diff --git a/.claude/agent-memory/investigator-codebase/MEMORY.md b/.claude/agent-memory/investigator-codebase/MEMORY.md index 83faa6a..42bf21b 100644 --- a/.claude/agent-memory/investigator-codebase/MEMORY.md +++ b/.claude/agent-memory/investigator-codebase/MEMORY.md @@ -70,6 +70,12 @@ Bearer từ `POST api.solutions.com.vn/api/auth/login` → status matrix expecte ## 📅 Recent activity (FIFO — older → archive/git) +- **2026-06-18 (S71 Harness-10 ref-sweep — wave-*/agent-teams/harvest migration map, on-disk):** ⭐ **2 RULE-MECHANISM (cơ-chế, sửa CẨN THẬN ≠ text-swap):** (1) **`.gitignore:93-94`** `.claude/workflows/wave-*/` + `.claude/agent-teams/` AFTER `!.claude/**:83` (last-match-wins) — Harness-10 LẬT containment: runs/ TRACKED nên KHÔNG gitignore (đã có `runs/_ledger.md:4` "tracked-change NGOÀI run-folder = vi-phạm" thay B6 "mọi tracked = vi-phạm"). agent-teams = n-a Windows in-process → giữ-hay-bỏ tùy. (2) **`hmw.js`** wave-mechanism: meta.description:9 (2-MODE) · args:19 `wave:{name,dir}` · SCHEMA subMdPath:52 · WAVE-MODE block:87-91 (`const wave = A.wave&&A.wave.dir`) · log:94 · subMd path:102 · writeGuard TOOL-AWARE 2-nhánh:106-120 (wave→sub-MD-isolated / default→return-delta) · prompt subMdPath:131. → run-trace = đổi `wave`→`run`, dir `wave-`→`runs/`, +harvest/ path. **TEXT-ONLY (đổi chữ, KHÔNG cơ-chế):** `.claude/workflows/README.md` TOÀN BỘ (48 dòng, đầu-đề + table 2-MODE + structure + B1-B6 + agent-team §) · `session-end.md:32,49,51` (§L.b(d)(f) GATE + B5 wave-gom) · `session-start.md:71` (H2 báo wave-folder tồn-đọng) · `agents/README.md:111` (decision-tree wave-gom B5) + :22-28,52 harvest-curator.md (B5 scan path `wave-/sub-*.md` + agent-team) · `harvest-curator/MEMORY.md:20` (wave-folder gitignored). **DOC/HISTORY (immutable evidence — KHÔNG sửa):** `broadcasts/**` (handshake:17 + inbox/README:15 "khác wave-folder gitignored") · `docs/governance/adap-reports/2026-06-07-Agent-harness-2.md` (toàn bộ B1-B6 spec) · `docs/changelog/sessions/*` · `error-ledger.md:86` (wave-folder-leak=0 evidence). **ĐÃ SCAFFOLD Harness-10 (S71 đang chạy):** `runs/_ledger.md` (2-beat OPEN/CLOSE) + `runs/2026-06-18-h10-invest/run.md` + `harvest/`. ⚠️ **Note .gitignore:92 comment** `git check-ignore -v .claude/workflows/wave-x/wave.md` = verify-cmd cũ, đổi theo. Tag `[s71, harness-10-refsweep, wave-to-runtrace-migration, gitignore-mechanism, hmw-wave-mechanism]`. + +- **2026-06-18 (S71 Harness-10 STAGE-C harvest-flow recon — per-turn + 3-layer wire points, on-disk):** ⭐ **CURRENT harvest = SINGLE-POINT @session-end (B5), KHÔNG per-turn.** Driver = `harvest-curator` H2 (`agents/harvest-curator.md:22` "sau workflow-dài/cuối-session quét `wave-/sub-*.md`→gom→APPEND agent-memory/"). Wired ONLY `session-end.md §L.b(f):51` (5-trục GATE + wave-folder gom B5). `session-start.md:71` = REPORT-only (báo wave tồn-đọng, KHÔNG gom). ZERO per-turn hook — `hmw.js` JS-sandbox no-fs (`hmw.js:5`), harvest deferred-to-close. **C4 per-turn-primary wire (3 chỗ):** (a) `hmw.js:122-134` prompt-builder — sub return findings; (b) NEW em-main step: ghi `runs//harvest/` SAU MỖI fan-out turn (KHÔNG đợi close); (c) `session-end.md §L.b(f):51` đổi "gom @end" → "VERIFY per-turn harvest đủ". **C5 3-layer anti-miss wire:** L1 in-run-reminder = `hmw.js` prompt + `run.md` checklist (run trước chưa-harvest → flag); L2 post-exec-rescan = `session-start.md:71` (mở rộng orphan-scan `runs/*/` tìm ledger-OPEN-no-harvest, hiện chỉ báo wave); L3 close-gate = `session-end.md §L.b(f):51` (GATE đã có, repoint wave→runs). **EVIDENCE tracked:** `git check-ignore runs/.../run.md`→matched `!.claude/**` (.gitignore:83 negation)=NOT-ignored ✓ vs `wave-*/` still gitignored (:93). Run-folder ĐÃ scaffold S71: `runs/2026-06-18-h10-invest/`{run.md·sub-md/.gitkeep·harvest/.gitkeep}+`runs/_ledger.md` (2-beat OPEN/CLOSE `:3`, orphan=OPEN-no-CLOSE). **G-015 shift:** Harness-2 "mọi tracked=vi-phạm" (wave gitignored→diff mù) → Harness-10 "tracked NGOÀI run-folder+code-disjoint=vi-phạm" (`_ledger.md:4`) → containment MẠNH hơn (run-folder in git-diff thấy sub-MD writes). Tag `[s71, h10-harvest-flow, per-turn-C4, 3-layer-C5, single-point-end-current]`. + +- **2026-06-18 (S71 Harness-10 task-A — hmw.js EXACT edit-list wave→run-trace, on-disk):** ⭐ Refines sibling ref-sweep with precise diffs. **3 LOGIC edits:** (1) `:90` `const wave=(A.wave&&A.wave.dir)?A.wave:null` → `run=(A.run&&A.run.dir)?A.run:null`; (2) `:102` subMd `\`${wave.dir}/sub-${role||'task'}-${i}.md\`` → `\`${run.dir}/sub-md/sub-${role||'task'}-${i}.md\`` (⚠️ +`/sub-md/` SUBDIR — matches scaffolded `runs//sub-md/`, today FLAT); (3) `:106-120` writeGuard 2-branch keep TOOL-AWARE, reword. **CONTAINMENT-FLIP 2 strings:** `:112` "wave-folder gitignored nên KHÔNG hiện trong diff = sạch" → "run-folder TRACKED; tracked-change NGOÀI run-folder(+code-disjoint)=vi-phạm" (model = `runs/_ledger.md:4`); `:114` "file NGOÀI repo/wave-folder"→run-folder. **TEXT reword:** `:5,9(+drop stale two-tier H4.5→H8),19(args wave→run),52,55,88-91,94,108,113,131`. **VERDICT: pure mechanical** — fan-out/SCHEMA/resolveModel/parallel/checkpoint-gate ALL unchanged; only rename + path-subdir + 2 string-flips. **Read-only sub flow same** (`:111` subMdPath→em-main-scribe @P3, no Write tool). **C2/C4 stay em-main** (hmw.js no-fs `:1-5`). Tag `[s71, h10-task-a, hmw-exact-difflist, subdir-sub-md, mechanical-rename]`. + - **2026-06-17 (PE-workflow recon for FDC feature-plan — urgent flag + value-threshold routing, on-disk):** ⭐ **PE VALUE: NO stored "giá trị gói thầu" column.** Best-fit = winner-quote-total `SUM(Quote.ThanhTien WHERE supplier==SelectedSupplierId)` — COMPUTED (submit-guard `PurchaseEvaluationWorkflowService.cs:188-190` + `CurrentProposalTotal` in `PeBudgetSummaryDto`). Other amounts: `PE.BudgetPeriodAmount`(:40 drafter NS kỳ này)/`ExpectedRemainingAmount`(:41)/`PeWorkItemBudget.FullAmount`=(Initial??0)+(Adjustment??0) (`PeWorkItemBudget.cs:29-30`) — all budgets, not deal-value. **ROLES PRO/CCM/CEO = domain shorthand NOT constants** (`AppRoles.cs` has Procurement/CostControl/Director; PRO=Procurement CCM=CostControl CEO=Director). **V2 routing IGNORES roles** — approvers = specific `ApproverUserId` (`ApprovalWorkflow.cs:80`), OR-of-N = N Level rows same `Order` (GroupBy :687). "Phòng CCM" = seed Step NAME + non-strict DeptId hint only (`:67`). **CEO = positional (last level/last step), NOT conditional.** **ROUTING 100% LINEAR** (level→step, `DaDuyet` when `nextIdx>=steps.Count`). ZERO value/threshold/conditional config anywhere (grep 0 on AW/Step/Level/PEType). ⭐ **HOOK B (value-threshold) = `ApproveV2Async` advance block lines 816-845** (`:817` levelOrder++ / `:828-837` terminal DaDuyet / `:838-845` next step). Precedent: `skipToFinal :773-814` already "jump pointer to last step+level" — reuse mechanic conditioned on value. **HOOK A (urgent):** add `IsUrgent bit`/`PePriority` enum (mirror `ItTicketPriority{Low,Medium,High,Urgent}` `Office/Enums.cs:48-54`) AddColumn no-new-table; notify `INotificationService.NotifyAsync(userId,type,title,desc?,href?,refId?)` (`INotificationService.cs:10`)+SignalR interceptor; LogTransition notifies DRAFTER-only on terminal (`:960-980`), NO approver-notify yet. Badge DTOs: `PurchaseEvaluationListItemDto`(`PurchaseEvaluationDtos.cs:6`)+`DetailBundleDto`(:201). Type A/B (`PurchaseEvaluationType.cs:6-10`) constrains pinnable ApplicableType only — ZERO type-conditional routing. ⚠️ "Từ chối" REMOVED S60 hard-guard `:80-85` (throws even Admin; only Duyệt/Trả lại). ⚠️ drafter-in-chain bypass `:543` auto-approves drafter's own step-1 levels on submit (interacts w/ value-finalize). Tag `[pe-workflow-recon, value-threshold-hook, urgent-flag, fdc-feature-plan]`. - **2026-06-17 (S69 recon — Office-module inventory + Hồ sơ-NS CSS-contract, on-disk):** ⭐ **PART A Office:** 21 `Off_*` keys (`MenuKeys.cs:99-121`): root `Off` + DanhBa(card-grid), `Off_PhongHop`{View=cal/Manage=room-CRUD-admin/Book}, `Off_DeXuat`{List/Create/Inbox=Proposal-V2}, `Off_DonTu`{Leave/Ot/Travel}, `Off_DatXe`, `Off_ItTicket`, `Off_ChamCong`(re-parent→Personal S57), `Off_AttendanceReport`(admin). 10 office pages `{fe-admin,fe-user}/src/pages/office/` ALL SHA256-MIRROR except **MyAttendancePage DIFFERS** + AttendanceReportPage ADMIN-ONLY. Routes `App.tsx` user:70-80/admin:88-100; staticMap `Layout.tsx:87-103` (workflow-apps :kind `/workflow-apps/{leave,ot,travel,vehicle}`); menuKeys.ts:45-63. **HIDE-FLAG** `RevokeTemporarilyHiddenModulesAsync` (`DbInitializer.cs:2157-2190` called :2040 LAST) wipes CRUD on `MenuKey.StartsWith("Off")||"Hrm"||==Personal` non-Admin, idempotent. **Golive flip:** remove :2040 call (+ re-add prefix InReviewScope grant). Office already S55-shell polished NOT bare. **PART B Hồ sơ-NS CSS:** layout=3-col flex (`EmployeesListPage.tsx` SHA256-identical x2, 1597 LOC): cây-tổ-chức TRÁI(:178) + NV-list MID(:244) + detail PHẢI = avatar-header `app-gradient-brand`(:643)+`text-white!`(:653)+initials chip bg-white/15 → 5-TAB(:507 Tổng quan/Thân nhân/Trình độ/Kinh nghiệm/Hợp đồng) → `Card`(:1526 left-rail+icon-chip) w/ `Field`(:1572 label uppercase accent-tint + value `font-medium text-brand-800`, empty=`text-slate-300 —`). `ACCENT` map :497-503 Record<5,{chipBg/chipFg/head/rail/labelText}> accent∈{brand,teal,violet,amberx,greenx}, palettes stops 50/100/500/600/700 only no-800→headings -700 (brand -800 OK). Tokens `index.css`: brand-600=#1f7dc1 brand-800=#175685 @theme:5-55, font Be-Vietnam-Pro:53; classes `.app-gradient-brand`(:105 120deg b600→700→800),`.card-accent`(:112),`.icon-chip`(:128 --chip-bg/--chip-fg),`.stat-value`(:140),`.label-eyebrow`(:89). ⚠️ **GOTCHA #66 = `index.css:79-83` `h1,h2,h3,h4{color:#0b1220;font-weight:700}` OUTSIDE @layer** → TW-v4 unlayered wins → heading-tag inside gradient MUST `text-white!`. ⚠️ **CROSS-APP DRIFT:** fe-user=S68 (h1-4 #0b1220/700, label-eyebrow brand-600, 175L); **fe-admin STILL OLD** (h1-4 #0f172a/600, label-eyebrow #64748b slate, 167L) — fe-admin NOT synced S66-68 heading bump → mirror Office to fe-admin needs index.css sync. Tag `[s69, office-inventory, hoso-css-contract, gotcha66, fe-admin-css-drift]`. diff --git a/.claude/agent-memory/reviewer/MEMORY.md b/.claude/agent-memory/reviewer/MEMORY.md index aab7d89..809d14f 100644 --- a/.claude/agent-memory/reviewer/MEMORY.md +++ b/.claude/agent-memory/reviewer/MEMORY.md @@ -61,6 +61,7 @@ Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod ## 📅 Recent activity (FIFO — older → archive/git) +- **2026-06-18 (S71 Harness-10 adap run-trace convention — Stage-3 REVIEW lens R1 frozen-evidence+containment, PASS, 0 blocker):** Governance/infra-only (wave-folder→run-trace `.claude/workflows/runs//` TRACKED). 10 modified (8 H10 + investigator MEMORY residual + CLAUDE.md pre-existing) + 1 untracked `runs/`. NO product/test/csproj/package.json/migration → test baseline 306 untouched, deps N/A. **Spec path trap:** spec said `runs/...` but actual `.claude/workflows/runs/...` (verify disk, không tin claim path). **R1 verify ALL PASS:** (1) **Frozen-evidence 0-touch** — `git status --porcelain` on broadcasts/** · adap-reports/2026-06-07-harness-2 · error-ledger · sessions/* · STATUS · HANDOFF · `*/archive/*` ALL empty = none touched. (2) **Containment wording đồng-bộ 4 chỗ** — `_ledger.md:4` ↔ `hmw.js:89/113` ↔ `workflows/README:38` ↔ `runs/README:78` ALL = "tracked-change NGOÀI run-folder + code-disjoint = vi-phạm" (model thay Harness-2 B6 "mọi tracked = vi-phạm"). (3) **gitignore exit-code-trap** — `check-ignore runs/.../run.md && echo IGNORED || echo NOT`=NOT (re-included via `:83 !.claude/**`); `wave-x/wave.md`=IGNORED (legacy `:93` kept); trap-note PRESENT gitignore `:96-98`. No new ignore rule shadows runs/. **residuals verified as-claimed:** investigator MEMORY +6 (3 S71 diary, 29819B≈29.8KB over-cap, race artifact closeout); CLAUDE.md pure test-count 263→306 flush. hmw.js `node --check`=PARSE-OK, `args.run` w/ legacy `args.wave` fallback `:91`, `sub-md/` subdir `:103`. harvest-curator DEDUP axis (sha/substring before APPEND); session-end idempotent VERIFY-not-re-APPEND; session-start orphan-scan. 6× `.gitkeep` present. **1 MINOR (non-block, actionable):** runs/ currently UNTRACKED (`git ls-files` empty, `?? runs/`) = tracked-ELIGIBLE not-yet-committed; docs say "TRACKED" = post-commit steady-state — em main MUST `git add runs/` in SAME commit else run-trace invisible to git-diff audit model depends on. **Learned:** "TRACKED" containment = 2-level — check-ignore NOT-IGNORED (eligible) vs `git ls-files` (committed); model only works after `git add`. **surprise:** internal var `const wave = (A.run&&A.run.dir)?A.run:...` keeps name `wave` but reads `A.run` first — cosmetic-only, downstream identical (not bug). Verdict PASS — safe commit (git-add-runs/ caveat). Tag [s71, harness-10-runtrace, frozen-evidence-clean, containment-wording-4file-sync, gitignore-exit-trap, tracked-eligible-vs-committed]. - **2026-06-17 (S69 GOLIVE Văn phòng số public-all-roles authz — PASS, 0 blocker, gotcha #44-family CLEAN):** 1-file BE-only DbInitializer.cs (+81, new `SeedAllRolesOfficeModulePermissionsAsync` :2261 + call :2055 AFTER S65 HRM grant → AFTER revoke :2042). NOT deployed (static + Dev-DB review, build PASS). Near-exact mirror of S65 HRM method, ONLY delta = `+CanCreate=true` (HRM was read-only). **8 verify ALL PASS:** (1) **Ordering** — grant call sits after `RevokeTemporarilyHiddenModulesAsync` (:2042) + after S65 (:2048) → grant wins revoke. (2) **Allow-list EXACTLY 16 Off keys** — Off/Dashboard/DanhBa/PhongHop(+View+Book)/DeXuat(+List+Create+Inbox)/DonTu(+Leave+Ot+Travel)/DatXe/ItTicket; const names map correct values per MenuKeys.cs:99-120; NO PhongHopManage/AttendanceReport/ChamCong; array contains ZERO Hrm*/Personal/Pe*/Master key → no leak. (3) **Upgrade-only correct** — row exists→only flips CanRead/CanCreate false→true (`if(!row.CanRead)`+`if(!row.CanCreate)`), NEVER touches CanUpdate/CanDelete, never lowers; new row→read+create=true, update/delete=false (Permission.cs defaults false anyway). (4) **3 excluded keys STAY HIDDEN — decisive cascade check:** `Off` is NOT one of the 4 inherit-roots in GetMyMenuTreeQuery (:56-59,:70-73,:80-83 = Contracts/Workflows/PE/PeWorkflows ONLY) → granting Off does NOT cascade to children; each Off child reads its OWN `resolved` flags (:65, falls to false-tuple if no row); PhongHop_Manage(parent=Off_PhongHop:1830)/AttendanceReport(parent=Off:1845) not-in-list→revoke-false→filtered by HasAccess(:96); ChamCong re-parented to Personal(:1850/:1962) under hidden Personal root, not under Off, not granted→hidden. (5) **Admin unharmed** — MenuPermissionHandler:27 Admin bypass; Dev DB: all 18 Off rows belong to Admin already read+create=true → upgrade branch no-op. (6) **No real write-path opened — KEY for golive:** grep Controllers for Off menu keys = 0 matches; Office controllers gate writes by class-level `[Authorize]` (any-auth, self-service create) + per-action `[Authorize(Roles="Admin")]` for true admin writes (MeetingRoomsController Create/Update/Delete=Manage-rooms :26/34/43, Attendances :37/42, LeaveBalances :23/28) — NOT by Off_*.Create policy. So broad CanCreate grant only drives FE menu+button (usePermission/PermissionGuard); API write-auth untouched, admin CRUD stays Admin-only regardless. (7) **No migration** — seed-logic only; all 16 keys in MenuKeys.All:157-161 (seeded). (8) **Idempotent** — 2nd run: rows already true→0 change; SaveChanges gated `if(added>0||upgraded>0)`. **Dev DB baseline** (307 perms,13 roles): 0 non-admin Off rows exist→method takes add-branch for 12 non-admin roles (creates 16 read+create rows each, 3 excluded never added). build Infrastructure 0err/0warn. 0 rogue write (only cicd-monitor/MEMORY.md noise, read-only respected). **Learned:** for a public-grant golive the load-bearing security proof is TWO-fold — (a) cascade-safety = confirm the granted root is NOT an inherit-root (else siblings leak, gotcha #44-family) AND trace excluded keys' ParentKey to a non-granted/hidden parent; (b) write-path-safety = grep that the broadly-granted menu key is NOT used as a controller `[Authorize(Policy=)]` (here Office uses class `[Authorize]`+per-action Roles=Admin, so CanCreate is FE-only — granting it cannot escalate API writes). **surprise:** the "Manage rooms" admin function is double-protected — excluded from allow-list (menu hidden) AND its API is `[Authorize(Roles=Admin)]`; menu-hide alone would've been insufficient but the controller gate makes the broad grant safe even if a key had slipped. Verdict PASS — safe commit+deploy. Tag [s69, office-golive-authz, public-all-roles, inherit-root-no-cascade, off-not-policy-key-fe-only-grant, gotcha44-family-clean, admin-write-double-protected]. - **2026-06-17 (S69 Văn phòng số RE-SKIN static logic-preservation — PASS, 0 blocker):** 10 pages presentation-only re-skin → PURO PageHeader/KpiCard + Hồ sơ-NS idiom (9 fe-user office + 1 fe-admin AttendanceReport). NOT built yet, fe-admin not mirrored (em main next). **Strongest proof = exact API/queryKey diff OLD-vs-NEW byte-identical ALL 8 fe-user pages** (grep `api\.(get|post|put|delete)` + `queryKey:[...]` sorted -u, zero delta): proposals POST /submit + /{kind} · workflow-apps POST /{k}+/submit+PUT /workflow · meeting-bookings POST/DELETE+invalidate · it-tickets PUT /{id}/assign · directory/departments/attendance-report/excel-blob all UNCHANGED. Mutation side-effects (onSuccess/onError/invalidateQueries/setActionDialog/setComment/navigate) 1:1 (line-shift only). ProposalCreate validation `!title.trim()` throw + required + submit-disabled intact. AttendanceReport exportExcel blob (createObjectURL→a.download→click→revoke) intact. **Cat2 orphans CLEAN:** 0 unused import — flagged Users(=UsersIcon alias) + FormEvent/ReactNode (React.* namespace not named-import) + Accent(comment word) all FALSE-alarm verified. **Cat3 shared-comp contract:** PageHeader{eyebrow,title,subtitle,icon,accent,actions} + KpiCard{label,value,icon,accent,active,onClick} props all match real sig; KpiCard onClick wired to REAL filter state (ItTickets `setFilter`/WorkflowAppsList `setStatusFilter`/ProposalsList — driving actual client `.filter()`), InternalDirectory 2 KpiCards INTENTIONALLY inert (no onClick=presentational counts, matches comp design — NOT dummy). **Shared comps + index.css NOT modified** (git status -- ui/ + *.css EMPTY; sha256 identical fe-user==fe-admin per ls). **Cat4 color-trap CLEAN:** grep added lines for `(teal|violet|amberx|greenx)-(200|300|400|800|900)` = ZERO; index.css confirms accents ship only 50/100/500/600/700 (brand has full 50-900 so brand-800 valid); gotcha #66 — 0 gradient/dark-bg headings added (all headers on light surface use accent-ink text-brand-800/{accent}-700 via PageHeader). **Cat1 mock-markers:** 0 //Mock/alert/TODO-wire. **Client-side filter additions** (ItTickets filter/breached, WorkflowAppsList statusFilter useMemo) = presentation views over fetched items, NO new query/endpoint. **2 MINOR (non-block):** (a) ProposalDetail status badge now renders TWICE — PageHeader actions slot + existing status-row (cosmetic dup, both presentation); (b) it-tickets/workflow-apps client-filter is view-only over a `pageSize:100/50` first-page fetch (pre-existing pagination limit, re-skin doesn't worsen). **Learned:** for pure re-skin, the decisive logic-preservation proof is `grep api-call + queryKey sorted -u` OLD-vs-NEW byte-equality across every page — faster + more rigorous than reading each hunk; orphan-import heuristic (body-occ<=1) flags `X as Y` aliases + `React.X` namespace + comment-words as false-positives, always grep the actual usage line before flagging build-break. **surprise:** custom accent palettes (amberx/greenx/teal/violet) deliberately ship NO -800 stop so headings MUST use -700 (brand is the only -800-bearing accent) — a -800 on a non-brand accent = silent no-class Tailwind v4, the re-skin respected this everywhere. Verdict PASS — safe for em main to build+mirror. Tag [s69, office-reskin, presentation-only, api-querykey-byte-equal, color-trap-clean, kpicard-inert-vs-filter, gotcha66-clean]. - **2026-06-16 (S65 PE mục E HoSoLink review — em-main PROXY, PE-Workflow reviewer-stage died-empty):** Review mục-E hyperlink render + HoSoLink BE wiring (`5a0aaa4`). Reviewer-stage trong Workflow `pe-hoso-link-rename-pro` return RỖNG → em main self-gate evidence: Detail DTO `hoSoLink` present + `null` backward-compat phiếu thật (Run #293 GET 200); Create/Update +trailing-optional `HoSoLink=null` KHÔNG vỡ call-site (grep 0 manual ctor — KHÁC CreateDepartmentCommand #291 CS7036 vì positional-required vs trailing-optional); mirror fe-user==fe-admin SHA256 IDENTICAL (PeDetailTabs+PeWorkspaceCreateView); hyperlink `` no reverse-tabnabbing; rename "Dự trù PRO"→"Ngân sách PRO" CHỈ display (giữ "Ghi chú từ PRO" + field-code). LEARNED: hyperlink free-text = no server-side XSS (render-as-href client-only); absolute-set Update (null=clear) chủ đích. SURPRISE: reviewer-stage chết-rỗng trong fan-out = lý do verify-heavy task vẫn cần em-main self-gate dù có Workflow (verdict `feedback_workflow_fanout_reliability`). Tag `[s65, pe-section-e-review, em-main-proxy-self-gate, hosolink-backward-compat, workflow-fanout]`. @@ -78,6 +79,9 @@ Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod --- +- **2026-06-18 (Harness-10 adap R2-lens hmw.js ENGINE integrity — CONCERN, confirms sibling L1 over-claim still live, pre-commit):** Lens = hmw.js engine integrity (em-main rename wave→run-trace). **Engine itself CLEAN — all 4 R2 checks PASS:** (1) structure valid — `const wave=(A.run&&A.run.dir)?A.run:((A.wave&&A.wave.dir)?A.wave:null)` :91 nested-ternary paren-balanced 3/3, accepts args.run primary + args.wave alias (additive, old callers OK), var `wave` internal-name kept consistent :91/:92/:95/:103/:107/:132; subMd path :103 `${wave.dir}/sub-md/${role||'task'}-${i}.md` matches spec; template-literals balanced (backtick 54 EVEN all-escaped, brace 56/56, paren 140/140, bracket 14/14). (2) zero operative WAVE-MODE — grep `WAVE-MODE`=0; all 6 wave refs contextualized (legacy-alias :19/:90/:91, "supersedes Harness 2 wave" :87/:109); :113 ISOLATION contains "tracked-change NGOÀI run-folder (runs//)+code-disjoint=vi-phạm" ✓. (3) fan-out logic UNCHANGED — `git diff -U0` hunks = ONLY :91 behavioral (alias-accept); resolveModel/SCHEMA/checkpointApproved-guard/parallel/results.filter untouched. (4) valid JS (balance + structural, NO node --check per top-level-await). **THE CATCH (CONCERN, intersects R2):** runs/README.md:51 documents L1 in-run-reminder as firing in "`hmw.js` prompt-builder" w/ exact text 'run đang OPEN—nhớ scaffold@P1'+'run trước OPEN-beat đã harvest chưa' → grep that in hmw.js = **0**. hmw.js writeGuard :114 emits ONLY C4 return-instruction ("Harvest per-turn primary (C4)..."), NO scaffold/OPEN orchestrator-reminder; :92 is a log() at mode-detect not prompt-injection + still lacks the promised text. **Plan-vs-applied gap proven:** invest-synthesis:17 PLANNED "C5 Layer1: thêm reminder vào prompt-builder"; implement-synthesis NEVER lists applying L1 to hmw.js (only L2 :71 + L3 :51 applied); yet README:51+C7:72 present L1 as live. Doc asserts engine-behavior grep proves absent = over-claim. **Sibling reviewer (same adap, prior run today) already CONCERN on this exact gap — I independently re-confirm UNFIXED.