From 009dd94f226dcff2c8257680f904e909d5a75a7a Mon Sep 17 00:00:00 2001 From: pqhuy1987 Date: Wed, 3 Jun 2026 00:05:39 +0700 Subject: [PATCH] =?UTF-8?q?[CLAUDE]=20Docs:=20S48=20adap-*=20verify=20clos?= =?UTF-8?q?ure=20post-restart=20+=20Gov-v2=20error-ledger=20+=20=C2=A7L.b?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - store_memory strip VERIFIED-runtime (registry 0/8 subs) — adap-report updated - frontend-designer FD2 loop VERIFIED-RAN (first spawn) — adap-report updated - Gov-v2 delta CLOSED: NEW docs/governance/error-ledger.md (blameless RCA + Active-Guards index + AS-1..AS-9 deterministic-detect + 3-ledger triad) + session-end.md Phase 1.5 §L.b 6-step - STATUS/HANDOFF S48 + session log + frontend-designer MEMORY flush (FD2 rig + Tailwind-v4 fact) Co-Authored-By: Claude Opus 4.8 (1M context) --- .../agent-memory/frontend-designer/MEMORY.md | 28 ++++-- .claude/commands/session-end.md | 14 +++ docs/HANDOFF.md | 21 ++++- docs/STATUS.md | 15 +++- ...-06-02-S48-adap-verify-fd2-error-ledger.md | 62 +++++++++++++ ...026-06-02-Agent-frontend-designer-floor.md | 9 +- ...Governance-gov-v2-session-cmd-framework.md | 8 +- ...-06-02-Memory-store-memory-strip-global.md | 8 +- docs/governance/error-ledger.md | 86 +++++++++++++++++++ 9 files changed, 229 insertions(+), 22 deletions(-) create mode 100644 docs/changelog/sessions/2026-06-02-S48-adap-verify-fd2-error-ledger.md create mode 100644 docs/governance/error-ledger.md diff --git a/.claude/agent-memory/frontend-designer/MEMORY.md b/.claude/agent-memory/frontend-designer/MEMORY.md index ce9d568..251f3c9 100644 --- a/.claude/agent-memory/frontend-designer/MEMORY.md +++ b/.claude/agent-memory/frontend-designer/MEMORY.md @@ -7,16 +7,32 @@ - **NOT MINE:** BE/DB/business-logic (implementer-backend) · cookie-cutter mechanical mirror theo spec (implementer-frontend — **KHÔNG double-touch cùng file UI**) · test (test-specialist). - **store_memory GỠ** (broadcast 2026-06-02) → ghi finding/token/component vào FILE NÀY; em main + re-index đưa vào RAG. -## SE design-system (FD1 — DÙNG, KHÔNG reinvent) -- Brand primary **`#1F7DC1`** · font **Be Vietnam Pro** (Vietnamese diacritics) · **shadcn/ui** + Tailwind tokens · ERP shell (TopBar + Bell + UserMenu). -- Token source: `fe-admin/tailwind.config.*` + `fe-admin/src/index.css` (+ mirror fe-user). Read TRƯỚC khi build. +## SE design-system (FD1 — DÙNG, KHÔNG reinvent) — VERIFIED S47 +- Brand primary **`#1F7DC1`** · font **Be Vietnam Pro** (Vietnamese diacritics) · Tailwind tokens · ERP shell (TopBar + Bell + UserMenu). +- ⚠️ **Token source = Tailwind v4 CSS-first** (NO `tailwind.config.js` file — template path stale). Tokens live in `fe-user/src/index.css` `@theme{}` block (mirror `fe-admin/src/index.css`). Read TRƯỚC khi build. + - Brand scale `--color-brand-50..900`; **`--color-brand-600 = #1f7dc1`** (exact logo). Accent red `--color-accent-500/600` (from ® mark). Be Vietnam Pro + JetBrains Mono via Google Fonts `@import` in index.css. body 14px / lh 1.55 / letter-spacing -0.003em. +- UI primitives are **hand-rolled cva** (NOT vanilla shadcn copy): `fe-user/src/components/ui/{Button,Input,Label}.tsx`. Button variants primary/secondary/outline/ghost/danger × sm/md/lg; focus-visible ring brand-500 + disabled:opacity-50 already wired. Input has focus-visible border-brand-500 + ring. REUSE these, don't reinvent. +- Stack: React 19 + Vite 8 + TS 6 + TanStack Query + lucide-react + sonner. Node v22 local (engines `>=20`). - UI 100% tiếng Việt · Named export (trừ App) · TS6 `const X = {...} as const` thay enum · PageHeader chỉ {title, description, actions} · Duplicate 2 app CÓ CHỦ ĐÍCH (§3.9). -## FD2 visual-verification rig (SE-specific) +## FD2 visual-verification rig (SE-specific) — ✅ VERIFIED RAN end-to-end S47 - Dev: `cd fe-admin && npm run dev` → :8082 (proxy /api→:5443) · `cd fe-user && npm run dev` → :8080. - Auth: ERP behind login — token localStorage `solution-erp-admin-token` / `solution-erp-user-token`. Authed page screenshot cần API+SQL chạy + login fixture (seed JWT). Public `/login` chụp trực tiếp. -- Tool: skill `webapp-testing` (Playwright) → PNG ≥2 viewport (375 + 1440) → Read PNG → rubric FD4 → fix → lặp. +- **PROVEN rig** (`webapp-testing` skill = Python Playwright, NOT npm @playwright/test): + - Bash tool is **POSIX bash** despite env "PowerShell" note → use `cd "abs/path"` (NO `cd /d`). Forward-slash Windows paths work. + - Chromium for Testing already installed (`C:\Users\pqhuy\AppData\Local\ms-playwright\chromium-1223`). Python 3.11 + `playwright` binding present & drives headless OK. NO install needed. + - Run pattern: `python /scripts/with_server.py --server "npm run dev" --port 8080 --timeout 90 -- python my_shot.py` (helper starts/stops dev). Write my_shot.py in fe-user dir, **delete after** (throwaway, not app code). + - Screenshot: `browser.new_page(viewport={w,h}, device_scale_factor=2)` → `page.screenshot(full_page=True)` → **Read PNG** to NHÌN. +- 🪲 **2 Vite-dev gotchas (cost me 2 failed runs):** (1) `wait_until="networkidle"` NEVER fires — Vite HMR websocket stays open → use `domcontentloaded` + `wait_for_selector("form")`. (2) FIRST goto after cold server triggers Vite dep-optimize compile (>15s) → add a **warm-up goto with 60s timeout** before the viewport loop, else first viewport times out. - Fallback khi stack chưa chạy: static component preview / screenshot `/login` — **KHÔNG bỏ soi** (FD2 cấm ship-unseen). +## Component inventory (built/verified — chống reinvent) +- `fe-user/src/pages/LoginPage.tsx` — login (public, no auth). Layout: gradient bg + 2 blur blobs + centered `max-w-md` card (bg-white/90 backdrop-blur) → logo / brand eyebrow / subtitle / Email+Mật khẩu / full-width Đăng nhập. Uses ui/{Button,Input,Label}. Solid baseline; nearly identical in fe-admin (mirror candidate). + +## Anti-slop catches + rubric verdicts +- **LoginPage (S47): rubric PASS.