vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e19960342030d2aa77fd5db146a0756419a1add7
solution-erp/.claude/agent-memory/reviewer/MEMORY.md
pqhuy1987 e199603420
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 3m31s
Details
[CLAUDE] Docs+Memory: Session 29 FINAL wrap — Plan CA + Plan B Contract V2 cumulative 
20 commits S29 push 4 CI Runs PASS (#229+#230 Plan CA, #231+#232 Plan B).
2 big plans END-TO-END deployed prod.

Changes (docs + memory + scripts — CI skip per paths-ignore):

docs/:
- STATUS.md: S29 FINAL wrap header với cumulative summary 20 commits +
  multi-agent ROI ~565K + 8 patterns NEW + state stats (33 mig, 60 tables,
  51 gotcha, 14 AppRoles, 34 active users, 4× bundle rotate)
- HANDOFF.md: S29 FINAL wrap header với end-to-end V2 capability + pending S30+
  follow-up (anh restart CLI MCP RAG hot-reload, UAT verify V2, test bundle
  Plan B, curate dedicated session)
- gotchas.md: +gotcha #51 INFRASTRUCTURE vs DEMO seed phân biệt (Plan B
  Hotfix CICD lesson) với decision tree + seed classification table
- changelog/sessions/2026-05-22-s29-plan-ca-plan-b-contract-v2-wire.md:
  Session log đầy đủ 20 commits + 4× Smart Friend pattern proven + 8
  patterns NEW + file-touched list + NEW capability end-to-end test plan

.claude/agent-memory/:
- 4 MEMORY.md flush S29 wrap entry FIFO each agent perspective:
  - Investigator (25.2 KB just over threshold) — Plan CA + Plan B pre-flight
    2 spawn + 3 patterns NEW (terrain map, V1+V2 coexist, reference templates)
  - Implementer (35.4 KB over hard threshold, defer curate S30) — 5 spawn
    cookie-cutter + E3 stopped + Pattern 12-bis NEW (cross-module entity mirror)
  - Reviewer (23.0 KB compacted) — 4 spawn 2 MAJOR catches + Cat 3 security
    cross-module validation foundation reinforced
  - CICD Monitor (24.9 KB) — 4 Runs verify + CRITICAL DemoSeed gate catch +
    Stage 4.6 sqlcmd seed verify foundation + Discovery #6 gotcha #51 cross-ref
- implementer/pattern_master_page_mirror.md (NEW Plan CA Chunk B Pattern 16-bis)

scripts/:
- plan-ca-{verify-menu,verify-perms,run-perms}.{sql,ps1} (5 verify scripts)
- plan-b-{verify-prod,run-verify}.{sql,ps1} (2 verify scripts)

Smart Friend pattern proven 4× cumulative S22 #44 + S25 #48 + S29 Reviewer
#ApplicableType + S29 CICD #DemoSeed.

Pending S30+:
- Anh restart CLI hot-reload MCP RAG cho 4 sub-agents (commit b51fc94)
- Anh UAT verify V2 contract end-to-end (Drafter → CCM approve → DaPhatHanh)
- Test bundle Plan B (regression ApproveV2Async + ApplicableType validation)
- Curate dedicated session 4 MEMORY (Implementer 35.4 KB priority)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 13:29:49 +07:00

22 KiB
Raw Blame History

Reviewer Agent — Persistent Memory

Persistent diary cross-session. Auto-injected first 200 lines / 25KB at spawn. Update BEFORE every stop. Curate when > 25KB.

🎯 Role baseline

Adversarial pre-commit reviewer for SOLUTION_ERP. Read-only verification + live curl on prod UAT environment (*.solutions.com.vn). Tools: Read, Grep, Glob, Bash (curl + git diff + sqlcmd read). Output: PASS/FAIL verdict + concrete issues file:line.

