cli2 --fix auto-repaired ~168 errors (MD004 ul-style, MD022 blanks-around-headings, MD032 blanks-around- lists, MD009 trailing-spaces, MD020 no-missing-space-closed- atx, MD037 spaces-in-emphasis). - Remaining 13 manually fixed: - codeql-expert/SKILL.md: "SDL practice # 9" -> "#9" on one line - time-series-database-expert: "# 1 ops incident" -> "This is the #1 ops incident" - full-text-search-expert table: BM25 formula |d| -> len(d) inside backticks to stop MD056 column-count breakage - leet-code-patterns: [n+1][m+1] -> `[n+1][m+1]` inline code - transaction-manager-expert: dangling "- this hat." reflowed - typescript-expert heading: "diverges from C #" -> "diverges from `C#`" (inline code escapes # from heading interpretation) - vector-database-expert table: pipe chars in distance formulas replaced with prose (norm, card, intersect, union) inside backticks - hooks-and-declarative-rbac research: "- metadata." line-start reflowed to "diff-plus-metadata payload" - liquidfsharp-findings heading: expanded to `LiquidF#` inline - memory/user_anomaly_detection: "- skills..." line-start reflow Style note: `C#`, `F#`, `LiquidF#` are written in backticks when the `#` would otherwise land at start-of-line and trigger MD003/atx_closed. Inline code escapes the `#` without forcing a prose rename — Aaron's explicit preference per feedback memory feedback_csharp_fsharp_backtick_notation.md. Build gate: 0 Warning(s), 0 Error(s). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This was referenced Apr 21, 2026
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…-ferry §B + §F + corrections #2 #7 #9 (#342) Research-grade design doc for the Stage-2 rung of Amara's corrected promotion ladder. Specifies: (a) placement under src/Experimental/CartelLab/ (not src/Core/ — that's Stage 4); (b) MetricVector type with PLV magnitude AND offset split (correction #6); (c) INullModelGenerator interface + Preserves/Avoids table columns; (d) IAttackInjector forward-looking interface (Stage 3); (e) Wilson-interval reporting contract with {successes, trials, lowerBound, upperBound} schema (correction #2 — no more "~95% CI ±5%" handwave); (f) RobustZScoreMode with Hybrid fallback (correction #7 — percentile-rank when MAD < epsilon); (g) explicit artifact-output layout under artifacts/ coordination-risk/ with five files + run-manifest.json (correction #9). 6-stage promotion path (0 doc / 1 ADR / 2.a skeleton / 2.b full null-models + first attack / 3 attack suite / 4 Core/NetworkIntegrity / 5 Aurora-KSK) matches Amara's corrected ladder and Otto-105 cadence. Doc-only change; no code, no tests, no workflow, no BACKLOG tail touch (avoids positional-conflict pattern that cost #334 → #341 re-file this session). This is the 7th of 10 18th-ferry operationalizations: - #1/#10 test-classification (#339) - #2 Wilson-interval design specified (this doc) - #6 PLV phase-offset shipped (#340) - #7 MAD=0 Hybrid mode specified (this doc) - #9 artifact layout specified (this doc) - #4 exclusivity already shipped (#331) - #5 modularity relational already shipped (#324) Remaining: Wilson-interval IMPLEMENTATION (waits on #323 + Stage 2.a), MAD=0 Hybrid IMPLEMENTATION (waits on #333 + Stage 2.a), conductance-sign doc (waits on #331), Stage-2.a skeleton itself. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…ase, audit fail-hard, endpoint lists Drains 14 unresolved review threads on PR #147 (FactoryDemo.Api.CSharp): - Zeta.sln: strip leading blank line so 'Microsoft Visual Studio Solution File' is the first line (threads #2 #3). - SignalQuality.fs: compressionRatio on empty input was 1.0, which composed as Quarantine via severityOfScore — flipped to 0.0 and added explicit empty-input Pass finding in compressionMeasure; also dropped unused System.Runtime.CompilerServices open (threads #4 #5). - live-lock-audit.sh: fail hard (exit 2) when origin/main is not resolvable so a missing-remote CI checkout can't silently report 'No commits found' -> healthy; switched --stat|awk file-list extraction to git diff-tree --name-only plumbing form (threads #1 #6). - ServiceTitanFactoryApi README + Seed.fs: remove dead memory/ and docs/plans/ links; replace Aaron's-name reference with 'human maintainer' role wording; drop non-existent sibling SQL-seed refs (threads #7 #8 #9). - FactoryDemo.Api.CSharp README + Program.cs + Seed.cs: fix dead refs to samples/FactoryDemo.Api.FSharp/ and samples/FactoryDemo.Db/ to point at the real F# sibling samples/ServiceTitanFactoryApi/ and to a BACKLOG row for the Postgres-backed follow-up (threads #11 #14). - Program.cs + Program.fs: root endpoint index now advertises all 9 routes including the parameterised {id} routes, matching the README tables (threads #12 #13). - Thread #10 (project naming 'ServiceTitanFactoryApi.CSharp' in PR description): resolved in-thread — code/namespace already consistent (Zeta.Samples.FactoryDemo.Api); fix is PR-description- only, not code. Build: dotnet build -c Release -> 0 Warning(s) 0 Error(s).