** **Cross-file PASS:** gitignore runs/ TRACKED via `!.claude/**`:83 (check-ignore -v confirms negation) + wave-*/ kept IGNORED; containment wording synced 4 files (_ledger:4↔hmw:89/113↔runs/README:78); frozen evidence (broadcasts/adap-harness-2/error-ledger/STATUS/HANDOFF/archive_INDEX/sessions) ALL empty-diff; 0 mojibake. **Residual (non-block, self-flagged):** investigator-codebase/MEMORY.md +6 (29819B ~just-under-cap) = 4 same-role INVEST agents race (concurrency risk #7 invest-synthesis flagged) → em-main reconcile @closeout; new :113 guard forbids sub agent-memory writes = prevents recurrence. **Learned:** narrow lens (hmw.js JS structure) ≠ excuse to wave a doc-asserts-engine over-claim — when README says a layer "fires in ", grep the engine for the CLAIMED text not a sibling instruction; INVEST-plan ≠ IMPLEMENT-applied. **Surprise:** engine rename genuinely flawless (dual-alias/balance/logic-frozen) — ONLY defect is adjacent doc over-stating what the clean engine does; engine-perfect + doc-overclaim coexist in one adap. Smart-Friend held: did NOT downgrade to PASS despite narrow lens + clean engine + sibling already-flagged. Tag [harness10, r2-hmwjs-engine, engine-clean-doc-overclaim, c5-L1-overclaim-reconfirm, plan-vs-applied-gap, dual-alias-additive]. +- **2026-06-18 (Harness-10 adap run-trace folder R3-floor review — CONCERN, 1 over-claim, pre-commit):** Reviewed adap thay wave-mode → `runs//` 3-part (run.md+sub-md/+harvest/) git-TRACKED. Floor C1-C8 disk-verified. **C1/C2 PASS** — all 3 runs (invest/implement/review) scaffolded full 3-part (`ls` confirm + .gitkeep placeholders). **C3 PASS correct-nấc (NO over-claim)** — `git check-ignore runs/`=NOT-IGNORED (tracked-eligible via `!.claude/**` :83) AND `git ls-files runs/`=EMPTY=NOT-committed-yet; _ledger:4 + runs/README:80 + gitignore:89-99 document "tracked" correctly, NEVER falsely claim "committed". Nấc THẬT = tracked-ELIGIBLE pre-commit (must commit to realize — expected, not defect). **C4 PASS** — invest+implement synthesis present per-turn; review harvest empty=correct (in-progress). **C5 CONCERN (the catch)** — L2 (session-start:71 orphan scan `closed=⏳`+harvest-rỗng) + L3 (session-end:51 idempotent VERIFY-not-re-APPEND) genuinely wired. BUT **L1 OVER-CLAIM**: runs/README:51 documents L1 in-run reminder firing in "hmw.js prompt-builder" w/ exact text 'run đang OPEN—nhớ scaffold@P1'+'run trước...harvest chưa' → `grep -c` that text in hmw.js = **0**. hmw.js writeGuard only emits C4 return-instruction ("Harvest per-turn primary (C4)"), NO scaffold/OPEN reminder. INVEST planned it ("C5 Layer1: thêm reminder vào prompt-builder"), IMPLEMENT synthesis never mentions applying it, yet runs/README:51+C7:72 present L1 as live. Doc-vs-reality gap = over-claim. **C6 PASS** — _ledger OPEN+CLOSE beats (invest/implement CLOSED, review ⏳) + orphan def:3. **C7 PASS** — caveat genuinely honest (engine no-fs · C2 fragile · 3-layer=lưới-không-khóa · G-015 TRACKED≠read-only-enforced); strong. **C8 PASS** — wave→runs migration done (0 wave-*/ remain), wave-*/ kept IGNORED (verified). **Frozen evidence 0-byte-loss CONFIRMED** (broadcasts/·adap-harness-2·error-ledger·STATUS·HANDOFF all empty-diff vs HEAD). hmw.js `node --check`=OK, dual-alias A.run/A.wave intact. Containment wording synced 4 files (_ledger:4↔hmw:113↔workflows/README:38↔runs/README:78). **Learned:** for a multi-layer "anti-miss net" adap, the catch is grepping each layer's CLAIMED trigger-site against the actual engine file — a layer documented as "fires in hmw.js prompt-builder" must have backing text there, not just a sibling instruction; INVEST-plan ≠ IMPLEMENT-applied (cross-check synthesis-plan vs disk). **Surprise:** README's own C1-C7 section-numbering ≠ task's C1-C8 reviewer-axes (two schemes, NOT a defect — README documents convention, task axes evaluate it); don't conflate. Over-claim=CONCERN per task rule (would be PASS if README:51 softened L1 to "C4 return-instruction" matching reality, OR hmw.js actually added the scaffold reminder). Tag [harness10, run-trace-folder, c5-L1-overclaim, tracked-not-committed-correct-nac, frozen-evidence-clean, plan-vs-applied-gap]. + ## 🔄 Curate trigger - >~30KB → archive recent → L2 `archive/.md`. Stale >3mo → remove. - **Last curate: 2026-06-17 S70 (Harness-9, em-main + Stage-B workflow)** (42.5→24.8KB): moved 9 entries S51→S57 (byte-exact) → `archive/2026-06.md`; KEPT foundation + 6 newest (S69×2/S65×2/S60/S57bis) + S49/S43/S35/S33 tail + Smart-Friend-cumulative + archive-pointers. Built `archive/_INDEX.md` (substring sha-keyed) + `.gist.md` (4-field distill-gen:1). Also Stage-C audit actor (`wf_9520d8cd-4fe` — verify 0-byte-loss/pointer/coverage). No re-ground (additive-only). Prev: S40 (28.4→18KB) · S34 q2 · S22 q1. diff --git a/.claude/agents/README.md b/.claude/agents/README.md index 50246e2..e9c067a 100644 --- a/.claude/agents/README.md +++ b/.claude/agents/README.md @@ -108,7 +108,7 @@ ├── @session-start/@session-end TOOLING-FRESHNESS audit (skill·sub-role·plugin·docs 4-mặt + drift)? │ → tooling-auditor (H1 monitor, INFORM-only) — báo state+diff @start · chốt+new-alloc @end · em main APPEND │ -├── @session-end HARVEST-INTEGRITY gate (5-trục Coverage/Completeness/Fidelity/Placement/Corruption) / wave-folder gom (Harness 2 B5) / @session-start harvest mới? +├── @session-end HARVEST-INTEGRITY gate (5-trục Coverage/Completeness/Fidelity/Placement/Corruption) / run-folder harvest (`runs//harvest/` ← `sub-md/`, Harness-10) / @session-start harvest mới? │ → harvest-curator (H2 monitor, INFORM-only) — propose delta · em main single-writer VERIFY→APPEND · Fidelity nghi → reviewer │ ├── Quick task < 30 min? → Em solo direct @@ -159,7 +159,7 @@ All 11 agent có **4 RAG-READ MCP**: `search_memory` + `search_code` (BM25, prefer over Read full file — tiết kiệm token) + `cross_project_search` + `list_projects`. Base tools per role (READ: Read/Grep/Glob/Bash [+WebFetch/Search cho api] · WRITE: +Edit/Write/Skill). -> **2 monitor sub (tooling-auditor H1 + harvest-curator H2 — 2026-06-07):** read-only toolset = `[Read, Grep, Glob, Bash, +4 RAG-read]`, **NO `store_memory`, NO Write/Edit** (mirror investigator read-set). INFORM-only — propose → em main single-writer VERIFY→APPEND (B3). 🔴 **G-015 accuracy:** đây KHÔNG = "read-only enforced" — sub vẫn giữ `Bash` (write-channel mở qua shell/curl). Containment thật = em main single-writer + **git-diff + chunk-count post-session** (defense-in-depth), KHÔNG allowlist đơn-độc. +> **2 monitor sub (tooling-auditor H1 + harvest-curator H2 — 2026-06-07):** read-only toolset = `[Read, Grep, Glob, Bash, +4 RAG-read]`, **NO `store_memory`, NO Write/Edit** (mirror investigator read-set). INFORM-only — propose → em main single-writer VERIFY→APPEND (B3). 🔴 **G-015 accuracy (Harness-10 run-trace model, `runs/_ledger.md:4`):** run-folder `runs//` được git **TRACKED** → mọi write HIỆN trong git-diff = audit trực-tiếp. Containment: tracked-change NGOÀI `runs//` VÀ NGOÀI code-disjoint đã giao = vi-phạm (thay model Harness-2 B6 "mọi tracked-change = vi-phạm"). G-015 no-overclaim: TRACKED ≠ read-only-enforced — sub vẫn giữ `Bash` (write-channel mở qua shell/curl) → containment THẬT = em main single-writer + git-diff(in-repo) + chunk-count (RAG), KHÔNG allowlist đơn-độc. > ⚠️ **`store_memory` GỠ khỏi MỌI sub (2026-06-02 — AI_INFRA broadcast `Memory-store-memory-strip-global`, adap-report cùng id).** → **lead (em main) = sole RAG-writer** (mechanized failure-safe: sub vật-lý không gọi được `store_memory`). Sub tìm thấy finding/pattern mới → ghi **MEMORY.md** (file); lead + re-index đưa vào RAG. *Accuracy (G-015): đây KHÔNG = sub "read-only" — sub vẫn giữ `Bash` (+ vai write giữ `Write/Edit`); containment thật = defense-in-depth git-diff + Qdrant chunk-count, chưa phải allowlist đơn độc.* diff --git a/.claude/agents/harvest-curator.md b/.claude/agents/harvest-curator.md index c09b8c6..cdaaabc 100644 --- a/.claude/agents/harvest-curator.md +++ b/.claude/agents/harvest-curator.md @@ -1,7 +1,7 @@ --- name: harvest-curator description: | - Read-only INFORM-only HARVEST-MD-INTEGRITY auditor cho SOLUTION_ERP (H2 — adopt AI_INFRA Harness 1, anh giao 2026-06-07; TÁCH BIỆT khỏi tooling-auditor H1 vì 2 việc hay quên+nhầm khi gộp). Verify HARVEST mỗi session ĐỦ + ĐÚNG: quét agent-memory mọi sub đã spawn + wave-folder workflow (Harness 2 B5) + agent-team → đề-xuất spawn-record 4-field + chạy harvest-integrity 5-trục (Coverage·Completeness·Fidelity-flag·Placement·Corruption). Lifecycle: @session-end HỖ TRỢ em main HARVEST (gom delta sub/wave/team → propose APPEND vào agent-memory sub tương-ứng + 5-trục GATE trước đóng + flag chore); @session-start BÁO harvest-MD MỚI + delta mồ-côi chưa-APPEND. Propose-only — em main single-writer (VERIFY→APPEND B3 no-overwrite-unverified). KHÔNG tooling/skill/plugin/docs-freshness (đó là tooling-auditor H1). KHÔNG store_memory. PHẢI dùng khi harvest agent-memory/wave-folder cuối session hoặc verify harvest-integrity. + Read-only INFORM-only HARVEST-MD-INTEGRITY auditor cho SOLUTION_ERP (H2 — adopt AI_INFRA Harness 1, anh giao 2026-06-07; TÁCH BIỆT khỏi tooling-auditor H1 vì 2 việc hay quên+nhầm khi gộp). Verify HARVEST mỗi session ĐỦ + ĐÚNG: quét agent-memory mọi sub đã spawn + run-folder `runs//sub-md/` (Harness-10 run-trace) + agent-team → đề-xuất spawn-record 4-field + chạy harvest-integrity 5-trục (Coverage·Completeness·Fidelity-flag·Placement·Corruption). Lifecycle: harvest per-turn = primary (C4); @session-end = backstop verify-idempotent HỖ TRỢ em main HARVEST (gom delta sub/run/team → propose APPEND vào agent-memory sub tương-ứng + 5-trục GATE trước đóng + flag chore); @session-start BÁO harvest-MD MỚI + delta mồ-côi chưa-APPEND. Propose-only — em main single-writer (VERIFY→APPEND B3 no-overwrite-unverified). KHÔNG tooling/skill/plugin/docs-freshness (đó là tooling-auditor H1). KHÔNG store_memory. PHẢI dùng khi harvest agent-memory/run-folder cuối session hoặc verify harvest-integrity. model: inherit tools: [Read, Grep, Glob, Bash, mcp__rag-unified__search_memory, mcp__rag-unified__search_code, mcp__rag-unified__cross_project_search, mcp__rag-unified__list_projects] memory: project @@ -10,22 +10,22 @@ maxTurns: 18 # Harvest-Curator — SOLUTION_ERP (H2 harvest-MD integrity, read-only INFORM-only) -> Verify HARVEST mỗi session ĐỦ + ĐÚNG, hỗ trợ em main gom memory về sub-agent tương-ứng. **Read-only · propose-only.** Em main = single-writer. Adopt AI_INFRA Harness 1 (anh giao 2026-06-07) — TÁCH khỏi `tooling-auditor` (H1): H2≠H1, "hay quên+nhầm" → riêng-biệt. KHÔNG copy: tailor SE (4 RAG-read, roster 10, reviewer-escalate). Nền H2 đã có 1 phần ở `session-end.md` §L.b — sub này NÂNG thành 5-trục đầy-đủ + chuyên-trách. +> Verify HARVEST mỗi session ĐỦ + ĐÚNG, hỗ trợ em main gom memory về sub-agent tương-ứng. **Read-only · propose-only.** Em main = single-writer. Adopt AI_INFRA Harness 1 (anh giao 2026-06-07) — TÁCH khỏi `tooling-auditor` (H1): H2≠H1, "hay quên+nhầm" → riêng-biệt. KHÔNG copy: tailor SE (4 RAG-read, roster 10, reviewer-escalate). Nền H2 đã có 1 phần ở `session-end.md` §L.b — sub này NÂNG thành 5-trục đầy-đủ + chuyên-trách. **Harness-10:** scan-target wave-folder → run-folder `runs//` (git-tracked). ## 🎯 Role (1 câu) -Verify + gom **harvest-MD toàn session** (agent-memory sub · wave-folder workflow · agent-team) → @session-end đề-xuất harvest-delta + 5-trục integrity GATE; @session-start báo harvest mới. KHÔNG ghi, KHÔNG quyết, KHÔNG tooling-freshness (đó là tooling-auditor). +Verify + gom **harvest-MD toàn session** (agent-memory sub · run-folder `runs//sub-md/` · agent-team) → harvest per-turn primary + @session-end backstop đề-xuất harvest-delta + 5-trục integrity GATE; @session-start báo harvest mới. KHÔNG ghi, KHÔNG quyết, KHÔNG tooling-freshness (đó là tooling-auditor). ## ✅ SCOPE — ĐƯỢC làm (H2 harvest-integrity 5-trục) -**@session-end (HỖ TRỢ harvest — GATE trước đóng + Harness 2 B5):** +**@session-end (HỖ TRỢ harvest — GATE trước đóng + Harness-10 backstop verify-idempotent):** - Quét `.claude/agent-memory/*/MEMORY.md` mọi sub đã spawn → đề-xuất spawn-record 4-field `{task·verdict·learned·surprise}` cho em main APPEND. -- **🌊 Wave-folder harvest (Harness 2 B5):** sau workflow-dài / cuối-session, quét `.claude/workflows/wave-/sub-*.md` (+ agent-team `.claude/agent-teams//`) → gom delta → đề-xuất em main consolidate APPEND vào `agent-memory/` sub tương-ứng (để sub-chính có đầy-đủ memory). Ghi `wave-/_harvest.md` propose (em main verify). -- Chạy **5-trục:** **Coverage** (0 silent-miss — mọi sub/wave/team đã-chạy đều harvest) · **Completeness** (đủ 4-field) · **Placement** (delta đúng nhà `agent-memory/X`, B2) · **Corruption** (mojibake / `$`-shell-expansion / encoding scan — phải dùng Write/Edit-tool, KHÔNG Bash-append-ẩu) · **Fidelity-FLAG** (nghi bịa / record on-behalf khớp việc-thật → escalate `reviewer`, KHÔNG tự phán). -- Flag chore-memory: agent-memory >30KB → archive L2 · wave-folder chưa-harvest tồn-đọng · delta mồ-côi · 0-byte memory (closeout-truncate gotcha #53). +- **🏃 Run-folder harvest (Harness-10 run-trace):** harvest **per-turn = primary (C4)** — sau mỗi workflow run / cuối-session, quét `.claude/workflows/runs//sub-md/` (per-sub detail) → gom delta → đề-xuất em main consolidate APPEND vào `agent-memory/` sub tương-ứng (để sub-chính có đầy-đủ memory). Ghi propose vào `runs//harvest/` (em main verify). **@session-end = backstop verify-idempotent** (rà run-folder còn delta mồ-côi chưa-APPEND, KHÔNG harvest lại cái đã gom). 🔴 **DEDUP:** vì harvest chạy CẢ per-turn LẪN close-gate, propose-APPEND PHẢI idempotent — đối-chiếu delta đã-có trong `agent-memory/` (sha/substring) TRƯỚC khi đề-xuất, tránh double-APPEND cùng spawn-record. +- Chạy **5-trục:** **Coverage** (0 silent-miss — mọi sub/run/team đã-chạy đều harvest) · **Completeness** (đủ 4-field) · **Placement** (delta đúng nhà `agent-memory/X`, B2) · **Corruption** (mojibake / `$`-shell-expansion / encoding scan — phải dùng Write/Edit-tool, KHÔNG Bash-append-ẩu) · **Fidelity-FLAG** (nghi bịa / record on-behalf khớp việc-thật → escalate `reviewer`, KHÔNG tự phán). +- Flag chore-memory: agent-memory >30KB → archive L2 · run-folder `runs//sub-md/` chưa-harvest tồn-đọng · delta mồ-côi · 0-byte memory (closeout-truncate gotcha #53). **@session-start (BÁO harvest mới):** -- **🌾 Harvest MD mới:** tổng hợp MD/memory MỚI từ workflow-wave · sub-agent · agent-team kể từ last-session (spawn-record mới · finding mới · **delta CHƯA APPEND** = mồ-côi cần em main xử-lý). -- Wave-folder tồn-đọng (workflow chạy mà chưa harvest) → flag. +- **🌾 Harvest MD mới:** tổng hợp MD/memory MỚI từ run-folder `runs//sub-md/` · sub-agent · agent-team kể từ last-session (spawn-record mới · finding mới · **delta CHƯA APPEND** = mồ-côi cần em main xử-lý). +- Run-folder tồn-đọng (run chạy mà chưa harvest — đối-chiếu `runs/_ledger.md` OPEN-beat chưa CLOSE) → flag. ## ❌ SCOPE — CẤM - ❌ KHÔNG ghi/sửa BẤT KỲ file (em main single-writer — propose → VERIFY + APPEND B3 no-overwrite-unverified). KHÔNG `store_memory` (RAG single-writer = em main). @@ -35,20 +35,20 @@ Verify + gom **harvest-MD toàn session** (agent-memory sub · wave-folder workf - ❌ KHÔNG fan-out repo khác (SOLUTION_ERP-self only). ## 🔗 Quan hệ (ranh giới tránh double-touch) -- vs **tooling-auditor (H1):** tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). harvest = HARVEST-MEMORY (spawn-record · 5-trục · wave-gom). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0. +- vs **tooling-auditor (H1):** tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). harvest = HARVEST-MEMORY (spawn-record · 5-trục · run-folder gom). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0. - vs **reviewer:** reviewer = adversarial PASS/FAIL + Fidelity-escalation. harvest-curator = deterministic 4-trục (Coverage/Completeness/Placement/Corruption) + **FLAG** Fidelity (nghi → reviewer). Hybrid. -- vs **cicd-monitor:** cicd = corpus/RAG/eval/deploy. harvest-curator = agent-memory/wave harvest. Khác lãnh-địa. +- vs **cicd-monitor:** cicd = corpus/RAG/eval/deploy. harvest-curator = agent-memory/run-folder harvest. Khác lãnh-địa. ## 📤 OUTPUT contract -- @session-end: bảng harvest {sub/wave · spawn-record-đề-xuất · 5-trục verdict · flag} + wave-consolidate propose + chore-memory. Propose-delta cho em main APPEND. -- @session-start: harvest-mới report (delta mồ-côi + wave tồn-đọng) gọn cho Phase 2/3. +- @session-end: bảng harvest {sub/run · spawn-record-đề-xuất · 5-trục verdict · flag} + run-folder-consolidate propose (idempotent, đã DEDUP vs per-turn) + chore-memory. Propose-delta cho em main APPEND. +- @session-start: harvest-mới report (delta mồ-côi + run-folder tồn-đọng vs `runs/_ledger.md`) gọn cho Phase 2/3. - ≤ vài K token. Mọi claim có ref (path / count). KHÔNG tự ghi. ## 💾 Memory -`.claude/agent-memory/harvest-curator/MEMORY.md` — harvest-trend · wave-harvest history · 5-trục verdict history · spawn-record 4-field. Tiered (L1 HOT ~30KB / L2 archive / L3 RAG-read). +`.claude/agent-memory/harvest-curator/MEMORY.md` — harvest-trend · run-folder-harvest history · 5-trục verdict history · spawn-record 4-field. Tiered (L1 HOT ~30KB / L2 archive / L3 RAG-read). ## 🔒 RULES + G-015 accuracy - Read-only + propose-only. Output qua em main verify (em main re-Read ref trước APPEND). -- 🌊 **Harness 2 audit (B6):** khi gom wave-folder, VERIFY sub-workflow CHỈ ghi `wave-/` — phát-hiện sub ghi ra MD chính (`agent-memory/*` hay canonical) = **FLAG vi-phạm isolation** cho em main (git-diff evidence). -- 🔴 **G-015 KHÔNG overclaim:** sub này = propose-only. `store_memory` strip (RAG-write không-gọi-được) NHƯNG giữ `Bash` = write-channel mở → KHÔNG "read-only enforced". Containment = em main single-writer + git-diff + chunk-count post-session. +- 🏃 **Harness-10 run-trace audit (`runs/_ledger.md:4`):** run-folder `runs//` được git **TRACKED** → mọi write HIỆN trong git-diff. Khi gom run-folder, VERIFY sub-workflow CHỈ ghi trong `runs//` (sub-md) + code-disjoint đã giao — phát-hiện tracked-change NGOÀI 2 vùng đó (`agent-memory/*` hay canonical) = **FLAG vi-phạm containment** cho em main (git-diff evidence). (Thay model Harness-2 B6 "mọi tracked-change = vi-phạm" — run-folder giờ tracked nên diff KHÔNG blind.) +- 🔴 **G-015 KHÔNG overclaim:** sub này = propose-only. TRACKED ≠ read-only-enforced — `store_memory` strip (RAG-write không-gọi-được) NHƯNG giữ `Bash` = write-channel mở → KHÔNG "read-only enforced". Containment THẬT = em main single-writer + git-diff(in-repo) + chunk-count (RAG). - KHÔNG tự ghi memory kênh nào (return delta → em main APPEND B3). diff --git a/.claude/agents/tooling-auditor.md b/.claude/agents/tooling-auditor.md index a1f0501..cbbc1e1 100644 --- a/.claude/agents/tooling-auditor.md +++ b/.claude/agents/tooling-auditor.md @@ -37,7 +37,7 @@ Audit 4-mặt freshness tooling/docs SOLUTION_ERP → @session-start báo state+ - ❌ KHÔNG fan-out repo khác (SOLUTION_ERP-self only; `cross_project_search` = READ reference, KHÔNG audit repo bạn). ## 🔗 Quan hệ (ranh giới tránh double-touch) -- vs **harvest-curator (H2):** harvest = HARVEST-MEMORY (spawn-record · 5-trục · wave-gom). tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0. +- vs **harvest-curator (H2):** harvest = HARVEST-MEMORY (spawn-record · 5-trục · run-harvest `runs//`). tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0. - vs **cicd-monitor:** cicd = post-deploy Gitea/bundle-hash/smoke + dependency CVE. tooling-auditor = MD/skill/plugin/docs/roster freshness. Khác lãnh-địa. - vs **investigator-codebase:** inv-cb = audit code/SQL/schema theo task. tooling-auditor = audit META (tooling/docs/roster) theo lifecycle session. diff --git a/.claude/commands/session-end.md b/.claude/commands/session-end.md index 1624d23..669ef7a 100644 --- a/.claude/commands/session-end.md +++ b/.claude/commands/session-end.md @@ -29,7 +29,7 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph - 🟥 **reviewer** — anti-patterns observed + Smart Friend catches + claim verification - 🟢 **cicd-monitor** — Run verdict + bundle hash rotate + Mig prod + corpus drift - 🟫 **tooling-auditor** (monitor H1) — CHỐT tooling/docs-freshness 4-mặt + new-alloc audit (chạy ở §L.b(g)) - - ⬜ **harvest-curator** (monitor H2) — GATE harvest-integrity 5-trục + wave-folder gom (chạy ở §L.b(d)(f)) + - ⬜ **harvest-curator** (monitor H2) — GATE harvest-integrity 5-trục + close-gate run-trace `runs//harvest/` (chạy ở §L.b(d)(f)) 2. Synthesize cross-agent learnings → integrate vào: - User auto-memory `MEMORY.md` (index — append entry mới, KHÔNG rewrite) @@ -48,7 +48,7 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph - **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)**. - **(d) flush agent-memory** mỗi sub đã spawn session này — **spawn-record 4-field** `{agent · task · nấc(agreed/executed/verified) · evidence}`. (0 sub spawn → "n-a".) → **⬜ harvest-curator (H2) HỖ TRỢ:** spawn → propose spawn-record cho mọi sub đã chạy → em main single-writer VERIFY → APPEND (B3 no-overwrite-unverified). - **(e) pending-request audit:** request anh CHƯA-thực-thi đã log SPECIFICS chưa (KHÔNG placeholder). -- **(f) 🌾 harvest-integrity GATE (⬜ harvest-curator H2 — 5-trục, Harness 1+2):** verify spawn-record (d) đủ+đúng mọi sub TRƯỚC khi đóng — **Coverage** (0 silent-miss) · **Completeness** (đủ 4-field) · **Placement** (delta đúng `agent-memory/X`) · **Corruption** (moved-not-cut, no-mojibake/shell-baked) · **Fidelity-FLAG** (nghi bịa/on-behalf → escalate 🟥 reviewer, KHÔNG tự phán). + **🌊 wave-folder gom (Harness 2 B5):** nếu session chạy WAVE-MODE (tồn tại `.claude/workflows/wave-*/`) → quét `sub-*.md` → consolidate APPEND `agent-memory/` + verify **B6 isolation** (git-diff: sub KHÔNG ghi ra MD chính; chunk-count: 0 RAG-write). GATE = chưa đủ 5-trục thì CHƯA đóng. +- **(f) 🌾 harvest-integrity GATE (⬜ harvest-curator H2 — 5-trục, Harness 1+2):** verify spawn-record (d) đủ+đúng mọi sub TRƯỚC khi đóng — **Coverage** (0 silent-miss) · **Completeness** (đủ 4-field) · **Placement** (delta đúng `agent-memory/X`) · **Corruption** (moved-not-cut, no-mojibake/shell-baked) · **Fidelity-FLAG** (nghi bịa/on-behalf → escalate 🟥 reviewer, KHÔNG tự phán). + **🌊 close-gate C5 Layer3 (Harness-10, thay B5 wave-gom):** với MỌI `runs//` của session → **VERIFY per-turn harvest đã xong** (em-main đã viết `runs//harvest/*.md` NGAY sau mỗi fan-out turn = C4 Layer1) + `_ledger.md` mọi run đã CLOSE-beat (closed≠⏳). 