🚨 Recurring SOLUTION_ERP bug patterns (catch with priority)

Gotcha #44 — Silent 403 class-level Authorize quá strict (S18 lesson)

  • Symptom: Drafter dropdown V2 workflow empty silent (no error toast)
  • Root: [Authorize(Policy = "Workflows.Read")] class-level → non-admin 403, TanStack Query catch silent → UI empty
  • Verify: grep \[Authorize\(Policy = .*\)\] class-level vs action-level + curl với non-admin token expect 200
  • Fix pattern: class-level [Authorize] only (any authenticated). POST/PUT/DELETE giữ [Authorize(Policy = "X.Create")] admin-only

Gotcha #43 — Step.Order ≠ index 0-based

  • Symptom: EF query Where(s => s.Order == i) returns wrong row
  • Verify: grep step.Order arithmetic — array index 0-based vs Order field 1-based
  • Fix pattern: precompute candidates EF query → in-memory OrderBy(s => s.Order).ToList() → array index access

Gotcha #42 — Dual schema workflow V1 vs V2 — Service phải branch

  • Symptom: PE submit failed do Service không biết V1 hay V2 schema
  • Verify: grep evaluation.ApprovalWorkflowId is Guid awId — phải branch theo pin field
  • Fix pattern: if (evaluation.ApprovalWorkflowId is Guid awId) ApproveV2Async(...) else ApproveV1LegacyAsync(...)

Wire BE claim recurring bug pattern

  • Symptom: claim wire CRUD nhưng grep diff finds // Mock / alert(...) / no POST/PUT/DELETE call
  • Verify: grep diff mock markers + live curl POST/PUT/DELETE expect 2XX
  • Severity: CRITICAL — block commit

Cross-module security validation mirror (NEW S29 — Smart Friend 4× cumulative)

  • Symptom: khi mirror entity/Command/Handler cross-module (PE → Contract → Budget V2), em main solo focus data shape (DTO field, FK relation, projection) MISS security validation guards
  • Pattern: ApplicableType type guard cho V2 workflow pin entity — aw.ApplicableType == ExpectedType validate ON Create command BEFORE entity instantiation. Mirror PE pattern PurchaseEvaluationFeatures.cs:62-77: load workflow, assert ApplicableType=Contract(3) / PE(1) / Budget(2), throw ConflictException on mismatch
  • Attack vector example (S29 Plan B): Drafter forge POST /api/contracts với approvalWorkflowId của PE/Budget V2 workflow → FK Restrict allows (only checks Id existence, NOT ApplicableType) → Contract pins wrong-scope workflow → semantic policy violation
  • Password policy mirror (S29 Plan CA Hotfix D2): Identity ≥12 chars enforced — new seed user CreateAsync fail nếu reuse legacy 11-char User@123456. Verify per-user inline conditional override (e.g. "CatalogMgr@2026" 15 chars)
  • Verify: grep CreateXCommand handler — expect aw.ApplicableType == ApprovalWorkflowApplicableType.X check. Also re-verify IsActive=true + IsUserSelectable=true server-side (FE filters but BE trusts blindly = lower-risk gap)
  • Applicable cross-module forward: Contract V2 (S29 fixed), Budget V2 (future), Notification V2 (future), any new V2 workflow pin entity
  • Severity: MAJOR — block push pre-commit gate

Gotcha #17 — EF migration 3-file rule

  • Symptom: commit migration nhưng thiếu .Designer.cs hoặc ApplicationDbContextModelSnapshot.cs → next migration fail
  • Verify: git diff --name-only | grep Migrations/ expect 3 files (target.cs + target.Designer.cs + Snapshot.cs)

Gotcha #47 — .claude/agent-memory/** NOT in paths-ignore filter (S22 discovery, PENDING bro decide)

  • Symptom: MEMORY.md drift patch commit (end-of-session flush) triggers full CI deploy ~3.5min waste
  • Verify: check .gitea/workflows/deploy.yml paths-ignore — currently ['docs/**', '**/*.md', '.claude/skills/**'] MISSING .claude/agent-memory/**
  • Discovery: S21 CICD Monitor Run #188 verify chốt initial — confirmed via path filter audit
  • Fix recommended: add .claude/agent-memory/** vào paths-ignore (em main KHÔNG tự edit — flag bro decide; pending add to docs/gotchas.md 47th entry)
  • Severity: minor (CI waste only, no functional impact)

📋 5-category checklist (apply EVERY review)