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…ase, audit fail-hard, endpoint lists Drains 14 unresolved review threads on PR #147 (FactoryDemo.Api.CSharp): - Zeta.sln: strip leading blank line so 'Microsoft Visual Studio Solution File' is the first line (threads #2 #3). - SignalQuality.fs: compressionRatio on empty input was 1.0, which composed as Quarantine via severityOfScore — flipped to 0.0 and added explicit empty-input Pass finding in compressionMeasure; also dropped unused System.Runtime.CompilerServices open (threads #4 #5). - live-lock-audit.sh: fail hard (exit 2) when origin/main is not resolvable so a missing-remote CI checkout can't silently report 'No commits found' -> healthy; switched --stat|awk file-list extraction to git diff-tree --name-only plumbing form (threads #1 #6). - ServiceTitanFactoryApi README + Seed.fs: remove dead memory/ and docs/plans/ links; replace Aaron's-name reference with 'human maintainer' role wording; drop non-existent sibling SQL-seed refs (threads #7 #8 #9). - FactoryDemo.Api.CSharp README + Program.cs + Seed.cs: fix dead refs to samples/FactoryDemo.Api.FSharp/ and samples/FactoryDemo.Db/ to point at the real F# sibling samples/ServiceTitanFactoryApi/ and to a BACKLOG row for the Postgres-backed follow-up (threads #11 #14). - Program.cs + Program.fs: root endpoint index now advertises all 9 routes including the parameterised {id} routes, matching the README tables (threads #12 #13). - Thread #10 (project naming 'ServiceTitanFactoryApi.CSharp' in PR description): resolved in-thread — code/namespace already consistent (Zeta.Samples.FactoryDemo.Api); fix is PR-description- only, not code. Build: dotnet build -c Release -> 0 Warning(s) 0 Error(s).
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…ase, audit fail-hard, endpoint lists Drains 14 unresolved review threads on PR #147 (FactoryDemo.Api.CSharp): - Zeta.sln: strip leading blank line so 'Microsoft Visual Studio Solution File' is the first line (threads #2 #3). - SignalQuality.fs: compressionRatio on empty input was 1.0, which composed as Quarantine via severityOfScore — flipped to 0.0 and added explicit empty-input Pass finding in compressionMeasure; also dropped unused System.Runtime.CompilerServices open (threads #4 #5). - live-lock-audit.sh: fail hard (exit 2) when origin/main is not resolvable so a missing-remote CI checkout can't silently report 'No commits found' -> healthy; switched --stat|awk file-list extraction to git diff-tree --name-only plumbing form (threads #1 #6). - ServiceTitanFactoryApi README + Seed.fs: remove dead memory/ and docs/plans/ links; replace Aaron's-name reference with 'human maintainer' role wording; drop non-existent sibling SQL-seed refs (threads #7 #8 #9). - FactoryDemo.Api.CSharp README + Program.cs + Seed.cs: fix dead refs to samples/FactoryDemo.Api.FSharp/ and samples/FactoryDemo.Db/ to point at the real F# sibling samples/ServiceTitanFactoryApi/ and to a BACKLOG row for the Postgres-backed follow-up (threads #11 #14). - Program.cs + Program.fs: root endpoint index now advertises all 9 routes including the parameterised {id} routes, matching the README tables (threads #12 #13). - Thread #10 (project naming 'ServiceTitanFactoryApi.CSharp' in PR description): resolved in-thread — code/namespace already consistent (Zeta.Samples.FactoryDemo.Api); fix is PR-description- only, not code. Build: dotnet build -c Release -> 0 Warning(s) 0 Error(s).