** Anti-generic ✓ (brand #1F7DC1 NOT default-blue, no emoji, lucide-ready, purposeful palette). Fix applied: subtitle "Đăng nhập để tiếp tục" `text-slate-500`→`text-slate-600` (borderline ~4.6:1 over translucent card → solid ~7.5:1, FD5 contrast floor). 1-line, no layout shift, on-scale (FD1). Screenshots: `/tmp/fd2-login-shots/login-{before,after}-{mobile-375,desktop-1440}.png`. + - ⚠️ **fe-admin parity follow-up:** same subtitle likely `text-slate-500` in fe-admin LoginPage — apply same bump next fe-admin touch (did NOT touch fe-admin this run; scope-disciplined). + - Minor noted (NOT fixed, out of bounded scope): 2 `blur-3xl` blobs barely visible at 1440 = render cost ~0 payoff; eyebrow `tracking-[0.2em]` heavy. Candidates if login redesign requested. + ## Activity log -- **S47 (2026-06-02) created** — chưa spawn-test (agent .md no hot-reload → cần restart). First spawn post-restart: (1) verify FD2 Playwright loop chạy THẬT, (2) confirm token source path `tailwind.config`/`index.css`, (3) confirm `webapp-testing` skill available. Đến lúc đó nấc = file-created, FD2-loop verified-pending. +- **S47 (2026-06-02) FD2 RIG VERIFIED ✅** — first real spawn. Ran full FD2 loop end-to-end on fe-user `/login`: read DS (Tailwind v4 CSS-first, corrected stale config-path assumption) → started Vite via `with_server.py` → Playwright screenshot 375+1440 → Read PNGs → FD4 critique → 1-line contrast fix → re-screenshot confirmed → `npm run build` 0 TS error. Closes adap-report `2026-06-02-Agent-frontend-designer-floor` FD2 runtime proof. 2 Vite gotchas captured above. Loop is REAL, not theoretical. diff --git a/.claude/commands/session-end.md b/.claude/commands/session-end.md index 5495c31..f066b03 100644 --- a/.claude/commands/session-end.md +++ b/.claude/commands/session-end.md @@ -34,6 +34,20 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph - `docs/rules.md`, `docs/architecture.md`, `docs/gotchas.md`, `docs/database/`, `docs/flows/` - rules, architecture, gotcha, skill, daily, hand-off (`docs/HANDOFF.md`), DB, luồng DB, session log (`docs/changelog/sessions/`) +## Phase 1.5 — §L AUTO-MAINTAIN (Gov-v2 keystone — deterministic, KHÔNG daemon) + +> Artifact home = [`docs/governance/error-ledger.md`](../../docs/governance/error-ledger.md) (RCA + Active-Guards index + 3-ledger triad mapping). **G-015:** đây là **step lead chạy ở session-end**, KHÔNG phải daemon tự-động-vô-điều-kiện. + +**§L.a — Deterministic detect (scan action-signature, KHÔNG để AI tự-phán):** quét session theo bảng **AS-1..AS-9** trong error-ledger. Mỗi hit → 1 RCA entry blameless (5-why + fix + guard). **Bug-production = lỗi KÉP → 2 fix** (vá code **VÀ** vá guard/eval-case). List AS mở — gặp class mới thì thêm. + +**§L.b — 6-step auto-maintain (đủ 6, KHÔNG skip — thiếu = ledger thối):** +- **(a) summary-index** += 1 dòng/session vào `STATUS.md` Recently Done (pointer, KHÔNG full-log). +- **(b) Active-Guards** (error-ledger): promote guard **2-strike** (episodic→procedural) · mark `verified` nếu held qua session · retire theo **net-effect** (hại>lợi → gỡ). +- **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)**. +- **(d) flush agent-memory** mỗi sub đã spawn session này — **spawn-record 4-field** `{agent · task · nấc(agreed/executed/verified) · evidence}`. (0 sub spawn → "n-a".) +- **(e) pending-request audit:** request anh CHƯA-thực-thi đã log SPECIFICS chưa (KHÔNG placeholder). +- **(f) harvest-integrity double-check:** verify spawn-record (d) đủ + đúng mọi sub (moved-not-cut). + ## Phase 2 — WRITE (update MD/RAG) ### 2.1 UPDATE/Re-rank MD/RAG đã thay đổi diff --git a/docs/HANDOFF.md b/docs/HANDOFF.md index d564e15..d28028e 100644 --- a/docs/HANDOFF.md +++ b/docs/HANDOFF.md @@ -2,7 +2,26 @@ > **Tiering rule (S40):** giữ **2-3 session gần nhất**. Cũ hơn → `docs/changelog/sessions/`. Full brief history pre-S40 → `docs/_archive/HANDOFF-preS40-fullhistory.md`. -**Last updated:** 2026-06-02 (Session 47 — AI_INFRA adap-* adoption channel (infra/governance, no product code): 3 slash-commands + adopt 3 broadcasts (store_memory strip 8 subs · frontend-designer 8th agent · Gov-v2 already-S44). Restart pending. Prev: S46 memory integrity repair; S45 test-gap +27 (181) + Mig 43.) +**Last updated:** 2026-06-02 (Session 48 — adap-* verification closure post-restart: #1 store_memory VERIFIED-runtime (0/8 subs) · #2 frontend-designer FD2 loop VERIFIED-RAN (first spawn, login a11y fix ×2 app) · #3 Gov-v2 delta CLOSED (NEW error-ledger.md + §L.b session-end). Login fix deploys. Prev: S47 adap channel install; S46 memory repair.) + +--- + +## S48 (2026-06-02) — adap-* verification closure post-restart + FD2 proof + Gov-v2 error-ledger + +**User: "làm xong hết đi rồi session-end luôn" — đóng cả 3 adap item post-restart, rồi session-end.