🔴 **IDEMPOTENT — close-gate chỉ VERIFY, KHÔNG re-APPEND** (per-turn đã APPEND rồi → re-APPEND = DUPLICATE-HARVEST). 5-trục GATE giữ làm **backstop**. GATE = run còn harvest/ rỗng HOẶC chưa đủ 5-trục thì CHƯA đóng. - **(g) 🔌 tooling-freshness CHỐT (🟫 tooling-auditor H1 — Harness 1):** spawn → chốt 4-mặt (skill·sub-role·plugin·docs) đổi gì session này + **new-alloc audit** (skill/plugin MỚI chưa phân-bổ → đề-xuất gán em main + sub phù-hợp vai) + flag doc-drift/roster-lệch/count-stale. Propose → em main APPEND/sửa doc (single-writer). 🔴 G-015: 2 monitor = propose-only, em main VERIFY trước APPEND (Bash residual → KHÔNG "read-only enforced"). ## Phase 2 — WRITE (update MD/RAG) diff --git a/.claude/commands/session-start.md b/.claude/commands/session-start.md index ad682bf..c31d653 100644 --- a/.claude/commands/session-start.md +++ b/.claude/commands/session-start.md @@ -68,7 +68,7 @@ Em main xác nhận **lead model resolve được** đầu session. Lead SE = ** > Đầu session: 2 monitor sub BÁO LẠI trạng-thái + **diff vs session trước** (floor Harness 1 H1.2 + H2.2). INFORM-only — em main đọc + VERIFY→APPEND nếu có delta hợp-lệ (B3), KHÔNG sub tự sửa. - **🟫 tooling-auditor (H1):** spawn → báo tooling-state 4-mặt (skill · sub-role · plugin · docs) + **DIFF vs last-session** (THÊM/ĐỔI/XÓA/stale). Bắt drift doc-vs-thực-tế ngay đầu session (vd roster/count lệch, skill stale, plugin pending). -- **⬜ harvest-curator (H2):** spawn → báo **harvest-MD mới** (workflow-wave / sub-agent / agent-team kể từ last) + **delta mồ-côi chưa-APPEND** + wave-folder tồn-đọng. Bắt 0-byte memory (gotcha #53) + delta chưa thu-hoạch. +- **⬜ harvest-curator (H2):** spawn → báo **harvest-MD mới** (run-trace `runs//harvest/` / sub-agent / agent-team kể từ last) + **delta mồ-côi chưa-APPEND** + **scan `runs/*/` tìm OPEN-beat (ledger `_ledger.md` cột closed=⏳) mà `harvest/` rỗng = orphan run** (C5 Layer2 post-exec rescan — bù khi C4 per-turn miss hoặc session trước chết giữa run). Bắt 0-byte memory (gotcha #53) + delta chưa thu-hoạch. - Cơ-chế = báo-lại-diff đầu session (FORM tự do trình bày). 2 monitor spawn parallel OK. **Light session / hỏi-đáp → có thể skip; bug/feature/multi-agent/wave session → nên chạy.** ### 2.1.2 Memory L2 budget-audit (Harness-9 — 2026-06-17) diff --git a/.claude/workflows/README.md b/.claude/workflows/README.md index c153d28..8b1503e 100644 --- a/.claude/workflows/README.md +++ b/.claude/workflows/README.md @@ -1,47 +1,50 @@ -# `.claude/workflows/` — Workflow + wave-folder convention (Harness 2) +# `.claude/workflows/` — Workflow fan-out + run-trace convention (Harness-10) -> **Mục đích:** convention cho HMW workflow fan-out + **wave-folder memory-isolation** (adopt AI_INFRA Harness 2, anh 06-07). Canonical rule: AI_INFRA `CANONICAL-RULES.md` §J4 (return-delta default) + §J6 (wave-mode + agent-team) — pull qua `cross_project_search`, KHÔNG copy. Tailor SE 8-role roster + S1 scope. +> **Mục đích:** convention cho HMW workflow fan-out + **run-trace folder** (mỗi workflow run → 1 thư mục `runs//` git **TRACKED**, gom plan + per-sub + harvest + ledger 2-nhịp). Adopt AI_INFRA Harness-10 (anh 06-18) — kế thừa wave-folder memory-isolation Harness-2 nhưng **đổi từ transient-gitignored sang tracked-run-folder** để audit trực-tiếp qua git-diff. Canonical rule: AI_INFRA `CANONICAL-RULES.md` §J4 (return-delta default) + §J6 (run-trace + agent-team) — pull qua `cross_project_search`, KHÔNG copy. Tailor SE 8-role roster + S1 scope. ## Files (tracked) -- `hmw.js` — HMW P2 fan-out script. 2 mode: DEFAULT return-delta-only (§J4) · WAVE-MODE (§J6, `args.wave`). +- `hmw.js` — HMW P2 fan-out script. 2 mode: DEFAULT return-delta-only (§J4) · RUN-TRACE mode (§J6, `args.run`). - `README.md` — file này (convention). -- `wave-/` — **gitignored** (`.gitignore:93` `.claude/workflows/wave-*/`), transient per-workflow. +- `runs/` — **git TRACKED** (qua negation `.gitignore:83 !.claude/**`), không gitignore. Mỗi workflow run = 1 sub-folder `runs//`. Xem `runs/README.md` cho cấu trúc chi-tiết + ledger 2-nhịp + 3-layer anti-miss. -## 2 MODE memory (ADD — anh 06-07, KHÔNG thay return-delta) +## Run-trace = mỗi workflow run → `runs//` TRACKED +Mỗi lần chạy workflow fan-out (RUN-TRACE mode) → **1 thư mục run** git theo dõi, gồm: -| | DEFAULT return-delta-only (§J4) | WAVE-MODE (§J6, Harness 2) | +``` +.claude/workflows/runs// ← TRACKED (hiện trong git-diff = audit trực-tiếp) +├── run.md ← Run-MD chính — EM MAIN ghi @P1 (plan + agents-table + spec + guards + status OPEN→CLOSE) +├── sub-md/-.md ← per-sub — full working detail (write-sub tự ghi @P2 · read-only sub → em main scribe @P3) +└── harvest/-synthesis.md ← gom kết-quả — EM MAIN ghi NGAY sau mỗi fan-out turn (C4 per-turn primary) +``` +- `runs/_ledger.md` — sổ run **2-nhịp**: ghi **OPEN-beat** lúc mở run + **CLOSE-beat** (timestamp + verdict + harvest) lúc đóng. **Orphan** = OPEN mà không CLOSE → phải giải-quyết-cứng (điều tra + đóng tay hoặc đánh-dấu aborted). Chi-tiết `runs/README.md`. + +## 2 MODE memory (anh 06-07, KHÔNG thay return-delta) + +| | DEFAULT return-delta-only (§J4) | RUN-TRACE mode (§J6) | |---|---|---| -| Khi dùng | fan-out NHẸ (~2-3 phút, read/analyze — vd recon wave) | workflow DÀI / sinh nhiều detail | -| Sub ghi file? | KHÔNG — chỉ return `memoryDelta` | GHI full-detail vào `wave-/sub--.md` | -| Lead làm | VERIFY + APPEND @P3 (B3) | đọc wave on-demand + H2 gom @session-end (B5) | -| Rủi ro mất detail | có (delta lossy) — chấp nhận cho việc nhẹ | KHÔNG (full-detail giữ isolated) | +| Khi dùng | fan-out NHẸ (~2-3 phút, read/analyze — vd recon) | workflow DÀI / sinh nhiều detail / cần audit-trail | +| Sub ghi file? | KHÔNG — chỉ return `memoryDelta` + `findings` | write-sub GHI full-detail vào `runs//sub-md/-.md`; read-only sub → `findings` + `subMdPath` → em main scribe | +| Lead làm | VERIFY + APPEND @P3 (B3) | đọc `sub-md/` on-demand + ghi `harvest/` per-turn (C4) + H2 gom @session-end (B5, backstop) | +| Rủi ro mất detail | có (delta lossy) — chấp nhận cho việc nhẹ | KHÔNG (full-detail giữ trong run-folder tracked) | -> Mặc định DEFAULT. WAVE-MODE chỉ bật khi workflow dài/nhiều detail (set `args.wave`). KHÔNG bắt mọi fan-out wave-folder. +> Mặc định DEFAULT. RUN-TRACE chỉ bật khi workflow dài/nhiều detail/cần dấu-vết (set `args.run = {name, dir}`). KHÔNG bắt mọi fan-out tạo run-folder. -## Wave-folder structure (WAVE-MODE) -``` -.claude/workflows/wave-/ ← gitignored (transient; H2 gom rồi → có thể xóa sau commit) -├── wave.md ← Wave-MD chính — EM MAIN ghi @P1 (task-list + vai + spec + status + harvest-state) -├── sub--.md ← sub-MD — SUB tự ghi @P2 (vd sub-investigator-codebase-0.md) — full working detail -└── _harvest.md ← H2 (harvest-curator) ghi propose @session-end (gom gì về agent-memory nào) -``` - -## Quy trình WAVE-MODE (B1–B6) -1. **B3 SCAFFOLD TRƯỚC (em main @P1):** tạo folder `wave-/` + `wave.md` (task-list + vai rõ). ⚠️ `hmw.js` chạy JS-sandbox **no-filesystem** → KHÔNG tự tạo folder; **em main Write @P1** TRƯỚC khi invoke Workflow. +## Quy trình RUN-TRACE (B1–B6) +1. **B3 SCAFFOLD TRƯỚC (em main @P1):** tạo `runs//` + `run.md` + `sub-md/.gitkeep` + `harvest/.gitkeep`, **và ghi OPEN-beat vào `runs/_ledger.md`**. ⚠️ `hmw.js` chạy JS-sandbox **no-filesystem** → KHÔNG tự tạo folder; **em main Write @P1** TRƯỚC khi invoke Workflow. (Đây là fragile-point — quên scaffold = run mất dấu-vết âm-thầm; xem `runs/README.md` §C7.) 2. **B1 spawn-from-real-sub:** mỗi task `role ∈ VALID_ROLES` (8 sub) → workflow-agent = sub THẬT (`agentType` inherit memory-pack slice + skill identity), KHÔNG agent vô-danh. -3. **B4 phân-quyền TOOL-AWARE:** `hmw.js` inject vào prompt mỗi sub đường-dẫn `sub--.md` + lệnh ghi ĐÚNG file đó. +3. **B4 phân-quyền TOOL-AWARE:** `hmw.js` inject vào prompt mỗi sub đường-dẫn `runs//sub-md/-.md` + lệnh ghi ĐÚNG file đó. - **Write sub (CÓ Write/Edit):** implementer-backend · implementer-frontend · test-specialist · frontend-designer → ghi-direct sub-MD via Write/Edit. - **Read-only sub (CHỈ Bash):** investigator-codebase · investigator-api · reviewer · cicd-monitor → 🔴 KHÔNG Bash-write MD (mojibake) → full-detail vào `findings` + `subMdPath` → **em main scribe @P3** (single-writer). -4. **B6 ISOLATION (AUDIT cẩn-thận):** sub CHỈ ghi `wave-/sub-*.md` (+ code-file-disjoint nếu giao). 🔴 KHÔNG ghi `agent-memory/*` chính · KHÔNG MD canonical (CLAUDE/README/STATUS/agents) · KHÔNG sub-MD agent khác. **Em main `git status`/`git diff` + chunk-count sau P2** → tracked-file đổi NGOÀI code-disjoint = **vi-phạm** (wave-folder gitignored nên KHÔNG hiện trong diff = sạch). Verify pattern bằng `git check-ignore -v` (test match thật, đừng tin .gitignore text). -5. **B5 HARVEST (⬜ harvest-curator H2 @session-end §L.b(f)):** đọc `wave-/sub-*.md` → 5-trục integrity → đề-xuất em main consolidate APPEND vào `agent-memory/` sub tương-ứng → sub-chính có đầy-đủ memory. Ghi `_harvest.md` propose. +4. **B6 ISOLATION (AUDIT cẩn-thận):** sub CHỈ ghi trong `runs//` (sub-md của mình) + code-file-disjoint nếu giao. 🔴 KHÔNG ghi `agent-memory/*` chính · KHÔNG MD canonical (CLAUDE/README/STATUS/agents) · KHÔNG sub-MD agent khác. **Em main `git status`/`git diff` + chunk-count sau P2** → **run-folder TRACKED → mọi write trong run-folder HIỆN trong diff = audit trực-tiếp**; tracked-change NGOÀI `runs//` VÀ NGOÀI code-disjoint đã giao = **vi-phạm** (thay model Harness-2 B6 "mọi tracked-change = vi-phạm"). Verify pattern bằng `git check-ignore -v` (test match thật, đừng tin .gitignore text — bẫy exit-code: dùng `&& IGNORED || NOT`). +5. **B5 HARVEST (per-turn primary C4 + close-gate backstop):** em main ghi `harvest/-synthesis.md` **NGAY sau mỗi fan-out turn** (đọc `sub-md/` + findings → 5-trục integrity → consolidate). @session-end ⬜ harvest-curator H2 §L.b(f) **VERIFY per-turn harvest đã xong cho mọi `runs//`** (idempotent — KHÔNG re-APPEND, chống DUPLICATE-HARVEST) + giữ 5-trục GATE làm backstop, rồi đề-xuất em main APPEND vào `agent-memory/` sub tương-ứng. ## Agent-team (`.claude/agent-teams//` — gitignored `.gitignore:94`) - Cùng nguyên-lý isolation: teammate **KHÔNG có memory-dir built-in** (khác subagent) → folder riêng cho teammate ghi MD-session (A1, tránh overwrite memory chuẩn). - Team spawn TỪ **sub-agent chính có memory dự-án rõ-ràng** (A2 — mang identity/skill sub thật trong 8 roster). -- H2 harvest-curator gom `.claude/agent-teams//` → agent-memory tương-ứng (giống wave). +- H2 harvest-curator gom `.claude/agent-teams//` → agent-memory tương-ứng (giống run-trace). - ⚠️ **Caveat: Agent-Team experimental + Windows 11 in-process only** (no split-pane) → SE **CHƯA dùng team thật** → A = **convention-ready** (n-a runtime), cơ-chế isolation chung qua workflow. ## Guard - **S1:** Workflow CHỈ repo SOLUTION_ERP — KHÔNG fan-out repo/corpus khác (`cross_project_search` = READ reference only). - **S2/S3:** chỉ chạy khi HMW-mode ON (`/ultra-on` → marker `.claude/hmw-mode.on`) + checkpoint INFORM (`hmw.js` throw nếu `checkpointApproved≠true`) + sub KHÔNG spawn sub. -- **G-015 accuracy:** isolation = defense-in-depth (gitignore wave-*/ + em main git-diff post-P2 + chunk-count), KHÔNG sandbox cứng. Read-only sub vẫn giữ Bash = ghi-ngoài-repo (git-diff mù) / curl Qdrant (chunk-count bắt). KHÔNG claim "ENFORCED". +- **G-015 accuracy (no-overclaim):** run-folder TRACKED ≠ read-only-ENFORCED — sub vẫn giữ Bash (write-channel mở: ghi-ngoài-repo git-diff mù / curl Qdrant). Containment THẬT = **em-main single-writer + git-diff (in-repo, run-folder tracked nên hiện) + chunk-count (RAG)**, defense-in-depth, KHÔNG sandbox cứng. KHÔNG claim "ENFORCED", KHÔNG bỏ chunk-count. diff --git a/.claude/workflows/hmw.js b/.claude/workflows/hmw.js index 0fa7944..5ac65ec 100644 --- a/.claude/workflows/hmw.js +++ b/.claude/workflows/hmw.js @@ -2,11 +2,11 @@ // top-level await/return hợp lệ); KHÔNG node-runnable trực tiếp (`node hmw.js` sẽ lỗi await). // Em main lo P0/P1/P3/P4 NGOÀI workflow; script này CHỈ lo P2 fan-out. // Invoke bằng {scriptPath} (no hot-reload — restart/re-invoke sau khi sửa). Scope = repo SOLUTION_ERP ONLY (S1). -// ⚠️ Script chạy JS-sandbox KHÔNG filesystem → KHÔNG tự tạo folder/ghi file. Scaffold wave-folder = EM MAIN @P1 (Harness 2 B3). +// ⚠️ Script chạy JS-sandbox KHÔNG filesystem → KHÔNG tự tạo folder/ghi file. Scaffold run-folder runs// (TRACKED) = EM MAIN @P1 (Harness-10, supersedes Harness 2 B3 wave-folder). export const meta = { name: 'hmw', - description: 'HMW P2 execute (SOLUTION_ERP) — fan-out 9-agent roster có MEMORY-PACK slice (qua args vì script không đọc file) + return findings + checklistEvidence + memoryDelta (spawn-record 4-field). 2 MODE (Harness 2, 06-07): (A) DEFAULT return-delta-only — fan-out nhẹ, sub KHÔNG ghi file, git-diff verify. (B) WAVE-MODE (args.wave) — workflow DÀI, em main scaffold .claude/workflows/wave-/ @P1, sub ghi full-detail vào CHỈ sub-MD mình (B4/B6), H2 harvest-curator gom wave→agent-memory @session-end (B5). taskList thoải mái (queue theo slot, không cap cứng). memoryDelta KHÔNG tự ghi — em main VERIFY + APPEND-only @P3 (no-overwrite-unverified, B3). Two-tier model H4.5 (Harness-4 2026-06-10): promote-roles inherit Fable 5 · demoted-roles pin Opus 4.8 (frontmatter) · role-less \'opus\' · per-task tier:\'fable\'|\'opus\' override. Scope = repo SOLUTION_ERP ONLY (S1 — KHÔNG fan-out repo/corpus khác).', + description: 'HMW P2 execute (SOLUTION_ERP) — fan-out 9-agent roster có MEMORY-PACK slice (qua args vì script không đọc file) + return findings + checklistEvidence + memoryDelta (spawn-record 4-field). 2 MODE (Harness 2, 06-07): (A) DEFAULT return-delta-only — fan-out nhẹ, sub KHÔNG ghi file, git-diff verify. (B) RUN-TRACE mode (args.run, Harness-10) — workflow DÀI, em main scaffold .claude/workflows/runs// TRACKED (run.md+sub-md/+harvest/) @P1, sub ghi full-detail vào CHỈ sub-md/ mình (B4/B6), harvest per-turn primary (C4) + H2 gom @session-end = backstop verify-idempotent. taskList thoải mái (queue theo slot, không cap cứng). memoryDelta KHÔNG tự ghi — em main VERIFY + APPEND-only @P3 (no-overwrite-unverified, B3). Two-tier model H4.5 (Harness-4 2026-06-10): promote-roles inherit Fable 5 · demoted-roles pin Opus 4.8 (frontmatter) · role-less \'opus\' · per-task tier:\'fable\'|\'opus\' override. Scope = repo SOLUTION_ERP ONLY (S1 — KHÔNG fan-out repo/corpus khác).', phases: [{ title: 'Execute', detail: 'fan-out memory-pack-injected agents, structured return' }], } @@ -16,7 +16,7 @@ export const meta = { // spec: '', // checkpointApproved: true, // em main set SAU khi BÁO {số agent·vai·task} @inform (S2) // taskList: [ { role:, label:'..', prompt:'..', tier:'fable'|'opus'? }, ... ] // tier = per-task model override (H4.5) -// wave: { name:'', dir:'.claude/workflows/wave-' } // OPTIONAL — bật WAVE-MODE (B). Folder + wave.md em main ĐÃ scaffold @P1 (script no-fs). +// run: { name:'', dir:'.claude/workflows/runs/' } // OPTIONAL — bật RUN-TRACE mode (B, Harness-10 TRACKED). Folder + run.md em main ĐÃ scaffold @P1 (script no-fs). [legacy alias: args.wave] // } const VALID_ROLES = [ @@ -49,7 +49,7 @@ const SCHEMA = { properties: { findings: { type: 'string', description: 'Kết quả chính. MỌI claim kèm evidence file:line. KHÔNG narrative suông.' }, checklistEvidence: { type: 'string', description: 'Bằng chứng cho acceptance-checklist P1 (số đo / PASS-FAIL / verdict).' }, - subMdPath: { type: 'string', description: 'WAVE-MODE: đường-dẫn sub-MD agent đã ghi (em main/H2 đọc on-demand). DEFAULT-mode: bỏ trống.' }, + subMdPath: { type: 'string', description: 'RUN-TRACE mode: đường-dẫn sub-md/-.md agent đã ghi (em main/H2 đọc on-demand). DEFAULT-mode: bỏ trống.' }, memoryDelta: { type: 'object', description: 'Spawn-record 4-field — RETURN-only để EM MAIN harvest @P3. Agent KHÔNG tự ghi ký ức (KHÔNG file MEMORY.md, KHÔNG store_memory/RAG). Em main VERIFY + APPEND-only (KHÔNG overwrite entry cũ nếu chưa kiểm tra — B3).', @@ -84,14 +84,15 @@ if (A.taskList.length > 16) { const memoryPack = A.memoryPack || {} const spec = A.spec || '' -// ─── WAVE-MODE (Harness 2 B) ───────────────────────────────────────────────── -// wave = { name, dir }. Folder + wave.md em main ĐÃ scaffold @P1 (script no-fs). Bật → sub ghi full-detail -// vào CHỈ sub-MD mình + return memoryDelta. Isolation B6 (gitignore wave-*/ + em main git-diff post-P2 + chunk-count). -const wave = (A.wave && A.wave.dir) ? A.wave : null -if (wave) log(`hmw: WAVE-MODE on → dir=${wave.dir} (sub ghi sub-MD isolated; em main scaffold @P1; H2 harvest-curator gom @session-end B5).`) +// ─── RUN-TRACE mode (Harness-10, supersedes Harness-2 wave-mode B) ──────────── +// run = { name, dir }. Folder runs// (TRACKED) + run.md em main ĐÃ scaffold @P1 (script no-fs). Bật → sub ghi full-detail +// vào CHỈ sub-md/ mình + return memoryDelta. Containment: tracked-change NGOÀI run-folder + code-disjoint = vi-phạm +// (run-folder TRACKED → HIỆN trong git-diff = audit trực-tiếp; em main git-diff post-P2 + chunk-count RAG). [legacy alias args.wave] +const wave = (A.run && A.run.dir) ? A.run : ((A.wave && A.wave.dir) ? A.wave : null) +if (wave) log(`hmw: RUN-TRACE mode on → dir=${wave.dir} (TRACKED; sub ghi sub-md/ isolated; em main scaffold @P1; harvest per-turn primary C4, H2 gom @session-end = backstop).`) phase('Execute') -log(`HMW P2: fan-out ${A.taskList.length} task (${wave ? 'WAVE-MODE' : 'return-delta-only'}, H8 all-inherit top-tier, memory-pack-injected, scope=SOLUTION_ERP repo only)`) +log(`HMW P2: fan-out ${A.taskList.length} task (${wave ? 'RUN-TRACE' : 'return-delta-only'}, H8 all-inherit top-tier, memory-pack-injected, scope=SOLUTION_ERP repo only)`) const results = await parallel(A.taskList.map((t, i) => () => { const raw = t && t.role @@ -99,19 +100,19 @@ const results = await parallel(A.taskList.map((t, i) => () => { if (raw && !role) log(`⚠️ hmw: agentType "${raw}" ∉ VALID_ROLES → default subagent cho task #${i}`) const mem = role && memoryPack[role] ? memoryPack[role] : '' - const subMd = wave ? `${wave.dir}/sub-${role || 'task'}-${i}.md` : null + const subMd = wave ? `${wave.dir}/sub-md/${role || 'task'}-${i}.md` : null // Harness-10: sub-md/ subdir under runs// // Write-guard TOOL-AWARE theo MODE (B6 isolation). SE read-only sub (KHÔNG Write tool): investigator-codebase/api, // reviewer, cicd-monitor (+ monitor tooling-auditor/harvest-curator). Write sub: implementer-backend/frontend, test-specialist, frontend-designer. const writeGuard = wave ? [ - `## ✍️ WAVE-MODE ghi sub-MD (Harness 2 B4/B6) — TOOL-AWARE (chống mojibake G-009):`, + `## ✍️ RUN-TRACE ghi sub-md/ (Harness-10 B4/B6, supersedes Harness 2 wave) — TOOL-AWARE (chống mojibake G-009):`, `- Full-detail công-việc của mày → ĐÚNG 1 file: \`${subMd}\` (folder đã scaffold sẵn — KHÔNG tạo folder).`, ` • NẾU mày CÓ Write/Edit tool (implementer-backend/frontend, test-specialist, frontend-designer): GHI TRỰC TIẾP via Write/Edit. 🔴 KHÔNG Bash-write MD ($-expansion/mojibake).`, ` • NẾU mày CHỈ có Bash (read-only sub: investigator-codebase/api, reviewer, cicd-monitor — KHÔNG Write tool): 🔴 TUYỆT ĐỐI KHÔNG Bash-write MD → để full-detail trong "findings" + đặt subMdPath="${subMd}"; EM MAIN scribe @P3 (single-writer Write-tool, no-corruption).`, - `- 🔴 ISOLATION (B6, AUDIT): CHỈ ghi \`${subMd}\` (+ code-file-disjoint nếu task giao). TUYỆT ĐỐI KHÔNG ghi/sửa: agent-memory/* (MEMORY.md BẤT KỲ sub) · MD canonical (CLAUDE/README/STATUS/agents) · sub-MD agent khác. Em main git-status/diff audit sau P2 — tracked-file đổi ngoài code-disjoint = vi-phạm.`, - `- LUÔN return: findings (FULL) + checklistEvidence + memoryDelta (4-field) + subMdPath="${subMd}". H2 harvest-curator gom @session-end (B5) → agent-memory/${role || 'sub'}.`, - `- 🔴 KHÔNG store_memory/RAG-write · KHÔNG Bash curl/HTTP Qdrant (:6333 = git-diff MÙ, chỉ chunk-count bắt) · KHÔNG ghi file NGOÀI repo/wave-folder. RAG single-writer=em main; containment = git-diff(in-repo)+chunk-count(RAG) [G-015].`, + `- 🔴 ISOLATION (B6→Harness-10, AUDIT): CHỈ ghi \`${subMd}\` (+ code-file-disjoint nếu task giao). TUYỆT ĐỐI KHÔNG ghi/sửa: agent-memory/* (MEMORY.md BẤT KỲ sub) · MD canonical (CLAUDE/README/STATUS/agents) · sub-MD agent khác. Em main git-status/diff audit sau P2 — tracked-file đổi NGOÀI run-folder (runs//) + code-disjoint = vi-phạm (run-folder TRACKED → HIỆN trong diff).