Category 1: Wire BE / feature claim verify

  • Grep mock markers in diff (// Mock, alert(, setEditing(null) // close UI, TODO.*wire)
  • Grep actual API call: await api\.(post|put|delete|patch)\( trong FE diff
  • Live curl POST/PUT/DELETE/PATCH if deploy claim (https://api.solutions.com.vn/...)
  • Status code matrix expected vs actual

Category 2: Schema integrity (44 active gotchas)

  • Reference docs/gotchas.md + skill dependency-audit-erp
  • Check 3-file rule Mig
  • Check column types vs entity definition (Mig 27 lesson: IsVisible bit NOT NULL DEFAULT 1 + DisplayLabel nvarchar(200) NULL)

Category 3: Security

  • [Authorize] class-level on ALL new controllers
  • Per-action [Authorize(Policy = "...")] cho admin-scoped (gotcha #44 lesson)
  • Permission guard wrap new admin pages (FE)
  • Route permission map populate (menuKeys.ts mirror BE MenuKeys.cs + All[])
  • Input validation FluentValidation Validator class
  • SQL parameterized (EF Core default OK) + XSS escape

Category 4: Code quality

  • dotnet build SolutionErp.slnx clean 0 err
  • npm run build × fe-admin + fe-user clean (TS6 strict)
  • Tests baseline 81 PASS (Phase 9 UAT exception OK)
  • No --no-verify bypass (forbidden absolute)
  • Anti-fiddle audit (scope drift > 20% LOC outside spec = FAIL)
  • Mirror 2 FE app khi feature FE (rule §3.9)

Category 5: Test coverage

  • New helper static → unit test (xUnit)
  • New Repository method → repo test
  • New endpoint API → integration test (WebApplicationFactory)
  • Bug recurring → regression test TDD-style (test BEFORE fix)
  • Phase 9 UAT exception: test-after default OK theo memory feedback_uat_skip_verify
  • Test count baseline 81 → tăng khi feature added theo §7

⚠️ Anti-patterns observed (DO NOT)

  1. Recommend code edits — only describe issue + acceptance criteria
  2. Skip live curl verify if deploy claim — recurring risk
  3. Accept "wire" claim without grep proof
  4. Defer to em main authority — escalate disagreement explicitly
  5. Skip MEMORY.md update với anti-patterns observed
  6. Lower bar to match em main quality — Smart Friend anti-pattern Cognition

🛡️ Smart Friend anti-pattern guard

Per Cognition documented research:

  • NEVER lower bar to match em main's apparent quality
  • If em main code fine → say PASS
  • If em main code has issues → FAIL with specifics regardless social pressure
  • "Quality ceiling was set by the primary, not the escalation." — Your value = raise quality through catch

🧠 SOLUTION_ERP review essentials

  • Tests baseline: 111/111 PASS (S25 unchanged from S23 t3 +7 Plan M edge case tests; pre-Plan AB Chunk A2 SQLite tie-break regression Run #215 caught by CICD test gate → em main fix EntityType + Summary discriminator filter restored 111 PASS). Must increase nếu feature added per §7; UAT iteration exception per memory feedback_uat_skip_verify
  • Gotchas: 47 active (docs/gotchas.md reference) — +#48 Multi-Changelog.Add() trong same SaveChangesAsync transaction → SQLite test frozen clock CreatedAt tie-break non-deterministic (S25 pending docs add). +#45 PE button TraLai payload mismatch + #46 Gitea API path/cache stale (S21 t3-t4). #47 paths-ignore agent-memory gap (S22 PENDING bro confirm add to docs)
  • Migrations: 31 latest AddPeLevelOpinionsForV2 (S19 — Mig 31 Plan K1 swap F2 Drafter→Approver scope per-Level slot S23 t1). Mig 30 AddAllowApproverEditBudgetToLevels (S22+5 per-slot F4 flag admin opt-in Approver scope edit budget ChoDuyet branch). Mig 29 prev RefactorAdvancedOptionsToPerLevelAndDrafterUser (S21 t5 per-NV split)
  • Per-NV Allow scope split* (Mig 29 + Mig 30) — F1+F3 5 flag + F4 AllowApproverEditBudget (S22) on ApprovalWorkflowLevels (per Approver slot), F2 1 flag on Users.AllowDrafterSkipToFinal (per Drafter). DTO: currentLevelOptions + drafterAllowSkipToFinal thay vì workflowOptions
  • Endpoints: ~146 (+3 S22: allow-skip-final / budget-adjust / attachments/view)
  • Identity password policy ≥12 chars (S22+2 enforced by ASP.NET Identity stack — reject User@123456 11 chars). Existing HANDOFF mention "User@123456" pattern S4 outdated, current test creds Admin@123456 + TestUser@123456 OK
  • Live deploys (Prod UAT): https://api.solutions.com.vn · https://admin.solutions.com.vn · https://eoffice.solutions.com.vn
  • Bearer token test:
    • Admin: admin@solutions.com.vn / Admin@123456 (full quyền)
    • UAT user: nv.test@solutions.com.vn / TestUser@123456 (Drafter Phòng CCM — verify non-admin access patterns)
  • Users active: 33 (rename role-based pattern act.nv / act.pp / act.tp etc.)
  • Conventions: docs/rules.md (§3.9 mirror 2 FE, §5.2 commit format, §6.5 docs KEEP narrative, §7 test timing, §2.8 package pinning)
  • 6 skills: contract-workflow · permission-matrix · form-engine · ef-core-migration · dependency-audit-erp · iis-deploy-runbook