** + +**Restart confirmed done** (registry có frontend-designer agent + adap-* commands + 8 subs KHÔNG store_memory) → S47 verified-pending nâng cấp. `/adap-apply all-pending` = 0 mới (cả 3 applied S47). `/adap-report all-applied` re-assess + update 3 report (honest §C5/G-015). + +**Done (em main solo + 1 FD spawn):** +- **#1 store_memory strip → VERIFIED-runtime** — grep agents `tools:`=0 · registry 0/8 subs. (Caveat giữ: KHÔNG "read-only" — sub vẫn có Bash/Write; containment = defense-in-depth.) +- **#2 frontend-designer FD2 → VERIFIED-RAN** — 🩷 first real spawn (background). Full FD2 loop trên fe-user `/login`: read DS → Vite dev → Playwright shot 375+1440 → viewed PNG → FD4 rubric all-PASS → contrast fix `LoginPage.tsx:56` slate-500→600 → re-shot → build PASS. em main mirror fe-admin (parity). **Rig lessons (FD MEMORY):** (1) Vite-dev `networkidle` never fires → `domcontentloaded`+selector; (2) cold-start dep-optimize >15s → warm-up goto 60s. **Fact: SE = Tailwind v4 CSS-first** (`@theme{}` in index.css, **NO tailwind.config.js**). +- **#3 Gov-v2 delta → CLOSED (executed-file)** — NEW `docs/governance/error-ledger.md` (blameless RCA E-001..E-004 + Active-Guards 2-strike index + §L.a AS-1..AS-9 deterministic-detect + 3-ledger triad map) + §L.b 6-step wired `session-end.md` Phase 1.5 (ran live this session = demo). + +**Code shipped:** `fe-{admin,user}/src/pages/LoginPage.tsx` subtitle contrast a11y (slate-500→600, ~7.5:1). Build ×2 PASS 0 TS error. **Test 181 unchanged** (FE-only, no .cs). → code commit deploys → 🟩 cicd-monitor verify bundle rotate. + +**⚠️ NEXT SESSION:** (a) confirm cicd deploy login fix PASS + new bundle hash; (b) §L.b chạy AUTO từ /session-end kế (session này chạy thủ công — command no hot-reload); (c) wire `reviewer` làm FD4 design-gate (quality-ADD, defer); (d) RAG re-index S42-S48 (AI_INFRA op). + +**Next product (anh pick):** P11-C Vehicle+Driver (Mig 44, recon ready) · gotcha #57 LeaveType+Shift filtered-unique (test-before) · P11-D/E/F · Phase 9 Ops. --- diff --git a/docs/STATUS.md b/docs/STATUS.md index 9ac86df..2e57928 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -3,7 +3,7 @@ > **Update rule:** trước khi bắt đầu 1 task → ghi row `🔥 In Progress`. Xong → `✅ Recently Done`. > **Tiering rule (S40):** chỉ giữ **state hiện tại + 3 session gần nhất** ở file này. Session cũ hơn → `docs/changelog/sessions/`. Full history pre-S40 → `docs/_archive/STATUS-preS40-fullhistory.md`. (Tránh over-context — xóa double, không cắt nội dung.) -**Last updated:** 2026-06-02 (Session 47 — **AI_INFRA adap-* adoption channel** (infra/governance, no product code): install 3 slash-commands (/adap-apply|report|request) + adopt 3 broadcasts — #1 store_memory strip (8 subs → lead=sole RAG-writer) · #2 frontend-designer 8th agent (FD1–FD10 visual-verify floor) · #3 Gov-v2 already-S44 delta. CI-skip (all .md). Restart pending → verified-runtime. Prev: S46 memory integrity repair; S45 test-gap +27 (181) + Mig 43.) +**Last updated:** 2026-06-02 (Session 48 — **adap-* verification closure post-restart** (governance + 1 a11y fix): #1 store_memory strip **VERIFIED-runtime** (registry 0/8 subs) · #2 frontend-designer **FD2 loop VERIFIED-RAN** (first spawn — login contrast a11y fix shipped ×2 app) · #3 Gov-v2 delta **CLOSED** (NEW `error-ledger.md` + §L.b 6-step wired session-end). Login fix = code commit (deploys). Prev: S47 adap channel install; S46 memory repair.) --- @@ -20,7 +20,7 @@ | Gotchas | **57** | `docs/gotchas.md` (latest #57 soft-delete UNIQUE phải filter [IsDeleted]=0, S45) | | User memory | **15** | 14 + new S47 (adap-channel); index updated | | Skills | 6 | 3 domain + 3 ops | -| Sub-agents | **8** | Opus 4.8 1M · 7 core + frontend-designer pink (S47, restart-pending) | +| Sub-agents | **8** | Opus 4.8 1M · 7 core + frontend-designer pink (FD2 loop **verified-ran** S48) | | RAG chunks | **2406** | ✅ S41 re-bootstrap clean (3080→2406, −674 junk: node_modules+_archive now excluded; user-memory 60 chunks/10 files slug-fixed + S38-S41 indexed) | **Bundle hash live (prod):** admin `Krjvg_3j` · user `6sNStgxa` (Gitea #367, S43 P11-B). Auth-verified prod: `/leave-balances/my?year=2026` → 5 LeaveType lazy-default (Used=0, remaining=entitled). @@ -30,11 +30,11 @@ --- -## 🔥 In Progress (S47) +## 🔥 In Progress (S48) | Task | Owner | Status | |---|---|---| -| _(none — S47 adap channel + 3 broadcasts adopted (executed/verified-pending). **NEXT: anh RESTART CLI** → activate 3 cmd + store_memory strip + frontend-designer → spawn-test FD2 loop → verified. Then P11-C / gotcha #57 / P11-D-F / Phase 9 Ops)_ | 👤 | ✅ | +| _(none — S48 closed all 3 adap items post-restart (store_memory verified-runtime · FD2 verified-ran · Gov-v2 error-ledger+§L.b built). **NEXT product (anh pick):** P11-C Vehicle+Driver (Mig 44, recon ready) / gotcha #57 LeaveType+Shift filtered-unique / P11-D-F / Phase 9 Ops)_ | 👤 | ✅ | **S40 done:** ✅ Consolidation (`d2f52ba`) · ✅ Curate 4 agent MEMORY >25KB→<8.4KB (`78c9de3`) · ✅ RAG catch-up chunk S37-S40 (rerank 0.867) · ✅ **AI_INFRA bulletin 2026-05-29 adopt 4/4** (MỤC2 Tiered Memory Policy v1 `6f08d1f` + MỤC3 /session-start+/session-end slash commands `c8ff5e1`). ⏳ Full RAG re-index = AI_INFRA op (cần VOYAGE_API_KEY). @@ -44,6 +44,13 @@ ## ✅ Recently Done (newest on top — 3 session; cũ hơn → session logs) +### S48 (2026-06-02) — ✅ adap-* verification closure post-restart + FD2 proof + Gov-v2 error-ledger (governance + 1 a11y fix) +- **CLI restart confirmed done** (registry has frontend-designer + adap-* cmds + 8 subs sans store_memory) → S47 "verified-pending" upgraded. `/adap-apply all-pending` = 0 new (all 3 applied S47); `/adap-report all-applied` → re-assessed + updated 3 reports honest (§C5/G-015). +- **#1 store_memory strip → VERIFIED-runtime:** `grep` agents `tools:` = 0 · loaded registry grants 0 `store_memory` to all **8** subs. NOT "read-only" (subs keep Bash/Write — defense-in-depth caveat holds). +- **#2 frontend-designer → FD2 loop VERIFIED-RAN** (🩷 first real spawn, background): full loop on fe-user `/login` — DS read (Tailwind v4 CSS-first) → Vite dev → Playwright screenshot 375+1440 → viewed PNGs → FD4 rubric all-PASS → 1-line contrast fix → re-shot → build PASS. em main mirrored fix to fe-admin (parity). 