[Constitution] Alignment principle + CI guardrails (addresses b87992f drift)#20
Merged
dtzp555-max merged 3 commits intomainfrom Apr 20, 2026
Merged
[Constitution] Alignment principle + CI guardrails (addresses b87992f drift)#20dtzp555-max merged 3 commits intomainfrom
dtzp555-max merged 3 commits intomainfrom
Conversation
…ils (PR A) Introduces the OCP project constitution to structurally prevent the kind of scope drift that produced commit b87992f on 2026-04-11 (the fabricated "/api/oauth/usage" endpoint, which does not appear in cli.js and broke the dashboard usage bar for nine days). This PR is governance-only. It does not modify server.mjs, package.json, or any runtime code. It is intentionally shipped as one reviewable unit per Iron Rule 11 (governance is one layer). Files added: - ALIGNMENT.md Supreme scope document. Core principle: OCP is a proxy layer for Claude Code, not an extension layer. Five binding Rules: grep cli.js first; no invention; match the implementation; unalignable features are deleted; commits cite cli.js line numbers. Includes the 2026-04-11 drift postmortem, the Unalignable Policy, and an Annual Alignment Audit fixed to 11 April each year. - CLAUDE.md Project session instructions. Flags ALIGNMENT.md as required reading before any code. Codifies three hard requirements for server.mjs changes: cli.js citation, CI blacklist pass, and an independent reviewer per Iron Rule 10. References CC 开发铁律 Rules 10, 11, and 12. - .github/PULL_REQUEST_TEMPLATE.md Mandatory "Claude Code Alignment Evidence" section. Three author checkboxes (cli.js citation, scope justification if cli.js does not perform the op, commit-message citations). Reviewer checklist requires opening cli.js at the cited lines before approval. A PR with this section blank receives request-changes. - .github/workflows/alignment.yml Hard-fail blacklist on server.mjs for tokens "api/oauth/usage" and "api/usage" (scan restricted to server.mjs; ALIGNMENT.md and CLAUDE.md may quote them as historical references). Soft check over all PR commit messages for "Claude Code uses X" / "cli.js uses X" assertions lacking a cli.js:NNNN or cli.js vE4 <fn> citation. Historical reference: b87992f ("fix: use dedicated /api/oauth/usage endpoint for reliable plan data") asserted the endpoint was used by Claude Code CLI. The string does not occur in cli.js. Root cause was LLM hallucination accepted without grep verification. See ALIGNMENT.md -> Historical Lesson for the full record. Merge precondition: this PR must be approved by an independent reviewer (Iron Rule 10). The drafter of this commit may not self-approve. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…6 a9950ef6) First annual alignment audit pin. Records the cli.js version and content hash that the current ALIGNMENT.md codified implementations mirror. - Claude Code version: 2.1.89 - cli.js SHA-256: a9950ef6407fdc750bddb673852485500387e524a99d42385cb81e7d17128e01 - Audit date: 2026-04-20 - Auditor: Tao Deng Next audit: 2027-04-11 (drift anniversary). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
dtzp555-max
force-pushed
the
feat/alignment-constitution
branch
from
01518a9 to
80014b9
Compare
…fore grep Two false positives discovered during PR #20 bootstrap CI: 1. /api/usage is a legitimate OCP dashboard route (per-key quota, added in v3.8, server.mjs:1472). The bare token "api/usage" was too broad. 2. The ANCHOR warning comment in server.mjs (added by PR #21) references /api/oauth/usage as a DO-NOT-USE example, triggering the scanner. Fix: require full host "api.anthropic.com/api/oauth/usage" to ensure only real outbound fetch calls trip the guard, and strip line comments with sed before grep so historical ANCHOR warnings pass. Amendment procedure (ALIGNMENT.md) still governs future blacklist changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This was referenced Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Background
On 2026-04-11, commit
b87992f("fix: use dedicated /api/oauth/usage endpoint for reliable plan data") was merged. The commit message asserted that/api/oauth/usagewas "the dedicated usage endpoint that Claude Code CLI uses." This was false — the string does not appear incli.jsat any shipped Claude Code version. The endpoint was fabricated by an LLM-assisted authoring pass that generalized from adjacent OAuth paths without greppingcli.js. A follow-up (cb6c2a8) compounded the error by caching the fabricated responses. The dashboard/usageprogress bar was broken for nine days.This PR is PR A of the remediation. It is governance-only: it establishes the constitution that makes the drift structurally impossible to repeat. It does not modify any runtime code.
Files in this PR (4)
ALIGNMENT.md— OCP project constitution.CLAUDE.md— project-level session instructions.ALIGNMENT.mdas required reading before any code.server.mjsPR: cli.js citation, CI blacklist pass, independent reviewer (Iron Rule 10)..github/PULL_REQUEST_TEMPLATE.md— mandatory alignment-evidence section..github/workflows/alignment.yml— CI guardrails.server.mjsfor blacklisted tokens (api/oauth/usage,api/usage). Scan is restricted toserver.mjs;ALIGNMENT.mdandCLAUDE.mdare allowed to quote the tokens as historical references.cli.js:NNNNorcli.js vE4 <fn>citation; emits warnings for reviewer enforcement.Historical Lesson (summary)
b87992f(2026-04-11)/api/oauth/usage(not in cli.js)cb6c2a8(cached the 4xx away)/usagebar brokengrep cli.js; no CI blacklist; no constitutionMerge preconditions
ALIGNMENT.mdmatches the git log forb87992fandcb6c2a8.server.mjs; does not false-positive on documentation).Out of scope (explicitly)
server.mjs.package.jsonversion (constitutions do not bump versions)./api/oauth/usagecode path inserver.mjsis deferred to a follow-up PR (PR B), which will land under the rules this PR establishes.Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com