chore: trim stale auto-approvals; gitignore debug scratch#6
Merged
ByteStreams-AI merged 3 commits intomainfrom May 3, 2026
Merged
chore: trim stale auto-approvals; gitignore debug scratch#6ByteStreams-AI merged 3 commits intomainfrom
ByteStreams-AI merged 3 commits intomainfrom
Conversation
.claude/settings.json — dropped two auto-approval entries that were left over from today's debugging session: a `git diff` invocation referencing the now-deleted `docs/m8-lessons-learned` branch, and a one-off `curl` against admin.dialtone.menu. Both would never match again. Kept the broader `git checkout *` and `git pull *` wildcards which are genuinely useful day-to-day. .gitignore — added entries for two debug artifacts that were created during the M8 live deploy diagnostic work but should never have been candidates for commit: - developer/stripe-events.txt: 342-line raw Stripe events JSON dump (test mode, but contained embedded receipt URLs with the platform account ID) - developer/stripe-test-cards.png: screenshot of Stripe's docs Both files are safely moved out of the repo to ~/dialtone-scratch/ so the local copies survive but no version is ever committed. Also added `developer/scratch/` as a future-proof catch-all for similar work-in-progress files. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
…-approvals
Greptile correctly flagged three issues with the previous commit's
.claude/settings.json additions:
1. Bash(git push *) auto-approved any push to any remote with any
flags — INCLUDING --force. Combined with the co-listed git add /
git commit wildcards, this created a fully autonomous write path
to the remote. Removed.
2. Bash(git commit -m ' *) is a malformed pattern (the trailing
apostrophe makes it match nothing useful). Removed.
3. Bash(mkdir -p ~/dialtone-scratch) and Bash(mv developer/stripe-
events.txt developer/stripe-test-cards.png ~/dialtone-scratch/)
were one-off operational commands recorded mid-session. They
hardcode home-directory paths and won't match again. Removed.
Kept three useful wildcards which are read-only or local-only:
- Bash(git checkout *) — switching branches, no remote effect
- Bash(git pull *) — fetching from remote, no write effect
- Bash(git add *) — staging changes, all local; the user still
has to manually invoke commit + push to
actually write anything anywhere
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
Addressed all three findings in `476e16d`. P1 (PR description vs diff) — you were right; the original description described the diff against my local working tree, not against `origin/main`. Edited the PR description to accurately reflect what actually lands on main: this PR adds three new auto-approvals (`git checkout *`, `git pull *`, `git add *`) plus the `.gitignore` patterns, and that's it. The "dropped two entries" framing is gone. *P1/security (`git push ` autonomous write path) — removed entirely. Also removed `git commit -m ' *` (which was malformed anyway). The remaining three wildcards (`git checkout *`, `git pull *`, `git add *`) are all local-only or read-from-remote — no autonomous write to any remote. Commit + push still require explicit user prompts each time. P2 (one-off operational entries) — removed both `mkdir -p ~/dialtone-scratch` and the specific `mv` command. Both were single-shot today and hardcoded home-directory paths that wouldn't match again. `pnpm ci:fast` still green (220 unit tests, lint, typecheck). |
Greptile flagged that Bash(git checkout *) covers two distinct modes: - Branch switching (safe) - File discard (`git checkout -- <file>` or `git checkout -- .`) The file-discard mode silently wipes uncommitted working-tree changes with no confirmation. With this auto-approval, an agentic task could mid-session discard local work the user hasn't yet staged. Different category of risk from `git push *` (remote write) but real. Replaced with `Bash(git switch *)` — the modern git equivalent for branch switching ONLY, no file-discard semantics. Same convenience (no prompt every time you switch branches), without the silent-loss footgun. File-discard now goes through `git restore <file>`, which isn't auto-approved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
Good catch — addressed in the latest commit. Replaced `Bash(git checkout *)` with `Bash(git switch *)`. Same convenience (no prompt for routine branch switches), no file-discard footgun. Modern git split the two modes: `git switch` for branches, `git restore` for file discard. We're keeping the branch-switch wildcard and leaving `git restore` requiring explicit approval each time. Final state of new auto-approvals:
No autonomous write path to remote, no silent local data loss path. |
3 tasks
ByteStreams-AI
added a commit
that referenced
this pull request
May 4, 2026
Adds open follow-up #6 capturing the flake observed on PR #24's full lane. Same test passed on PR #23's run an hour earlier; the failing PR #24 diff is prompt text only — zero impact on the reservation availability path. The flake is real and worth tracking, but not caused by the prompt change. Captures: where it lives, what triggers it, the proposed real fix (deterministic slot anchor instead of `now + 5h`).
ByteStreams-AI
added a commit
that referenced
this pull request
May 4, 2026
* fix(voice): mandate "anything else?" + broaden finalize trigger
M11 ramp surfaced a wedge: caller orders two items, both land in cart
correctly via add_item_to_order, but finalize_order is never called.
Cart sits at $16.98 untouched, the call goes silent.
Root cause: the prompt told the LLM to call finalize_order "when the
customer says they're done" but never instructed it to ASK if they
were done. The model confirmed each item, called add_item_to_order,
then waited indefinitely for the caller to volunteer "that's it" —
which most callers don't say.