2 Vite-dev rig gotchas + Tailwind-v4 fact in FD MEMORY. +- **#3 Gov-v2 delta → CLOSED (executed-file):** NEW [`docs/governance/error-ledger.md`](governance/error-ledger.md) (blameless RCA E-001..E-004 + Active-Guards 2-strike index + §L.a AS-1..AS-9 deterministic-detect + 3-ledger triad map) + §L.b 6-step wired `session-end.md` Phase 1.5 (ran live this session = demo). +- **Code:** `fe-{admin,user}/src/pages/LoginPage.tsx` subtitle `text-slate-500→600` (a11y contrast ~7.5:1). Build × 2 PASS 0 TS error. **Test 181 unchanged** (FE-only, no .cs). Code commit → deploys → 🟩 cicd-monitor verify. → session log `2026-06-02-S48-adap-verify-fd2-error-ledger.md`. + ### S47 (2026-06-02) — 🔌 AI_INFRA adap-* adoption channel + 3 broadcasts (infra/governance, no product code) - **Federated adoption channel installed** (AI_INFRA relay): 3 slash-commands forked → `.claude/commands/adap-{apply,report,request}.md`. Read AI_INFRA `broadcasts/outbox/` read-only (§J2) → apply own repo → `docs/governance/adap-reports/.md` (5-field LOCK); AI_INFRA `/adap-audit` reads cross-repo 2-way. 0 agents spawned (em main solo — governance task). - **#1 store_memory strip** — removed from ALL 8 subs' `tools:` → **lead (em main) = sole RAG-writer** (failure-safe). 4 RAG-read retained ×8. `agents/README.md` synced + G-015 note (NOT "read-only" — subs keep Bash/Write). Corroborates SE S41 re-bootstrap-loss lesson. diff --git a/docs/changelog/sessions/2026-06-02-S48-adap-verify-fd2-error-ledger.md b/docs/changelog/sessions/2026-06-02-S48-adap-verify-fd2-error-ledger.md new file mode 100644 index 0000000..f0ef3a0 --- /dev/null +++ b/docs/changelog/sessions/2026-06-02-S48-adap-verify-fd2-error-ledger.md @@ -0,0 +1,62 @@ +# Session 48 — 2026-06-02 — adap-* verification closure post-restart + FD2 proof + Gov-v2 error-ledger + +> **User:** "làm xong hết đi rồi session-end luôn" (after `/session-start` + `/adap-apply all-pending` + `/adap-report all-applied`). +> **Type:** governance/infra + 1 a11y fix (FE code). **No BE/DB/migration/test change.** Test 181 unchanged. +> **Span:** 2026-06-02 (crossed into 06-03 at session-end). + +## Context + +S47 installed the AI_INFRA adap-* federated channel + adopted 3 broadcasts, all left at nấc **"executed → verified-pending"** (awaiting CLI restart — agent/command `.md` no hot-reload). S48 = the **post-restart verification session**: `/session-start` confirmed the restart already happened (this session's agent-registry contains `frontend-designer` + `adap-*` commands + 8 subs without `store_memory`), so the verified-pending items became provable. + +## `/session-start` bootstrap (S48) + +- Read CLAUDE.md + STATUS + HANDOFF + PROJECT-MAP + migration-todos(active) + workflow-contract + agents/README. RAG `list_projects` = **2413 chunks** (baseline ~2406, +0.3% drift OK), last-index 2026-05-29 (S41; S42-S47 = store_memory stopgap), rerank alive (top 0.89). +- **Memory hygiene audit (S46 lesson):** 8 agent-mem files ≤16KB (cicd-monitor 15.8KB closest), 0 zero-byte; user-memory 16 .md, 0 zero-byte. +- **Test gate ran live: 181 PASS** (58 Domain + 123 Infra, 0 fail/skip). +- **Key finding:** S47 "restart pending" already DONE → registry has all S47 changes. + +## `/adap-apply all-pending` → `/adap-report all-applied` + +Outbox = 3 broadcasts, all 3 already had S47 adap-reports + committed (`72bbfa5`) → **0 new to apply**. Re-assessed + updated 3 reports honest (§C5 no-fake / G-015 no-overclaim): + +### #1 `Memory-store-memory-strip-global` → VERIFIED-runtime +- SELF-CHECK: `grep store_memory` in agents `tools:` lines = **0** (only body/doc-notes). Loaded agent-registry grants **0 `store_memory` to all 8 subs** (incl. 8th frontend-designer, forked already-stripped). +- **Honest caveat held:** NOT "subs read-only" — subs keep `Bash` (+ `Write/Edit` for write-roles). Real containment = defense-in-depth (git-diff + Qdrant chunk-count), not allowlist alone. + +### #2 `Agent-frontend-designer-floor` → agent-load VERIFIED + FD2 loop VERIFIED-RAN +- Agent resolves in registry → frontmatter valid (`model: inherit` not `[1m]` gotcha #37 · `color: pink` · block-scalar desc · `effort: max` accepted). +- **FD2 spawn-test (🩷 first real frontend-designer spawn, background):** full visual-verification loop on fe-user `/login` — read DS → `npm run dev` (Vite) → Playwright screenshot 375+1440 → **Read/viewed PNGs** → FD4 adversarial rubric (all PASS) → bounded fix → re-screenshot confirmed → `npm run build` PASS 0 TS error. 4 screenshot artifacts. Loop **genuinely ran**, not fake-verified. +- **Fix:** `fe-user/src/pages/LoginPage.tsx:55` subtitle `text-slate-500`→`text-slate-600` (contrast ~4.6→~7.5:1 over translucent card, FD5 floor; on-scale, no magic number). +- **em main mirrored** `fe-admin/src/pages/LoginPage.tsx:56` (identical subtitle) for 2-app parity (trivial 1-line → em solo per decision tree). +- **Rig lessons (in FD MEMORY, reusable):** (1) Vite-dev `wait_until=networkidle` never fires (HMR ws) → use `domcontentloaded` + `wait_for_selector('form')`; (2) cold Vite first-goto triggers dep-optimize >15s → warm-up `goto` 60s before viewport loop. `webapp-testing` = Python Playwright (Chromium-for-Testing already installed). Bash tool = POSIX bash despite "PowerShell" env note. +- **Project fact corrected:** SE = **Tailwind v4 CSS-first** — tokens in `fe-*/src/index.css` `@theme{}` (`--color-brand-600 = #1f7dc1`), **NO `tailwind.config.js`**. UI primitives = hand-rolled `cva` (`components/ui/{Button,Input,Label}`), not vanilla shadcn copy. +- **Un-wired (quality-ADD, deferred):** FD4-rubric design-review gate via existing `reviewer`. + +### #3 `Governance-gov-v2-session-cmd-framework` → delta CLOSED (executed-file) +- Core Gov-v2 5-axis + session-cmd 4-feature already VERIFIED-2way S44 (`ae30f8f`, AI_INFRA