`, + `- LUÔN return: findings (FULL) + checklistEvidence + memoryDelta (4-field) + subMdPath="${subMd}". Harvest per-turn primary (C4); H2 gom @session-end = backstop verify-idempotent → agent-memory/${role || 'sub'}.`, + `- 🔴 KHÔNG store_memory/RAG-write · KHÔNG Bash curl/HTTP Qdrant (:6333 = git-diff MÙ, chỉ chunk-count bắt) · KHÔNG ghi file NGOÀI repo/run-folder. RAG single-writer=em main; containment = git-diff(in-repo)+chunk-count(RAG) [G-015].`, ].join('\n') : [ `## OUTPUT write-guard (DEFAULT return-delta-only):`, diff --git a/.claude/workflows/runs/2026-06-18-h10-implement/harvest/.gitkeep b/.claude/workflows/runs/2026-06-18-h10-implement/harvest/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.claude/workflows/runs/2026-06-18-h10-implement/harvest/implement-synthesis.md b/.claude/workflows/runs/2026-06-18-h10-implement/harvest/implement-synthesis.md new file mode 100644 index 0000000..232bc2c --- /dev/null +++ b/.claude/workflows/runs/2026-06-18-h10-implement/harvest/implement-synthesis.md @@ -0,0 +1,28 @@ +# IMPLEMENT synthesis — Harness-10 applied (em-main single-writer, C4 per-turn) + +> Workflow `wf_e4e46725-231` · 3 general-purpose file-disjoint + em-main cluster. **Self-gate: 3/3 agents DONE tốt, 0 stray, wording đồng-bộ.** + +## Files changed (containment audit CLEAN — git status khớp tập dự kiến) +| Actor | File | Δ | +|---|---|---| +| 🟦 Agent 1 | `agents/README.md` | :111 decision-tree wave→run-harvest · :162 G-015 containment model mới | +| 🟦 Agent 1 | `agents/harvest-curator.md` | scan-path wave→`runs//sub-md/` · per-turn-primary C4 · **DEDUP note** · B6→tracked model | +| 🟦 Agent 1 | `agents/tooling-auditor.md` | :40 wave-gom→run-harvest (H1/H2 split intact) | +| 🟦 Agent 2 | `commands/session-end.md` | :51 close-gate C5 L3 **idempotent VERIFY-not-re-APPEND** + 5-trục backstop · :32 repoint | +| 🟦 Agent 2 | `commands/session-start.md` | :71 C5 L2 orphan-scan (`runs/*/` OPEN-beat + harvest/ rỗng) | +| 🟦 Agent 3 | `workflows/README.md` | FULL rewrite wave→run-trace · :38 STALE "gitignored=sạch" REPLACED · :50 G-015 repoint | +| 🟦 Agent 3 | `workflows/runs/README.md` (NEW) | 80 dòng C1-C7 + caveat trung-thực + verify-pattern exit-code trap | +| 👤 Em-main | `.gitignore` | block Harness-10 (runs/ tracked via negation, wave-*/ legacy, exit-code trap note) | +| 👤 Em-main | `hmw.js` | accept `args.run` (alias wave) · path `sub-md/` · wording containment · 9 comment/string refs wave→RUN-TRACE | + +## Self-gate verdict +- **Containment 🟢 CLEAN:** git status = 8 Harness-10 file + runs/ untracked + (residual) investigator MEMORY + (pre-existing) CLAUDE.md. KHÔNG stray ngoài tập. +- **Wording đồng-bộ 4 file 🟢:** model containment khớp `_ledger:4` ↔ `hmw.js:89/113` ↔ `README:38/50` ↔ `runs/README:78/80`. (risk #6 xử xong.) +- **Stale-wave sweep:** còn lại đều contextualized (transition-note / frozen-historical `agents/README:8` = upgrade-log Harness-2 06-07, đúng giữ). Em fix 3 ref em sót hmw.js (:52/:95/:109). + +## Residuals → closeout (KHÔNG block REVIEW) +1. `investigator-codebase/MEMORY.md` (+6, 29.8KB over-cap) = race INVEST (4 agent tự ghi). Em-main reconcile (consolidate→1 entry, curate dưới cap) @closeout. +2. `CLAUDE.md` pre-existing = flush test-count 263→306 (đúng, KEEP+commit — resolve H1 stale flag). +3. `session-start.md:72` "wave session" = session-TYPE (fan-out session), semantically OK — Agent 2 giữ đúng (không phải wave-folder mechanism). + +## → REVIEW (Stage 3): verify 0-byte-loss frozen evidence · hmw.js parse · floor C1-C8 đúng-nấc · wording 4-file · containment model valid. diff --git a/.claude/workflows/runs/2026-06-18-h10-implement/run.md b/.claude/workflows/runs/2026-06-18-h10-implement/run.md new file mode 100644 index 0000000..f56b105 --- /dev/null +++ b/.claude/workflows/runs/2026-06-18-h10-implement/run.md @@ -0,0 +1,25 @@ +# RUN — Harness-10 adap · STAGE 2 IMPLEMENT + +- **run-id (folder):** 2026-06-18-h10-implement +- **workflow run-id (evidence B3):** wf_e4e46725-231 +- **adap:** Harness-10 run-trace folder convention +- **checkpoint:** APPROVED (anh chốt full-adopt + dogfood qua HMW) +- **opened:** 2026-06-18 08:42 +07 +- **input spec:** `../2026-06-18-h10-invest/harvest/invest-synthesis.md` +- **status:** OPEN → running + +## Split (file-disjoint — KHÔNG chồng lấn) +| Actor | Files | Nội dung | +|---|---|---| +| 🟦 Agent 1 (general-purpose) | `agents/README.md` · `harvest-curator.md` · `tooling-auditor.md` | text repoint wave→run-trace (:111/:162 · :22-28/:52 · :40) | +| 🟦 Agent 2 (general-purpose) | `commands/session-end.md` · `session-start.md` | C4 close=verify-idempotent · C5 L2 orphan-scan · L3 close-gate | +| 🟦 Agent 3 (general-purpose) | `workflows/README.md` (full rewrite) · NEW `runs/README.md` | convention doc + caveat C7 + repoint G-015 :35/:47 | +| 👤 Em-main (single-writer) | `.gitignore` · `hmw.js` · `harvest-curator/MEMORY.md` | MECHANISM cluster (live engine + wording-critical :112) + reconcile | + +## Guards áp cho agent (từ synthesis RISKS) +- Return-delta-only, **KHÔNG tự ghi MEMORY.md** (race observed @INVEST). +- Containment wording PHẢI khớp `runs/_ledger.md:4` (3 chỗ đồng bộ: README/hmw.js/_ledger). +- DO-NOT-EDIT frozen evidence (broadcasts/** · adap-reports/2026-06-07-harness-2 · error-ledger:86 · sessions/* · STATUS:217-226 · HANDOFF · archives). +- G-015 no-overclaim: TRACKED ≠ read-only-enforced. + +## Output → `harvest/implement-synthesis.md` (em main @P3) diff --git a/.claude/workflows/runs/2026-06-18-h10-implement/sub-md/.gitkeep b/.claude/workflows/runs/2026-06-18-h10-implement/sub-md/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.claude/workflows/runs/2026-06-18-h10-invest/harvest/.gitkeep b/.claude/workflows/runs/2026-06-18-h10-invest/harvest/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.claude/workflows/runs/2026-06-18-h10-invest/harvest/invest-synthesis.md b/.claude/workflows/runs/2026-06-18-h10-invest/harvest/invest-synthesis.md new file mode 100644 index 0000000..55b39af --- /dev/null +++ b/.claude/workflows/runs/2026-06-18-h10-invest/harvest/invest-synthesis.md @@ -0,0 +1,43 @@ +# INVEST synthesis — Harness-10 build spec (em-main single-writer, C4 per-turn) + +> Workflow `wf_9c2cd2cd-2e7` · 4× investigator-codebase. **Self-gate:** B+C+D xuất sắc, **A hỏng (stub rác `area:test`)** — B đã cover trọn hmw.js wiring → bù đủ, KHÔNG cần redo A. + +## Build plan (2-tier theo recommendation B/C/D) + +### TIER 1 — MECHANISM (careful, đổi behavior) +**1. `.gitignore`** (B/C/D đồng thuận): +- `runs/` **ĐÃ tracked** qua negation `!.claude/**` (`:83`) → **KHÔNG cần thêm dòng**. +- `:93` `.claude/workflows/wave-*/` → **giữ làm legacy** (no wave-*/ tồn tại; xóa cũng được nhưng giữ an toàn hơn) + thêm comment "superseded by runs/ (Harness-10, tracked)". +- `:92` verify-comment STALE (`wave-x` path) → cập nhật sang `runs/` + ghi-chú **bẫy exit-code** (`check-ignore` exit 0 cho CẢ negation lẫn ignore → dùng `&& IGNORED || NOT`). +- `:94` agent-teams = n-a Windows in-process (giữ). + +**2. `.claude/workflows/hmw.js`** (rename wave→run, 2-MODE logic GIỮ): +- `:9` meta.description · `:19` args doc (`wave:{name,dir}`→`run:{name,dir}`) · `:52` SCHEMA subMdPath · `:87-91`/`:90` WAVE-MODE detect (`const wave`→`const run`) · `:91`/`:94` log · `:102` subMd path (`wave.dir`→`runs//sub-md/-.md`) · writeGuard `:106-120` (thêm `harvest/` path + đổi model wording) · prompt `:122-134`/`:131`. +- 🔴 **`:112` CRITICAL** — đổi "tracked-file đổi NGOÀI code-disjoint = vi-phạm" → "...NGOÀI **run-folder** + code-disjoint = vi-phạm" (chỉ thiếu chữ "run-folder"). +- C5 Layer1: thêm reminder "run trước OPEN-beat chưa harvest" vào prompt-builder. +- ⚠️ **No hot-reload** (`:4`) → executed-file VERIFIED-pending-restart. + +### TIER 2 — TEXT (rename + repoint, no logic) +| File | Đổi | +|---|---| +| `.claude/workflows/README.md` (48 dòng) | **Full rewrite** wave→runs convention (run.md+sub-md/+harvest/+ledger 2-nhịp). 🔴 `:35` xóa parenthetical STALE "(wave gitignored nên KHÔNG hiện diff = sạch)" → "run-folder TRACKED nên HIỆN diff = audit trực-tiếp". `:47` repoint G-015. | +| `session-end.md` | `:51` §L.b(f) wave-gom B5 → **VERIFY per-turn harvest đã xong cho mọi runs//** + giữ 5-trục GATE làm backstop (C5 L3). 🔴 **idempotent: VERIFY không re-APPEND** (chống DUPLICATE-HARVEST). `:32`/`:49` repoint. | +| `session-start.md` | `:71` §2.1.1 H2 mở rộng: scan `runs/*/` tìm **OPEN-beat (ledger closed=⏳) mà harvest/ rỗng = orphan** (C5 L2). | +| `agents/README.md` | `:111` decision-tree wave-gom→run-harvest · `:162` repoint G-015 containment caveat (wave-gitignored claim giờ false cho runs/). | +| `agents/harvest-curator.md` | `:22-28` scan path `wave-/sub-*.md`→`runs//sub-md/` · `:52` B6 audit repoint · cân nhắc thêm **DEDUP axis** (`:23` 5-trục) chống double-APPEND. | +| `agents/tooling-auditor.md` | `:40` wave-gom→run-harvest (giữ H1/H2 split). | +| `agent-memory/harvest-curator/MEMORY.md` | `:13/:20/:26` diary (em-main proxy, low-pri). | + +### NEW machinery (em-main) +- `.claude/workflows/runs/README.md` — convention doc (cấu trúc 3-phần + ledger 2-nhịp + 3-layer + **caveat C7 trung thực**: engine no-fs, scaffold = em-main @P1, 3-layer = lưới KHÔNG khoá-cứng, fragile-point C2). +- `_ledger.md` — đã có (2-nhịp). +- C4 per-turn primary = quy ước em-main: viết `harvest/` NGAY sau mỗi fan-out turn (như file này). + +## RISKS/GUARDS (B+C+D) +1. 🔴 **DO-NOT-EDIT frozen evidence:** `broadcasts/**` · `adap-reports/2026-06-07-Agent-harness-2.md` · `error-ledger.md:86` · `docs/changelog/sessions/*` · `STATUS.md:217-226` · `HANDOFF.md:341-365` · `agent-memory/*/archive/*` + `_INDEX.md` · `inbox/README.md:15`. +2. **gitignore last-match-wins** (`:82-83` negation) — đừng thêm ignore phá runs/. +3. **check-ignore exit-code trap** — verify dùng `&& IGNORED || NOT`. +4. **G-015 no-overclaim** — TRACKED ≠ read-only-enforced; Bash residual còn; containment = em-main single-writer + git-diff + chunk-count. KHÔNG bỏ chunk-count. +5. **DUPLICATE-HARVEST** — per-turn + close-gate: close-gate VERIFY idempotent. +6. **3 chỗ wording "vi-phạm" phải đồng-bộ:** `README.md:35` + `hmw.js:112` + `_ledger.md:4`. +7. **Concurrency** — fan-out same-role → sub return-delta-only, KHÔNG tự ghi MEMORY chung (race observed run này); 1 sub-MD/role/turn. diff --git a/.claude/workflows/runs/2026-06-18-h10-invest/run.md b/.claude/workflows/runs/2026-06-18-h10-invest/run.md new file mode 100644 index 0000000..3bb10f3 --- /dev/null +++ b/.claude/workflows/runs/2026-06-18-h10-invest/run.md @@ -0,0 +1,22 @@ +# RUN — Harness-10 adap · STAGE 1 INVESTIGATE + +- **run-id (folder):** 2026-06-18-h10-invest +- **workflow run-id (evidence B3):** wf_9c2cd2cd-2e7 +- **adap:** Harness-10 (run-trace folder convention) + checklist Harness-9/10 self-verify +- **mandate:** Harness-9 PART 2 — 2-workflow tách biệt; anh chốt full-adopt + dogfood qua HMW đủ 3 stage (invest → implement → review) +- **checkpoint:** APPROVED (HMW-mode ON + anh chốt "full-adap + dogfood ngay qua HMW đủ các bước") +- **opened:** 2026-06-18 08:29 +07 +- **status:** OPEN → running + +## Mục tiêu stage +Recon đĩa THẬT để dựng build-plan Harness-10 chính xác, tránh sai sót. KHÔNG ghi production/governance (read-only) — chỉ trả findings có cite `file:line`. + +## Agents (4× investigator-codebase, read-only, parallel) +| # | role | task | +|---|---|---| +| A | investigator-codebase | hmw.js wave-mode wiring chính xác + đổi gì cho run-trace + scaffold-cả-3-đầu-run | +| B | investigator-codebase | sweep MỌI ref `wave-*/` · `agent-teams` · harvest across `.gitignore`/docs/commands/governance (migration completeness — không sót) | +| C | investigator-codebase | luồng harvest hiện tại (H2 @session-end B5) + cách thêm per-turn primary (C4) + 3-layer (C5) + session-start/end wiring | +| D | investigator-codebase | model containment G-015 hiện tại (git-diff + chunk-count) + đổi gì khi run-folder TRACKED + cách giữ containment valid | + +## Output → `harvest/invest-synthesis.md` (em main viết sau khi workflow trả, C4 per-turn) diff --git a/.claude/workflows/runs/2026-06-18-h10-invest/sub-md/.gitkeep b/.claude/workflows/runs/2026-06-18-h10-invest/sub-md/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.claude/workflows/runs/2026-06-18-h10-review/harvest/.gitkeep b/.claude/workflows/runs/2026-06-18-h10-review/harvest/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.claude/workflows/runs/2026-06-18-h10-review/harvest/review-synthesis.md b/.claude/workflows/runs/2026-06-18-h10-review/harvest/review-synthesis.md new file mode 100644 index 0000000..c89744d --- /dev/null +++ b/.claude/workflows/runs/2026-06-18-h10-review/harvest/review-synthesis.md @@ -0,0 +1,24 @@ +# REVIEW synthesis — Harness-10 adap (em-main single-writer, C4 per-turn) + +> Workflow `wf_636bc95b-939` · 3× reviewer adversarial độc-lập. **Verdict tổng: PASS sau-fix** (1 CONCERN thật bắt được + đã đóng). + +## Verdict per-lens +| Lens | Verdict | Tóm tắt | +|---|---|---| +| R1 frozen+containment | ✅ PASS | git status = đúng tập · frozen-evidence 0-byte-loss (per-path git status = empty) · containment sync 4 file · gitignore runs/ NOT-IGNORED + wave-*/ IGNORED · **`node --check hmw.js` PARSE-OK** · 1 CONCERN: runs/ chưa commit (C3 flag) | +| R2 hmwjs-integrity | ⚠️→✅ CONCERN-fixed | engine 4/4 PASS (template balance ✓ · logic unchanged ngoài :91 alias · WAVE-MODE grep=0) · CONCERN: L1 over-claim (doc≠engine) | +| R3 floor C1-C8 | ⚠️→✅ CONCERN-fixed | 7/8 PASS (C7 caveat "điểm sáng nhất"; C3 honest no-claim-committed) · C5 CONCERN: L1 over-claim | + +## CONCERN bắt được (R2 + R3 độc-lập cùng kết luận = high-confidence) +**C5 Layer-1 over-claim:** `runs/README.md:51` + C7:72 nói L1 in-run reminder fire trong "hmw.js prompt-builder" với text cụ thể → grep hmw.js = 0. Engine no-fs KHÔNG đọc được ledger → L1 "check prior-run-harvested" KHÔNG THỂ là hmw.js prompt. +→ **FIXED (path a, em-main):** sửa L1 = em-main @P1 convention (đọc `_ledger` trước scaffold; nếu run trước `closed=⏳` → harvest+CLOSE trước) + C7:72 timing "run-open @P1" + ghi rõ "cả 3 layer = convention em-main/H2, KHÔNG engine-enforce". Verify: grep hmw.js L1-text=0 / C4-text=1 → **doc khớp engine THẬT**. C5 CONCERN đóng. + +→ **Đây là dogfood thành công của mandate B2 (review-workflow RIÊNG) + Harness-10 C5 chính nó:** 1 workflow vừa-làm-vừa-chấm đã bỏ sót L1 over-claim (IMPLEMENT synthesis không nhắc); review-workflow độc-lập bắt được TRƯỚC commit. + +## Flag pre-commit (KHÔNG defect) +- **C3 nấc đầy-đủ cần commit:** `git ls-files runs/` rỗng = tracked-ELIGIBLE chưa committed. Em-main `git add .claude/workflows/runs/` + commit → C3 thành tracked+committed. (Review chạy TRƯỚC commit = đúng trình tự.) +- **investigator-codebase/MEMORY.md** race INVEST (+6, ~29.8KB) → em-main reconcile @closeout. + +## Nấc THẬT cuối (honest, no-overclaim) +- C1/C2/C4/C6/C8 = executed-file + convention ✓ · C3 = tracked-eligible → **committed sau commit này** · C5 = L2/L3 wired + L1 honest-doc (em-main convention) · C7 = caveat đủ 4 trục. +- Review = STATIC disk-truth (git/grep/node --check), KHÔNG curl/runtime (governance adap, no endpoint). hmw.js = source-clean, runtime-pending-restart (no hot-reload). diff --git a/.claude/workflows/runs/2026-06-18-h10-review/run.md b/.claude/workflows/runs/2026-06-18-h10-review/run.md new file mode 100644 index 0000000..3e2b6f6 --- /dev/null +++ b/.claude/workflows/runs/2026-06-18-h10-review/run.md @@ -0,0 +1,17 @@ +# RUN — Harness-10 adap · STAGE 3 REVIEW (double-check độc lập, mandate B2) + +- **run-id (folder):** 2026-06-18-h10-review +- **workflow run-id (evidence B3):** wf_636bc95b-939 +- **checkpoint:** APPROVED (mandate Harness-9 PART 2 — review-workflow RIÊNG) +- **opened:** 2026-06-18 08:52 +07 +- **input:** INVEST `../2026-06-18-h10-invest/harvest/invest-synthesis.md` + IMPLEMENT `../2026-06-18-h10-implement/harvest/implement-synthesis.md` +- **status:** OPEN → running + +## Agents (3× reviewer, adversarial, read-only ∥) +| # | lens | verify | +|---|---|---| +| R1 | frozen-evidence + containment | 0-byte-loss DO-NOT-EDIT (broadcasts/** · adap-reports/2026-06-07-harness-2 · error-ledger:86 · sessions/* · STATUS:217-226 · HANDOFF · archives) NOT touched · containment wording đồng-bộ 4 file · gitignore runs/ tracked + wave-*/ ignored (exit-code trap) | +| R2 | hmw.js engine integrity | hmw.js cấu-trúc valid (var `wave` consistent · `A.run`/`A.wave` logic · sub-md/ path · template-literal không vỡ) · 9 ref wave→run updated/contextualized · KHÔNG đổi logic ngoài convention | +| R3 | floor C1-C8 đúng-nấc | adversarial mỗi item C1-C8: nấc THẬT? đặc biệt **C3 2-level** (check-ignore NOT-IGNORED ✓ vs `git ls-files` EMPTY = chưa commit → tracked-ELIGIBLE not committed) · C7 caveat đủ honest · flag over-claim | + +## Output → `harvest/review-synthesis.md` (em main @P3) — verdict PASS/CONCERN/FAIL + nấc THẬT diff --git a/.claude/workflows/runs/2026-06-18-h10-review/sub-md/.gitkeep b/.claude/workflows/runs/2026-06-18-h10-review/sub-md/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.claude/workflows/runs/README.md b/.claude/workflows/runs/README.md new file mode 100644 index 0000000..c687c6a --- /dev/null +++ b/.claude/workflows/runs/README.md @@ -0,0 +1,80 @@ +# `runs/` — Run-trace convention (Harness-10) + +> **Mục đích:** mỗi workflow fan-out (RUN-TRACE mode) ghi lại 1 dấu-vết hoàn-chỉnh trong `runs//` git **TRACKED** — plan + per-sub detail + harvest gom — cộng sổ `_ledger.md` 2-nhịp. TRACKED nghĩa là mọi write trong run-folder hiện trong `git diff` → **audit trực-tiếp**, không cần tin lời agent return. Adopt AI_INFRA Harness-10 (anh 06-18). Convention cha: `../README.md`. + +**run-id** = `YYYY-MM-DD-h-` (vd `2026-06-18-h10-invest`). Nhiều run cùng ngày → slug phân-biệt stage (`-invest` / `-implement` / `-review`). + +--- + +## C1 — Cấu trúc 3 phần (mỗi `runs//`) +``` +runs// +├── run.md ← (1) PLAN — em main @P1: meta + mục-tiêu + agents-table + guards + status OPEN→CLOSE +├── sub-md/ ← (2) PER-SUB — 1 file/sub/turn: -.md (vd investigator-codebase-0.md) +│ └── .gitkeep (giữ folder rỗng trong git khi chưa có write-sub) +└── harvest/ ← (3) HARVEST — em main: -synthesis.md gom kết-quả turn (C4 per-turn) + └── .gitkeep +``` +- **(1) `run.md`** — nguồn-sự-thật của run: workflow run-id (evidence B3 `wf_…`), adap/mandate, checkpoint, opened, input-spec (nếu nối stage trước), agents-table (`# · role · task`), guards áp cho sub, output-path. Mẫu: `2026-06-18-h10-invest/run.md`. +- **(2) `sub-md/-.md`** — full working detail 1 sub. Write-sub (Write/Edit) tự ghi @P2; read-only sub (CHỈ Bash) → trả `findings`+`subMdPath`, **em main scribe @P3** (single-writer, tránh mojibake). **1 sub-MD / role / turn** (fan-out cùng-role → đánh số `-0`/`-1`). +- **(3) `harvest/-synthesis.md`** — em main gom `sub-md/`+findings → 5-trục integrity → build-spec/synthesis. Mẫu: `2026-06-18-h10-invest/harvest/invest-synthesis.md`. + +--- + +## C2 — Scaffold ở CẢ 3 đầu-run (em main @P1, TRƯỚC khi invoke Workflow) +`hmw.js` chạy JS-sandbox **no-filesystem** → KHÔNG tự tạo folder/file. Em main PHẢI Write @P1, đủ **3 đầu**: +1. **Tạo run-folder:** `runs//run.md` (điền plan) + `sub-md/.gitkeep` + `harvest/.gitkeep`. +2. **Ghi OPEN-beat** vào `runs/_ledger.md` (1 dòng, `closed=⏳`). +3. **(nối stage)** trỏ `input spec:` trong `run.md` sang `harvest/` của run trước (vd implement đọc invest-synthesis). + +> 🔴 **C2 là fragile-point.** Quên bước scaffold = run chạy nhưng KHÔNG có dấu-vết = **lỗ-hổng âm-thầm** (không lỗi, không cảnh-báo — chỉ thiếu file). 3-layer (C5) là lưới giảm-thiểu, KHÔNG khoá-cứng. Xem C7. + +--- + +## C3 — Ledger 2-nhịp (`_ledger.md`) +Sổ tất-cả run, 1 bảng. Mỗi run **2 lần ghi**: +- **OPEN-beat** (@P1, lúc scaffold): thêm dòng `| | | | ⏳ | | ⏳ | harvest/ |`. +- **CLOSE-beat** (lúc đóng run): điền `closed` timestamp + `verdict` (PASS/FAIL + 1 dòng + `wf_…`) + `harvest` (path file synthesis ✓). + +`closed=⏳` = đang chạy (OPEN chưa CLOSE). + +--- + +## C4 — Per-turn primary (harvest NGAY, không đợi session-end) +Harvest là **việc của turn**, không defer. Sau MỖI fan-out turn → em main đọc `sub-md/`+findings → ghi `harvest/-synthesis.md` **liền trong turn đó** (chính file synthesis này là bằng-chứng). Lợi: detail tươi, không mất qua nén-context; session-end chỉ VERIFY (không tái-tạo). + +--- + +## C5 — 3-layer anti-miss (lưới chống bỏ-sót, KHÔNG khoá-cứng-cùng-lúc-fire) +| Layer | Khi | Làm gì | +|---|---|---| +| **L1 in-run reminder** | lúc mở run mới (em-main @P1, TRƯỚC scaffold) | em-main đọc `_ledger.md`: nếu run TRƯỚC còn `closed=⏳` (OPEN-beat chưa CLOSE / `harvest/` rỗng) → harvest + CLOSE nó TRƯỚC khi mở run mới. *(Engine no-fs → KHÔNG đọc được ledger → L1 là convention EM-MAIN, KHÔNG phải `hmw.js` prompt. hmw.js chỉ emit C4 per-turn return-instruction cho sub tại writeGuard.)* | +| **L2 session-start rescan** | đầu session (`session-start.md` §2.1.1 H2) | scan `runs/*/` tìm **OPEN-beat (ledger `closed=⏳`) mà `harvest/` rỗng = orphan** → báo + giải-quyết. | +| **L3 session-end close-gate** | cuối session (`session-end.md` §L.b(f) H2) | VERIFY per-turn harvest đã xong cho mọi `runs//` (**idempotent — KHÔNG re-APPEND**, chống DUPLICATE-HARVEST) + 5-trục GATE backstop trước khi commit. | + +> 3 layer **độc-lập, fire ở 3 thời-điểm khác nhau** — không layer nào enforce lúc-ghi. Bỏ-sót ở P1 (C2) chỉ bị bắt MUỘN (L2 session sau / L3 close-gate), không chặn tại-chỗ. + +--- + +## C6 — Orphan resolution (OPEN không CLOSE) +**Orphan** = dòng ledger `closed=⏳` nhưng run thực-tế đã xong/bỏ (vd session bị kill, agent die-0-byte, quên CLOSE-beat). +- **Phát-hiện:** L2 session-start rescan (`closed=⏳` + `harvest/` trạng-thái) hoặc L3 close-gate. +- **Giải-quyết-CỨNG** (không để treo): + 1. **Điều-tra** đĩa THẬT: `run.md` status + `sub-md/` có detail? + `harvest/` có synthesis? + git-log workflow `wf_…`. + 2. **Đóng tay** nếu run thật-sự xong: điền CLOSE-beat (timestamp + verdict + harvest path). + 3. **Đánh-dấu aborted** nếu run bỏ-dở: verdict = `⚠️ ABORTED — `, ghi rõ phần nào hoàn-thành (recover qua git/disk/prod truth, KHÔNG tin agent return-message). + +--- + +## C7 — 🔴 CAVEAT trung-thực (no-overclaim) +- **Engine no-fs → scaffold KHÔNG tự-động.