Skip to content

docs(adr): ADR-0013 — json sidecar cross-process locking (V-L2-F4)#153

Merged
hyperpolymath merged 1 commit into
mainfrom
claude/adr-0013-f4-locking
May 30, 2026
Merged

docs(adr): ADR-0013 — json sidecar cross-process locking (V-L2-F4)#153
hyperpolymath merged 1 commit into
mainfrom
claude/adr-0013-f4-locking

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 30, 2026

Documents V-L2-F4 (#150, shipped in #151) — the follow-on that hardened the JSON sidecar after F3 — and runs the standard wrap-up. Docs + config only; no production code.

Document

  • ADR-0013 (new) — cross-process advisory write lock (<path>.lock, bounded backoff + stale-steal, RAII release) held across the whole load→mutate→save cycle; atomic-rename durability; the now-wired provenance/history CLI (sqlite + json; postgres still explicit "not yet implemented"). Framed as refining ADR-0012, not reversing it.
  • ADR-0012 — its "single-writer limitation" note now forward-references the F4 lock (ADR-0013), so it isn't misleading on main.
  • CHANGELOG.md — adds the V-L2-F4 entry (mirrors the CHANGELOG.adoc entry feat(sidecar): cross-process locking + atomic writes, and wire provenance/history CLI (V-L2-F4, #150) #151 added).

Config

  • .claude/settings.json — extends the read-only permission allowlist with the git commands these wrap-ups use repeatedly (rev-parse, ls-files, merge-base, remote).

Validation

  • cargo fmt --check, cargo clippy --all-targets -- -D warnings, cargo test (145 pass) all green on main + these changes; settings.json valid JSON; ADR 0012⇄0013 cross-references consistent.

Follows the V-L2-F* arc: F2 drop (#144/#147/#149) → F3 implement (#148/#152) → F4 harden (#151, this PR documents it).

Generated by Claude Code

@claude
docs(adr): ADR-0013 for json sidecar locking (V-L2-F4); refine ADR-0012
4336b00 
Document V-L2-F4 (#150, shipped in #151), the follow-on that hardened the
JSON sidecar after the F3 implementation:

- docs(adr): add ADR-0013 — cross-process advisory write lock
  (`<path>.lock`, stale-steal, RAII) held across load→mutate→save, atomic-
  rename durability, and the now-wired `provenance`/`history` CLI. Refines
  ADR-0012 (does not reverse it).
- docs(adr): touch up ADR-0012 — its "single-writer limitation" note now
  forward-references the F4 lock (ADR-0013) so it isn't misleading on main.
- docs(changelog): add the V-L2-F4 entry to CHANGELOG.md (mirrors the
  CHANGELOG.adoc entry #151 added).
- chore(config): extend the .claude permission allowlist with the read-only
  git commands used during these wrap-ups (rev-parse, ls-files, merge-base,
  remote).

Docs + config only; no production code. fmt/clippy/test (145) green on main.

https://claude.ai/code/session_01Ux144vBDdySvLUqUrCgkT4
@hyperpolymath hyperpolymath marked this pull request as ready for review May 30, 2026 23:38
@hyperpolymath hyperpolymath merged commit 4d8e6e3 into main May 30, 2026
11 of 20 checks passed
@hyperpolymath hyperpolymath deleted the claude/adr-0013-f4-locking branch May 30, 2026 23:38
@hyperpolymath hyperpolymath mentioned this pull request May 30, 2026
Closed
4 tasks
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 31, 2026

🔍 Hypatia Security Scan

Findings: 82 issues detected

Severity Count
🔴 Critical 3
🟠 High 7
🟡 Medium 72

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action actions/checkout@v4 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action dtolnay/rust-toolchain@stable needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action Swatinem/rust-cache@v2 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action actions/checkout@v4 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action dtolnay/rust-toolchain@master needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action Swatinem/rust-cache@v2 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @claude