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…sibling (#147) * Live-lock audit history: inaugural lesson integrated — prevention discipline for next time Aaron 2026-04-23: > if you want to beat ARC3 and do better than humans at uptime and > other DORA metrics then your live-lock smell and the decisions you > make to prevent live locks in the future based on pass lessons, the > ability to integrate previous lessions and not forget is ging to be > key. Lesson-permanence is the factory's competitive differentiator. Detection (audit script) is table stakes. Integration — recording the lesson, consulting it forward, preventing re-occurrence — is the product. ## What lands - New "Lessons integrated" section in `docs/hygiene-history/live-lock-audit-history.md` - Inaugural lesson from tonight's smell-firing event, structured as signature / mechanism / prevention with 4 concrete prevention decisions: 1. External-priority stack is authoritative; agent reorders only internal priorities 2. Live-lock audit at round-close is a gate-not-a-report 3. Speculative-work permit requires external-ratio check first 4. Tick-history rows are explicitly NOT external work; pair INTL with EXT when the smell is near firing - Open carry-forward named: round-close-ladder wiring is a P1 follow-up (BACKLOG row already filed earlier this session) ## Discipline Every future smell firing files a lesson to this same section. `memory/feedback_lesson_permanence_is_how_we_beat_arc3_and_dora_2026_04_23.md` captures the full rule: detection is not enough, integration is the product, lessons are consulted BEFORE taking actions that match known failure-mode signatures, memory persists across sessions. The pattern extends beyond live-lock: other detection mechanisms (SignalQuality firing, Amara-oracle rejecting, drift-tick exceeding threshold, OpenSpec Viktor failing rebuild-from-spec) should file lessons to their respective hygiene-history files. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * samples: ServiceTitan factory-demo JSON API (v0, in-memory, stack-independent) Minimal F# ASP.NET Core Web API serving CRM seed data as JSON. Any frontend choice (Blazor / React / Vue / curl) consumes the same endpoints. Ships now so the backend is not on the critical path when Aaron picks the frontend stack. ## What lands - `samples/ServiceTitanFactoryApi/ServiceTitanFactoryApi.fsproj` using `Microsoft.NET.Sdk.Web`; only explicit package ref is `FSharp.Core` (ASP.NET Core comes via framework reference, no Directory.Packages.props edit needed) - `Seed.fs` — in-memory seed mirroring `ServiceTitanFactoryDemo/seed-data.sql`: 20 customers, 30 opportunities (5 stages), 33 activities, 2 intentional email collisions. Deterministic fixed clock at 2026-04-23 00:00 UTC. - `Program.fs` — minimal F# API with 9 endpoints: customers (list/detail), opportunities (list/detail), activities (list/per-customer), pipeline funnel (count + total-cents per stage), duplicates (customers sharing an email). - `README.md` — framing (software-factory demo, not database pitch), endpoint table, design notes, v1 roadmap. ## Smoke-test output (verified) ``` GET /api/pipeline/funnel [{"count":10,"stage":"Lead","totalCents":5400000}, {"count":6, "stage":"Qualified","totalCents":4220000}, {"count":6, "stage":"Proposal","totalCents":5720000}, {"count":6, "stage":"Won","totalCents":2670000}, {"count":2, "stage":"Lost","totalCents":490000}] GET /api/pipeline/duplicates [{"customerIds":[1,13],"email":"alice@acme.example"}, {"customerIds":[5,19],"email":"bob@trades.example"}] ``` Build: 0 Warning(s), 0 Error(s). `dotnet run` starts the API; curl confirms all endpoints respond correctly. ## Discipline signal This is the third EXT commit of the session (CRM demo sample #141, CRM scenario tests in #143, now this API). The live-lock audit's inaugural lesson explicitly prescribed shipping external-priority increments when the smell fires. Three landed this session, all on priority #1 (ServiceTitan + UI) — the factory is correctly response-pattern even before any of tonight's PRs merge to main. ## What this does NOT do - Does NOT wire Postgres — in-memory only for v0; Npgsql wiring is a follow-up PR once Aaron confirms the DB driver - Does NOT expose Zeta / DBSP / retraction-native language to the frontend — standard CRUD shape per the ServiceTitan positioning directive - Does NOT implement writes — v0 is read-only; POST/PUT/DELETE is a follow-up - Does NOT add auth — no authentication for v0 - Does NOT ship docker-compose — future PR bundles this API with Postgres in one command Composes with: - `samples/ServiceTitanFactoryDemo/` (SQL schema + seed) — sibling, same shapes; v1 wires this API to that schema - `docs/plans/servicetitan-crm-ui-scope.md` — build