🔑 Critical pin verify (gotcha #1-4)

  • MediatR 12.4.1 (14 fail DI)
  • Swashbuckle 6.9.0 (10 conflict OpenApi 2)
  • Microsoft.OpenApi 1.x (2 breaking)
  • Node engines >= 20 + CI 20.x (Node latest fail Windows IIS)

Flag commit nếu thấy <PackageReference Include="MediatR" Version="14... hoặc tương tự.

📅 Recent activity (last 10 FIFO)

  • 2026-05-22 (S29 wrap — Plan CA Reviewer 2 spawn MAJOR password fix + Plan B Reviewer 2 spawn MAJOR ApplicableType fix — Smart Friend 4× cumulative): Em main wrap S29 sau 2 big plans Plan CA (Move Cấu hình danh mục admin→eoffice, 7 commits) + Plan B (Contract V2 wire mirror PE Mig 22-26, 11 commits). Plan CA pre-commit verify spawn 1× (agentId a4dbdb0fb7e210694) + re-verify 1× (a2009a0ed75b40dad) ~165K cumulative — 4 chunks PASS post Chunk D2 hotfix. MAJOR catch: DemoUserPassword = "User@123456" 11 chars (existing 30 demo seed pre-S22+2 Identity policy ≥12 chars) → new catalog.manager seed CreateAsync FAIL prod. Fix: per-user inline conditional override "CatalogMgr@2026" 15 chars passes policy. Lesson: Identity password policy enforcement gap khi reuse legacy seed pattern. Plan B pre-push verify spawn 1× (agentId ace4799f663224b71) + re-verify 1× (a2f8f815522544b73) ~190K cumulative — 9 commits FAIL 1 MAJOR. MAJOR catch: CreateContractCommand thiếu validation aw.ApplicableType == ApprovalWorkflowApplicableType.Contract(3) — attacker forge POST với PE/Budget V2 workflow ID → FK Restrict allows only Id existence check NOT ApplicableType → Contract pin sai workflow scope semantic violation. Mirror PE pattern PurchaseEvaluationFeatures.cs:62-77 exact. Hotfix Reviewer commit 3e92584 apply ~10-12 LOC ApplicableType guard → re-verify PASS proceed push. Smart Friend pattern proven 4× cumulative: (1) S22 #44 silent 403 class-level Authorize, (2) S25 #48 SQLite frozen clock tie-break, (3) S29 Plan CA Hotfix D2 password policy, (4) S29 Plan B ApplicableType cross-module. Patterns proven NEW S29 Reviewer perspective: Cross-module security validation mirror (PE → Contract → Budget V2) — khi mirror entity/Command, MUST mirror validation guards (ApplicableType + FK check + idempotent + password policy). Easy miss vì em main solo focus on data shape NOT security. Cat 3 Security checklist reinforced: ApplicableType type guard cho V2 workflow pin pattern + password ≥12 chars enforcement + IsActive/IsUserSelectable server-side re-validate. Anti-patterns observed S29: (a) Em main miss ApplicableType validation Plan B Chunk E1 CreateContractCommand → Reviewer catch. (b) Em main miss password ≥12 chars Plan CA Chunk D → Reviewer catch. (c) Pattern: em main solo flow tends to miss security guard cross-module (focus shape > security). Recommendation forward: Reviewer spawn pre-commit MANDATORY cho cross-module mirror diff (PE→Contract, PE→Budget V2 future, identity policy change). Em main solo OK cho UI polish iteration (S26 Plan AG2-AG6 pattern proven). Smart Friend guard active S30+ cho next cross-module wire (Budget V2 likely).

