chore(docs): gut dead-mechanism context poison from agent-facing docs (ag-sjz8 #gut-poison)#764
Merged
Merged
Conversation
… (ag-sjz8) Agent-facing context docs routed working agents at DEAD mechanisms — which poisoned a live fleet-operating session into proposing `ao rpi` as a continuity-loop worker. Scope: operational-surgical (Bo's call) — gut the agent-facing operational guidance + factual errors; LEAVE the README/3.0 product narrative (Gas-City-as-reference-substrate is ADR-backed product design, out of scope). Tier A (operational guidance — what bit me): - CLAUDE.md Session Constraints: "route multi-phase work through ao rpi" → live substrate (NTM + Agent Mail + continuity-loop); "ao rpi serve --help" → real check surfaces; gc reframed as optional-out-of-session, NOT the live substrate. Kept the accurate "bridge REMOVED" + "load-bearing legacy" lines; do NOT claim ao rpi was deleted (it wasn't). - AGENTS.md: dropped deleted "scheduling daemon" (ADR-0009). - AGENTS-RUNTIME.md: "ao rpi serve --help" → the ao command surface. Tier B (hookless-factual — 3.0 installs no hooks by default): - ARCHITECTURE.md + reference.md: hookless banners (surgical, vs rewriting diagram/section internals); dropped "hooks" from the overview + the "(enables hooks)" install header. - context-packet.md + vs-claude-flow.md: corrected SessionStart-hook-injection prose/diagram. Tier C (retired /dream shown as live): - evolve/harvest/using-agentops: /dream marked retired (compounding moved to Gas City). - curate INTENTIONALLY left — its --mode=dream is the forward replacement, not poison. Found via a 5-way parallel poison fan-out. registry.json unaffected (skill bodies only).
…text-poison # Conflicts: # CLAUDE.md # docs/ARCHITECTURE.md # skills/evolve/SKILL.md
…ded skill) (ag-sjz8)
boshu2
added a commit
that referenced
this pull request
Jun 6, 2026
…nk ../ (ag-eatf #safe-paths-doclink-filter) (#796) ## What `scripts/skill-eval.sh` treated ms's `safe-paths` rule as blocking on **every** `../`. That rule is a blunt regex, and `../` relative markdown doc-links are the repo-wide SKILL.md convention (47+ skills, e.g. `[x](../other/SKILL.md)`, `../../docs/...md`). SKILL.md is documentation, not executed code, so those are false positives — they redded `skill-eval` → `summary` on **every skills-touching PR** (blocked #776; gated #759/#764/#767 in this session's drain). ## Fix Added a file-level filter: `safe-paths` stays **blocking only when a `../` survives stripping (1) markdown inline-link targets `](...)` and (2) relative doc-path tokens (`*.md/.markdown/.mdx/.txt/.rst`)** — i.e. a real, non-doc `../`. Otherwise the findings downgrade to advisory annotations (announced, not silenced). Net effect: **purely removes false positives; real protection is preserved.** A genuine traversal (e.g. `../../../../etc/passwd` in a description) still blocks — verified. No regression to the other blocking rules. ## Evidence - `bats tests/scripts/skill-eval.bats` → 12/12 pass (10 prior + 2 new ag-eatf cases: doc-links downgrade→PASS; real non-doc `../`→BLOCK). - Manual: `agent-native` and `domain` skills (previously red on safe-paths) now PASS; a mixed real-threat fixture BLOCKs. Closes-scenario: ag-eatf#safe-paths-doclink-filter Bounded-context: BC2-Validation Evidence: scripts/skill-eval.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Gut context poison — agent-facing docs that route a working agent at DEAD mechanisms. This poisoned a live fleet-operating session (the bo driver building the go-dark supervisor) into proposing
ao rpias a continuity-loop worker. Found via a 5-way parallel poison fan-out.Scope: operational-surgical (Bo's explicit call). Gut the agent-facing operational guidance + factual errors; LEAVE the README/
docs/3.0.mdproduct narrative (Gas-City-as-reference-substrate is coherent, ADR-backed product design — a different altitude from Bo's live fleet).Changes (10 files, surgical)
Tier A — operational guidance (the poison that bit me):
CLAUDE.mdSession Constraints: "route multi-phase work throughao rpi" → the live substrate (NTM + MCP Agent Mail +continuity-loop);gcreframed as optional-out-of-session, not the live substrate. Kept the accurate "bridge REMOVED" + "load-bearing legacy" lines.AGENTS.md: dropped the deleted "scheduling daemon" (ADR-0009).AGENTS-RUNTIME.md:ao rpi serve --help→ the realaocommand surface.Tier B — hookless-factual (3.0 installs no hooks by default): hookless banners on
ARCHITECTURE.md+reference.md(surgical vs. rewriting diagram internals); corrected SessionStart-hook prose incontext-packet.md+vs-claude-flow.md.Tier C — retired
/dreamshown as live: marked retired inevolve/harvest/using-agentops(compounding moved to Gas City).curateintentionally left — its--mode=dreamis the forward replacement, not poison.Guardrails
ao rpiwas deleted — the command still compiles (loop/phased/serveexist); only its role as the live workflow is corrected.generate-registry.sh --check= OK).Evidence
bash scripts/generate-registry.sh --check→ OK. Diff is 20 insertions / 16 deletions across 10 files.Bounded-context: BC1-Corpus (agent-facing context docs)
Evidence: this PR diff + the parallel fan-out inventory
Closes: ag-sjz8
🤖 Generated with Claude Code