sequence step 1 (API skeleton) complete; step 2 (DB wiring) is next - `memory/feedback_servicetitan_demo_sells_software_factory_not_zeta_database_2026_04_23.md` - `memory/feedback_lesson_permanence_is_how_we_beat_arc3_and_dora_2026_04_23.md` Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * samples: ServiceTitan factory-demo C# companion API — parity with F# sibling ServiceTitan uses C# for most of their backend with zero F#. Shipping a C# companion to the F# API (#146) so ST engineers evaluating the factory see code in the language they already read fluently. F# stays the reference — it's closer to math, theorems are easier to express — but factory output matches audience stack. ## What lands - `ServiceTitanFactoryApi.CSharp.csproj` — `Microsoft.NET.Sdk.Web`, nullable + implicit usings enabled, TreatWarningsAsErrors - `Customer.cs`, `Opportunity.cs`, `Activity.cs` — records, one per file (MA0048) - `Seed.cs` — deterministic in-memory seed, identical to F# Seed.fs: 20 customers, 30 opportunities, 33 activities, 2 intentional email collisions - `Program.cs` — 9 minimal-API endpoints, identical routes + JSON shapes to the F# sibling - `README.md` — parity guarantee, design notes, C# specifics ## Smoke-test parity (verified) ``` GET /api/pipeline/funnel [{"stage":"Lead","count":10,"totalCents":5400000}, ...5 stages] GET /api/pipeline/duplicates [{"email":"alice@acme.example","customerIds":[1,13]}, {"email":"bob@trades.example","customerIds":[5,19]}] GET /api/customers -> 20 customers ``` Same seed, same shapes, same numbers as the F# version (#146). Frontends switch between them without code changes. ## Analyzer discipline passes Build: 0 Warning(s), 0 Error(s) with the full SonarAnalyzer.CSharp + Meziantou.Analyzer + Microsoft .NET Analyzers pack active. The C# companion respects every rule the F# version's discipline already encodes implicitly — StringComparer.Ordinal for GroupBy, static-readonly for endpoint list, record-per-file, no-var-discarded. ## Discipline signal Fourth EXT commit of the session (CRM demo #141, CRM scenario tests #143, F# API #146, now this C# API). All on Aaron's priority #1. The live-lock audit's inaugural lesson prescribed "ship external- priority increments when smell fires" — four landed in one session. ## Factory-pitch moment This pair (F# + C# from the same spec, identical behaviour) is a concrete factory-capability signal. The software factory produces code in your stack, to your analyzer discipline, with parity across languages. The pitch isn't "pick our language"; it's "your language, enforced by our quality floor." ## What this does NOT do - Does NOT rewrite or deprecate the F# sibling — both live - Does NOT wire Postgres — same v0 scope - Does NOT leak Zeta / DBSP / retraction-native concepts to the ST-facing surface - Does NOT claim the C# version is the primary — F# is reference Composes with: - `samples/ServiceTitanFactoryApi/` (F# sibling) - `memory/project_zeta_f_sharp_reference_c_sharp_and_rust_future_servicetitan_uses_csharp_2026_04_23.md` - `memory/feedback_servicetitan_demo_sells_software_factory_not_zeta_database_2026_04_23.md` Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * rename: generic FactoryDemo.Api.CSharp (was ServiceTitanFactoryApi.CSharp) Aaron 2026-04-23 directive: > lets try to reduce the number of class and thing we call servce titan > or this will be confusing in a Zeta repo. ... this is not a service > titan repo, it's an open source repo. Plus, 2026-04-23 follow-up on language priority: > c# is a more popular language than f# so it makes sense to start > with a factory c# demo anyways ## What renames - `samples/ServiceTitanFactoryApi.CSharp/` → `samples/FactoryDemo.Api.CSharp/` - Project name + csproj filename same rename - `RootNamespace` `Zeta.Samples.ServiceTitanFactoryApi` → `Zeta.Samples.FactoryDemo.Api` - `namespace` declarations in .cs files match - Zeta.sln project entry updated - README rewritten to generic framing (C# is the popular .NET language; demo starts there; F# stays reference) - Root endpoint name field `"ServiceTitan factory-demo API (C#)"` → `"Factory-demo API (C#)"` - All doc cross-references updated to new path names Build: 0 Warning(s), 0 Error(s) with the full SonarAnalyzer + Meziantou + Microsoft .NET Analyzers pack. Behaviour unchanged — same 9 endpoints, same JSON shapes, same seed. Memory rule: `memory/feedback_open_source_repo_demos_stay_generic_not_company_specific_2026_04_23.md` captures the positioning directive in durable form so future agents don't re-introduce company-specific names. Sibling renames land in separate PRs / branches: - F# API sibling (currently PR #146 / ServiceTitanFactoryApi) - DB scaffold (PR #145 / ServiceTitanFactoryDemo) - CRM