  • 2026-05-22 (S29 Plan B Contract V2 wire pre-push spawn — FAIL 1 major): Adversarial verify 9 commits 58898e8..14feb69 Plan B Contract V2 wire (~8,900 LOC = BE 326 + FE 219 + Mig Designer 7,970 + Mig SQL 327). Spawn ~17K. Verdict FAIL — 1 MAJOR Cat 3 security/data integrity, 0 critical, 3 minor. Wire claim PASS (all 9 chunks deliver — ApproveV2Async 150+ LOC mirror PE pattern, UPSERT ContractLevelOpinion, DTO populate, FE Select dropdown, Section 5 dynamic render). Schema PASS (2 mig 3-file rule complete, FK Restrict Contract→AW + Cascade Contract→LevelOpinion + Restrict LevelOpinion→Level, UNIQUE composite). Code quality PASS (dotnet build 0 err 2 pre-existing DocxRenderer warn, npm × 2 PASS 0 TS, mirror §3.9 SHA256 IDENTICAL × 3 files: ContractDetailContent.tsx + ContractCreatePage.tsx + types/contracts.ts). Test PASS 111/111 baseline preserved. Authority PASS explicit mandate. MAJOR FOUND: CreateContractCommandHandler (ContractFeatures.cs:38-100) accepts ApprovalWorkflowId from request body but DOES NOT validate aw.ApplicableType == ApprovalWorkflowApplicableType.Contract. PE pattern at PurchaseEvaluationFeatures.cs:62-77 explicitly validates aw.ApplicableType == expectedType and throws ConflictException. Plan B Chunk E1 omits this guard. Attack vector: Drafter posts approvalWorkflowId of PE/Budget V2 workflow → FK Restrict allows (only checks Id existence not ApplicableType) → Contract pins wrong-scope workflow → semantic policy violation. Acceptance criteria: Add validation block in handler mirror PE lines 64-77 — load aw, assert ApplicableType=Contract(3), throw ConflictException on mismatch. Recommend also re-verify IsActive + IsUserSelectable server-side (FE filters but BE trusts blindly — lower risk). Adversarial 10/10 PASS: V1 path UNCHANGED (only additions before line 91), race B+A2 clean, B2 UPSERT scope OK post-Chunk C, Mig 32 Seed idempotent guard, E1 backward compat null default, E2 N+1 avoided via dict, E3 V1 hide Section 5 conditional, E3 adminProxy GUID comparison TS-correct, no menu visibility drift, test gate 111/111 confirmed. Recommendation: HOLD push. Add ~10-12 LOC ApplicableType validation guard in CreateContractCommandHandler.Handle before entity instantiation. Re-run build+test. Then PROCEED push 9 commits + 1 fix commit (10th). Smart Friend guard active — caught major security gap via cross-reference PE pattern (lesson Cognition: independent adversarial perspective raises quality vs em main solo). Test gap noted defer: ApproveV2Async ~150 LOC + UPSERT 0 unit test — gotcha #48 lesson recurring risk — recommend Plan B Wrap test-after bundle covering V2 happy path advance + OR-of-N + skipToFinal F2 + terminal gen mã + V1 regression.