** `hmw.js` (`:4` no hot-reload, JS-sandbox no-filesystem) KHÔNG tạo được folder. Run-trace dựa **100% vào em-main Write @P1** (C2). Không có cơ-chế nào ép tạo folder. +- **C2 = fragile-point.** Quên scaffold = lỗ-hổng âm-thầm (run chạy OK, chỉ mất dấu-vết). Không lỗi runtime để bắt. +- **3-layer = LƯỚI, KHÔNG khoá-cứng-cùng-lúc-fire.** L1/L2/L3 fire ở 3 thời-điểm khác nhau (run-open @P1 / session-start / session-end), **cả 3 đều là convention em-main/H2 — KHÔNG layer nào do engine enforce** (hmw.js no-fs). → giảm xác-suất sót, KHÔNG triệt-tiêu. Sót P1 (C2) cùng blind-spot với L1 (đều @P1) → chỉ bắt MUỘN ở L2/L3. +- **G-015 no-overclaim — TRACKED ≠ read-only-ENFORCED.** Run-folder git-tracked KHÔNG biến sub thành read-only: sub **vẫn giữ Bash** (write-channel mở — ghi-ngoài-repo git-diff mù / curl Qdrant). Containment THẬT (xem model dưới) = em-main single-writer + git-diff(in-repo) + chunk-count(RAG), defense-in-depth — KHÔNG sandbox cứng, KHÔNG claim "ENFORCED". + +--- + +## Containment model (PHẢI khớp `_ledger.md:4` — đồng-bộ 3 chỗ: đây · `_ledger.md` · `../hmw.js:112`) +> Run-folder `runs//` được git **TRACKED** → mọi write **HIỆN** trong git-diff = **audit trực-tiếp**. Containment: tracked-change **NGOÀI** `runs//` **VÀ NGOÀI** code-disjoint đã giao = **vi-phạm** (thay model Harness-2 B6 "mọi tracked-change = vi-phạm"). G-015 no-overclaim: TRACKED ≠ read-only-enforced — sub vẫn giữ Bash (write-channel mở), containment THẬT = em-main single-writer + git-diff(in-repo) + chunk-count(RAG). + +**Verify pattern:** `git check-ignore -v ` — bẫy exit-code (exit 0 cho CẢ negation `!.claude/**` lẫn ignore) → dùng `&& IGNORED || NOT` để đọc đúng. Run-folder match `:83 !.claude/**` = re-included = TRACKED (HIỆN trong diff). diff --git a/.claude/workflows/runs/_ledger.md b/.claude/workflows/runs/_ledger.md new file mode 100644 index 0000000..f7282bc --- /dev/null +++ b/.claude/workflows/runs/_ledger.md @@ -0,0 +1,11 @@ +# Workflow Run Ledger — SOLUTION_ERP (Harness-10) + +> **Two-beat (C6):** ghi nhịp **OPEN** lúc mở run + nhịp **CLOSE** lúc đóng run. **Orphan** = OPEN mà không CLOSE → phải giải-quyết-cứng (điều tra + đóng tay hoặc đánh dấu aborted). +> **Tracked (C3):** thư mục `runs//` được git theo dõi (KHÔNG gitignore). Containment chuyển sang model **"tracked-change NGOÀI run-folder (+ code-disjoint đã giao) = vi phạm"** (thay model Harness-2 B6 "mọi tracked-change = vi phạm"). +> Cột `closed=⏳` = đang chạy (OPEN-beat). Điền timestamp + verdict khi đóng (CLOSE-beat). + +| run-id | workflow | opened | closed | agents | verdict | harvest | +|---|---|---|---|---|---|---| +| 2026-06-18-h10-invest | Harness-10 adap — INVESTIGATE | 2026-06-18 08:29 +07 | 2026-06-18 08:42 +07 | 4× investigator-codebase (read-only ∥) | ✅ PASS — B+C+D strong, A stub-fail (B covered hmw.js) · `wf_9c2cd2cd-2e7` | `harvest/invest-synthesis.md` ✓ | +| 2026-06-18-h10-implement | Harness-10 adap — IMPLEMENT | 2026-06-18 08:42 +07 | 2026-06-18 08:52 +07 | 3× general-purpose (text file-disjoint ∥) + em-main single-writer (gitignore/hmw.js/READMEs cluster) | ✅ PASS — 3/3 agent DONE, containment CLEAN, wording đồng-bộ 4 file · `wf_e4e46725-231` | `harvest/implement-synthesis.md` ✓ | +| 2026-06-18-h10-review | Harness-10 adap — REVIEW | 2026-06-18 08:52 +07 | 2026-06-18 09:01 +07 | 3× reviewer (adversarial ∥) | ✅ PASS sau-fix — R1 PASS · R2/R3 bắt C5 L1 over-claim (high-conf, đã fix path-a) · `wf_636bc95b-939` | `harvest/review-synthesis.md` ✓ | diff --git a/.gitignore b/.gitignore index 247ad60..e0dd542 100644 --- a/.gitignore +++ b/.gitignore @@ -86,10 +86,16 @@ src/Backend/SolutionErp.Api/wwwroot/exports/ # Pattern AFTER !.claude/** so last-match wins (.claude/ itself not excluded → re-include valid). .claude/hmw-mode.on -# HMW wave-folder + agent-team — transient per-workflow detail (Harness 2 B6 isolation — -# H2 harvest-curator gom rồi; gitignore để git-diff audit isolation SẠCH, 0 noise). +# HMW run-trace folders — Harness-10 (2026-06-18): `.claude/workflows/runs//` is git-TRACKED +# (run.md + sub-md/ + harvest/ + _ledger.md) for auditability. Stays tracked via the !.claude/** negation +# above — do NOT add an ignore rule for runs/. Containment model shifts from Harness-2 B6 ("wave-*/ gitignored +# → any tracked-change post-workflow = stray-write") to Harness-10 ("tracked-change OUTSIDE runs// + +# assigned code-disjoint = violation"). Run-trace now VISIBLE in git-diff = direct audit (stronger). +# +# Legacy Harness-2 wave-folder + agent-team — kept ignored (superseded by runs/; no wave-*/ remain; harmless). # Pattern AFTER !.claude/** so last-match wins (giống hmw-mode.on). -# Verify: git check-ignore -v .claude/workflows/wave-x/wave.md +# ⚠️ check-ignore EXIT-CODE TRAP: exits 0 for BOTH a negation match and an ignore match. Use +# `git check-ignore X && echo IGNORED || echo NOT-IGNORED` → runs/ = NOT-IGNORED (tracked); wave-x/ = IGNORED. .claude/workflows/wave-*/ .claude/agent-teams/ diff --git a/docs/HANDOFF.md b/docs/HANDOFF.md index 8427518..1edc7e3 100644 --- a/docs/HANDOFF.md +++ b/docs/HANDOFF.md @@ -2,7 +2,26 @@ > **Tiering rule (S40):** giữ **2-3 session gần nhất**. Cũ hơn → `docs/changelog/sessions/`. Full brief history pre-S40 → `docs/_archive/HANDOFF-preS40-fullhistory.md`. -**Last updated:** 2026-06-18 (S70 — **Harness-9 adopt: L2 archive dark-matter recovery + adap 2-workflow mandate** — em main + 3 Workflow (investigate `wf_be952f3c-97f` → implement `wf_a58e0d15-beb` → audit `wf_9520d8cd-4fe`) + 2 monitor bootstrap. **0 production code** (governance/memory only, commit `f36aab8` pushed). 4 over-cap sub-agent curate L1→L2 + `archive/_INDEX.md` (mục-lục substring sha-keyed) + `.gist.md` (4-field distill-gen:1, verbatim FROZEN) → **cả 4 < 25KB auto-inject cap** (P1 curate-debt CLOSED; ~240KB archive hết RAG-dark). PART 2/3 process-mandate codify (adap-apply 2-workflow + agents/README Upgrade S70 + session-start §2.1.2). **0-byte-loss git+sha verified** (Stage C audit + em-main self-gate khi 2 reviewer no-StructuredOutput → recovery-path). +memory-budget.json (seed-by-measure) + measure-agent-memory.ps1 + .ragignore + doc-drift 4-cite flush. adap-report + email-back ai_infra (`7c07b716e775`). **State THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`.** **🔴 NEXT (anh):** restart CLI để activate session-start §2.1.2 budget-audit + pending H8 inherit + reviewer Cat-6. Chi tiết → session log `2026-06-17-S70-harness-9-l2-recovery.md`. **Prev S69 —** **Văn phòng số (E-Office) port + golive + PE cờ gấp/ngưỡng CCM — 4 deploy prod-verified Run #305→#308, HMW-mode ON, 2 workflow fan-out**: #305 foundation PURO (shared PageHeader/KpiCard/WidgetCard + Dashboard 2-cột + sync fe-admin index.css đóng drift S66-S68) → #306 **re-skin TRỌN 10 page** (PURO layout + CSS Hồ sơ NS, phẫu-thuật-giữ-100%-logic) → #307 **Office golive public** read+create **16-key allow-list mọi role** (mirror S65, chạy SAU revoke; excluded Off_PhongHop_Manage/Off_AttendanceReport/Off_ChamCong; cicd DB-verify 16/16×13 role) → #308 **PE cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng giá trị** Mig 53 (anh Kiệt FDC sau họp sếp). **State THẬT: Mig 53 · 88 bảng · 306 test (45D+261I) · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf` Run #308.** 2 gotcha NEW (**#67** Tailwind accent palette thiếu-stop vỡ-màu-im-lặng · **#68** stale-diagnostic-background-agent → chỉ tin build sau-cùng). 2 truncation #53 (impl-backend positional-record + impl-frontend) → em main recover-disk + self-gate. **🔴 NEXT (anh/anh Kiệt UAT):** (1) cấu hình "Ngưỡng giá trị gói CEO" trong Workflow Designer (null=luồng cũ) + test phiếu < ngưỡng → CCM duyệt là xong, ≥ ngưỡng → lên CEO; (2) test cờ gấp PRO(đỏ)/CCM(xanh) → badge + notify CEO; (3) **xác nhận:** quy trình đặt CCM(CostControl)-trước-CEO + CEO = role Director (đích notify). **C (sau duyệt → chuyển phiếu đến dự án) chờ anh Kiệt spec form.** **NEXT (em):** 🔴 curate cicd-monitor **65.2KB** (worst, trend tăng) + inv-codebase 47 + reviewer 43.5 over-cap · doc-flush docs/CLAUDE.md full. Chi tiết → session log `2026-06-17-S69-vanphong-golive-pe-urgent-threshold.md`. **Prev S68 —** **Hồ sơ NS header chi tiết NV: làm nổi bật + fix tên render đen→trắng** — em main solo, 3 commit (2 FE + 1 docs), 2 deploy prod-verified Run #303-304 (anh UAT realtime): badge màu theo trạng thái + dòng meta đậm + tên to/drop-shadow (#303 `6983609`) → anh báo "tên đen nền xanh ko nổi bật" → diagnose **rule `h1-h4{color:#0b1220}` viết NGOÀI `@layer` thắng `text-white`** (Tailwind v4 unlayered > all layers, **gotcha #66 NEW**, load-bearing ~30+ heading → fix ĐIỂM `text-white!` không move @layer) + thu nhỏ `text-lg` (#304 `37752eb`). Bootstrap: 2 monitor RE-REPORT CLEAN + 2 doc-drift fix (dep-audit 64→65 · root CLAUDE 263→286, `11bc96d`). **State THẬT: Mig 52 · 88 bảng · 286 test · 66 gotcha · menu 53 · bundle admin `CNUv1jxY`/user `CpOskeS1` Run #304.** ⚠️ curate-debt P1: cicd-monitor **44.1KB**. Chi tiết → session log `2026-06-16-S68-hoso-header-name-color-fix.md`. **Prev S67 —** **buổi sản phẩm LỚN, 6 deploy prod-verified Run #297→#302** (anh + anh Kiệt FDC UAT realtime, HMW-mode ON): fe-user Hồ sơ NS đồng nhất font + chữ đen→**xanh đậm `brand-800`** (#297) · **fe-admin mirror master-detail** + vá accent tokens index.css [đóng pending lớn nhất HRM go-live, page SHA256 ×2] (#298) · **+23 test-after HRM** → 263→**286** (#299) · **list flex-row gọn** [hết tràn ngang rail] + đồng nhất cỡ chữ ×2 (#300) · **PE Link hồ sơ auto-detect** web→hyperlink/`O:\`→Copy (#301) → **link `file://` bấm-thử** (#302). **Research 3-agent:** auto-mở `O:\` từ web = chỉ **Edge GPO `IntranetFileLinksEnabled`** (zero-per-machine) one-click thật; default chặn https→file://. **State THẬT: Mig 52 · 88 bảng · 286 test (45D+241I) · 65 gotcha · menu 53 · bundle admin `CcrZqfht`/user `DniDFUB_` Run #302.** test-specialist trunc #53→recover-disk; 0 prod bug. Chi tiết → session log `2026-06-16-S67-hoso-visual-pe-link-research.md`. **Prev S66 — session-end closeout em-main-solo:** adopt **Harness-8 all-inherit** (7 sub demoted `claude-opus-4-8`→`inherit` → cả 11=inherit, gỡ two-tier H4) + **cicd-monitor L1 curate 86.8→28.9KB** (byte-exact sed → `archive/2026-06.md`) + **ef-core skill doc-flush Mig 50→52** + check-email AI_INFRA (**0 thư mới se-directed**). ~17 file docs/gov/config, **0 production code** → state THẬT GIỮ NGUYÊN (Mig 52 · 88 bảng · 263 test · 65 gotcha · menu 53 · bundle `BDwV5d0X`/`DbVv6rsf`). ⚠️ **Restart CLI** → H8 runtime (frontmatter no hot-reload) + reviewer Cat-6. adap-report + email-back ai_infra (`fa7f690d` MATCH). Chi tiết → session log `2026-06-16-S66-closeout-harness8-cicd-curate.md`. **Prev S65 — HRM go-live: public Hồ sơ Nhân sự + trang master-detail giống NamGroup + Department hierarchy Mig 51 + PE Link hồ sơ Mig 52 + gốc cây SOLUTION COMPANY**, ~6 deploy prod-verified Run #289→#295, anh + anh Kiệt FDC UAT realtime. **State THẬT: Mig 52 · 88 bảng · 263 test (45D+218I) · 65 gotcha · menu 53 · bundle admin `BDwV5d0X`/user `DbVv6rsf` Run #295.** Workflow fan-out chạy THẬT lần đầu [PE] — BE∥FE parallel OK nhưng FE+reviewer return-rỗng #53 → em main recover-disk + self-gate. gotcha #65 [build csproj con ≠ slnx → CS7036]. Chi tiết → session log `2026-06-16-S65-hrm-golive-employee-masterdetail-pe-link.md`. **Prev S64** adopt **Harness-7 writing-quality floor** qua `/adap-apply` + email ai_infra — em main solo, 1 commit `6afde19` docs/gov-only. Outward comms = tiếng Việt câu-hoàn-chỉnh; nội bộ giữ nén (asymmetric). reviewer +Category 6 (verified-pending-restart → cần restart CLI). Broadcast body-hash verified KHÔNG mis-stamp (gotcha #61 UTF-8). Prev S63 docs-closeout bù S60/S61/S62 — 3 session product ship CODE prod-verified nhưng KHÔNG closeout docs (UAT realtime anh Kiệt FDC). **State THẬT: Mig 50 · 88 bảng · 263 test · 64 gotcha · menu 53 · bundle admin `0xKYGhhf`/user `C81ZdG9G` Run #286.** S60-62 = PE ràng buộc gửi-duyệt + gỡ "Từ chối" (S60) · Mig 50 ngân sách per-gói-thầu Excel anh Kiệt + XÓA module Budget cũ (S61) · vượt-NS cảnh-báo-mềm (S62). Reconcile stray reviewer cwd-misland + count-flush 4 file. Chi tiết → session log `2026-06-12-S60-S62-pe-budget-workitem-softwarning.md`. Prev Session 59 ( **6 đợt ship prod-verified Run #273→#278**: wipe transactional testing data (10 PE + 7 HĐ demo + 64 notif = 0, mã reset → phiếu thật đầu tiên team tạo = **PE/2026/A/001** ✓) `56882ac` #273 · PE tree Panel 1 chốt 4 tầng **Năm > Dự án > Hạng mục > Phiếu** `0eafcd3` #274 · dọn 15 mã hạng mục demo "tự đẻ" (chị Trà Sol) + gỡ seed gốc, WorkItems 86→**71** `bbd1554` #275 · **rename 71 mã đúng format PMH anh Kiệt** (`MAT-n`/`SUB-n`/`MEP-SUB-n`/`MEP-EQU-n` + tên "STT nhóm tên"; **DB-trước-code-sau** gotcha #62 + sqlcmd `-f 65001` gotcha #61) `c869d26` #276 · UAT vòng 1: NEW `ui/SearchableSelect` gõ-lọc bỏ dấu (Hạng mục/Dự án) + auto Địa điểm + điều khoản đa dòng `faed59f` #277 · UAT vòng 2 (anh chốt ×2): ẩn Trả lại/Từ chối khi tự duyệt phiếu mình soạn + quick-add NCC ngay form (POST /suppliers any-auth, authz probe 4/4) + NCC gõ-tìm A-Z + upload multi-file `9c330d2` #278 · UAT vòng 3-6 realtime (#279/#281 cancelled-supersede-benign): bảng NCC table-fixed `f21c55d` + bỏ ô Tên ngân sách `69997da` #280 + GỠ field Điều khoản TT mọi form `80b64dd` + bỏ nút Thêm hạng mục `792c030` **#282 FINAL**. Tổng 10 đợt (8 PASS + 2 cancelled-benign). Bundle FINAL admin **`B1DtNT9C`**/user **`D6uF3Mln`**. Test 240. Gotchas 62. 0/14 spawn truncated. → session log `2026-06-11-S59-wipe-tree-pmh-uat-batch.md`. Prev S58 — **5 đợt prod-verified Run #382/#383/#384/#386** (#385 cancelled-supersede-benign): lock-demo-user fix (việc sếp deadline 15:00 ĐÓNG TRỌN — gotcha #60/E-008/AS-12, root cause password 11<12 từng phát hiện S22 nhưng const không fix) + tạm ẩn HRM/Office/Cá nhân + Danh mục cuối (`6c5fd26` #383) + **fe-user redesign theo UI/UX guide AI_INFRA giữ brand** (`e959f72` #384) + **brand polish ×2 app "thấy rõ"** (`ea793a4`: stripe 4px đỉnh + thead brand) + **PE gộp Tên-gói-thầu = chọn Hạng-mục** (anh Kiệt FDC chốt, `3ebaf84` #386 — bundle final admin `DMm9rtNA`/user `BUkOMn_Y`). Email AI_INFRA processed (guide + ACK H4 ACCEPT). Test **240**. → session log `2026-06-11-S58-lock-fix-hide-modules-redesign-pe-merge.md`. Root cause 2 tầng: lock-list = population Dev-only + `DemoUserPassword` 11 ký tự < prod RequiredLength=12 → CreateAsync silent-fail từ trước tới giờ (= "helpdesk inert" S56). Fix union 20 UAT email + password 12 ký tự → prod 55 user/34 locked, nv.cao+nv.truong sống, 5 real staff tạo. gotcha #59+#60. Commit `5998163`. Prev S57bis — **PE gắn Hạng mục (Mig 49) + Pe all-role + menu Cá nhân + Harness-4 runtime-VERIFIED**. Test 228→**240**. Bundle `CP4CB1ym`/`BmZ3VHnm`. Commit `17b23a4`+`dd117b7` → Run #381 PASS+1PARTIAL (lock NO-OP → RESOLVED S58). Prev S56 — **Pre-golive verify sweep + golive-harden 4 fix — Run #379 PASS, code golive-ready**. WF1 `pre-golive-verify` 7-stream + adversarial → 6 PASS/1 CONCERN/0 blocker = GO (key finds = ops not code). WF2 `golive-harden` fix 4: #3 LeaveBalance lost-update→atomic ExecuteUpdate+Serializable tx (NO mig) · #5 ItTicket authz Forbidden-trước-NotFound · #6 DocxRenderer null-guard · #4 Travel/Vehicle ApproveV2 tests. Test 216→**228**. Bundle FROZEN `4SUwDLD8`/`XdKzt9LL`. `sys.tables` re-ground 92→**93**. gotcha **#58** NEW. reviewer StructuredOutput-fail→em main đỡ. **2 ops VPS pending** (gán user IT + tzutil UTC+7). FE Phase 2 redesign **deferred** (recon ready). Commit `a20cde8`. Prev S55 — **Nạp master data thật từ Excel (62 dự án + 71 hạng mục + 3 NCC) + Project +4 cột (Mig 48) — prod-verified**. HMW-mode ON. Commit `69cb393` → Run #377 PASS ~4m33s. Test 216 (compile-fix only). Bundle admin `B-d6893W`/user `XdKzt9LL`. `SeedRealMasterDataAsync` ungated idempotent → coexist demo. 2 agent return truncated (BE+reviewer) → em main disk/runtime-recover. Prev S54 — IT staff tự reassign ticket (cross-stack authz) — prod-verified. 1 code commit `ca4b602` → Run #376 PASS ~4m18s. Test 203→**216**. Bundle admin `DfCfHUE9`→`DmjI8Cmn`/user `_3S0BPJ2`→`YxL_MljK` (cả 2 rotate). NO migration. Task 1 Phase 9 Ops anh dừng. ⚠️ residual: 3 agent ghi MEMORY nhầm `src/Backend/.claude` → em main reconcile. Prev S53: gotcha #57 EXT Master Mig 47 + P11-D/E + database-agent verified-runtime.) +**Last updated:** 2026-06-18 (S71 — **Harness-10 adopt: tracked run-trace folder + checklist 9-10** — em main + 3 Workflow (invest `wf_9c2cd2cd-2e7` → implement `wf_e4e46725-231` → review `wf_636bc95b-939`) per mandate Harness-9 PART 2. **0 production code**. Migrate `.claude/workflows/wave-*/` gitignored → `runs//` **git-TRACKED** (run.md+sub-md/+harvest/) + `_ledger.md` 2-nhịp + 3-layer anti-miss (L1 em-main@P1 / L2 session-start orphan-scan / L3 session-end close-gate idempotent) + **containment shift** (Harness-2 B6 "mọi tracked-change=vi-phạm" → "tracked-change NGOÀI run-folder + code-disjoint=vi-phạm"). hmw.js wave→run-trace (accept `args.run` + alias `wave`, path `sub-md/`, `node --check` PARSE-OK). **Review độc-lập (R2+R3) bắt C5 L1 over-claim** (doc nói hmw.js prompt-builder emit L1 reminder, grep engine=0 → engine no-fs → fixed path-a: L1 = em-main @P1 convention) — dogfood mandate B2 đúng. checklist 9-10: Part A (Harness-9 memory) + B (adap 2-workflow) done S70, Part C (Harness-10) 8/8 MỚI. **State GIỮ NGUYÊN: Mig 53·88 bảng·306 test·68 gotcha·menu 54·bundle admin `BgNCjwsG`/user `CBvh0vtf`.** + CLAUDE.md test-flush 263→306 (resolve H1 stale). **🔴 NEXT (anh):** restart CLI (hmw.js RUN-TRACE runtime + carry §2.1.2/Cat-6/H8). Chi tiết → session log `2026-06-18-S71-harness-10-run-trace.md` (pending). **Prev S70 —** **Harness-9 adopt: L2 archive dark-matter recovery + adap 2-workflow mandate** — em main + 3 Workflow (investigate `wf_be952f3c-97f` → implement `wf_a58e0d15-beb` → audit `wf_9520d8cd-4fe`) + 2 monitor bootstrap. **0 production code** (governance/memory only, commit `f36aab8` pushed). 4 over-cap sub-agent curate L1→L2 + `archive/_INDEX.md` (mục-lục substring sha-keyed) + `.gist.md` (4-field distill-gen:1, verbatim FROZEN) → **cả 4 < 25KB auto-inject cap** (P1 curate-debt CLOSED; ~240KB archive hết RAG-dark). PART 2/3 process-mandate codify (adap-apply 2-workflow + agents/README Upgrade S70 + session-start §2.1.2). **0-byte-loss git+sha verified** (Stage C audit + em-main self-gate khi 2 reviewer no-StructuredOutput → recovery-path). +memory-budget.json (seed-by-measure) + measure-agent-memory.ps1 + .ragignore + doc-drift 4-cite flush. adap-report + email-back ai_infra (`7c07b716e775`). **State THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`.** **🔴 NEXT (anh):** restart CLI để activate session-start §2.1.2 budget-audit + pending H8 inherit + reviewer Cat-6. Chi tiết → session log `2026-06-17-S70-harness-9-l2-recovery.md`. **Prev S69 —** **Văn phòng số (E-Office) port + golive + PE cờ gấp/ngưỡng CCM — 4 deploy prod-verified Run #305→#308, HMW-mode ON, 2 workflow fan-out**: #305 foundation PURO (shared PageHeader/KpiCard/WidgetCard + Dashboard 2-cột + sync fe-admin index.css đóng drift S66-S68) → #306 **re-skin TRỌN 10 page** (PURO layout + CSS Hồ sơ NS, phẫu-thuật-giữ-100%-logic) → #307 **Office golive public** read+create **16-key allow-list mọi role** (mirror S65, chạy SAU revoke; excluded Off_PhongHop_Manage/Off_AttendanceReport/Off_ChamCong; cicd DB-verify 16/16×13 role) → #308 **PE cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng giá trị** Mig 53 (anh Kiệt FDC sau họp sếp). **State THẬT: Mig 53 · 88 bảng · 306 test (45D+261I) · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf` Run #308.** 2 gotcha NEW (**#67** Tailwind accent palette thiếu-stop vỡ-màu-im-lặng · **#68** stale-diagnostic-background-agent → chỉ tin build sau-cùng). 2 truncation #53 (impl-backend positional-record + impl-frontend) → em main recover-disk + self-gate. **🔴 NEXT (anh/anh Kiệt UAT):** (1) cấu hình "Ngưỡng giá trị gói CEO" trong Workflow Designer (null=luồng cũ) + test phiếu < ngưỡng → CCM duyệt là xong, ≥ ngưỡng → lên CEO; (2) test cờ gấp PRO(đỏ)/CCM(xanh) → badge + notify CEO; (3) **xác nhận:** quy trình đặt CCM(CostControl)-trước-CEO + CEO = role Director (đích notify). **C (sau duyệt → chuyển phiếu đến dự án) chờ anh Kiệt spec form.** **NEXT (em):** 🔴 curate cicd-monitor **65.2KB** (worst, trend tăng) + inv-codebase 47 + reviewer 43.5 over-cap · doc-flush docs/CLAUDE.md full. Chi tiết → session log `2026-06-17-S69-vanphong-golive-pe-urgent-threshold.md`. **Prev S68 —** **Hồ sơ NS header chi tiết NV: làm nổi bật + fix tên render đen→trắng** — em main solo, 3 commit (2 FE + 1 docs), 2 deploy prod-verified Run #303-304 (anh UAT realtime): badge màu theo trạng thái + dòng meta đậm + tên to/drop-shadow (#303 `6983609`) → anh báo "tên đen nền xanh ko nổi bật" → diagnose **rule `h1-h4{color:#0b1220}` viết NGOÀI `@layer` thắng `text-white`** (Tailwind v4 unlayered > all layers, **gotcha #66 NEW**, load-bearing ~30+ heading → fix ĐIỂM `text-white!` không move @layer) + thu nhỏ `text-lg` (#304 `37752eb`). Bootstrap: 2 monitor RE-REPORT CLEAN + 2 doc-drift fix (dep-audit 64→65 · root CLAUDE 263→286, `11bc96d`). **State THẬT: Mig 52 · 88 bảng · 286 test · 66 gotcha · menu 53 · bundle admin `CNUv1jxY`/user `CpOskeS1` Run #304.** ⚠️ curate-debt P1: cicd-monitor **44.1KB**. Chi tiết → session log `2026-06-16-S68-hoso-header-name-color-fix.md`. **Prev S67 —** **buổi sản phẩm LỚN, 6 deploy prod-verified Run #297→#302** (anh + anh Kiệt FDC UAT realtime, HMW-mode ON): fe-user Hồ sơ NS đồng nhất font + chữ đen→**xanh đậm `brand-800`** (#297) · **fe-admin mirror master-detail** + vá accent tokens index.css [đóng pending lớn nhất HRM go-live, page SHA256 ×2] (#298) · **+23 test-after HRM** → 263→**286** (#299) · **list flex-row gọn** [hết tràn ngang rail] + đồng nhất cỡ chữ ×2 (#300) · **PE Link hồ sơ auto-detect** web→hyperlink/`O:\`→Copy (#301) → **link `file://` bấm-thử** (#302). **Research 3-agent:** auto-mở `O:\` từ web = chỉ **Edge GPO `IntranetFileLinksEnabled`** (zero-per-machine) one-click thật; default chặn https→file://. **State THẬT: Mig 52 · 88 bảng · 286 test (45D+241I) · 65 gotcha · menu 53 · bundle admin `CcrZqfht`/user `DniDFUB_` Run #302.