kernel sample (PR #141 / ServiceTitanCrm) - CRM-UI scope doc (PR #144 / docs/plans/servicetitan-crm-ui-scope.md) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * FactoryDemo.Api.CSharp: smoke-test.sh — end-to-end endpoint + contract verification I chose to land this because the JSON-shape parity claim we make in the README ("byte-identical shapes between F# and C# versions") needs a machine-verifiable check. A smoke test on the C# side is the first half; the F# sibling gets the same pattern in a follow-up. Starts the API on a random port, waits up to 10s for readiness, then runs 19 checks against all 9 endpoints: - Root metadata: name, version, endpoints length - Collection lengths: customers (20), opportunities (30), activities (33) - Single-item lookup: customer #1 name, opportunity #1 stage - Per-customer activities: customer #1 has 4 - Pipeline funnel counts per stage: Lead 10, Qualified 6, Won 6, Lost 2 - Pipeline funnel totals in cents: Lead $54k, Won $26.7k - Duplicates: 2 pairs, (1,13) share alice@acme, (5,19) share bob@trades - 404 behaviour: missing customer returns 404 Shuts the API down cleanly on exit via trap + kill. ``` $ bash samples/FactoryDemo.Api.CSharp/smoke-test.sh Building API... Starting API on http://localhost:5235... Factory-demo C# API smoke test ============================== OK root.name contains 'Factory-demo' (true) OK root.version (0.0.1) OK root.endpoints length (5) OK /api/customers length (20) ... OK missing customer HTTP status (404) All checks passed. ``` dotnet, curl, jq — all standard dev tools. The demo does not ask for anything exotic. Matches the FactoryDemo.Db smoke-test.sh pattern on the sibling branch. - Random high port (5100-5499) instead of fixed — reduces collision with other dev services. - `curl -sf` for normal checks, `curl -o /dev/null -w "%{http_code}"` for the 404 case — the two paths have different error semantics so I use different tools for each. - Shape-level assertions against numeric counts rather than raw JSON diff — makes the test tolerant of property-ordering differences between serializers. The parity claim is about *shape*, not byte- identity, so this matches intent. - Trap + kill on EXIT — guarantees the API stops even on test failure or ctrl-C. No leaked background processes. - Does NOT test the F# sibling. Same-pattern smoke-test for FactoryDemo.Api.FSharp lands in its branch (or a follow-up PR on that branch). - Does NOT diff F# vs C# outputs directly. A cross-language parity-diff test composes better as a separate tool once both APIs have merged. - Does NOT wire to Postgres. In-memory seed only; docker-compose + DB wiring is a separate PR. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * samples+audit: PR #147 review-drain — sln BOM, signal-quality empty-case, audit fail-hard, endpoint lists Drains 14 unresolved review threads on PR #147 (FactoryDemo.Api.CSharp): - Zeta.sln: strip leading blank line so 'Microsoft Visual Studio Solution File' is the first line (threads #2 #3). - SignalQuality.fs: compressionRatio on empty input was 1.0, which composed as Quarantine via severityOfScore — flipped to 0.0 and added explicit empty-input Pass finding in compressionMeasure; also dropped unused System.Runtime.CompilerServices open (threads #4 #5). - live-lock-audit.sh: fail hard (exit 2) when origin/main is not resolvable so a missing-remote CI checkout can't silently report 'No commits found' -> healthy; switched --stat|awk file-list extraction to git diff-tree --name-only plumbing form (threads #1 #6). - ServiceTitanFactoryApi README + Seed.fs: remove dead memory/ and docs/plans/ links; replace Aaron's-name reference with 'human maintainer' role wording; drop non-existent sibling SQL-seed refs (threads #7 #8 #9). - FactoryDemo.Api.CSharp README + Program.cs + Seed.cs: fix dead refs to samples/FactoryDemo.Api.FSharp/ and samples/FactoryDemo.Db/ to point at the real F# sibling samples/ServiceTitanFactoryApi/ and to a BACKLOG row for the Postgres-backed follow-up (threads #11 #14). - Program.cs + Program.fs: root endpoint index now advertises all 9 routes including the parameterised {id} routes, matching the README tables (threads #12 #13). - Thread #10 (project naming 'ServiceTitanFactoryApi.CSharp' in PR description): resolved in-thread — code/namespace already consistent (Zeta.Samples.FactoryDemo.Api); fix is PR-description- only, not code. Build: dotnet build -c Release -> 0 Warning(s) 0 Error(s). * drain PR #147: post-rebase thread fixes — test-empty-ratio + smoke-endpoint-count - tests/Tests.FSharp/Algebra/SignalQuality.Tests.fs: test asserted 1.0 for compressionRatio on empty input, but the fix in 16ad746 changed the convention to 0.0 (neutral = clean, not maximally