  • 2026-05-21 (S26 Plan AG pre-commit + 5 follow-up plans AG2-AG6 em main solo self-review): Plan AG Chunk A+B+C pre-commit verify spawn 1× ~25K with 5-category checklist + 12 adversarial deep checks (A-L) PASS 0 critical/major/minor. Commit 0bf6c7e 2 file +346/-116 LOC mirror IDENTICAL hash 21001E90.... Wire claim verify: 3 chunk delivered (useMemo group nested + <details>/<summary> 2-level + localStorage Set persist). Schema 0 mig, 0 BE, 0 entity. Security: localStorage non-sensitive (projectId GUID + normalizedGoiThau text), XSS safe React auto-escape, no new [Authorize] needed (read-only view). Code quality: npm build × 2 PASS 0 TS err, anti-fiddle 0% drift, Mirror §3.9 byte-identical 21,521 bytes. Test coverage: Phase 9 UAT exception accept. Adversarial 12/12 PASS — edge case empty tenGoiThau/projectName/localStorage corrupt/Tailwind named groups/HTML details accessibility/degenerate cases/vi locale sort/filter-then-group order/bundle size delta. Minor noted defer: Selected PE inside collapsed tree không auto-expand path → recommend Plan AG2 useEffect watch selectedId. Recommendation: PASS proceed push. Subsequent Plan AG2-AG6 em main solo self-review (5 plan UI polish iteration UAT feedback bro Tra Sol — Panel 1 widen 400px, drop tầng gói thầu 1-level, drop single-PE flat consistent, add Drafter+Department BE+FE, 3-level Project>Năm>NCC>PE, compact card 3-row). Em main verify mỗi commit: SHA256 hash 2 file IDENTICAL + npm build × 2 app + dotnet test 111/111 PASS (Plan AG4 BE+FE cross-stack — dotnet build clean + 3 projection update LIST/INBOX/APPROVED). KHÔNG re-spawn Reviewer mỗi plan (mirror S24 Plan AA pattern: ROI thấp khi UI polish ~50-100 LOC per chunk + cost spawn ~25K × 5 = ~125K vô lý vs em main self-verify build pass + bro visual confirm). Pattern reinforced: Reviewer spawn 1 lần cho heavy cross-stack initial Chunk A+B+C (~370 LOC + 4 sub-agent collab), em main solo cho polish iteration. Cumulative S26 6 commits 0bf6c7e..d99069a push remote: AG (0bf6c7e) + AG2 (c5429c0) + AG3 (fbad4a9) + AG4 (2bf0118) + AG5 (083b601) + AG6 (d99069a). 0 prod regression observed, test baseline 111 preserved. Smart Friend guard still active for next session feature spawn.

  • 2026-05-19 (S25 wrap — Plan AB pre-commit verify + 6 follow-up plans em main solo self-review + 1 lesson catched by CICD): Plan AB Chunk A pre-commit verify spawn 1× ~22K with 5-category checklist + 8 adversarial deep checks PASS 0 blocker (1 minor V1 legacy fallback acceptable). Recommended PROCEED push cdfd542. MISSED gotcha #48: Multi-Changelog.Add() trong same SaveChangesAsync transaction → SQLite test frozen clock CreatedAt tie-break non-deterministic → Plan M existing tests .OrderByDescending(CreatedAt).FirstAsync() picked wrong entry → CI Run #215 FAIL. Lesson reinforced: UAT mode feedback_uat_skip_verify skip dotnet test per chunk risk recurring khi BE refactor > 100 LOC + signature change. Em main resumed local dotnet test post Plan AB Chunk A2 fix — caught by CICD test gate (no prod impact). Em main solo self-review Plan AC-AF (5 plans em main solo, Reviewer KHÔNG re-spawn — em main verify build+test+npm × 2 app mỗi chunk + CICD post-deploy verify thay vai pre-commit). Cumulative S25: 0 prod regression, 6 commits PASS CICD. Pattern caught: SQLite frozen clock multi-row tie-break — tests querying audit table cần discriminator beyond timestamp (EntityType + Summary keyword). Cross-ref future Contract V2 test setup. Smart Friend guard still active for future spawn — Reviewer should ADD test filter discriminator check vào Category 5 checklist post-S25.

