[CLAUDE] Infra: adopt AI_INFRA HMW-governance broadcast — ultra-on/off toggle + hmw.js checkpoint-gate + memory-safety (S49)

adap-apply 2026-06-03-Agent-ultracode-hmw-mem-governance (reviewer_gate PASS).
PROJECT-FIT=ADOPT tailored: SE 8-agent roster. nac=executed-file (verified-pending restart+spawn-test).

- T1/T2 toggle: .claude/commands/ultra-on.md + ultra-off.md; marker .claude/hmw-mode.on gitignored (T2 non-negotiable).
- T3: session-start BUOC 0.5 reads marker -> reports ON/OFF.
- S2/S3/S4: .claude/workflows/hmw.js P2 fan-out — checkpointApproved throw (mechanized), args JSON.parse-guard, role-whitelist fail-soft, VALID_ROLES=8 SE agents, sub-no-spawn-sub, return schema findings+memoryDelta 4-field (R1).
- M1-M5: B1 slice-inject / M2 return-delta-only / B3 single-writer append-only / B2 harvest-lien / M5 store_memory-strip re-verified intact (0 tools-grant).
- agents/README.md +HMW governance section (VALID_ROLES source-of-truth) + adap-report 5-field LOCK.

Test 181 unchanged (no .cs/.tsx). CI-skip (all .md/.js/.gitignore).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