** test-specialist trunc #53→recover-disk; 0 prod bug. Chi tiết → session log `2026-06-16-S67-hoso-visual-pe-link-research.md`. **Prev S66 — session-end closeout em-main-solo:** adopt **Harness-8 all-inherit** (7 sub demoted `claude-opus-4-8`→`inherit` → cả 11=inherit, gỡ two-tier H4) + **cicd-monitor L1 curate 86.8→28.9KB** (byte-exact sed → `archive/2026-06.md`) + **ef-core skill doc-flush Mig 50→52** + check-email AI_INFRA (**0 thư mới se-directed**). ~17 file docs/gov/config, **0 production code** → state THẬT GIỮ NGUYÊN (Mig 52 · 88 bảng · 263 test · 65 gotcha · menu 53 · bundle `BDwV5d0X`/`DbVv6rsf`). ⚠️ **Restart CLI** → H8 runtime (frontmatter no hot-reload) + reviewer Cat-6. adap-report + email-back ai_infra (`fa7f690d` MATCH). Chi tiết → session log `2026-06-16-S66-closeout-harness8-cicd-curate.md`. **Prev S65 — HRM go-live: public Hồ sơ Nhân sự + trang master-detail giống NamGroup + Department hierarchy Mig 51 + PE Link hồ sơ Mig 52 + gốc cây SOLUTION COMPANY**, ~6 deploy prod-verified Run #289→#295, anh + anh Kiệt FDC UAT realtime. **State THẬT: Mig 52 · 88 bảng · 263 test (45D+218I) · 65 gotcha · menu 53 · bundle admin `BDwV5d0X`/user `DbVv6rsf` Run #295.** Workflow fan-out chạy THẬT lần đầu [PE] — BE∥FE parallel OK nhưng FE+reviewer return-rỗng #53 → em main recover-disk + self-gate. gotcha #65 [build csproj con ≠ slnx → CS7036]. Chi tiết → session log `2026-06-16-S65-hrm-golive-employee-masterdetail-pe-link.md`. **Prev S64** adopt **Harness-7 writing-quality floor** qua `/adap-apply` + email ai_infra — em main solo, 1 commit `6afde19` docs/gov-only. Outward comms = tiếng Việt câu-hoàn-chỉnh; nội bộ giữ nén (asymmetric). reviewer +Category 6 (verified-pending-restart → cần restart CLI). Broadcast body-hash verified KHÔNG mis-stamp (gotcha #61 UTF-8). Prev S63 docs-closeout bù S60/S61/S62 — 3 session product ship CODE prod-verified nhưng KHÔNG closeout docs (UAT realtime anh Kiệt FDC). **State THẬT: Mig 50 · 88 bảng · 263 test · 64 gotcha · menu 53 · bundle admin `0xKYGhhf`/user `C81ZdG9G` Run #286.** S60-62 = PE ràng buộc gửi-duyệt + gỡ "Từ chối" (S60) · Mig 50 ngân sách per-gói-thầu Excel anh Kiệt + XÓA module Budget cũ (S61) · vượt-NS cảnh-báo-mềm (S62). Reconcile stray reviewer cwd-misland + count-flush 4 file. Chi tiết → session log `2026-06-12-S60-S62-pe-budget-workitem-softwarning.md`. Prev Session 59 ( **6 đợt ship prod-verified Run #273→#278**: wipe transactional testing data (10 PE + 7 HĐ demo + 64 notif = 0, mã reset → phiếu thật đầu tiên team tạo = **PE/2026/A/001** ✓) `56882ac` #273 · PE tree Panel 1 chốt 4 tầng **Năm > Dự án > Hạng mục > Phiếu** `0eafcd3` #274 · dọn 15 mã hạng mục demo "tự đẻ" (chị Trà Sol) + gỡ seed gốc, WorkItems 86→**71** `bbd1554` #275 · **rename 71 mã đúng format PMH anh Kiệt** (`MAT-n`/`SUB-n`/`MEP-SUB-n`/`MEP-EQU-n` + tên "STT nhóm tên"; **DB-trước-code-sau** gotcha #62 + sqlcmd `-f 65001` gotcha #61) `c869d26` #276 · UAT vòng 1: NEW `ui/SearchableSelect` gõ-lọc bỏ dấu (Hạng mục/Dự án) + auto Địa điểm + điều khoản đa dòng `faed59f` #277 · UAT vòng 2 (anh chốt ×2): ẩn Trả lại/Từ chối khi tự duyệt phiếu mình soạn + quick-add NCC ngay form (POST /suppliers any-auth, authz probe 4/4) + NCC gõ-tìm A-Z + upload multi-file `9c330d2` #278 · UAT vòng 3-6 realtime (#279/#281 cancelled-supersede-benign): bảng NCC table-fixed `f21c55d` + bỏ ô Tên ngân sách `69997da` #280 + GỠ field Điều khoản TT mọi form `80b64dd` + bỏ nút Thêm hạng mục `792c030` **#282 FINAL**. Tổng 10 đợt (8 PASS + 2 cancelled-benign). Bundle FINAL admin **`B1DtNT9C`**/user **`D6uF3Mln`**. Test 240. Gotchas 62. 0/14 spawn truncated. → session log `2026-06-11-S59-wipe-tree-pmh-uat-batch.md`. Prev S58 — **5 đợt prod-verified Run #382/#383/#384/#386** (#385 cancelled-supersede-benign): lock-demo-user fix (việc sếp deadline 15:00 ĐÓNG TRỌN — gotcha #60/E-008/AS-12, root cause password 11<12 từng phát hiện S22 nhưng const không fix) + tạm ẩn HRM/Office/Cá nhân + Danh mục cuối (`6c5fd26` #383) + **fe-user redesign theo UI/UX guide AI_INFRA giữ brand** (`e959f72` #384) + **brand polish ×2 app "thấy rõ"** (`ea793a4`: stripe 4px đỉnh + thead brand) + **PE gộp Tên-gói-thầu = chọn Hạng-mục** (anh Kiệt FDC chốt, `3ebaf84` #386 — bundle final admin `DMm9rtNA`/user `BUkOMn_Y`). Email AI_INFRA processed (guide + ACK H4 ACCEPT). Test **240**. → session log `2026-06-11-S58-lock-fix-hide-modules-redesign-pe-merge.md`. Root cause 2 tầng: lock-list = population Dev-only + `DemoUserPassword` 11 ký tự < prod RequiredLength=12 → CreateAsync silent-fail từ trước tới giờ (= "helpdesk inert" S56). Fix union 20 UAT email + password 12 ký tự → prod 55 user/34 locked, nv.cao+nv.truong sống, 5 real staff tạo. gotcha #59+#60. Commit `5998163`. Prev S57bis — **PE gắn Hạng mục (Mig 49) + Pe all-role + menu Cá nhân + Harness-4 runtime-VERIFIED**. Test 228→**240**. Bundle `CP4CB1ym`/`BmZ3VHnm`. Commit `17b23a4`+`dd117b7` → Run #381 PASS+1PARTIAL (lock NO-OP → RESOLVED S58). Prev S56 — **Pre-golive verify sweep + golive-harden 4 fix — Run #379 PASS, code golive-ready**. WF1 `pre-golive-verify` 7-stream + adversarial → 6 PASS/1 CONCERN/0 blocker = GO (key finds = ops not code). WF2 `golive-harden` fix 4: #3 LeaveBalance lost-update→atomic ExecuteUpdate+Serializable tx (NO mig) · #5 ItTicket authz Forbidden-trước-NotFound · #6 DocxRenderer null-guard · #4 Travel/Vehicle ApproveV2 tests. Test 216→**228**. Bundle FROZEN `4SUwDLD8`/`XdKzt9LL`. `sys.tables` re-ground 92→**93**. gotcha **#58** NEW. reviewer StructuredOutput-fail→em main đỡ. **2 ops VPS pending** (gán user IT + tzutil UTC+7). FE Phase 2 redesign **deferred** (recon ready). Commit `a20cde8`. Prev S55 — **Nạp master data thật từ Excel (62 dự án + 71 hạng mục + 3 NCC) + Project +4 cột (Mig 48) — prod-verified**. HMW-mode ON. Commit `69cb393` → Run #377 PASS ~4m33s. Test 216 (compile-fix only). Bundle admin `B-d6893W`/user `XdKzt9LL`. `SeedRealMasterDataAsync` ungated idempotent → coexist demo. 2 agent return truncated (BE+reviewer) → em main disk/runtime-recover. Prev S54 — IT staff tự reassign ticket (cross-stack authz) — prod-verified. 1 code commit `ca4b602` → Run #376 PASS ~4m18s. Test 203→**216**. Bundle admin `DfCfHUE9`→`DmjI8Cmn`/user `_3S0BPJ2`→`YxL_MljK` (cả 2 rotate). NO migration. Task 1 Phase 9 Ops anh dừng. ⚠️ residual: 3 agent ghi MEMORY nhầm `src/Backend/.claude` → em main reconcile. Prev S53: gotcha #57 EXT Master Mig 47 + P11-D/E + database-agent verified-runtime.) + +--- + +## S71 (2026-06-18) — Harness-10 adopt: tracked run-trace folder convention + checklist 9-10 (em main + 3 Workflow, 0 production code) + +**Anh: `--resume` → `/check-email AI_INFRA và /adap-apply harness-10 và check list 9-10` → chốt "full-adap + dogfood ngay qua HMW đủ invest/imple/review, tránh sai sót".** + +**Done (3 Workflow run-id = bằng chứng mandate B3, commit pending):** +- INVEST `wf_9c2cd2cd-2e7` (4× investigator-codebase) → IMPLEMENT `wf_e4e46725-231` (3× general-purpose file-disjoint + em-main cluster) → REVIEW `wf_636bc95b-939` (3× reviewer). Migrate wave-mode (Harness-2 B6 gitignored) → run-trace `runs//` TRACKED (run.md+sub-md/+harvest/) + `_ledger.md` 2-nhịp + 3-layer + containment model shift. +- **Review (R2+R3 độc-lập = high-conf) bắt C5 L1 over-claim** (doc nói hmw.js prompt-builder emit L1, engine no-fs → grep=0) → fixed path-a (L1 = em-main @P1 ledger-check convention). **Dogfood mandate B2 đúng** — 1-workflow-tự-chấm bỏ sót L1, review-workflow RIÊNG bắt TRƯỚC commit. +- checklist 9-10: Part A (memory) + B (adap 2-workflow) done S70; Part C (Harness-10) 8/8 (C7 caveat "điểm sáng nhất"; C3 honest tracked-eligible→committed). Containment audit CLEAN (frozen-evidence 0-byte-loss per-path). adap-report `2026-06-18-Governance-checklist-harness-9-10` + email ai_infra (4 reverse-findings). + +**🔴 NEXT SESSION:** +- **⚠️ RESTART CLI (đầu việc):** activate hmw.js RUN-TRACE runtime (no hot-reload) + carry (S66/S70) §2.1.2 budget-audit + reviewer Cat-6 + H8 inherit. Sau restart spawn-test confirm. +- **L1 convention (mới Harness-10):** lúc mở run mới @P1, em-main đọc `_ledger.md` — run trước `closed=⏳` (chưa harvest) → harvest+CLOSE TRƯỚC. (Engine no-fs, KHÔNG auto — L2 session-start + L3 session-end là lưới muộn.) +- **curate-debt (S71 races):** `reviewer/MEMORY.md` **33.8KB (over-soft 30720)** + `investigator-codebase/MEMORY.md` 29.8KB — cả 2 same-role race (REVIEW + INVEST), consolidate + L1→L2. cicd/impl-be OK post-S70. Budget-audit §2.1.2 re-measure. +- **Pending product (anh/anh Kiệt — carry S69):** cấu hình "Ngưỡng giá trị gói CEO" Designer + test cờ gấp PE PRO/CCM; "C" chuyển phiếu→dự án chờ spec form. **Ops giữ S58/S59:** tzutil VPS · anh Chương email typo · 5 real-staff pw `User@1234567` · gán CNTT lock nv.cao/nv.truong. +- **Monthly audit 2026-07-01:** STATUS/HANDOFF re-tier (trim S67↓→logs) · docs/CLAUDE deep-doc count-flush + schema-diagram §16+ Mig 32-53 ERD. +- **Cert** `api.solutions.com.vn` ~2026-07-23 (auto-renew ~06-23). --- diff --git a/docs/STATUS.md b/docs/STATUS.md index d59b717..bed1009 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -3,7 +3,7 @@ > **Update rule:** trước khi bắt đầu 1 task → ghi row `🔥 In Progress`. Xong → `✅ Recently Done`. > **Tiering rule (S40):** chỉ giữ **state hiện tại + 3 session gần nhất** ở file này. Session cũ hơn → `docs/changelog/sessions/`. Full history pre-S40 → `docs/_archive/STATUS-preS40-fullhistory.md`. (Tránh over-context — xóa double, không cắt nội dung.) -**Last updated:** 2026-06-18 (S70 — **Harness-9 adopt: L2 archive dark-matter recovery + adap 2-workflow mandate** — em main + 3 Workflow (investigate `wf_be952f3c-97f` → implement `wf_a58e0d15-beb` → audit `wf_9520d8cd-4fe`) + 2 monitor bootstrap. **0 production code** (governance/memory only, commit `f36aab8` pushed). 4 over-cap sub-agent (cicd-monitor/investigator-codebase/reviewer/implementer-backend) curate L1→L2 + `archive/_INDEX.md` (mục-lục con-trỏ **substring sha-keyed**, Ctrl-F fallback) + `.gist.md` (nén 4-field distill-gen:1, verbatim FROZEN) → **cả 4 < 25KB auto-inject cap** (P1 curate-debt CLOSED; ~240KB archive hết RAG-dark). PART 2/3 process-mandate codify (adap-apply + agents/README Upgrade S70 + session-start §2.1.2 budget-audit). **0-byte-loss git+sha verified** (Stage C audit + em-main self-gate khi 2 reviewer no-StructuredOutput). +`memory-budget.json` (seed-by-measure) + `scripts/measure-agent-memory.ps1` + `.ragignore` + doc-drift 4-cite flush. adap-report + email-back ai_infra (body-hash `7c07b716e775`). **State THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`.** ⚠️ restart CLI để activate session-start §2.1.2 + pending H8 inherit + reviewer Cat-6. → session log `2026-06-17-S70-harness-9-l2-recovery.md`. **Prev S69** — **Văn phòng số (E-Office) port + golive + PE cờ gấp/ngưỡng CCM — 4 deploy prod-verified Run #305→#308, HMW-mode ON, 2 workflow fan-out + ~14 spawn**: foundation PURO (shared PageHeader/KpiCard/WidgetCard + Dashboard 2-cột + sync fe-admin index.css đóng drift S66-S68) #305 → **re-skin TRỌN 10 page** PURO layout + CSS Hồ sơ NS, phẫu-thuật-giữ-100%-logic (reviewer verify api/queryKey byte-identical) #306 → **Office golive public** `SeedAllRolesOfficeModulePermissionsAsync` read+create 16-key allow-list mọi role (mirror S65 pattern, chạy SAU revoke; excluded Off_PhongHop_Manage/Off_AttendanceReport/Off_ChamCong giữ ẩn; cicd DB-verify 16/16×13 role) #307 → **PE cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng giá trị** Mig 53 (anh Kiệt FDC sau họp sếp) #308. **State THẬT: Mig 53 · 88 bảng · 306 test (45D+261I) · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf` Run #308.** 2 gotcha NEW (**#67** Tailwind accent palette thiếu-stop vỡ-màu-im-lặng · **#68** stale-diagnostic-background-agent). 2 truncation #53 (impl-backend positional-record + impl-frontend) → em main recover-disk + self-gate (cả 2 build PASS sau-cùng). C (sau duyệt → chuyển phiếu đến dự án) chờ anh Kiệt spec form. → session log `2026-06-17-S69-vanphong-golive-pe-urgent-threshold.md`. **Prev S68** — **Hồ sơ NS header chi tiết NV: làm nổi bật + fix tên render đen→trắng** — em main solo, 3 commit (2 FE `6983609`+`37752eb` · 1 docs `11bc96d`), 2 deploy prod-verified Run #303-304 (anh UAT realtime): tên `text-xl extrabold`+drop-shadow · dòng meta `text-[13px] font-medium` trắng-đậm · badge pill **màu theo trạng thái** (#303); anh báo "tên đen nền xanh ko nổi bật" → diagnose **rule `h1-h4{color:#0b1220}` viết NGOÀI `@layer` thắng `text-white`** (Tailwind v4 unlayered > all layers, **gotcha #66 NEW**) → ép `text-white!` + thu nhỏ `text-lg` (#304, grep dist confirm `!important`). Bootstrap: 2 monitor RE-REPORT CLEAN + 2 doc-drift fix (dep-audit 64→65 · root CLAUDE 263→286, H1 flag). **State THẬT: Mig 52 · 88 bảng · 286 test · 66 gotcha · menu 53 · bundle admin `CNUv1jxY`/user `CpOskeS1` Run #304.** ⚠️ curate-debt P1: cicd-monitor **44.1KB** (worst). **Prev S67:** **buổi sản phẩm LỚN, 6 deploy prod-verified Run #297→#302** (anh + anh Kiệt FDC UAT realtime, HMW-mode ON): fe-user Hồ sơ NS đồng nhất font + chữ đen→**xanh đậm `brand-800`** (#297 `ab4e681`) · **fe-admin mirror master-detail** + accent tokens index.css [đóng pending lớn nhất HRM go-live, page SHA256 ×2] (#298 `292d64d`) · **+23 test-after HRM** [Dept cycle-guard · PE HoSoLink absolute-set · HRM-perm seed] → 263→**286** (#299 `bcd619d`) · **list flex-row gọn** [bảng 3-cột→flex-row, `overflow-x-hidden` → hết tràn ngang rail] + đồng nhất cỡ chữ [18/14/13/11px] ×2 app (#300 `91aaf05`) · **PE Link hồ sơ auto-detect** `http(s)`→hyperlink/`O:\`→Copy (#301 `6df1b2d`) → **render link `file://` bấm-thử** + Copy (#302 `536dd6b`). **Workflow research 3 investigator-api** (auto-mở `O:\` từ web): default browser CHẶN https→file://; **chỉ Edge GPO `IntranetFileLinksEnabled`** (Edge-only, Intranet Zone, 1 GPO domain zero-per-machine) = one-click thật — Chrome không có; .url-download zero-install nhưng 2-click. **State THẬT: Mig 52 · 88 bảng · 286 test (45D+241I) · 65 gotcha · menu 53 · bundle admin `CcrZqfht`/user `DniDFUB_`** (#302). test-specialist truncated return #53 → em main recover-disk (3 file test đủ + 286 verify); 0 production bug. ⚠️ curate-debt: cicd-monitor 39.8KB + inv-codebase 39.4KB over-cap. **Prev S66** — **session-end closeout em-main-solo, 0 product-sub:** adopt **Harness-8 all-inherit** (7 sub demoted `claude-opus-4-8`→`inherit` → cả 11 = inherit, gỡ two-tier Harness-4) + **cicd-monitor L1 curate 86.8→28.9KB** (byte-exact sed → `archive/2026-06.md`, incl #291 forensic) + **ef-core skill doc-flush Mig 50→52** (H1 drift, +Mig 51/52 rows) + check-email AI_INFRA (**0 thư mới se-directed**). ~17 file docs/gov/config, **0 production code** → state THẬT GIỮ NGUYÊN: **Mig 52 · 88 bảng · 263 test · 65 gotcha · menu 53 · bundle admin `BDwV5d0X`/user `DbVv6rsf`**. ⚠️ **Restart CLI** để H8 runtime (frontmatter no hot-reload) + reviewer Category 6 (S64 pending). adap-report `2026-06-16-Governance-harness-8-all-inherit-workflow-fastest` + email-back ai_infra (hash `fa7f690d` round-trip MATCH). Prev S65 — **HRM go-live: public Hồ sơ Nhân sự + trang master-detail giống NamGroup + Department hierarchy + PE Link hồ sơ**, ~6 deploy prod-verified Run #289→#295, anh + anh Kiệt FDC UAT realtime): (1) **public Hồ sơ Nhân sự mọi role** — `SeedAllRolesHrmProfileReadPermissionsAsync` grant CanRead `Hrm`+`Hrm_HoSo` 13 role chạy SAU revoke S58 (upgrade-only; EmployeesController policy-based `Hrm_HoSo.Read` mở luôn API không hardcode Roles), giữ ẩn Dashboard NS, Run #289; (2) **redesign màu foundation fe-user** — accent palette teal/violet/amberx/greenx + `.app-gradient-brand`/`.card-accent`/`.icon-chip` + heading 700, brand #1F7DC1 + Be Vietnam Pro giữ, Run #290; (3) **Department hierarchy** Mig 51 `AddDepartmentParentId` (ParentId loose-Guid no-FK + `GET /departments/tree` ráp cây in-memory + rollup count theo `User.DepartmentId` + cycle-guard HashSet) + picker "Phòng cha" fe-admin (self-service org chart) + Update cycle-guard, Run #292; (4) **Hồ sơ Nhân sự master-detail giống NamGroup** — `EmployeesListPage` rewrite: 3-panel→**2-cột** (cây tổ chức gốc "SOLUTION COMPANY" + list chồng TRÁI · chi tiết 5 tab PHẢI) + tô màu accent, giữ 100% 5 satellite CRUD (16 endpoint), Run #293/#294/#295; (5) **PE mục "e. Link hồ sơ"** Mig 52 `AddHoSoLinkToPurchaseEvaluation` (`HoSoLink string?` hyperlink NAS + `` target_blank rel-noopener + null-safe) + rename "Dự trù PRO"→"Ngân sách PRO" (row+badge) ×2 app SHA256-mirror, Run #293. **State THẬT: Mig 52 · 88 bảng · 263 test (45D+218I) · 65 gotcha · menu 53 · bundle admin `BDwV5d0X`/user `DbVv6rsf`** (Run #295 `456c7a7` Employee-refine — user rotate `CZfo_PFZ→DbVv6rsf`, cicd PASS). **🔥 Workflow fan-out chạy THẬT lần đầu** (`pe-hoso-link-rename-pro` BE∥FE→review) — parallel disjoint-file OK, NHƯNG FE+reviewer return-RỖNG #53 → em main recover-disk + self-gate (bắt badge "DỰ TRÙ PRO" sót rename); **verdict: fan-out cho parallelism nhưng reviewer-stage không tin được trong harness này → verify-heavy task vẫn tự gác = tương đương spawn lẻ** (`feedback_workflow_fanout_reliability`). gotcha **#65** NEW (build csproj con ≠ `dotnet build slnx` gồm tests → miss test-compile khi đổi chữ ký record command → CI CS7036 Run #291 FAIL-gated). **Prev S64** adopt **Harness-7 writing-quality floor** — em main solo, commit `6afde19` docs/gov-only, 0 sub spawn: `rules.md §1.1` outward-VN-full-grammar + reviewer Category 6 + adap-report + email ai_infra; broadcast body-hash `a4580ea9` verified-MATCH **KHÔNG mis-stamp** [false-mismatch = gotcha #61 PS5.1 UTF-8 decode của em]. Prev S63 docs-closeout bù S60/S61/S62 — **State THẬT: Mig 50 · 88 bảng · 263 test (45D+218I) · 64 gotcha · menu 53 · bundle admin `0xKYGhhf`/user `C81ZdG9G` Run #286**; S60-62 = PE ràng buộc gửi-duyệt + bypass drafter (S60) · gỡ "Từ chối" (S60) · Mig 50 ngân sách per-gói-thầu Excel anh Kiệt + XÓA module Budget cũ (S61) · vượt-NS cảnh-báo-mềm cho lưu (S62); + reconcile stray reviewer cwd-misland; session log `2026-06-12-S60-S62-pe-budget-workitem-softwarning.md`). Prev Session 59 ( **10 đợt ship prod-verified: 8 Run PASS + 2 cancelled-supersede-benign #273→#282** (run_number API — dải đếm khác #38x S58, cùng pipeline; 2 cancel = push-đè khi UAT góp ý realtime, ancestor-verified): (1) **wipe transactional testing data** theo anh Kiệt FDC — 10 PE + 7 HĐ [DEMO] + 64 notif + 1 AwV2 cũ inactive = 0, reset PeSeq/CtSeq → phiếu thật đầu tiên team tạo chiều nay = **PE/2026/A/001** ✓, app-recycle KHÔNG resurrect (DemoSeed gate held), uploads orphan dọn (`56882ac` #273); (2+3) **PE tree Panel 1 chốt 4 tầng "📅 Năm > 📁 Dự án > 🧱 Hạng mục > Phiếu"** (anh chốt follow-up sau bản gộp "Dự án (Năm)"; `yearGroups` useMemo, expand-key v3, FE-only — list DTO đã có workItemName S57bis) (`0eafcd3` #274); (4) **dọn 15 mã hạng mục demo tự chế** theo chị Trà Sol "xóa cái đám phần thô phần hoàn thiện… MÀ ANH TỰ ĐẺ RA" — WorkItems 86→**71**, GỠ HẲN block seed demo khỏi DbInitializer, đối chiếu 71/71 khớp bảng PMH từng dòng (`bbd1554` #275, bundle frozen BE-only); (5) **rename 71 mã đúng format PMH anh Kiệt chốt** "MÃ CV gồm chữ MEP-SUB-1 rồi tên 1 MEP Sub MEP (Full) — đúng kiểu vậy" → `MAT-n`/`SUB-n`/`MEP-SUB-n`/`MEP-EQU-n` + Name "STT nhóm tên"; **DB-trước-code-sau** (gotcha **#62** NEW — seed per-code idempotent, sai thứ tự = 142 rows) + sqlcmd `-f 65001` (gotcha **#61** NEW — verify data qua API JSON, KHÔNG tin console mojibake) + FE sort numeric ×3 ×2 app (`c869d26` #276); (6) **UAT 6 vòng 11 điểm**: NEW **`ui/SearchableSelect`** combobox gõ-lọc BỎ DẤU (fold NFD — Hạng mục/Dự án/NCC) + auto Địa điểm từ Project.Location + điều khoản TT Textarea đa dòng (`faed59f` #277) · anh chốt: **ẩn cả Trả lại+Từ chối khi người duyệt = người soạn** (drafterUserId match) + **quick-add NCC ngay form** (SuppliersController POST hạ → any-auth, PUT/DELETE giữ khóa — cicd authz probe live 4/4: 401 unauth/201 nv.test/403 delete/cleanup) + upload multiple files ×2 chỗ (`9c330d2` #278) · vòng 3-6 realtime (`f21c55d` #279-cancelled / `69997da` #280 / `80b64dd` #281-cancelled / `792c030` **#282 FINAL**): **bảng NCC table-fixed** width từng cột (file dài hết vỡ layout) + **bỏ ô "Tên" ngân sách nhập tay** (chỉ còn Số tiền, hasManual detect theo amount) + **GỠ field "Điều khoản thanh toán" khỏi TẤT CẢ form phiếu** (cột per-NCC + display phiếu cũ GIỮ) + **bỏ nút "+ Thêm hạng mục"** (1 phiếu = 1 hạng mục header). Bundle FINAL admin **`B1DtNT9C`**/user **`D6uF3Mln`** (Run #282). Test 240 ×2 local + 8× CI gate. **0/14 spawn truncated** (lần đầu sau nhiều session). → session log `2026-06-11-S59-wipe-tree-pmh-uat-batch.md`. Prev S58 (2026-06-11 — **4 việc prod-verified Run #382/#383/#384**: lock-demo-user fix + tạm ẩn HRM/Office/Cá nhân + Danh mục cuối sidebar + fe-user redesign theo UI/UX guide AI_INFRA. **Việc 1 — lock fix** (Run #382, `5998163` ~3m31s): Run #381 cicd phát hiện S57bis lock = NO-OP (14 email named-person là population Dev-only). Recon dump prod: demo thật = 20 UAT-matrix `{dept}.{nv,pp,tp}@`+`bod.{1,2}@` tạo TAY 05-13; root cause sâu = `DemoUserPassword` 11 ký tự < prod `RequiredLength=12` → `CreateAsync` silent-fail MỌI startup từ trước tới giờ (= root cause "helpdesk inert phòng IT 0 user" S56). Fix: union 20 email + password 12 ký tự. Prod sau deploy: **55 user / 21 active / 34 locked** — 20 UAT + 14 named-person locked ✓, **nv.cao/nv.truong CREATED+ACTIVE (helpdesk S56 RESOLVED)** ✓, 5 real staff created ✓, guard admin/catalog.manager/nv.test/chuong.phan-typo active ✓ (anh chốt 3 quyết định AskUserQuestion). Bundle FROZEN. gotcha **#60** NEW (seed silent-fail vs prod password policy — dump population thật trước khi lock/seed-by-email). +Closeout S57bis residual: gotcha #59 commit, 4 spawn-record on-behalf (H2 4-MISS), H1 5-patch doc-drift, test 240 re-verified local. Prev S57bis (2026-06-11 sáng) — **PE gắn Hạng mục công việc (Mig 49) + mở quyền Pe all-role + menu "Cá nhân" + khóa demo user** (sếp Zalo deadline 15:00): commit `17b23a4` (Harness-4 two-tier runtime-VERIFIED spawn-test 2 chiều) + `dd117b7` (product) → Run #381 PASS ~4m25s. Mig 49 `AddWorkItemToPurchaseEvaluation`: PE.WorkItemId `Guid?