Two prompt fixes (no code path changes):
- Step 4f: ALWAYS ask "Anything else?" after each add_item_to_order.
Not optional, not tone-dependent. Going silent wedges the call.
- Step 5: broaden the done-signal recognizer from explicit "that's
it" / "I'm done" to also include implicit no-answers ("no thanks",
"nope", "no that's all"). Treats any "no" answer to "anything
else?" as a done signal.
Two new prompt-template tests lock both behaviors so a future prompt
edit can't silently regress.
Captured live during a Sui's call where call_id
019df454-3639-7000-8ed1-acce72d91492 had Cucumber Roll +
California Roll w/ white rice in raw_payload.cart but tool_log ended
at the second add_item_to_order.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs: log reservation alternative-slot test as time-of-day flaky
Adds open follow-up #6 capturing the flake observed on PR #24's full
lane. Same test passed on PR #23's run an hour earlier; the failing
PR #24 diff is prompt text only — zero impact on the reservation
availability path. The flake is real and worth tracking, but not
caused by the prompt change.
Captures: where it lives, what triggers it, the proposed real fix
(deterministic slot anchor instead of `now + 5h`).
* test(reservations): pin alternative-slot test to deterministic slot
PR #24's full lane started failing on
vapi_check_availability > returns alternative slots when the
requested time is unavailable
even though the diff is prompt text only. Same code paths passed on
PR #23 an hour earlier. Two compounding test-setup bugs:
1. Sub-minute drift between iso and date+time. `localDateTimeFromNow`
returned a millisecond-precision iso but minute-precision date+time.
The blocked reservation was inserted with iso (e.g., 00:14:35.123Z)
while the availability call used date+time (00:14:00). The 35-sec
offset turned the +90-min candidate (which exactly abuts the
reservation's end) into an apparent overlap, killing the only
candidate that should have been a valid alternative.
2. UTC midnight boundary. When CI runs late in Chicago afternoon,
now+5h crosses the UTC date boundary. The DB function's
alternatives walk constrains candidates to the same UTC day as the
requested slot, so the negative offsets (-90/-60/-30) all skip,
leaving only +30/+60/+90 — and with bug #1, none of those produce
an alternative.
Fix:
- Round localDateTimeFromNow down to the minute so iso/date/time
align; eliminates bug #1 for every caller of this helper.
- Add tomorrowAtHour(12) helper for tests that need a deterministic
slot fully inside one UTC day and well inside operating hours.
Switch the alternatives test to use it.
The DB function is correct; the test setup was the bug. Marks the
AGENTS.md follow-up as fixed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cleanup of working-tree state that accumulated during today's debugging.
.claude/settings.json— adds three new auto-approval entries (read-only or staging-only — no autonomous write path to any remote):Bash(git checkout *)— switching branches, local onlyBash(git pull *)— fetching from remote, no write effectBash(git add *)— staging changes, all local; commit + push still require explicit prompts.gitignore— adds patterns for two debug artifacts that should never be candidates for commit, plus a future-proof catch-all:developer/stripe-events.txt(342-line raw Stripe events JSON; test-mode but contained embedded receipt URLs with the platform account ID)developer/stripe-test-cards.png(screenshot of Stripe's docs)developer/scratch/for any future work-in-progress filesThe two debug files were already moved to
~/dialtone-scratch/outside the repo.Notes
The first commit on this branch (`24db1ff`) inadvertently also added `mkdir`, `mv`, `git commit -m ' *`, and `git push *` auto-approvals — captured by Claude Code mid-session. Greptile correctly flagged `git push *` as dangerous (autonomous write path including `--force`) and the others as one-off / malformed. The follow-up commit (`476e16d`) drops all four. Final state is the three read-only / staging-only wildcards above.
Test plan
Greptile Summary
This PR trims the Claude Code auto-approval list down to three entries (
git switch *,git pull *,git add *) and gitignores two debug artifacts plus a scratch directory. The dangerous entries that appeared in the first commit (git push *,git commit -m ' *,mkdir,mv) are correctly absent in the final diff. The.gitignoreadditions are straightforward and appropriate.Confidence Score: 4/5
Safe to merge — final state contains no autonomous remote-write path; only a minor description/code discrepancy remains.
No P0 or P1 issues in the final state. The only finding is a P2 discrepancy between the PR description (which names
git checkout *) and the actual committed entry (git switch *). The dangerous approvals from the first commit have been cleaned up correctly..claude/settings.jsonwarrants a quick read to confirm the three retained entries match what was intended;.gitignoreis straightforward.Important Files Changed
git switch *,git pull *,git add *); dangerous entries from the first commit (git push *, git commit *, mkdir, mv) are correctly absent in the final state. Minor discrepancy: description namesgit checkout *but the entry isgit switch *.developer/stripe-events.txt,developer/stripe-test-cards.png,developer/scratch/); straightforward and appropriate.Reviews (3): Last reviewed commit: "fix(settings): replace git checkout * wi..." | Re-trigger Greptile