RT3); #6 echo-body + #7 plan-tree re-demonstrated this session. +- **Open delta was:** no formal dedicated error-ledger + no explicit §L.b deterministic checklist. **CLOSED:** + - NEW `docs/governance/error-ledger.md` — blameless RCA (E-001 S46 0-byte · E-002 gotcha #57 Holiday UNIQUE · E-003 gotcha #44 silent-403 · E-004 gotcha #53 truncation) + **Active-Guards index** (2-strike promote + net-effect retire) + **§L.a deterministic-detect table AS-1..AS-9** (action-signatures, not AI-self-judgment) + **3-ledger triad mapping** (error-ledger=NEW · comms-ledger=`governance/README.md` adoption-ledger · summary-index=STATUS+session-logs). + - `.claude/commands/session-end.md` **Phase 1.5** = §L.a detect + §L.b 6-step (a→f) auto-maintain. Ran live this session (demo); auto from next session-end (command no hot-reload). + +## §L.b run this session (demo of the new keystone) +- **(a) summary-index:** this STATUS Recently-Done + this session log. +- **(b) Active-Guards:** "heavy-spawn→background" held (FD bg) · "lead=sole-RAG-writer" verified-runtime S48 · "session-end byte>0" wired+checked. +- **(c) chore-flag:** 0 bloat (FD MEMORY ~4KB post-flush) · 0 zero-byte. +- **(d) flush agent-memory — spawn-record:** `{frontend-designer · FD2 spawn-test fe-user/login · verified-RAN · 4 screenshots + build PASS + LoginPage.tsx:55 fix}`. +- **(e) pending-request audit:** none placeholder. +- **(f) harvest double-check:** FD = only spawn; MEMORY flushed + spawn-record captured ✓. +- **§L.a detect:** 0 AS-hits this session (no `git add -A`, no `--no-verify`, no unfiltered-UNIQUE Mig, FD spawned background, no model-downgrade). Clean. + +## Verify +- Build × 2: **fe-admin ✓ 8.92s · fe-user ✓ 559ms · 0 TS error** (chunk-size warnings pre-existing). +- Tests: **181 PASS** (ran at bootstrap; FE-only change, no `.cs` touched → unaffected). + +## Commits +- **C1 (docs/.claude, CI-skip):** 3 adap-reports + NEW error-ledger.md + session-end.md §L.b + FD MEMORY + STATUS/HANDOFF/session-log. +- **C2 (code, CI-deploy):** `fe-{admin,user}/src/pages/LoginPage.tsx` contrast a11y → 🟩 cicd-monitor verify (bundle rotate + smoke). + +## Next +- Confirm cicd deploy of login fix + new bundle hash (next session). +- Product (anh pick): P11-C Vehicle+Driver (Mig 44) · gotcha #57 LeaveType/Shift filtered-unique (test-before) · P11-D/E/F · Phase 9 Ops. +- RAG re-index S42-S48 (AI_INFRA op). +- Note: FD agent self-labeled MEMORY "S47" (its creation-session); FD2 run was S48 — dates (2026-06-02) correct, session-number cosmetic. diff --git a/docs/governance/adap-reports/2026-06-02-Agent-frontend-designer-floor.md b/docs/governance/adap-reports/2026-06-02-Agent-frontend-designer-floor.md index d719b27..43e50e7 100644 --- a/docs/governance/adap-reports/2026-06-02-Agent-frontend-designer-floor.md +++ b/docs/governance/adap-reports/2026-06-02-Agent-frontend-designer-floor.md @@ -6,7 +6,7 @@ `2026-06-02-Agent-frontend-designer-floor` (category: Agent · reviewer_gate: PASS · targets: all-fit) ## 2. nac G-011 -**executed** (file-level: 8th agent forked + roster doc synced) → **verified-pending** (restart + spawn-test FD2 visual loop). +**executed** (S47 file-level) → **agent-load VERIFIED** (S48 post-restart) → **FD2 visual-loop VERIFIED-RAN** (S48 first spawn: full loop executed THẬT on fe-user `/login` — 4 screenshots taken+viewed @375/1440, FD4 rubric scored all-PASS, 1 bounded a11y fix applied, re-screenshot confirmed, `npm run build` PASS 0 TS error). Only remaining = AI_INFRA `/adap-audit` 2-way. ## 3. evidence - **NEW sub-agent (8th):** `.claude/agents/frontend-designer.md` — **forked** canonical `D:\...\AI_INFRA\docs\templates\frontend-designer.agent.template.md` (NOT copy-paste; tailored SE stack). FD1–FD10 floor present (FD2 visual loop + FD4 rubric kept verbatim-intent). @@ -14,7 +14,7 @@ - **Roster doc:** `.claude/agents/README.md` — header 7→8 · S47 upgrade note · decision-tree branch · split-boundary row · skill-matrix row · 8 memory folders. - **Frontmatter checks (sister-guide):** `model: inherit` (NOT `[1m]`, gotcha #37) · `color: pink` (unique vs {cyan,blue,yellow,orange,purple,red,green}) · `description: |` block-scalar (no colon-space parse risk) · `store_memory` STRIPPED (consistent w/ broadcast #1 — RAG-read only: search_memory/search_code/cross_project_search/list_projects). -commit-sha: _unpushed (working-tree) — batch with restart-verify._ +commit-sha: **`72bbfa5`** (committed S47). **S48 re-verify:** agent present in available `subagent_type` registry (loads OK) · frontmatter on disk = `model: inherit` / `color: pink` / `description: |` block-scalar / `effort: max` / 0 `store_memory` — all confirmed. (`effort: max` did NOT cause file-reject → registry accepted it.) ## 4. tailored-gì + skip-gì-vì-sao - **PROJECT-FIT decision (S47):** SE has FE (2 React apps) → NOT the "no-FE → n-a" skip. User chose **ADOPT** over defer-with-pushback (upcoming greenfield FE: P11-E AttendanceReport + dashboards). @@ -28,7 +28,10 @@ commit-sha: _unpushed (working-tree) — batch with restart-verify._ - **Floor NOT lowered** (add-only-increase §F4.1) — FD1–FD10 all present. Recommended ADD noted (design-review via existing `reviewer`). ## 5. honest-caveat -- **VERIFIED-pending (§C5 no-fake):** agent `.md` no hot-reload → requires **restart + spawn-test** 1 small design task to confirm the FD2 screenshot loop runs THẬT. NOT claiming `verified`. +- **FD2-loop VERIFIED-RAN (S48 spawn-test, §C5 — genuinely ran, not fake):** first real `frontend-designer` spawn executed the full loop on fe-user `/login`: read DS → Vite dev → Playwright screenshot 375+1440 → **Read/viewed the PNGs** → FD4 adversarial critique → bounded fix (`fe-user/src/pages/LoginPage.tsx:55` subtitle `text-slate-500`→`text-slate-600`, contrast ~7.5:1, on-scale no magic-number) → re-screenshot confirmed → build PASS 0 TS error. 