` loose-Guid KHÔNG FK vật lý (convention PE — database-agent design) + IX + validator NotEmpty create + FK-guard handler Conflict + UpdateDraft null-safe. FE ×2 app PeWorkspaceCreateView/PeHeaderForm (SHA256 identical)/PeDetailTabs "Dự án – Hạng mục". Pe_* 11 key CanRead+CanCreate mọi role (130 rows/13 role — Pe_* leaf KHÔNG nằm MenuKeys.All, build qua factory). Menu Personal root@30 + Chấm công re-parent + Master write-lock `Admin,CatalogManager` ×3 controller. Test 228→**240** (+12 PeWorkItemGuardTests). Bundle rotate cả 2: admin `CP4CB1ym` / user `BmZ3VHnm`. 2 builder truncated #53 + reviewer die-0-byte ×2 → em main solo vá cross-stack + self-gate. Excel (3) đối chiếu = NO-CHANGE (S55 data identical). Prev S56 — **Pre-golive verify sweep + golive-harden 4 fix — HMW 2-workflow, prod-verified**: commit `a20cde8` → Run #379 PASS ~4m20s. WF1 `pre-golive-verify` 7-stream song song + adversarial → 6 PASS/1 CONCERN/0 blocker = **GO**; key finds = **ops not code** (prod IT-dept 0 active user → helpdesk inert + S43 LeaveBalance lost-update còn nguyên). WF2 `golive-harden` fix 4: **#3** LeaveBalance lost-update→atomic `ExecuteUpdateAsync`+Serializable tx (NO mig, exactly-once nguyên) · **#5** ItTicket authz Forbidden-trước-NotFound (fail-closed) · **#6** DocxRenderer null-guard (2 warn→0) · **#4** Travel/Vehicle ApproveV2 +4 smoke. Test **216→228**. Bundle FROZEN `4SUwDLD8`/`XdKzt9LL` (BE-only). `sys.tables` re-ground **92→93** (cicd ground-truth, Mig 48 col-only). reviewer stage StructuredOutput-fail→em main đỡ cross-stack review (3 diff clean) + bump Serializable đóng MAJOR. gotcha **#58** NEW (EF read-modify-write lost-update→ExecuteUpdate atomic). **2 ops VPS pending** (gán user phòng IT + `tzutil` UTC+7). FE Phase 2 redesign **deferred** (recon ready). Prev S55 — **Nạp master data thật từ Excel + Project +4 cột (Mig 48), HMW-mode ON**: commit `69cb393` → Run #377 PASS ~4m33s, prod-verified. Anh giao file Excel "HẠNG MỤC CÔNG VIỆC DỰ ÁN" → `/ultra-on "workflow làm xong hết"`. Nạp **62 dự án + 71 hạng mục + 3 NCC** vào Project/WorkItem/Supplier qua `SeedRealMasterDataAsync` (per-code idempotent, **UNGATED** → coexist demo, tự lên prod). **Mig 48 `AddProjectMasterFields`**: Project +4 cột nullable (Year/Investor/Location/Package, NO new table). FE ProjectsPage form +4 input ×2 app SHA256 mirror. Test 216 (compile-fix MasterCatalogFilteredUniqueTests +4 null args, no new test). Bundle admin `DmjI8Cmn`→`B-d6893W`/user `YxL_MljK`→`XdKzt9LL` (cả 2 rotate). Prod verify: Mig 48 applied · Projects spot-6/6 · WorkItems VT/TP/MEP/TB=71 · Suppliers 3 · CAL01.Investor="Công ty TNHH Calofic". **2 agent return truncated** (implementer-backend + reviewer, gotcha #53) → em main disk/runtime-recover (build/test/sqlcmd/git truth); cicd verdict-FIRST → PASS clean no-truncate. Data-quality catch: MEP col gộp 2 nhóm + divider "THIẾT BỊ" → split đúng 71/4-category. Provenance `scripts/master-import-data.generated.md`. Prev S54 — **IT staff tự reassign ticket (cross-stack authz, HMW-mode ON)**: 1 code commit `ca4b602` → Run #376 PASS ~4m18s, prod-verified. Cho tổ IT (dept Code=="IT") + Admin reassign ItTicket trên CẢ 2 app. BE: NEW `GetAssignableItStaffQuery` capability endpoint `{canReassign,staff}` + `AssignItTicketHandler` authz Admin-OR-dept-IT (Forbidden) + assignee-must-IT (Conflict) + controller `/assign` hạ `[Authorize(Roles=Admin)]`→`[Authorize]` (handler fine-grained). FE: fe-admin+fe-user ItTicketsPage **SHA256-identical** (REVERSE S53 divergence) gate nút by `canReassign`, dropdown từ `/assignable-staff` (không `/users`). Test 203→**216** (+13 authz guard test-before-merge). NO migration (DepartmentId reuse). Bundle admin `DfCfHUE9`→`DmjI8Cmn` / user `_3S0BPJ2`→`YxL_MljK` (cả 2 rotate). 6-agent fan-out (BE∥FE→test→reviewer→cicd) + em main reconcile stray-memory residual (3 agent ghi MEMORY nhầm `src/Backend/.claude` → harvest về canonical). reviewer PASS 0 blocker (role-string "Admin" chain-verified). Task 1 Phase 9 Ops KHÔNG làm (anh dừng). flag: cicd `sys.tables=93` vs STATUS 92 → monthly audit re-ground.) Prev S53 (gotcha #57 EXT Master Mig 47 + P11-D reassign-UI fe-admin + P11-E menu + database-agent verified-runtime: `44b9e54` Run #260 + `dbf6648` Run #261, test→203, bundle→`DfCfHUE9`). Prev S52 (Phase 11 P11-D+E+F deployed + database-agent adopt, HMW-mode ON): 3 commit — `e9ee97f` (database-agent DB1–DB11 read-advisory, roster 10→11, executed-file CHỜ restart) + `6a66429` Wave 1 (P11-E AttendanceReport+Excel+OtPolicy multiplier + P11-F MaTicket codegen, migration-free) + `dcf76f8` Wave 2 (P11-D ItTicket round-robin assign dept-IT + SLA timer, Mig 46). Test 186→**200**. Bundle admin `DYfjnpY0`/user `_3S0BPJ2` (cả 2 deploy verified curl độc lập — Wave 1 BE 401 wired + Wave 2 /assign 401 + Mig 46 applied health-200). ⚠️ **Session-limit hit giữa Wave 2** → recovery: BE/test verify-on-disk + em main solo FE redo + curl-self-verify thay cicd-spawn (multi-agent resilience, git/disk/prod = source-of-truth). RAG recovered (chunk 2416 rerank live) nhưng stale 05-29. Prev S51: P11-C Vehicle+Driver.) +**Last updated:** 2026-06-18 (S71 — **Harness-10 adopt: tracked run-trace folder convention + checklist 9-10 self-verify** — em main + 3 Workflow (invest `wf_9c2cd2cd-2e7` → implement `wf_e4e46725-231` → review `wf_636bc95b-939`) theo mandate Harness-9 PART 2. **0 production code** (governance/workflow only). Migrate `.claude/workflows/wave-*/` gitignored → `runs//` **git-TRACKED** (run.md + sub-md/ + harvest/) + `_ledger.md` 2-nhịp + 3-layer anti-miss (L1 em-main@P1 ledger-check / L2 session-start orphan-scan / L3 session-end close-gate **idempotent-VERIFY-not-re-APPEND**) + **containment model shift** (Harness-2 B6 "mọi tracked-change=vi-phạm" → Harness-10 "tracked-change NGOÀI run-folder + code-disjoint=vi-phạm"; run-folder TRACKED → HIỆN git-diff = audit trực-tiếp). hmw.js wave→run-trace (accept `args.run`, alias `wave`; path `sub-md/`; `node --check` PARSE-OK). **Review độc-lập (R2+R3) bắt C5 L1 over-claim** (doc nói hmw.js prompt-builder emit L1 reminder nhưng grep engine=0 → engine no-fs → fixed path-a: L1 = em-main @P1 convention) — dogfood mandate B2 đúng (1-workflow-tự-chấm sẽ bỏ sót). **checklist 9-10:** Part A (Harness-9 memory) + Part B (adap 2-workflow) ĐÃ done S70; Part C (Harness-10) MỚI 8/8. dogfood: 3 run-trace folder TRACKED đầu + 3 entry ledger. adap-report `2026-06-18-Governance-checklist-harness-9-10` + email ai_infra. **State THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`.** + `CLAUDE.md` test-flush 263→306 (pre-existing uncommitted, resolve H1 stale-flag). ⚠️ restart CLI activate hmw.js RUN-TRACE runtime + (carry S66/S70) §2.1.2 budget-audit/reviewer-Cat-6/H8-inherit. ⚠️ curate-debt: `reviewer/MEMORY.md` 33.8KB (over-soft) + `investigator-codebase/MEMORY.md` 29.8KB — cả 2 do S71 same-role race (content hợp-lệ additive; hmw.js RUN-TRACE guard giờ chống tái). → session log `2026-06-18-S71-harness-10-run-trace.md` (pending). **Prev S70** — **Harness-9 adopt: L2 archive dark-matter recovery + adap 2-workflow mandate** — em main + 3 Workflow (investigate `wf_be952f3c-97f` → implement `wf_a58e0d15-beb` → audit `wf_9520d8cd-4fe`) + 2 monitor bootstrap. **0 production code** (governance/memory only, commit `f36aab8` pushed). 4 over-cap sub-agent (cicd-monitor/investigator-codebase/reviewer/implementer-backend) curate L1→L2 + `archive/_INDEX.md` (mục-lục con-trỏ **substring sha-keyed**, Ctrl-F fallback) + `.gist.md` (nén 4-field distill-gen:1, verbatim FROZEN) → **cả 4 < 25KB auto-inject cap** (P1 curate-debt CLOSED; ~240KB archive hết RAG-dark). PART 2/3 process-mandate codify (adap-apply + agents/README Upgrade S70 + session-start §2.1.2 budget-audit). **0-byte-loss git+sha verified** (Stage C audit + em-main self-gate khi 2 reviewer no-StructuredOutput). +`memory-budget.json` (seed-by-measure) + `scripts/measure-agent-memory.ps1` + `.ragignore` + doc-drift 4-cite flush. adap-report + email-back ai_infra (body-hash `7c07b716e775`). **State THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`.** ⚠️ restart CLI để activate session-start §2.1.2 + pending H8 inherit + reviewer Cat-6. → session log `2026-06-17-S70-harness-9-l2-recovery.md`. **Prev S69** — **Văn phòng số (E-Office) port + golive + PE cờ gấp/ngưỡng CCM — 4 deploy prod-verified Run #305→#308, HMW-mode ON, 2 workflow fan-out + ~14 spawn**: foundation PURO (shared PageHeader/KpiCard/WidgetCard + Dashboard 2-cột + sync fe-admin index.css đóng drift S66-S68) #305 → **re-skin TRỌN 10 page** PURO layout + CSS Hồ sơ NS, phẫu-thuật-giữ-100%-logic (reviewer verify api/queryKey byte-identical) #306 → **Office golive public** `SeedAllRolesOfficeModulePermissionsAsync` read+create 16-key allow-list mọi role (mirror S65 pattern, chạy SAU revoke; excluded Off_PhongHop_Manage/Off_AttendanceReport/Off_ChamCong giữ ẩn; cicd DB-verify 16/16×13 role) #307 → **PE cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng giá trị** Mig 53 (anh Kiệt FDC sau họp sếp) #308. **State THẬT: Mig 53 · 88 bảng · 306 test (45D+261I) · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf` Run #308.** 2 gotcha NEW (**#67** Tailwind accent palette thiếu-stop vỡ-màu-im-lặng · **#68** stale-diagnostic-background-agent). 2 truncation #53 (impl-backend positional-record + impl-frontend) → em main recover-disk + self-gate (cả 2 build PASS sau-cùng). C (sau duyệt → chuyển phiếu đến dự án) chờ anh Kiệt spec form. → session log `2026-06-17-S69-vanphong-golive-pe-urgent-threshold.md`. **Prev S68** — **Hồ sơ NS header chi tiết NV: làm nổi bật + fix tên render đen→trắng** — em main solo, 3 commit (2 FE `6983609`+`37752eb` · 1 docs `11bc96d`), 2 deploy prod-verified Run #303-304 (anh UAT realtime): tên `text-xl extrabold`+drop-shadow · dòng meta `text-[13px] font-medium` trắng-đậm · badge pill **màu theo trạng thái** (#303); anh báo "tên đen nền xanh ko nổi bật" → diagnose **rule `h1-h4{color:#0b1220}` viết NGOÀI `@layer` thắng `text-white`** (Tailwind v4 unlayered > all layers, **gotcha #66 NEW**) → ép `text-white!` + thu nhỏ `text-lg` (#304, grep dist confirm `!important`). Bootstrap: 2 monitor RE-REPORT CLEAN + 2 doc-drift fix (dep-audit 64→65 · root CLAUDE 263→286, H1 flag). **State THẬT: Mig 52 · 88 bảng · 286 test · 66 gotcha · menu 53 · bundle admin `CNUv1jxY`/user `CpOskeS1` Run #304.** ⚠️ curate-debt P1: cicd-monitor **44.1KB** (worst). **Prev S67:** **buổi sản phẩm LỚN, 6 deploy prod-verified Run #297→#302** (anh + anh Kiệt FDC UAT realtime, HMW-mode ON): fe-user Hồ sơ NS đồng nhất font + chữ đen→**xanh đậm `brand-800`** (#297 `ab4e681`) · **fe-admin mirror master-detail** + accent tokens index.css [đóng pending lớn nhất HRM go-live, page SHA256 ×2] (#298 `292d64d`) · **+23 test-after HRM** [Dept cycle-guard · PE HoSoLink absolute-set · HRM-perm seed] → 263→**286** (#299 `bcd619d`) · **list flex-row gọn** [bảng 3-cột→flex-row, `overflow-x-hidden` → hết tràn ngang rail] + đồng nhất cỡ chữ [18/14/13/11px] ×2 app (#300 `91aaf05`) · **PE Link hồ sơ auto-detect** `http(s)`→hyperlink/`O:\`→Copy (#301 `6df1b2d`) → **render link `file://` bấm-thử** + Copy (#302 `536dd6b`). **Workflow research 3 investigator-api** (auto-mở `O:\` từ web): default browser CHẶN https→file://; **chỉ Edge GPO `IntranetFileLinksEnabled`** (Edge-only, Intranet Zone, 1 GPO domain zero-per-machine) = one-click thật — Chrome không có; .url-download zero-install nhưng 2-click. **State THẬT: Mig 52 · 88 bảng · 286 test (45D+241I) · 65 gotcha · menu 53 · bundle admin `CcrZqfht`/user `DniDFUB_`** (#302). test-specialist truncated return #53 → em main recover-disk (3 file test đủ + 286 verify); 0 production bug. ⚠️ curate-debt: cicd-monitor 39.8KB + inv-codebase 39.4KB over-cap. **Prev S66** — **session-end closeout em-main-solo, 0 product-sub:** adopt **Harness-8 all-inherit** (7 sub demoted `claude-opus-4-8`→`inherit` → cả 11 = inherit, gỡ two-tier Harness-4) + **cicd-monitor L1 curate 86.8→28.9KB** (byte-exact sed → `archive/2026-06.md`, incl #291 forensic) + **ef-core skill doc-flush Mig 50→52** (H1 drift, +Mig 51/52 rows) + check-email AI_INFRA (**0 thư mới se-directed**). ~17 file docs/gov/config, **0 production code** → state THẬT GIỮ NGUYÊN: **Mig 52 · 88 bảng · 263 test · 65 gotcha · menu 53 · bundle admin `BDwV5d0X`/user `DbVv6rsf`**. ⚠️ **Restart CLI** để H8 runtime (frontmatter no hot-reload) + reviewer Category 6 (S64 pending). adap-report `2026-06-16-Governance-harness-8-all-inherit-workflow-fastest` + email-back ai_infra (hash `fa7f690d` round-trip MATCH). Prev S65 — **HRM go-live: public Hồ sơ Nhân sự + trang master-detail giống NamGroup + Department hierarchy + PE Link hồ sơ**, ~6 deploy prod-verified Run #289→#295, anh + anh Kiệt FDC UAT realtime): (1) **public Hồ sơ Nhân sự mọi role** — `SeedAllRolesHrmProfileReadPermissionsAsync` grant CanRead `Hrm`+`Hrm_HoSo` 13 role chạy SAU revoke S58 (upgrade-only; EmployeesController policy-based `Hrm_HoSo.Read` mở luôn API không hardcode Roles), giữ ẩn Dashboard NS, Run #289; (2) **redesign màu foundation fe-user** — accent palette teal/violet/amberx/greenx + `.app-gradient-brand`/`.card-accent`/`.icon-chip` + heading 700, brand #1F7DC1 + Be Vietnam Pro giữ, Run #290; (3) **Department hierarchy** Mig 51 `AddDepartmentParentId` (ParentId loose-Guid no-FK + `GET /departments/tree` ráp cây in-memory + rollup count theo `User.DepartmentId` + cycle-guard HashSet) + picker "Phòng cha" fe-admin (self-service org chart) + Update cycle-guard, Run #292; (4) **Hồ sơ Nhân sự master-detail giống NamGroup** — `EmployeesListPage` rewrite: 3-panel→**2-cột** (cây tổ chức gốc "SOLUTION COMPANY" + list chồng TRÁI · chi tiết 5 tab PHẢI) + tô màu accent, giữ 100% 5 satellite CRUD (16 endpoint), Run #293/#294/#295; (5) **PE mục "e. Link hồ sơ"** Mig 52 `AddHoSoLinkToPurchaseEvaluation` (`HoSoLink string?` hyperlink NAS + `` target_blank rel-noopener + null-safe) + rename "Dự trù PRO"→"Ngân sách PRO" (row+badge) ×2 app SHA256-mirror, Run #293. **State THẬT: Mig 52 · 88 bảng · 263 test (45D+218I) · 65 gotcha · menu 53 · bundle admin `BDwV5d0X`/user `DbVv6rsf`** (Run #295 `456c7a7` Employee-refine — user rotate `CZfo_PFZ→DbVv6rsf`, cicd PASS). **🔥 Workflow fan-out chạy THẬT lần đầu** (`pe-hoso-link-rename-pro` BE∥FE→review) — parallel disjoint-file OK, NHƯNG FE+reviewer return-RỖNG #53 → em main recover-disk + self-gate (bắt badge "DỰ TRÙ PRO" sót rename); **verdict: fan-out cho parallelism nhưng reviewer-stage không tin được trong harness này → verify-heavy task vẫn tự gác = tương đương spawn lẻ** (`feedback_workflow_fanout_reliability`). gotcha **#65** NEW (build csproj con ≠ `dotnet build slnx` gồm tests → miss test-compile khi đổi chữ ký record command → CI CS7036 Run #291 FAIL-gated). **Prev S64** adopt **Harness-7 writing-quality floor** — em main solo, commit `6afde19` docs/gov-only, 0 sub spawn: `rules.md §1.1` outward-VN-full-grammar + reviewer Category 6 + adap-report + email ai_infra; broadcast body-hash `a4580ea9` verified-MATCH **KHÔNG mis-stamp** [false-mismatch = gotcha #61 PS5.1 UTF-8 decode của em]. Prev S63 docs-closeout bù S60/S61/S62 — **State THẬT: Mig 50 · 88 bảng · 263 test (45D+218I) · 64 gotcha · menu 53 · bundle admin `0xKYGhhf`/user `C81ZdG9G` Run #286**; S60-62 = PE ràng buộc gửi-duyệt + bypass drafter (S60) · gỡ "Từ chối" (S60) · Mig 50 ngân sách per-gói-thầu Excel anh Kiệt + XÓA module Budget cũ (S61) · vượt-NS cảnh-báo-mềm cho lưu (S62); + reconcile stray reviewer cwd-misland; session log `2026-06-12-S60-S62-pe-budget-workitem-softwarning.md`). Prev Session 59 ( **10 đợt ship prod-verified: 8 Run PASS + 2 cancelled-supersede-benign #273→#282** (run_number API — dải đếm khác #38x S58, cùng pipeline; 2 cancel = push-đè khi UAT góp ý realtime, ancestor-verified): (1) **wipe transactional testing data** theo anh Kiệt FDC — 10 PE + 7 HĐ [DEMO] + 64 notif + 1 AwV2 cũ inactive = 0, reset PeSeq/CtSeq → phiếu thật đầu tiên team tạo chiều nay = **PE/2026/A/001** ✓, app-recycle KHÔNG resurrect (DemoSeed gate held), uploads orphan dọn (`56882ac` #273); (2+3) **PE tree Panel 1 chốt 4 tầng "📅 Năm > 📁 Dự án > 🧱 Hạng mục > Phiếu"** (anh chốt follow-up sau bản gộp "Dự án (Năm)"; `yearGroups` useMemo, expand-key v3, FE-only — list DTO đã có workItemName S57bis) (`0eafcd3` #274); (4) **dọn 15 mã hạng mục demo tự chế** theo chị Trà Sol "xóa cái đám phần thô phần hoàn thiện… MÀ ANH TỰ ĐẺ RA" — WorkItems 86→**71**, GỠ HẲN block seed demo khỏi DbInitializer, đối chiếu 71/71 khớp bảng PMH từng dòng (`bbd1554` #275, bundle frozen BE-only); (5) **rename 71 mã đúng format PMH anh Kiệt chốt** "MÃ CV gồm chữ MEP-SUB-1 rồi tên 1 MEP Sub MEP (Full) — đúng kiểu vậy" → `MAT-n`/`SUB-n`/`MEP-SUB-n`/`MEP-EQU-n` + Name "STT nhóm tên"; **DB-trước-code-sau** (gotcha **#62** NEW — seed per-code idempotent, sai thứ tự = 142 rows) + sqlcmd `-f 65001` (gotcha **#61** NEW — verify data qua API JSON, KHÔNG tin console mojibake) + FE sort numeric ×3 ×2 app (`c869d26` #276); (6) **UAT 6 vòng 11 điểm**: NEW **`ui/SearchableSelect`** combobox gõ-lọc BỎ DẤU (fold NFD — Hạng mục/Dự án/NCC) + auto Địa điểm từ Project.Location + điều khoản TT Textarea đa dòng (`faed59f` #277) · anh chốt: **ẩn cả Trả lại+Từ chối khi người duyệt = người soạn** (drafterUserId match) + **quick-add NCC ngay form** (SuppliersController POST hạ → any-auth, PUT/DELETE giữ khóa — cicd authz probe live 4/4: 401 unauth/201 nv.test/403 delete/cleanup) + upload multiple files ×2 chỗ (`9c330d2` #278) · vòng 3-6 realtime (`f21c55d` #279-cancelled / `69997da` #280 / `80b64dd` #281-cancelled / `792c030` **#282 FINAL**): **bảng NCC table-fixed** width từng cột (file dài hết vỡ layout) + **bỏ ô "Tên" ngân sách nhập tay** (chỉ còn Số tiền, hasManual detect theo amount) + **GỠ field "Điều khoản thanh toán" khỏi TẤT CẢ form phiếu** (cột per-NCC + display phiếu cũ GIỮ) + **bỏ nút "+ Thêm hạng mục"** (1 phiếu = 1 hạng mục header). Bundle FINAL admin **`B1DtNT9C`**/user **`D6uF3Mln`** (Run #282). Test 240 ×2 local + 8× CI gate. **0/14 spawn truncated** (lần đầu sau nhiều session). → session log `2026-06-11-S59-wipe-tree-pmh-uat-batch.md`. Prev S58 (2026-06-11 — **4 việc prod-verified Run #382/#383/#384**: lock-demo-user fix + tạm ẩn HRM/Office/Cá nhân + Danh mục cuối sidebar + fe-user redesign theo UI/UX guide AI_INFRA. **Việc 1 — lock fix** (Run #382, `5998163` ~3m31s): Run #381 cicd phát hiện S57bis lock = NO-OP (14 email named-person là population Dev-only). Recon dump prod: demo thật = 20 UAT-matrix `{dept}.{nv,pp,tp}@`+`bod.{1,2}@` tạo TAY 05-13; root cause sâu = `DemoUserPassword` 11 ký tự < prod `RequiredLength=12` → `CreateAsync` silent-fail MỌI startup từ trước tới giờ (= root cause "helpdesk inert phòng IT 0 user" S56). Fix: union 20 email + password 12 ký tự. Prod sau deploy: **55 user / 21 active / 34 locked** — 20 UAT + 14 named-person locked ✓, **nv.cao/nv.truong CREATED+ACTIVE (helpdesk S56 RESOLVED)** ✓, 5 real staff created ✓, guard admin/catalog.manager/nv.test/chuong.phan-typo active ✓ (anh chốt 3 quyết định AskUserQuestion). Bundle FROZEN. gotcha **#60** NEW (seed silent-fail vs prod password policy — dump population thật trước khi lock/seed-by-email). +Closeout S57bis residual: gotcha #59 commit, 4 spawn-record on-behalf (H2 4-MISS), H1 5-patch doc-drift, test 240 re-verified local. Prev S57bis (2026-06-11 sáng) — **PE gắn Hạng mục công việc (Mig 49) + mở quyền Pe all-role + menu "Cá nhân" + khóa demo user** (sếp Zalo deadline 15:00): commit `17b23a4` (Harness-4 two-tier runtime-VERIFIED spawn-test 2 chiều) + `dd117b7` (product) → Run #381 PASS ~4m25s. Mig 49 `AddWorkItemToPurchaseEvaluation`: PE.WorkItemId `Guid?` loose-Guid KHÔNG FK vật lý (convention PE — database-agent design) + IX + validator NotEmpty create + FK-guard handler Conflict + UpdateDraft null-safe. FE ×2 app PeWorkspaceCreateView/PeHeaderForm (SHA256 identical)/PeDetailTabs "Dự án – Hạng mục". Pe_* 11 key CanRead+CanCreate mọi role (130 rows/13 role — Pe_* leaf KHÔNG nằm MenuKeys.All, build qua factory). Menu Personal root@30 + Chấm công re-parent + Master write-lock `Admin,CatalogManager` ×3 controller. Test 228→**240** (+12 PeWorkItemGuardTests). Bundle rotate cả 2: admin `CP4CB1ym` / user `BmZ3VHnm`. 