suspicious). Updated the test expectation + name + comment to match the current code. - samples/FactoryDemo.Api.CSharp/smoke-test.sh: root.endpoints length expectation was 5; Program.cs now advertises 8 routes in the index (post 16ad746 expansion). Corrected the smoke-test assertion. Rebased onto origin/main (which advanced via #146 FactoryDemo.Api.FSharp merge); Zeta.sln conflicts resolved by keeping both FactoryDemo.Api.FSharp and the ServiceTitanCrm/samples solution-folder additions. Build gate: 0 Warning(s) / 0 Error(s) in Release. * PR #147 review-drain — Copilot pass on b4f5a49 Addresses five unresolved review threads: - drop/README.md: sweep name attribution to "the human maintainer" role-ref (BP-name-attribution). - samples/FactoryDemo.Api.CSharp/Program.cs: fix endpoint comment "9 concrete endpoints" → "8 API endpoints besides `/`" (array has 8; root excluded). - samples/FactoryDemo.Api.CSharp/smoke-test.sh: per-run log via mktemp (collision-safe + non-/tmp-host-safe); print path on failure + success. - samples/ServiceTitanFactoryApi/: delete stale F# sibling dir (PR #146 already landed FactoryDemo.Api.FSharp on main with identical code); drop duplicate sln Project block + config duplicates; fix CSharp refs to point at the surviving FactoryDemo.Api.FSharp/. Fifth thread (SignalQuality scope-creep) is judgment — branch history is deep; splitting now adds more churn than value. Replying with backlog-and-resolve per three-outcome. * PR #147 review-drain — 7 threads (Copilot + Codex) Threads drained: - btw.md: name attribution -> "human maintainer" / "the maintainer" (Copilot P1, AGENT-BEST-PRACTICES.md:284-292) - live-lock-audit.sh: add --root to git diff-tree so root commit classifies correctly (Copilot P2) - FactoryDemo.Api.CSharp Program.cs: add "/" to endpoints list for F# parity; bump smoke-test length 8->9 (Copilot P1 + Codex P2, same fix) - FactoryDemo.Api.CSharp smoke-test.sh: reword mktemp comment to describe system temp dir accurately (Copilot P2) - ServiceTitanCrm -> FactoryDemo.Crm: rename dir, fsproj, module namespace, RootNamespace, sln entry, test doc-comment; drop stale ServiceTitanFactoryApi bin+obj (Copilot P1, memory/feedback_open_source_repo_demos_stay_generic_not_company_specific_2026_04_23.md:59-66) - SignalQuality.fs: compressionRatio + compressionMeasure short-circuit to 0.0 (Pass) below 64-byte threshold to avoid gzip-header-dominates Quarantine of legitimate short strings (Codex P1) Drain log: docs/pr-preservation/147-drain-log.md preserves each thread verbatim (git-native high-signal preservation). dotnet build -c Release: 0 Warning(s), 0 Error(s). * PR #147 review-drain second pass — 4 fix-inline + 3 scope-bleed - Seed.cs + Seed.fs: rename contact 13 'Aaron Smith' -> 'Acme Contact (new lead)' (Copilot P2 name-attribution, parity preserved across C# / F# siblings). - drop/README.md: correct 'only tracked file' wording to reflect the README.md + .gitignore two-sentinel design (Copilot P2). - tools/audit/live-lock-audit.sh: docstring attribution 'Aaron's ...' -> 'Human-maintainer ...' (Copilot P1); add '-m' plus 'sort -u' to 'git diff-tree' so merge commits bucket on their real files instead of mis-classifying as OTHR (Codex P1 — was skewing EXT/INTL/SPEC % and could disable the live-lock gate after a round of merges). - docs/pr-preservation/147-drain-log.md: append second-pass per-thread audit trail (git-native preservation). Three threads resolved as scope-bleed / already-addressed: operator- input-quality-log.md (file not in PR diff, landed via 204bbb6 on main), AUTONOMOUS-LOOP.md (file not in PR diff, zero Aaron on HEAD), Tests.FSharp.fsproj (both SignalQuality + CrmScenarios already listed at lines 26 and 49). Build: 0W/0E. Audit sanity: live-lock-audit.sh still healthy with merges now bucketed correctly. * fix: markdownlint MD001/MD022/MD032 on #147 drain-log (h3→h2 on Thread headers) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * drain: resolve 11 threads on #147 (mix FIX + BACKLOG + Otto-256 reject) Thread-by-thread outcomes across the 11 unresolved review threads on PR #147 (5 FIX, 2 BACKLOG, 2 Otto-256 REJECT, 2 already-addressed/stale): FIXES (code): - live-lock-audit.sh: replace `git show --stat` with explicit `git log -1 -m --first-parent --name-only` so merge commits classify against parent-1 only (the landing side). The prior `git show` form risked combined-diff semantics in some git versions; the explicit form is first-parent by construction (Codex P1). - SignalQuality.fs: restore `compressionMinInputBytes = 64` threshold (dropped by the f1dc2bb merge-conflict resolution) and mark it `private` so it is not part of the public API surface (Copilot). Short-circuits `compressionRatio` + `compressionMeasure` to 