  • 2026-05-19 (S25 Plan AB Chunk A pre-push verify, spawn): Adversarial verify commit cdfd542 fix Changelog visibility 2 bug PE — Budget Adjust không hiện history + Trả lại Người chỉ định không log. 3 files +146/-95 LOC. Verdict: PASS proceed push, 1 minor V1 legacy fallback acceptable. V2 ApplyReturnModeAsync refactor Drafter early return→if/else common path + new Changelog.Add EntityType=Workflow(5) Action=Update(2) PhaseAtChange=evaluation.Phase. FE HistoryTab filter extend 3 rule. Schema 0 mig. Adversarial 8 deep check PASS. Lesson narrative archived archive/2026-05-q1.md.

  • 2026-05-22 (S28 wrap — Layer A governance Reviewer perspective + Cat 6 add): Reviewer perspective về S28 trajectory (em main solo, KHÔNG actual review work): t1 RAG ROI verdict marginal short-term / transform long-term → t2 em main self-authorize cross-project rule "ghi RAG mọi tương tác" WITHOUT bro consent → t3 monitoring 5 metric đề xuất → t4 bro caught mistake scope-down về SOLUTION_ERP self-discipline → t5 Layer A governance broadcast active (3-Layer distributed, em apply 4-category default + skip list + tag schema mandatory + phase + BC/module enum). Smart Friend Cat 1 "Wire claim verify" lesson S28: em main t2 implicit interpret "chú ý X" (bro suggestion) AS "MANDATORY X" (em policy decision) → cross-project rule self-authorize. Pattern catch retroactive: scope creep từ project-local → cross-project KHÔNG bro consent là authority boundary violation. Cần check authority boundary mỗi khi em main đề xuất "rule cross-project" hoặc "mọi tương tác mandatory". Tag schema mandatory forward S28+: store lesson/gotcha chunk với [lesson, phase-<N>, <bc>] format (phase ∈ {phase-9, phase-9plus, phase-10}, BC enum ∈ {contract, pe, budget, workflow, identity, form, infra}). Adversarial check NEW Cat 6 — Authority boundary check: verify em main self-authorize vs bro centralized — distinguish "bro suggested option X" (advisory) vs "bro mandated X" (directive); flag any "MANDATORY ... cross-project" sourced từ em main self-decision. 5-category checklist baseline UNCHANGED (Wire BE + Schema + Security + Code quality + Test), Cat 6 add forward. Rule cũ ABANDONED: "RAG ghi mọi tương tác mandatory" S28 t2 over-reach — lesson learned authority boundary: implicit consent ("chú ý" / "có thể") KHÔNG = explicit mandate ("BẮT BUỘC" / "mandatory") — verify scope rõ TRƯỚC commit policy. Smart Friend guard active S28+ cho Plan B Contract V2 wire pre-commit spawn (mandatory heavy diff > 50 LOC cross-stack).

  • 2026-05-22 (S27 retrospective): Smart Friend guard catch retrospective: Anh pqhuy phát hiện Qdrant native dashboard 404 — em main miss pre-push verify rag-onboarding-guide.md claim "Qdrant native dashboard work". Lesson: SubAgent Smart Friend guard mandate cho docs claim hyperlinked external services. "Self-review bias - em main test SOLO miss external dependency verification" — reinforced cumulative S29.

🔄 Curate trigger

  • Memory size > 25KB → archive recent entries to archive/<period>.md
  • Duplicate entries detected → merge
  • Stale > 3 months → remove

Last curate: 2026-05-22 S29 wrap drop oldest entry — dropped 2026-05-11 setup baseline entry (stale 11 days, baseline preserved in archive 2026-05-q1.md). KEEP: S29 wrap (Plan CA + Plan B 2 MAJOR catches), S29 Plan B pre-push detail, S26 Plan AG, S25 wrap, S25 Plan AB pre-push, S28 governance, S27 retrospective, S22 curate. 5-category checklist (Cat 3 Security ApplicableType + password ≥12 chars reinforced S29) + Smart Friend guard 4× cumulative + Cross-module security validation mirror pattern (NEW S29 added foundation) preserved. Next curate trigger: > 25KB OR Plan B Wrap test bundle complete OR Budget V2 wire start.