4 screenshot artifacts exist. **Visual-verification-loop now runtime-PROVEN** (was the open item). Remaining external = AI_INFRA `/adap-audit`. +- **Rig lessons captured in FD MEMORY** (reusable): Vite-dev `networkidle` never fires (HMR ws) → use `domcontentloaded` + `wait_for_selector('form')`; cold-start Vite dep-optimize >15s → warm-up `goto` 60s before viewport loop. **Template fact corrected:** SE = **Tailwind v4 CSS-first** (`@theme{}` in `fe-*/src/index.css`, brand-600 `#1f7dc1`) — **NO `tailwind.config.js`**. +- **Still un-wired (quality-ADD, not floor):** ⭐ FD4-rubric design-review gate via existing `reviewer` — wire when a larger design task runs (§F4.1 add-only). +- **Parity:** FD scoped fix to fe-user only; fe-admin `/login` parity handled by em main (see commit) to avoid 2-app inconsistency. - **FD2 rig not yet stood-up/run:** SE FE is an **authenticated ERP** (authed pages need API+SQL+login to render). The rig (webapp-testing + login fixture) is **documented in the agent body + memory**, but first-spawn (post-restart) validates it actually shoots. Fallback static-preview documented (no skip-soi). - **`effort: max`** included (canonical + dogfood-proven same-machine VIPIX/BVAAU); SE's 7 existing agents don't use it — if this CLI rejects the field, restart spawn-test will reveal (flagged). Floor unaffected either way (FD1–FD10 in body). - **Recommended quality-ADD not yet wired:** sister-guide ⭐ design-review-by-second-agent — SE HAS `reviewer`; wire FD4-rubric gate when first design task runs (quality-increase §F4.1, not floor). diff --git a/docs/governance/adap-reports/2026-06-02-Governance-gov-v2-session-cmd-framework.md b/docs/governance/adap-reports/2026-06-02-Governance-gov-v2-session-cmd-framework.md index 427d57f..93e4629 100644 --- a/docs/governance/adap-reports/2026-06-02-Governance-gov-v2-session-cmd-framework.md +++ b/docs/governance/adap-reports/2026-06-02-Governance-gov-v2-session-cmd-framework.md @@ -6,7 +6,7 @@ `2026-06-02-Governance-gov-v2-session-cmd-framework` (category: Governance · reviewer_gate: PASS · targets: all-fit) ## 2. nac G-011 -**executed** (already-applied S44, file-committed) → **verified-pending** (full 5-axis function-completeness delta below + AI_INFRA cross-repo audit). +**VERIFIED-2way core** (already-applied S44 `ae30f8f`, AI_INFRA RT3) + session-cmd **re-demonstrated S48** (#6 echo-body + #7 plan-tree this `/session-start`). **Delta now CLOSED at executed-file (S48):** error-ledger built + §L.b 6-step wired into session-end (see §3/§5). Full = verified-runtime on next `/session-end` run + AI_INFRA `/adap-audit`. ## 3. evidence - **ALREADY-APPLIED S44 (2026-06-01):** `docs/governance/README.md` "Cross-Project Adoption Ledger" logs bundle 2026-06-01 = §A auto · §B align (no new layer) · §C wording ×7 · §D #4 step · ✅ **VERIFIED 2-way** (AI_INFRA RT3). Commit chain `ae30f8f → 071c25c` (the broadcast precondition line cites `SE ae30f8f`). @@ -21,6 +21,6 @@ - **Helper-note (feature 8) = n-a** (roster-0-helper). ## 5. honest-caveat -- **DELTA / partial (brutal-honest, §M):** SE has the session-cmd features + Gov-v2 *principles*, but a **formal, distinct 3-ledger** — specifically an **error-ledger with blameless RCA + Active-Guards index + 2-strike-promote**, and **§L.b 6-step session-end auto-maintain as an explicit deterministic checklist** — is **only PARTIALLY formalized** (function distributed across gotchas.md + STATUS + session-logs; dedicated-artifact form not fully built). This is the main open gap vs the broadcast floor. -- **Proposed next:** formalize the error-ledger + §L.b auto-maintain checklist as a follow-up (candidate for `/adap-apply` post-restart or a small Gov hardening task). Flagged, not silently claimed-done. -- **nac honesty:** executed (file-level S44 committed) — NOT claiming `verified` for full 5-axis completeness; that needs the delta above + AI_INFRA `/adap-audit`. +- **DELTA CLOSED (S48, executed-file):** the formal 3-ledger is now explicit — **NEW `docs/governance/error-ledger.md`** (blameless RCA seed E-001..E-004 + Active-Guards index w/ 2-strike-promote + §L.a `AS-1..AS-9` deterministic-detect table + 3-ledger triad mapping: error-ledger=NEW / comms-ledger=governance-README adoption-ledger / summary-index=STATUS+session-logs). **§L.b 6-step** wired into `.claude/commands/session-end.md` **Phase 1.5**. This was the only open gap vs the broadcast floor. +- **DONE (was "proposed next"):** error-ledger + §L.b checklist built this session (S48). Remaining = verified-runtime (steps run for real at `/session-end` — demonstrated manually this session since command `.md` no hot-reload; auto from next session). +- **nac honesty (S48):** core Gov-v2 5-axis + session-cmd = VERIFIED-2way (S44 RT3). Delta artifacts = **executed-file S48** (created + committed). NOT claiming the §L.b checklist `verified-runtime` until it actually runs at session-end (this session demonstrates it manually; durable/auto from next session) + AI_INFRA `/adap-audit` cross-check. diff --git a/docs/governance/adap-reports/2026-06-02-Memory-store-memory-strip-global.md b/docs/governance/adap-reports/2026-06-02-Memory-store-memory-strip-global.md index 983be4a..417c158 100644 --- a/docs/governance/adap-reports/2026-06-02-Memory-store-memory-strip-global.md +++ b/docs/governance/adap-reports/2026-06-02-Memory-store-memory-strip-global.md @@ -6,10 +6,10 @@ `2026-06-02-Memory-store-memory-strip-global` (category: Memory · reviewer_gate: PASS · targets: all-fit) ## 2. nac G-011 -**executed** (file-level) → **verified-pending** (runtime needs Claude Code restart — agent `.md` no hot-reload). +**executed** (S47 file-level) → **VERIFIED-runtime** (S48 post-restart, 2026-06-02). Loaded agent-registry this session grants **0 `store_memory`** to all **8** subs (strip took effect on reload). Remaining = AI_INFRA `/adap-audit` 2-way cross-check. ## 3. evidence -Stripped `mcp__rag-unified__store_memory` from `tools:` frontmatter of **ALL 7** sub-agents (SE roster): +Stripped `mcp__rag-unified__store_memory` from `tools:` frontmatter of **ALL 7** sub-agents at S47 (SE roster); the 8th sub `frontend-designer` (added same session) was forked already-stripped → **8/8 subs clean**: - `.claude/agents/investigator-codebase.md` - `.claude/agents/investigator-api.md` - `.claude/agents/implementer-backend.md` @@ -23,7 +23,7 @@ SELF-CHECK (broadcast): - All 7 retain ≥1 RAG-read tool: `search_memory` ×7 (+ `search_code` + `cross_project_search` + `list_projects`). - Doc sync: `.claude/agents/README.md` §Tool-grant "5 RAG MCP → **4 RAG-READ**" + note "lead = sole RAG-writer · sub→MEMORY.md · G-015 not-read-only". -commit-sha: _unpushed (working-tree) — commit batched with restart-verify._ +commit-sha: **`72bbfa5`** (committed S47). **S48 re-verify (post-restart):** `grep store_memory` in agents `tools:` lines = **0** (only body/doc-notes remain) · loaded agent-registry = 0 `store_memory` across all 8 subs. ## 4. tailored-gì + skip-gì-vì-sao - **FUNCTION-floor adopted FULLY:** `store_memory` removed **GLOBAL** (all 7 subs, no per-context variant) → lead (em main) = sole RAG-writer (mechanized, failure-safe). @@ -32,5 +32,5 @@ commit-sha: _unpushed (working-tree) — commit batched with restart-verify._ ## 5. honest-caveat - **Accuracy (G-015):** `store_memory` now un-callable by subs — this is **NOT** "subs read-only". Subs retain `Bash` (+ `Write/Edit` for the 4 write-role subs) = open write channels. Real containment = defense-in-depth (git-diff + Qdrant chunk-count monitoring), NOT allowlist alone. -- **VERIFIED-pending:** runtime effect requires **restart** (agent `.md` no hot-reload). Pre-restart, this session's spawns would still resolve `store_memory`. Proven at **file-level only** so far. Do NOT claim `verified` — that is AI_INFRA `/adap-audit` cross-repo call. +- **VERIFIED-runtime (S48):** restart done → loaded registry grants 0 `store_memory` to all 8 subs (a spawned sub physically cannot call it this session). Upgraded from S47 file-level. Remaining external check = AI_INFRA `/adap-audit` cross-repo (2-way). **Still NOT "read-only"** (G-015) — caveat above holds: subs keep Bash/Write; containment = defense-in-depth, not allowlist alone. - **Aligns with SE's own prior lesson** (`feedback_store_memory_rebootstrap_protection`, S41): sub `store_memory` content was wiped on RAG re-bootstrap unless disk-twinned → centralizing RAG-write to lead removes that data-loss class. So this adopt is corroborated by SE dogfood, not just external mandate. diff --git a/docs/governance/error-ledger.md b/docs/governance/error-ledger.md new file mode 100644 index 0000000..63baccc --- /dev/null +++ b/docs/governance/error-ledger.md @@ -0,0 +1,86 @@ +# Error-Ledger — SOLUTION_ERP (Gov-v2 §L keystone) + +> **Living artifact.** Blameless RCA + Active-Guards index for SE. Closes the open delta from adap-report `2026-06-02-Governance-gov-v2-session-cmd-framework` (the only Gov-v2 floor item SE had distributed-but-not-formalized). +> **Maintained at `/session-end` §L.b** (deterministic step, not a daemon — G-015). Blameless = root-cause + guard, NOT blame. + +## 📐 The 3-ledger triad (Gov-v2 §L.b / §G3 — form gộp, function intact) + +SE maps the mandated 3 living ledgers onto existing + new artifacts (§F4 form-freedom): + +| Ledger (function) | SE artifact | Role | +|---|---|---| +| **(i) error-ledger** | **this file** (`docs/governance/error-ledger.md`) | RCA blameless · Active-Guards index · 3-axis tag · 2-strike promote | +| **(ii) comms-ledger** | `docs/governance/README.md` "Cross-Project Adoption Ledger" + `docs/governance/adap-reports/` | 2-way cross-project OUT→ACK / IN→decided, link-not-copy | +| **(iii) summary-index** | `docs/STATUS.md` "Recently Done" + `docs/changelog/sessions/` | timeline spine, pointer-not-log, reverse-chron | + +## 🔍 §L.a — Deterministic detect (action-signature scan @ session-end) + +Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan the session for these; each hit → an RCA entry below. List is **open** — extend when a new class appears. (G-015: catches signatures in this list, NOT "mọi vi phạm".) + +| # | Action-signature (grep/observe) | Rule it violates | On hit | +|---|---|---|---| +| AS-1 | `git add -A` / `git add .` | add-specific-files (concurrency safety, `feedback_rag_mcp_recovery_concurrency`) | RCA + re-stage specific | +| AS-2 | `--no-verify` / `--no-gpg-sign` / `commit.gpgsign=false` | no hook/sign bypass unless asked | RCA, justify or revert | +| AS-3 | sub-agent invokes `store_memory` | lead = sole RAG-writer (S47, mechanized) | should be impossible (allowlist-stripped); if chunk-count jumps w/o lead write → investigate | +| AS-4 | EF Mig adds UNIQUE/composite index on a soft-delete (`IsDeleted`) entity **without** `.HasFilter("[IsDeleted]=0")` | gotcha #57 (recreate-on-soft-deleted-slot → 500) | RCA + test-before + filter | +| AS-5 | heavy/long agent spawn in **foreground** | `feedback_background_spawn_visibility` (looks-frozen) | note; prefer `run_in_background` | +| AS-6 | docs-only commit that triggers a CI run | gotcha #41 path-filter (`paths-ignore`) | verify path-filter intact | +| AS-7 | model downgrade (haiku/sonnet) on codegen/guard/financial/security | critical-algo needs Max tier | RCA, re-run on Max | +| AS-8 | session-end memory `.md` Write leaving **0 bytes** | `feedback_session_end_memory_write_verify` (S46) | re-write + verify byte>0 | +| AS-9 | A/B/C choice handed to anh **without** decision-brief trục | Gov-v2 §G2 | reframe as full brief | + +## 🛡️ Active-Guards index (2-strike promote: episodic → procedural) + +> **net-effect rule:** a guard that costs more than it saves (hại>lợi) → **retire**. `verified` = ran ≥1× and held. `strikes` = times the underlying error recurred before the guard. + +| Guard | Counters | Tier | Strikes | Verified | Net | +|---|---|---|---|---|---| +| CI `paths-ignore` docs-only skip | gotcha #41 (AS-6) | procedural | 2 | ✅ (every docs commit 0s) | +++ | +| em-main verify-on-disk + proxy-append after agent return | gotcha #53 truncation | procedural | 5× (S35-S42) | ✅ | +++ | +| test-before bug-fix + soft-delete-UNIQUE `.HasFilter` | gotcha #57 (AS-4) | procedural | 2 (Holiday S45 + latent LeaveType/Shift) | ✅ Mig 43 | ++ | +| authz regression test per-action policy | gotcha #44 silent-403 | procedural | 1 (promoted S45 +10 test) | ✅ | ++ | +| agent frontmatter `model: inherit` (not `[1m]`) | gotcha #37 | procedural | — | ✅ (FD agent loaded S48) | ++ | +| **lead = sole RAG-writer** (`store_memory` stripped, mechanized) | store_memory rebootstrap-loss (S41) + AS-3 | procedural | 2 (NamGroup + SE S41) | ✅ runtime S48 (0/8 subs) | +++ (failure-safe) | +| session-end verify memory byte>0 | S46 0-byte (AS-8) | **episodic→promote** | 1 (S46) | ⏳ wired §L.b S48, verify next run | ++ | +| heavy spawn → `run_in_background` | looks-frozen | episodic | 2 (S45, S48) | ✅ S48 (FD bg) | + | +| RAG glob `**/`-anchored (not root) | gotcha #10 node_modules leak | procedural | 1 (S41) | ✅ (2406 clean) | ++ | + +## 📋 RCA entries (blameless — newest on top) + +> Format: `E-NNN | date | rule | what | 5-why root | fix (prod-bug = 2-fix: code + guard) | prevention | tags[TYPE/ACTOR/COMPONENT]` + +### E-004 — gotcha #53 agent truncation mid-MEMORY (recurring S35-S42) +- **rule:** agent must flush MEMORY before return; em main must receive complete work. +- **what:** heavy WRITE-agent (implementer/test-specialist) output truncates mid-MEMORY-update; return looks complete but isn't. +- **5-why:** brief too heavy → spawn output cap hit → truncation at the tail → MEMORY update is last step → silent partial. +- **fix:** (code/process) em main grep-verify-on-disk after return + proxy-append the agent's MEMORY next session (Strategy B, `feedback_implementer_truncation_mitigation`). (guard) brief ≤8K + Tiered Memory L1 ~30KB cap. +- **prevention/guard:** Active-Guard "verify-on-disk + proxy-append" (promoted, 5 strikes). 529 → em main solo fallback, no retry-loop. +- **tags:** [process-truncation / sub-agent / agent-memory] + +### E-003 — gotcha #44 silent 403 (S18, regression-tested S45) +- **rule:** authorization must fail loud, not silently break UX. +- **what:** class-level `[Authorize(Policy="Workflows.Read")]` → non-admin 403 → TanStack Query catch silent → Drafter saw empty Workspace dropdown, no error. +- **5-why:** broad class-level policy → GET blocked for non-admin → FE swallowed 403 → no surfaced error → looked like "no data". +- **fix:** (code) class-level `[Authorize]` only; GET for any-authenticated; POST/DELETE keep admin policy. (guard) test-specialist authz regression test +10 (S45) reflection-scan per-action policy. +- **prevention/guard:** Active-Guard "authz regression test per-action policy" (promoted S45). +- **tags:** [authz-regression / backend+frontend / ApprovalWorkflowsV2Controller] + +### E-002 — gotcha #57 Holiday UNIQUE unfiltered → 500 (S45, fixed Mig 43) +- **rule (AS-4):** soft-delete entity + UNIQUE index MUST `.HasFilter("[IsDeleted]=0")`. +- **what:** `Holidays` DB UNIQUE (Year,Date) unfiltered vs handler `!IsDeleted` → admin delete + re-add same-date holiday = reachable 500. +- **5-why:** UNIQUE created unfiltered → soft-deleted row keeps the slot → handler allows logical re-create → INSERT hits dead UNIQUE → 500. +- **fix:** (code) Mig 43 `.HasFilter("[IsDeleted]=0")` (matches 13× existing pattern). (guard) Gap1 test-before reproduced the 500 first. +- **prevention/guard:** Active-Guard AS-4 + test-before. ⚠️ **OPEN latent:** `LeaveType.Code` + `ShiftPattern.Code` same class, still unfiltered → backlog test-before (2nd strike of this guard). +- **tags:** [soft-delete-invariant / em-main+test-specialist / Holidays,LeaveType,ShiftPattern] + +### E-001 — S46 user-memory 0-byte (close-out truncation) +- **rule (AS-8):** memory `.md` writes must persist (byte>0); index must not be empty. +- **what:** S45 close-out left `MEMORY.md` index + 1 entry at 0 bytes → S46 bootstrap ran with NO memory auto-inject (silent degrade). +- **5-why:** session-end Write created stub → body Write truncated (gotcha #53) → 0-byte file → not git-tracked (outside repo) → undetected until next bootstrap audit. +- **fix:** (process) rebuilt index + repopulated entry (S46). (guard) `feedback_session_end_memory_write_verify` + now session-end §L.b step (e)/(c) byte-check. +- **prevention/guard:** Active-Guard "session-end verify byte>0" (episodic→promoted S48, wired §L.b). `/session-start` audit also re-checks 0-byte (caught it S46, re-ran clean S48). +- **tags:** [memory-integrity / em-main / user-memory] + +--- + +> **Maintenance:** append RCA on each AS-hit; promote a guard to `procedural` on its 2nd strike; mark `verified` once it holds through a session; retire by net-effect. Pointer entries only — full narrative lives in session-logs (summary-index).