0.0 for sub-threshold inputs, avoiding spurious Quarantine on short legitimate strings. Evidence reports UTF-8 byte count (consistent with the threshold's units) instead of `text.Length` chars (Copilot). Adjusted the empty-string test to assert the new 0.0 neutral value. - smoke-test.sh: replace non-portable `mktemp -t <template>` with a pre-constructed absolute-path template rooted at `${TMPDIR:-/tmp}` where XXXXXX is the tail (BSD/macOS requires tail-XXXXXX; GNU accepts either). `.log` extension is appended via `mv` after creation so the single invocation is cross-platform (Copilot x2 — threads 4 + 10). - CrmScenarios.Tests.fs: update doc-comment `samples/FactoryDemo.Crm` -> `samples/CrmSample` to match the canonical sample path on main (Copilot). BACKLOG (deferred P2): - Smoke-test deterministic port allocation (Codex P2) — replace RANDOM-in-range with OS-assigned ephemeral port via `--urls http://127.0.0.1:0` and log-line parse. - FactoryDemo.Api.CSharp solution project-type GUID hygiene (Copilot) — align with modern SDK-style GUID used by other C# projects. OTTO-256 REJECT (history-file exemption): - docs/pr-preservation/147-drain-log.md (Copilot) and docs/hygiene-history/live-lock-audit-history.md (Copilot): both requested stripping first-name "Aaron" attributions. Declined per Otto-256 (2026-04-24) — history files exempt from the "no name attribution" rule; a P2 BACKLOG row already exists (`## P2 — FACTORY-HYGIENE — name-attribution policy clarification (history-file exemption)`) to codify this in AGENT-BEST-PRACTICES.md. ALREADY-ADDRESSED (stale reviewer context): - drop/README.md heading (Copilot): Copilot flagged "one tracked sentinel" but the current heading reads "two tracked sentinels" (fixed in a prior drain). Resolving as addressed. Build: `dotnet build -c Release` -> 0 Warning(s), 0 Error(s). Tests: `dotnet test --filter "FullyQualifiedName~SignalQuality"` -> 22/22 pass. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…Corrections
Two-part ferry from Aaron Otto-157/158 tick boundary:
Part 1 — Deep research on Cartel-Lab calibration + CI hardening
(~4000 words; 8 sections A-H + action items + Mermaid diagrams):
- Null-models table (6 types: Erdős-Rényi, configuration,
stake-shuffle, temporal-shuffle, clustered-honest, noise)
- CoordinationRiskScore formula with 6 robust-z terms +
default weights α=β=0.20, γ=ε=0.15, δ=0.20, η=0.10
- 8-row adversarial scenario table (obvious clique → stealth
→ synchronized voting → honest cluster → low-weight →
camouflage → rotating → cross-coalition)
- 4-PR roadmap: seed-lock/CI governance → calibration harness
→ adversarial scenarios → docs/promotion criteria
- KSK/Aurora integration: advisory-only flow
(Detection → Oracle → KSK → Action)
- "What not to claim" caveats (6 items: no proof of intent,
not all collusion detectable, not production-ready, etc.)
Part 2 — Amara's own GPT-5.5 Thinking correction pass on Part 1
(~1500 words; 10 required corrections; repo-safe status
statement; corrected promotion ladder + PR roadmap titles):
- #1: replace "CI confirms" with "PR #323 clears toy
falsifiability bar"
- #2: Wilson intervals replace handwave ±5% CI (90/100 →
LB only 82.6%; 20/100 FPR → UB 28.9%)
- #3: rename "Cartel Score" → "CoordinationRiskScore" locked
- #4: conductance sign flip — use Z(-conductance) or
Z(exclusivity), not Z(+conductance)
- #5: modularity relational — use Q(attacked)-Q(baseline)>θ
not absolute Q thresholds
- #6: PLV phase-offset — PLV=1 can mean anti-phase; need
magnitude AND mean phase offset
- #7: MAD=0 fallback — epsilon floor or percentile-rank
- #8: replace Medium-article source with scikit-learn
precision-recall docs
- #9: explicit artifact output layout
(calibration-summary.json, seed-results.csv, etc.)
- #10: sharder — measure variance before widening threshold
Corrected promotion ladder (0-6 stages):
0 Theory / 1 Toy detector / 2 Calibration harness /
3 Scenario suite / 4 Advisory engine / 5 Governance integration /
6 Enforcement candidate
PR #323 is Stage 1, NOT Stage 4.
Otto's operationalization notes:
- 4/10 corrections already aligned with shipped substrate:
#4 exclusivity (PR #331), #5 modularity relational
(PR #324), #7 MAD floor (PR #333), #10 sharder Otto-132
(BACKLOG #327).
- 6/10 queued as future graduations: Wilson CIs in tests;
MAD=0 percentile-rank fallback; conductance-sign doc;
PLV phase-offset extension; CI test classification;
artifact-output layout.
Invariant restated (Amara 16th-ferry carry-over):
"Every abstraction must map to a repo surface, a test,
a metric, or a governance rule."
Cross-ref verified: PRs #321 #323 #324 #326 #327 #331 #332
#333, docs/definitions/KSK.md (Otto-157 / #336), 17th ferry
(#330), 16th ferry, 15th ferry, Otto-140..145 memory.
