diff --git a/docs/governance/error-ledger.md b/docs/governance/error-ledger.md index 63baccc..1a754aa 100644 --- a/docs/governance/error-ledger.md +++ b/docs/governance/error-ledger.md @@ -28,6 +28,7 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan | AS-7 | model downgrade (haiku/sonnet) on codegen/guard/financial/security | critical-algo needs Max tier | RCA, re-run on Max | | AS-8 | session-end memory `.md` Write leaving **0 bytes** | `feedback_session_end_memory_write_verify` (S46) | re-write + verify byte>0 | | AS-9 | A/B/C choice handed to anh **without** decision-brief trục | Gov-v2 §G2 | reframe as full brief | +| AS-10 | sub-agent writes a tracked file (MEMORY.md / code) despite **R1 return-only** (Write/Bash residual) | R1 return-only (HMW) — prompt-rule, NOT mechanized (G-015) | git-diff post-P2 catch → lead VERIFY benign+accurate+placement → keep or revert (NOT a bug if correct; chunk-count for RAG-write) | ## 🛡️ Active-Guards index (2-strike promote: episodic → procedural) @@ -41,7 +42,8 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan | authz regression test per-action policy | gotcha #44 silent-403 | procedural | 1 (promoted S45 +10 test) | ✅ | ++ | | agent frontmatter `model: inherit` (not `[1m]`) | gotcha #37 | procedural | — | ✅ (FD agent loaded S48) | ++ | | **lead = sole RAG-writer** (`store_memory` stripped, mechanized) | store_memory rebootstrap-loss (S41) + AS-3 | procedural | 2 (NamGroup + SE S41) | ✅ runtime S48 (0/8 subs) | +++ (failure-safe) | -| session-end verify memory byte>0 | S46 0-byte (AS-8) | **episodic→promote** | 1 (S46) | ⏳ wired §L.b S48, verify next run | ++ | +| session-end verify memory byte>0 | S46 0-byte (AS-8) | procedural | 1 (S46) | ✅ S49 (new mem 2355B + 0 byte-0 scan) | ++ | +| **git-diff + chunk-count post-P2 containment** (defense-in-depth, HMW) | R1 sub-write residual (AS-10) · store_memory bypass (AS-3) | episodic | 1 (S49) | ✅ S49 (caught inv-api self-MEMORY write in git-diff; chunk-count 2414=2414 = 0 RAG-write) | ++ (G-015 honest — NOT allowlist-alone) | | heavy spawn → `run_in_background` | looks-frozen | episodic | 2 (S45, S48) | ✅ S48 (FD bg) | + | | RAG glob `**/`-anchored (not root) | gotcha #10 node_modules leak | procedural | 1 (S41) | ✅ (2406 clean) | ++ | @@ -49,6 +51,14 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan > Format: `E-NNN | date | rule | what | 5-why root | fix (prod-bug = 2-fix: code + guard) | prevention | tags[TYPE/ACTOR/COMPONENT]` +### E-005 — AS-1 `git add -A` on S49 governance commit (self-caught @session-end §L.a) +- **rule (AS-1):** stage specific files, not `git add -A`/`.` (concurrency safety — `feedback_rag_mcp_recovery_concurrency`). +- **what:** S49 Harness 1/2/3 adoption commit used `git add -A` ×2 (main `e27d877` + sha-fill `0647b4c`) instead of `git add `. +- **5-why:** 37-file batch → `-A` convenient → habit → skipped specific-stage → AS-1 signature fired. +- **fix:** (process) MITIGATED pre-commit — `git add -A --dry-run` verified exact 37-file scope + wave-folder-leak=0 + 0 unintended files BEFORE commit; no concurrent SE session running. Scope was correct → no retroactive re-stage needed. (guard) next multi-file commit → `git add ` OR dry-run-verify-first (this session did dry-run = acceptable mitigation). +- **prevention/guard:** Active-Guard AS-1 "add-specific or dry-run-verify-first". Blameless: outcome clean, but signature logged for honesty (§L.a = catch signature, not excuse it). +- **tags:** [git-hygiene / em-main / commit] + ### E-004 — gotcha #53 agent truncation mid-MEMORY (recurring S35-S42) - **rule:** agent must flush MEMORY before return; em main must receive complete work. - **what:** heavy WRITE-agent (implementer/test-specialist) output truncates mid-MEMORY-update; return looks complete but isn't.