docs/governance/adap-reports/2026-06-03-Agent-ultracode-hmw-mem-governance.md

@@ -0,0 +1,46 @@
+# adap-report — 2026-06-03-Agent-ultracode-hmw-mem-governance
+
+> SISTER = SOLUTION_ERP. Report-format LOCK (5 trường). Generated S49 (2026-06-03), manual apply by em main (governance task, 0 sub-agents spawned). Commands/script `.md`/`.js` **chưa runtime-live pre-restart** (no hot-reload).
+
+## 1. id-broadcast
+`2026-06-03-Agent-ultracode-hmw-mem-governance` (category: Agent · reviewer_gate: **PASS** · nac: published · targets: **all-fit**). Prereq component = `2026-06-02-Memory-store-memory-strip-global` (đã applied S47, re-verified intact dưới).
+
+## 2. nac G-011
+**executed-file** (S49 — toggle commands + hmw.js workflow + gitignore marker + session-start T3 + agents/README HMW section written) → **VERIFIED-pending** (cần (a) restart Claude Code để command/script hot-reload, (b) 1 spawn-test Workflow `hmw` thật để prove checkpoint-throw fires + harvest chạy). M5 prereq = **VERIFIED-runtime** (re-check this session: 0 `store_memory` in any agent `tools:`). Remaining external = AI_INFRA `/adap-audit` 2-way cross-check.
+
+## 3. evidence
+**PROJECT-FIT = ADOPT (tailored).** SE = multi-agent project (8-sub roster, NOT roster-0; NOT sequential-thuần). Honest nuance: SE hiện fan-out qua **Agent-tool** (multi-Agent-call-trong-1-message), **CHƯA dùng Workflow runtime** (`.claude/workflows/` chưa tồn tại trước S49). → toggle-gate = on-ramp governed cho KHI SE chạy Workflow fan-out; memory-governance + keyword-discipline áp NGAY cho Agent-tool fan-out hiện tại.
+
+Files written/edited (all in repo SOLUTION_ERP):
+- **T1 toggle** — NEW `.claude/commands/ultra-on.md` (BẬT + P0–P4 procedure + memory-discipline M1–M5 + R1 + Accuracy G-015) + NEW `.claude/commands/ultra-off.md` (TẮT, memory-giữ-nguyên).
+- **T2 marker gitignored** — `.gitignore` +`.claude/hmw-mode.on` (đặt SAU `!.claude/**` → last-match-wins; `.claude/` không bị exclude nên re-include hợp lệ). `grep hmw-mode .gitignore` → CÓ.
+- **T3 session-start** — `.claude/commands/session-start.md` +BƯỚC 0.5 (đọc marker → BÁO ON/OFF đầu response + T4 keyword-discipline).
+- **S2/S3/S4 checkpoint+entrypoint** — NEW `.claude/workflows/hmw.js` (P2 fan-out): `checkpointApproved!==true` → **throw** (mechanized tripwire); args `JSON.parse`-guard (S4b); role-whitelist fail-soft (S4c); taskList soft-cap log-only (S4); `VALID_ROLES` = 8 SE agent; sub-no-spawn-sub (chỉ script/lead fan-out); return SCHEMA `findings`+`memoryDelta{task,verdict,learned,surprise}` (R1).
+- **roster doc** — `.claude/agents/README.md` +§HMW-mode (T1–T4 + S1–S4 + VALID_ROLES + M1–M5 + containment G-015).
+
+SELF-CHECK (broadcast):
+- T1/T2: đúng 2-lệnh-đôi + `grep hmw-mode .gitignore` → **CÓ** (gitignored). ✓
+- T3: session-start BƯỚC 0.5 đọc marker + BÁO ON/OFF. ✓ (executed-file; runtime sau restart)
+- T4: rule "keyword=quyền-KHÔNG-lệnh" + "mode-OFF+chạy-workflow→từ-chối+nhắc-`/ultra-on`" ghi trong ultra-on.md + session-start + README. ✓
+- S1: scope repo-SOLUTION_ERP-only ghi trong meta.description + prompt-inject + README. ✓
+- S2: `hmw.js` throw nếu `checkpointApproved≠true` — **mechanized** (code line, không chỉ prompt). ⏳ live-fire test pending restart.
+- S3/S4: sub-no-spawn-sub · invoke-by-scriptPath (`Workflow({scriptPath})`) · args JSON.parse-guard · role-whitelist fail-soft. ✓ (code)
+- M1–M4: B1 slice-inject qua args · M2 return-delta-only (RAG-write allowlist-mechanized; file-MEMORY.md-write = prompt+git-diff, KHÔNG gộp 1 nhãn) · B3 lead single-writer VERIFY→APPEND-only · B2 `agent-memory/<role>` + harvest-liền. ✓ (documented ultra-on.md + README)
+- M5 (verify-ONLY): `grep store_memory .claude/agents/*.md` → **0** ở dòng `tools:` (5 hits còn lại = prose doc README/frontend-designer mô tả strip, KHÔNG phải grant). ✓ strip-global intact.
+- R1: schema `findings` + `memoryDelta{task,verdict,learned,surprise}` bắt-buộc trong SCHEMA. ✓
+- Restart + spawn-test fan-out nhỏ → kiểm checkpoint-throw + harvest THẬT: ⏳ **pending** (báo đúng nấc executed-file, KHÔNG claim verified-runtime).
+
+commit-sha: **(pending — commit cuối /adap-apply này).**
+
+## 4. tailored-gì + skip-gì-vì-sao
+- **FUNCTION-floor adopted FULLY (T/S/M/R verbatim-in-spirit):** không hạ 1 điểm floor. Toggle 2-lệnh · marker-gitignored · keyword≠command · scope-repo-mình · checkpoint-throw-mechanized · sub-no-spawn-sub · args-guard · role-whitelist-fail-soft · B1/B2/B3 · harvest-liền · single-writer · return-schema 4-field — giữ đủ.
+- **FORM tailored theo SE:** (a) `VALID_ROLES` = **8 SE agent** (investigator-codebase/api · implementer-backend/frontend · test-specialist · reviewer · cicd-monitor · frontend-designer) thay roster AI_INFRA (investigator/implementer/reviewer/cicd 4-role). (b) Marker filename giữ `.claude/hmw-mode.on` (literal AI_INFRA OK — KHÔNG buộc đổi, cơ-chế là floor). (c) Command names giữ `/ultra-on` `/ultra-off` (consistent cross-repo, anh dễ nhớ). (d) +SE-constraint note: Windows MAX_PATH → KHÔNG `isolation:worktree` (SE-specific, AI_INFRA không có). (e) P1/P4 "4 sub full-memory" → map sang SE quality-roster (reviewer/cicd/investigator/implementer-test). (f) Bilingual VN-heavy theo gu SE doc.
+- **KHÔNG skip mục nào** — SE fit = adopt (KHÔNG phải n-a). n-a-case (roster-0 / Workflow-never + sequential-thuần) KHÔNG áp: SE có roster thật + Workflow tool available + anh explicit-request topic "workflow và cách quản trị memory".
+- **M5 KHÔNG re-author** (link-only verify) — đúng broadcast chỉ-thị (prereq #1 đã S47).
+
+## 5. honest-caveat
+- **🔴 PROJECT-FIT honest:** SE **chưa từng chạy** Workflow runtime fan-out (toàn bộ multi-agent lịch sử = Agent-tool spawn lẻ/parallel). Nên `hmw.js` + checkpoint-throw là **on-ramp sẵn-sàng + executed-file**, CHƯA proven-by-run. checkpoint-throw "mechanized" = đúng (code throw, không chỉ prompt) NHƯNG **chưa fire thật** — verified-runtime cần 1 spawn-test post-restart (SELF-CHECK "test 1 call quên-cờ → bị chặn"). Đừng đọc report này là "HMW đã chạy ở SE".
+- **Accuracy (G-015 — KHÔNG overclaim):** strip `store_memory` = tool RAG-write đó **không-gọi-được**, **KHÔNG** = agent "read-only". Sub vẫn giữ `Bash` (mọi sub) + `Write/Edit` (vai write) = kênh ghi MỞ (Bash ghi file bất-kỳ / curl thẳng Qdrant :6333). **Containment thật = defense-in-depth:** git-diff post-P2 + chunk-count Qdrant pre/post-P2 — KHÔNG phải allowlist đơn-độc. Lỗ residual (ghi ngoài-repo / Qdrant net-zero-delta) → sandbox / strip-Bash = defer.
+- **Checkpoint INFORM-only ≠ no-gate:** nó *là* gate mechanized (throw chống fire-nhầm) + marker-ON (deliberate-consent) + plan-visible-inform; chỉ KHÔNG block-confirm-từng-lần. Protection 3-lớp, KHÔNG phải "không kiểm soát".
+- **"Auto-run" KHÔNG tồn-tại ở SE:** keyword "workflow"/"ultracode" (kể cả trong reminder harness Workflow-tool-description) = MỞ-QUYỀN; chỉ marker-ON (set bởi `/ultra-on` deliberate) mới authorize fan-out. S49 này em main áp adap-apply **solo, 0 Workflow fan-out** = đang tuân T4 đúng (mode hiện OFF — marker chưa tạo).
+- **Restart-batch lesson (S47 carry):** 3 broadcast S47 + broadcast NÀY (S49) + login-fix S48 → toàn bộ `.md`/`.js` agent/command-edits cần 1 restart chung để hot-reload. Anh restart 1 lần activate cả `/ultra-on` `/ultra-off` + `hmw.js` + session-start T3.