GOVERNANCE §33 four-field header (Scope / Attribution /
Operational status / Non-fusion disclaimer).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
Apr 24, 2026
…ns (10 tracked; 4 already shipped, 6 queued) (#337) * ferry: Amara 18th absorb — Calibration + CI Hardening + 5.5-Thinking Corrections Two-part ferry from Aaron Otto-157/158 tick boundary: Part 1 — Deep research on Cartel-Lab calibration + CI hardening (~4000 words; 8 sections A-H + action items + Mermaid diagrams): - Null-models table (6 types: Erdős-Rényi, configuration, stake-shuffle, temporal-shuffle, clustered-honest, noise) - CoordinationRiskScore formula with 6 robust-z terms + default weights α=β=0.20, γ=ε=0.15, δ=0.20, η=0.10 - 8-row adversarial scenario table (obvious clique → stealth → synchronized voting → honest cluster → low-weight → camouflage → rotating → cross-coalition) - 4-PR roadmap: seed-lock/CI governance → calibration harness → adversarial scenarios → docs/promotion criteria - KSK/Aurora integration: advisory-only flow (Detection → Oracle → KSK → Action) - "What not to claim" caveats (6 items: no proof of intent, not all collusion detectable, not production-ready, etc.) Part 2 — Amara's own GPT-5.5 Thinking correction pass on Part 1 (~1500 words; 10 required corrections; repo-safe status statement; corrected promotion ladder + PR roadmap titles): - #1: replace "CI confirms" with "PR #323 clears toy falsifiability bar" - #2: Wilson intervals replace handwave ±5% CI (90/100 → LB only 82.6%; 20/100 FPR → UB 28.9%) - #3: rename "Cartel Score" → "CoordinationRiskScore" locked - #4: conductance sign flip — use Z(-conductance) or Z(exclusivity), not Z(+conductance) - #5: modularity relational — use Q(attacked)-Q(baseline)>θ not absolute Q thresholds - #6: PLV phase-offset — PLV=1 can mean anti-phase; need magnitude AND mean phase offset - #7: MAD=0 fallback — epsilon floor or percentile-rank - #8: replace Medium-article source with scikit-learn precision-recall docs - #9: explicit artifact output layout (calibration-summary.json, seed-results.csv, etc.) - #10: sharder — measure variance before widening threshold Corrected promotion ladder (0-6 stages): 0 Theory / 1 Toy detector / 2 Calibration harness / 3 Scenario suite / 4 Advisory engine / 5 Governance integration / 6 Enforcement candidate PR #323 is Stage 1, NOT Stage 4. Otto's operationalization notes: - 4/10 corrections already aligned with shipped substrate: #4 exclusivity (PR #331), #5 modularity relational (PR #324), #7 MAD floor (PR #333), #10 sharder Otto-132 (BACKLOG #327). - 6/10 queued as future graduations: Wilson CIs in tests; MAD=0 percentile-rank fallback; conductance-sign doc; PLV phase-offset extension; CI test classification; artifact-output layout. Invariant restated (Amara 16th-ferry carry-over): "Every abstraction must map to a repo surface, a test, a metric, or a governance rule." Cross-ref verified: PRs #321 #323 #324 #326 #327 #331 #332 #333, docs/definitions/KSK.md (Otto-157 / #336), 17th ferry (#330), 16th ferry, 15th ferry, Otto-140..145 memory. GOVERNANCE §33 four-field header (Scope / Attribution / Operational status / Non-fusion disclaimer). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * ferry: fix markdownlint MD018 — line-start #221 parsed as H1 heading * ferry: drain PR #337 review threads — 4 FIX, 2 NARROW+BACKLOG, 8 BACKLOG+RESOLVE Factory-authored sections of the 18th-ferry absorb (header, Otto's notes, Cross-references) edited under name-attribution + code-comments-not-history disciplines; Amara's verbatim Part 1 + Part 2 body left intact per verbatim-preserve. In-doc edits: - Soften "verified against actual" wording on the CLAUDE.md cross-reference bullet to anchor-list rechecked-at-drain-time framing. - Use full `tests/Tests.FSharp/Simulation/` path in the Stage-discipline section (was bare `tests/Simulation/`). - Replace dead "GOVERNANCE §33" cite with factory-convention + CLAUDE.md ground-rule pointer (numbered §33 not yet landed; rule is captured by convention across docs/aurora/** absorbs). - Drop broken `feedback_ksk_naming_*.md` filename and soften 15th/16th ferry cross-refs to "not present as a dedicated absorb in this snapshot." Drain-log: docs/pr-preservation/337-drain-log.md per Otto-250. --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Aaron: "this project should prefer as much static analysis as possible, look at ../SQLSharp and ../scratch … we should be on par or surpass."
.markdownlint-cli2.jsoncSQLSharp-shape config (MD020 stays enabled;F#in headings wrapped in backticks to render as inline code — unambiguous)..editorconfigexpanded with SQLSharp's dotnet + C# style rules.cspell.jsonwith 50+ Zeta-specific words + ignorePaths..vscode/extensions.jsonwith recommended editor extensions.markdownlint --fixauto-fixed ~680 findings across 100+ files (whitespace + list-style + heading-spacing only; no content changes).static-analysis-gap-finderskill (P1 round 34); crank-lint-to-HIGH pass (P1 round 34).Local: build 0/0, 510 tests pass, shellcheck exit 0, actionlint exit 0, markdownlint 0 findings.
🤖 Generated with Claude Code