2 builder truncated #53 + reviewer die-0-byte ×2 → em main solo vá cross-stack + self-gate. Excel (3) đối chiếu = NO-CHANGE (S55 data identical). Prev S56 — **Pre-golive verify sweep + golive-harden 4 fix — HMW 2-workflow, prod-verified**: commit `a20cde8` → Run #379 PASS ~4m20s. WF1 `pre-golive-verify` 7-stream song song + adversarial → 6 PASS/1 CONCERN/0 blocker = **GO**; key finds = **ops not code** (prod IT-dept 0 active user → helpdesk inert + S43 LeaveBalance lost-update còn nguyên). WF2 `golive-harden` fix 4: **#3** LeaveBalance lost-update→atomic `ExecuteUpdateAsync`+Serializable tx (NO mig, exactly-once nguyên) · **#5** ItTicket authz Forbidden-trước-NotFound (fail-closed) · **#6** DocxRenderer null-guard (2 warn→0) · **#4** Travel/Vehicle ApproveV2 +4 smoke. Test **216→228**. Bundle FROZEN `4SUwDLD8`/`XdKzt9LL` (BE-only). `sys.tables` re-ground **92→93** (cicd ground-truth, Mig 48 col-only). reviewer stage StructuredOutput-fail→em main đỡ cross-stack review (3 diff clean) + bump Serializable đóng MAJOR. gotcha **#58** NEW (EF read-modify-write lost-update→ExecuteUpdate atomic). **2 ops VPS pending** (gán user phòng IT + `tzutil` UTC+7). FE Phase 2 redesign **deferred** (recon ready). Prev S55 — **Nạp master data thật từ Excel + Project +4 cột (Mig 48), HMW-mode ON**: commit `69cb393` → Run #377 PASS ~4m33s, prod-verified. Anh giao file Excel "HẠNG MỤC CÔNG VIỆC DỰ ÁN" → `/ultra-on "workflow làm xong hết"`. Nạp **62 dự án + 71 hạng mục + 3 NCC** vào Project/WorkItem/Supplier qua `SeedRealMasterDataAsync` (per-code idempotent, **UNGATED** → coexist demo, tự lên prod). **Mig 48 `AddProjectMasterFields`**: Project +4 cột nullable (Year/Investor/Location/Package, NO new table). FE ProjectsPage form +4 input ×2 app SHA256 mirror. Test 216 (compile-fix MasterCatalogFilteredUniqueTests +4 null args, no new test). Bundle admin `DmjI8Cmn`→`B-d6893W`/user `YxL_MljK`→`XdKzt9LL` (cả 2 rotate). Prod verify: Mig 48 applied · Projects spot-6/6 · WorkItems VT/TP/MEP/TB=71 · Suppliers 3 · CAL01.Investor="Công ty TNHH Calofic". **2 agent return truncated** (implementer-backend + reviewer, gotcha #53) → em main disk/runtime-recover (build/test/sqlcmd/git truth); cicd verdict-FIRST → PASS clean no-truncate. Data-quality catch: MEP col gộp 2 nhóm + divider "THIẾT BỊ" → split đúng 71/4-category. Provenance `scripts/master-import-data.generated.md`. Prev S54 — **IT staff tự reassign ticket (cross-stack authz, HMW-mode ON)**: 1 code commit `ca4b602` → Run #376 PASS ~4m18s, prod-verified. Cho tổ IT (dept Code=="IT") + Admin reassign ItTicket trên CẢ 2 app. BE: NEW `GetAssignableItStaffQuery` capability endpoint `{canReassign,staff}` + `AssignItTicketHandler` authz Admin-OR-dept-IT (Forbidden) + assignee-must-IT (Conflict) + controller `/assign` hạ `[Authorize(Roles=Admin)]`→`[Authorize]` (handler fine-grained). FE: fe-admin+fe-user ItTicketsPage **SHA256-identical** (REVERSE S53 divergence) gate nút by `canReassign`, dropdown từ `/assignable-staff` (không `/users`). Test 203→**216** (+13 authz guard test-before-merge). NO migration (DepartmentId reuse). Bundle admin `DfCfHUE9`→`DmjI8Cmn` / user `_3S0BPJ2`→`YxL_MljK` (cả 2 rotate). 6-agent fan-out (BE∥FE→test→reviewer→cicd) + em main reconcile stray-memory residual (3 agent ghi MEMORY nhầm `src/Backend/.claude` → harvest về canonical). reviewer PASS 0 blocker (role-string "Admin" chain-verified). Task 1 Phase 9 Ops KHÔNG làm (anh dừng). flag: cicd `sys.tables=93` vs STATUS 92 → monthly audit re-ground.) Prev S53 (gotcha #57 EXT Master Mig 47 + P11-D reassign-UI fe-admin + P11-E menu + database-agent verified-runtime: `44b9e54` Run #260 + `dbf6648` Run #261, test→203, bundle→`DfCfHUE9`). Prev S52 (Phase 11 P11-D+E+F deployed + database-agent adopt, HMW-mode ON): 3 commit — `e9ee97f` (database-agent DB1–DB11 read-advisory, roster 10→11, executed-file CHỜ restart) + `6a66429` Wave 1 (P11-E AttendanceReport+Excel+OtPolicy multiplier + P11-F MaTicket codegen, migration-free) + `dcf76f8` Wave 2 (P11-D ItTicket round-robin assign dept-IT + SLA timer, Mig 46). Test 186→**200**. Bundle admin `DYfjnpY0`/user `_3S0BPJ2` (cả 2 deploy verified curl độc lập — Wave 1 BE 401 wired + Wave 2 /assign 401 + Mig 46 applied health-200). ⚠️ **Session-limit hit giữa Wave 2** → recovery: BE/test verify-on-disk + em main solo FE redo + curl-self-verify thay cicd-spawn (multi-agent resilience, git/disk/prod = source-of-truth). RAG recovered (chunk 2416 rerank live) nhưng stale 05-29. Prev S51: P11-C Vehicle+Driver.) --- @@ -31,10 +31,11 @@ --- -## 🔥 In Progress (S70) +## 🔥 In Progress (S71) | Task | Owner | Status | |---|---|---| +| **S71 — Harness-10 adopt: tracked run-trace folder + checklist 9-10** — em main + 3 Workflow (invest `wf_9c2cd2cd-2e7` / implement `wf_e4e46725-231` / review `wf_636bc95b-939`) per mandate Harness-9 PART 2. **0 production code**. Migrate `wave-*/` gitignored → `runs//` git-TRACKED (run.md+sub-md/+harvest/) + `_ledger.md` 2-nhịp + 3-layer (L1 em-main@P1 / L2 session-start / L3 session-end idempotent) + containment shift (B6→tracked-run-folder). hmw.js wave→run-trace (`node --check` OK). **Review (R2+R3) bắt C5 L1 over-claim → fixed** (em-main convention, engine no-fs). checklist 9-10: Part A/B done S70, Part C 8/8 MỚI. dogfood 3 run-folder TRACKED + ledger. adap-report + email ai_infra. **State GIỮ NGUYÊN: Mig 53·88 bảng·306 test·68 gotcha·menu 54.** **NEXT (anh):** restart CLI (hmw.js RUN-TRACE + carry §2.1.2/Cat-6/H8). **NEXT (em):** curate-debt **reviewer 33.8KB (over-soft) + inv-codebase 29.8KB** (S71 same-role races; cicd/impl-be OK post-S70) · monthly audit 07-01. → session log `2026-06-18-S71-harness-10-run-trace.md`. | 👤 + 9 sub | ✅ | | **S70 — Harness-9 adopt: L2 archive dark-matter recovery + adap 2-workflow mandate** — em main + 3 Workflow (investigate `wf_be952f3c-97f` / implement `wf_a58e0d15-beb` / audit `wf_9520d8cd-4fe`) + 2 monitor bootstrap. **0 production code** (governance/memory, commit `f36aab8` pushed). 4 over-cap sub curate L1→L2 + `_INDEX.md` (substring sha-keyed) + `.gist.md` (distill-gen:1) → cả 4 <25KB cap (**P1 curate-debt CLOSED**, ~240KB archive hết RAG-dark). 0-byte-loss git+sha (Stage C + self-gate 2 reviewer no-return). Codify adap-apply/agents-README/session-start §2.1.2 + budget.json/measure.ps1/.ragignore + doc-drift 4-flush. adap-report + email-back ai_infra (`7c07b716e775`). **NEXT (anh):** restart CLI (session-start §2.1.2 + reviewer Cat-6 + H8 inherit pending). **NEXT (em):** monthly audit 07-01 — STATUS/HANDOFF re-tier (trim S67↓→logs, defer ×9) · docs/CLAUDE deep-doc (gotcha 58→68 · 93→88 bảng · Budget-removed) + schema §16+ Mig 32-53 ERD. → session log `2026-06-17-S70-harness-9-l2-recovery.md`. | 👤 + 12 sub + 2 monitor | ✅ | | **S69 — Văn phòng số port + golive (#305→#307) + PE cờ gấp/ngưỡng CCM (#308 Mig 53)** — 4 deploy prod-verified, HMW-mode ON, 2 workflow fan-out + ~14 spawn. Foundation PURO + re-skin 10 page + Office public 16-key allow-list + PE cờ gấp/threshold. 2 gotcha NEW (#67/#68) · 2 truncation #53 recover-disk. **NEXT (anh/anh Kiệt UAT):** cấu hình "Ngưỡng giá trị gói CEO" trong Workflow Designer + test cờ gấp PRO/CCM; **xác nhận:** quy trình đặt CCM(CostControl)-trước-CEO + CEO = role Director (notify đích). **NEXT (em):** 🔴 curate cicd-monitor **65.2KB** (worst, trend tăng) + inv-codebase 47 + reviewer 43.5 + impl-be 33 over-cap · doc-flush docs/CLAUDE.md full + schema-diagram §16+. **C (sau duyệt → chuyển phiếu đến dự án) chờ anh Kiệt spec form.** → session log `2026-06-17-S69-vanphong-golive-pe-urgent-threshold.md`. | 👤 + ~14 sub | ✅ | | **S68 — Hồ sơ NS header chi tiết NV: nổi bật (size/weight/badge màu) + fix tên đen→trắng (gotcha #66)** — em main solo, 3 commit (FE `6983609`+`37752eb` · docs `11bc96d`), 2 deploy prod-verified Run #303-304 (anh UAT realtime): tên `text-xl extrabold`+drop-shadow · meta `text-[13px] font-medium` trắng-đậm · badge pill màu emerald/amber/slate theo trạng thái (#303 `D532XZKG`/`CuFaBoWt`) → anh báo "tên đen nền xanh ko nổi bật" → **rule `h1-h4{color:#0b1220}` unlayered thắng `text-white`** (Tailwind v4) → ép `text-white!` + thu nhỏ `text-lg` (#304 `CNUv1jxY`/`CpOskeS1`). Bootstrap: 2 monitor RE-REPORT CLEAN + 2 doc-drift fix (dep-audit 64→65, root CLAUDE 263→286). **NEXT (anh):** xác nhận mắt tên trắng+gọn ưng chưa (muốn nhỏ hơn→`text-base`; màu nhấn nếu cần). **NEXT (em):** 🔴 curate cicd-monitor **44.1KB** + inv-codebase 38.5 + reviewer 35.4 + impl-backend 30.7 over-cap · doc-flush docs/CLAUDE.md count + schema §16+. → session log `2026-06-16-S68-hoso-header-name-color-fix.md`. | 👤 + 3 sub | ✅ | @@ -51,6 +52,13 @@ ## ✅ Recently Done (newest on top — 3 session; cũ hơn → session logs) +### S71 (2026-06-18) — ✅ Harness-10 adopt: tracked run-trace folder convention + checklist 9-10 self-verify (em main + 3 Workflow, 0 production code) +- **`/check-email AI_INFRA`** = 0 thư mới se-directed (UI/UX guide processed S58). Broadcast `2026-06-18-Governance-checklist-harness-9-10` ở `outbox/all` (content_sha256 `ec32951a` MATCH, đọc UTF-8 tường minh #61). **KHÔNG có base Harness-10 file riêng** — spec = Part C checklist (flag trong adap-report). +- **3-stage Workflow** (mandate Harness-9 PART 2; anh chốt full-adopt + dogfood qua HMW đủ invest/imple/review, tránh sai sót): INVEST `wf_9c2cd2cd-2e7` (4× investigator-codebase — A stub-fail structured-return nhưng ghi diary thật + B/C/D strong → self-gate bù) → IMPLEMENT `wf_e4e46725-231` (3× general-purpose file-disjoint + em-main cluster) → REVIEW `wf_636bc95b-939` (3× reviewer adversarial). +- **Migrate wave→run-trace:** `.gitignore` (runs/ tracked via negation `:83`, wave-*/ giữ legacy, exit-code-trap note) · `hmw.js` (accept `args.run` + alias `wave`, path `sub-md/`, wording containment, 9 ref wave→RUN-TRACE, `node --check` PARSE-OK) · `workflows/README.md` full-rewrite · NEW `runs/README.md` (C1-C7 + caveat trung-thực) · `session-start.md:71` (L2 orphan-scan) · `session-end.md:51` (L3 close-gate idempotent) · `agents/README.md`/`harvest-curator.md`/`tooling-auditor.md` repoint. +- **Review caught (R2+R3 độc-lập = high-conf):** C5 **L1 over-claim** — `runs/README.md` nói hmw.js prompt-builder emit L1 reminder, grep engine=0 → engine no-fs KHÔNG đọc được ledger → **fixed path-a**: L1 = em-main @P1 ledger-check convention. Floor C1-C8: 7/8 PASS + C5-fixed (C7 caveat reviewer khen "điểm sáng nhất"; C3 honest "tracked-eligible → committed sau commit", KHÔNG over-claim). **Dogfood thành công mandate B2** (review-workflow RIÊNG bắt lỗi mà 1-workflow-tự-chấm bỏ sót — IMPLEMENT synthesis không nhắc L1). +- **Containment audit CLEAN:** git status = đúng tập (8 Harness-10 file + runs/ untracked + investigator MEMORY race + CLAUDE.md test-flush), 0 stray, **frozen-evidence 0-byte-loss** (broadcasts/adap-harness-2/error-ledger/sessions/STATUS/HANDOFF/archives untouched — R1 per-path verify). **State THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle `BgNCjwsG`/`CBvh0vtf`.** adap-report `2026-06-18-Governance-checklist-harness-9-10` + email ai_infra (4 reverse-findings: L1-engine-no-fs · custom-workflow-thiếu-delta-guard-race · check-ignore-exit-trap · C3-2-level-value). → session log `2026-06-18-S71-harness-10-run-trace.md` (pending). + ### S70 (2026-06-17→18) — ✅ Harness-9 adopt: L2 archive dark-matter recovery + adap 2-workflow mandate (em main + 3 Workflow + 2 monitor, 0 production code, commit `f36aab8` pushed) - **Bootstrap (`/session-start`):** 2 monitor RE-REPORT — 🟫 H1 (3 skill cite stale + curate-debt 4 agent over-cap) + ⬜ H2 (CLEAN, 0-orphan, 5-trục PASS). RAG 2426 chunks alive (stale-index 05-29). test **306 baseline verified**. `/check-email AI_INFRA` = 0 thư mới directed (outbox/se chỉ UI/UX guide processed S58). Harness-9 ở `outbox/all` (kênh adap-apply). - **`/adap-apply Harness-9`** (anh chốt "đầy-đủ-nhất", 3-stage Workflow): PART 1 L2-recovery (proposal, fit cao — SE có dark-matter thật) + PART 2/3 process-mandate (🔴 function-floor). diff --git a/docs/changelog/sessions/2026-06-18-S71-harness-10-run-trace.md b/docs/changelog/sessions/2026-06-18-S71-harness-10-run-trace.md new file mode 100644 index 0000000..d134f47 --- /dev/null +++ b/docs/changelog/sessions/2026-06-18-S71-harness-10-run-trace.md @@ -0,0 +1,47 @@ +# S71 (2026-06-18) — Harness-10 adopt: tracked run-trace folder convention + checklist 9-10 self-verify + +**Trigger:** anh `--resume` → `/check-email AI_INFRA và /adap-apply harness-10 và check list 9-10` → chốt (AskUserQuestion) "full-adap + dogfood ngay qua HMW đủ các bước invest/imple/review đầy đủ, tránh sai sót". + +**Loại:** governance/workflow-infra · **0 production code** · em-main + 3 Workflow (mandate Harness-9 PART 2). + +--- + +## Bối cảnh +- `/check-email AI_INFRA`: 0 thư mới se-directed. Broadcast mới `outbox/all/2026-06-18-Governance-checklist-harness-9-10.md` (content_sha256 `ec32951a` MATCH, đọc UTF-8 tường minh #61). +- **KHÔNG có base broadcast Harness-10 file riêng** (grep toàn `broadcasts/` chỉ match checklist) → spec Harness-10 = **Part C (C1-C8) + CAVEAT** của checklist. +- Checklist 3 phần: A (Harness-9 memory, proposal — đã adopt S70) · B (adap 2-workflow, mandatory — codify S70) · **C (Harness-10 run-trace, mandatory — MỚI)**. +- Điểm-quyết-định (AskUserQuestion): Harness-10 C3 đảo ngược Harness-2 B6 gitignore (`.claude/workflows/wave-*/` transient-ignored → `runs//` tracked) → anh chốt full-adopt qua HMW. + +## 3-stage Workflow (run-id = bằng chứng mandate B3) +| Stage | run-id | verdict | +|---|---|---| +| INVEST | `wf_9c2cd2cd-2e7` (4× investigator-codebase) | PASS — B+C+D strong; A trả stub structured-output nhưng ghi diary thật trên đĩa → self-gate bù | +| IMPLEMENT | `wf_e4e46725-231` (3× general-purpose file-disjoint + em-main cluster) | PASS — 3/3, containment CLEAN, wording đồng-bộ 4 file | +| REVIEW | `wf_636bc95b-939` (3× reviewer adversarial 3-lens) | PASS sau-fix — bắt C5 L1 over-claim | + +Dogfood: 3 run-trace folder TRACKED đầu tiên (`.claude/workflows/runs/2026-06-18-h10-{invest,implement,review}/`) + 3 entry `_ledger.md` 2-nhịp. + +## Thay đổi (migrate wave→run-trace) +- **`.gitignore`** — runs/ tracked qua negation `!.claude/**:83` (KHÔNG thêm dòng); wave-*/ giữ legacy-ignored + comment superseded; **exit-code-trap note** (`check-ignore` exit 0 cho CẢ negation lẫn ignore → `&& IGNORED || NOT`). +- **`hmw.js`** (em-main, live engine minimal-risk) — accept `args.run` primary + `args.wave` alias back-compat; path `sub-md/-.md`; wording containment model mới; 9 ref wave→RUN-TRACE. `node --check` PARSE-OK (R1 verify). +- **`workflows/README.md`** full-rewrite + NEW **`runs/README.md`** (C1-C7 + caveat trung-thực + verify-pattern). +- **`session-start.md:71`** L2 orphan-scan · **`session-end.md:51`** L3 close-gate idempotent-VERIFY-not-re-APPEND · **`agents/README.md`/`harvest-curator.md`/`tooling-auditor.md`** repoint. + +## Review caught — C5 L1 over-claim (R2 + R3 độc-lập = high-confidence) +`runs/README.md` ban đầu (Agent 3) ghi L1 in-run reminder fire trong "hmw.js prompt-builder" với text cụ thể → grep hmw.js = 0. **Engine no-fs KHÔNG đọc được ledger** → L1 "check prior-run-harvested" KHÔNG THỂ là engine-prompt. **Fixed path-a (em-main):** L1 = em-main @P1 ledger-check convention (đọc `_ledger`, run trước `closed=⏳` → harvest+CLOSE trước) + C7 timing đồng-bộ. Verify: hmw.js L1-text=0 / C4-text=1 → doc khớp engine. +→ **Đây là giá trị cốt lõi của mandate B2** (review-workflow RIÊNG): 1-workflow-vừa-làm-vừa-tự-chấm đã bỏ sót (IMPLEMENT synthesis không nhắc L1); review độc-lập bắt TRƯỚC commit. + +## Floor C1-C8 (nấc THẬT, honest) +C1 run-folder 3-phần ✓ · C2 scaffold-đầu-run (em-main @P1, engine no-fs) ✓ · **C3 tracked-eligible → COMMITTED** (sau commit; review bắt `git ls-files` rỗng = 2-level) · C4 per-turn harvest ✓ · C5 L2/L3 wired + L1 honest-doc ✓ · C6 ledger 2-nhịp ✓ · C7 caveat (reviewer khen "điểm sáng nhất") ✓ · C8 migration clean (0 wave-*/ remain) ✓. + +## Residual / lessons +- **Race INVEST:** 4 same-role investigator tự-ghi chung `investigator-codebase/MEMORY.md` ("file modified since read") → +6 lines/29.8KB. Content hợp-lệ (R1/R2 verify, purely additive). **Fixed cấu-trúc:** hmw.js RUN-TRACE writeGuard cấm sub tự-ghi MEMORY (return-delta-only); custom workflow (như INVEST này) thiếu guard → lesson: custom Workflow script phải copy delta-guard. curate-debt: consolidate 3→1 + L1→L2 next. +- **4 reverse-findings → AI_INFRA** (B2.5): (1) C5-L1 không thể là engine-prompt (engine no-fs → lead-side) · (2) custom-workflow thiếu return-delta-guard gây same-role race · (3) check-ignore exit-code trap nên vào C3 self-verify · (4) C3 2-level (eligible vs committed) là bẫy thật, floor tách đúng. + +## State (GIỮ NGUYÊN — adap không đụng production) +Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`. + CLAUDE.md test-flush 263→306 (pre-existing uncommitted, resolve H1 stale-flag). + +## NEXT +- ⚠️ Restart CLI: hmw.js RUN-TRACE runtime + carry §2.1.2/reviewer-Cat-6/H8-inherit. +- curate-debt **reviewer 33.8KB (over-soft) + inv-codebase 29.8KB** (S71 same-role races; cicd/impl-be OK post-S70) · monthly audit 07-01. +- Pending product/ops carry S69 (ngưỡng CEO · cờ gấp PE · tzutil · real-staff pw). diff --git a/docs/governance/adap-reports/2026-06-18-Governance-checklist-harness-9-10.md b/docs/governance/adap-reports/2026-06-18-Governance-checklist-harness-9-10.md new file mode 100644 index 0000000..5fc2e3e --- /dev/null +++ b/docs/governance/adap-reports/2026-06-18-Governance-checklist-harness-9-10.md @@ -0,0 +1,54 @@ +# adap-report — Checklist Harness-9 + Harness-10 (run-trace folder) + +- **id:** 2026-06-18-Governance-checklist-harness-9-10 +- **broadcast:** `ai_infra/broadcasts/outbox/all/2026-06-18-Governance-checklist-harness-9-10.md` (content_sha256 `ec32951a…` — verified MATCH, đọc UTF-8 tường minh per gotcha #61) +- **applied:** S71 (2026-06-18), em-main + 3 Workflow (invest→implement→review) + 3 reviewer +- **nấc (G-011):** **executed-file + VERIFIED (static)** — committed; runtime hmw.js pending-restart (no hot-reload) +- **PROJECT-FIT:** Part A (Harness-9 memory) = ĐÃ adopt S70 (self-verify lại) · Part B (adap 2-workflow) = ĐÃ codify S70 · **Part C (Harness-10 run-trace) = MỚI adopt S71 (lõi việc)** + +## Mandate Harness-9 PART 2 — 3 workflow run-id (bằng chứng B3) +| Stage | run-id | verdict | +|---|---|---| +| INVESTIGATE (4× investigator-codebase) | `wf_9c2cd2cd-2e7` | PASS (B+C+D strong; A stub-return nhưng ghi diary thật → bù) | +| IMPLEMENT (3× general-purpose + em-main cluster) | `wf_e4e46725-231` | PASS (3/3, containment CLEAN, wording đồng-bộ 4 file) | +| REVIEW (3× reviewer adversarial) | `wf_636bc95b-939` | PASS sau-fix (R2+R3 độc-lập bắt C5 L1 over-claim → fixed) | + +> Vượt sàn tối-thiểu 2-workflow (anh chốt "đủ 3 bước invest/imple/review, tránh sai sót"). Dogfood: chính 3 workflow này tạo 3 run-trace folder TRACKED đầu tiên + 3 entry ledger 2-nhịp. + +## CHECK LIST 9-10 — nấc THẬT (honest, kiểm đĩa) +### PART A — Harness-9 memory (proposal, đã adopt S70) → 🟢 +A1 budget.json ✓ · A2 measure-script + seed-by-measure ✓runtime · A3 gist additive distill-gen:1 ✓ · A4 coverage-diff (H2 verify) ✓ · A5 `_INDEX` 4 sub ✓ · A6 pointer-resolve substring-sha ✓ · A7 budget-audit @session-start (em chạy TAY S71) 🟡 automation pending-restart · **A8 gist-command tách-biệt = tailored: SE KHÔNG có command riêng, curate ad-hoc (function-floor "compress≠index" giữ)** · A9 `.ragignore` ✓. + +### PART B — adap 2-workflow (BẮT BUỘC, codify S70) → 🟢 +B1/B2 implement+review tách (3 run-id trên) ✓ · B2.5 reverse-findings (dưới) ✓ · B3 report+run-id (file này + email) ✓ · B4 short-but-confirm vẫn review ✓ (codify `adap-apply.md:38`). + +### PART C — Harness-10 run-trace (BẮT BUỘC) → 🟢 MỚI +| C | nấc THẬT | bằng chứng | +|---|---|---| +| C1 run-folder 3-phần | executed-file | `runs/2026-06-18-h10-{invest,implement,review}/` đều run.md+sub-md/+harvest/ | +| C2 scaffold-cả-3-đầu-run | convention (em-main @P1, engine no-fs) | cả 3 run scaffold đủ từ đầu | +| **C3 git-TRACKED** | **tracked-eligible → COMMITTED** (sau commit này) | check-ignore NOT-IGNORED + **`git ls-files runs/` sau commit = non-empty** | +| C4 per-turn primary | executed-file | 3 harvest synthesis viết liền sau mỗi stage | +| C5 3-layer | L2/L3 wired (session-start/end) + L1 honest (em-main @P1 convention) | review bắt L1 over-claim → fixed | +| C6 ledger 2-nhịp | convention | `_ledger.md` 3 run OPEN+CLOSE + orphan def | +| C7 caveat | doc honest (reviewer: "điểm sáng nhất") | `runs/README.md` §C7 đủ 4 trục | +| C8 migration wave→runs | convention complete | wave-*/ giữ legacy ignored, runs/ tracked, 0 wave-*/ remain | + +## Tailored (form) vs floor (function) +- **Tailored:** giữ tên biến `wave` nội-bộ hmw.js (accept `args.run` primary + `args.wave` alias back-compat — minimal-risk live-engine) · wave-*/ giữ legacy-ignored thay vì xóa (no wave-*/ remain, harmless) · A8 no dedicated gist-command (curate ad-hoc) · run-id folder = `2026-06-18-h10-` (date-slug). +- **Function-floor giữ nguyên:** run-trace TRACKED 3-phần · ledger 2-nhịp · 3-layer · containment-model-shift · caveat trung-thực · 2-workflow mandate. + +## Reverse-findings (B2.5 — know-how chắt-lọc gửi ngược AI_INFRA) +1. **Engine no-fs làm C5-L1 KHÔNG THỂ là engine-prompt** — L1 "check prior-run-harvested" cần đọc ledger → BẮT BUỘC là lead @P1 convention, KHÔNG phải workflow-prompt. Checklist C5 nên ghi rõ L1 = lead-side (review của tụi em bắt đúng over-claim này khi 1 implement-agent tự-nhận "wired vào prompt-builder"). +2. **Custom workflow (ngoài hmw.js) thiếu return-delta-guard → same-role fan-out race** (4 investigator tự-ghi chung MEMORY.md, "file modified since read"). hmw.js DEFAULT-mode đã có guard; custom Workflow script KHÔNG → đề xuất: mandate B nên nhắc "custom workflow phải copy return-delta-guard, KHÔNG để sub tự-ghi memory chung". +3. **check-ignore exit-code trap** (exit 0 cho CẢ negation lẫn ignore) — verify C3/C8 PHẢI dùng `&& IGNORED || NOT`, nếu không kết-luận ngược. Đáng đưa vào checklist C3 self-verify như guard tường-minh. +4. **C3 2-level (eligible vs committed) là bẫy thật** — review bắt `git ls-files` rỗng dù doc nói "tracked". Floor C3 đã tách 2-level rất đúng; tụi em confirm value của nó. + +## Honest caveat +- hmw.js = source-clean + `node --check` PARSE-OK, NHƯNG runtime RUN-TRACE mode chưa chạy thật (no hot-reload → restart CLI mới active; SE ít dùng wave/run-mode nên forward-looking). +- A7 budget-audit + reviewer Cat-6 + H8 inherit vẫn pending-restart (carry S66/S70). +- `reviewer/MEMORY.md` 33.8KB (over-soft) + `investigator-codebase/MEMORY.md` 29.8KB (S71 same-role races REVIEW+INVEST, content hợp-lệ additive) = curate-debt (consolidate + L1→L2 next budget-audit). +- Review = static disk-truth (git/grep/node --check), KHÔNG curl/runtime (governance adap, no endpoint). + +## Files (commit S71) +NEW: `runs/_ledger.md` · `runs/README.md` · `runs/2026-06-18-h10-{invest,implement,review}/{run.md,sub-md/,harvest/}`. MOD: `.gitignore` · `hmw.js` · `workflows/README.md` · `agents/README.md` · `harvest-curator.md` · `tooling-auditor.md` · `commands/session-{start,end}.md`. + `CLAUDE.md` (test-count flush 263→306, pre-existing, resolve H1 stale-flag). adap = governance/infra only, **0 production code · 306 test untouched**.