fragJulia
Operations

Handover 2026-04-25 — layered drift-prevention epic, P1-P4 open, P5 pending

Session state for the drift-prevention research epic. Five PRs open, one blocker issue, one local file in pending-review state. Plan and memories under ~/.claude/.

Status: Mid-epic. Hand-off to next session or to the user picking this up later. Plan file: C:\Users\dapar\.claude\plans\how-do-i-run-velvet-wren.md Date: 2026-04-25

What this epic is

Prevent recurrence of two 2026-04 incidents (Voxtral 18 GB wrong-variant download; PAT in 5 settings locations) by layering: terse rules in docs (P1–P4) + irreversible-action hooks (P5). Disease-first: drift happens upstream of any tool call because there's no enforced decision process for infra-shaped questions.

State of work

Open PRs

PRStepWhatNotes
#702P1 + P2New decision-processes.mdx (4 rules, verbatim from memories) + "Source conflict resolution" subsection appended to ssot-discipline.mdxFoundation — merge first
#703side-findingScrub leaked PAT prefix from 2026-04-22-ssot-consolidation.mdx follow-upsIndependent; safe to merge anytime
#704P3PR template checkbox + new docs-guard.yml job infra-source-citation (warn-level)Depends on #702 for link to resolve
#706P4 (repo half)One bullet in repo CLAUDE.md pointing at decision-processesBlocked by #705
this PRhandoverThis documentLand last; informational

Open issue

  • #705 — blocker for #706. Mid-execution of P4, agent added a "Source Hierarchy on Handoffs" subsection to ~/.claude/global-CLAUDE.md. User established the rule "NO LOCAL EDITS PRIOR TO PR APPROVAL (in global claude)" immediately after. Revert was correctly denied by the permission system pending explicit user authorization. Issue body has the verbatim added text and three-checkbox decision (approve / modify / revert).

Local-file state

  • ~/.claude/global-CLAUDE.md — contains the unreverted addition (8 lines, after "Sprint Workflow" subsection in Coding Directives). Awaiting #705 resolution.
  • ~/.claude/projects/C--Users-dapar/memory/ — added feedback_no_local_global_claude_md_edits_prior_pr.md and project_pat_rotation_2026-04-25.md; both indexed in MEMORY.md.
  • ~/.claude/backups/ — empty (cleaned earlier in session).
  • ~/.claude/files by dave/fragJulia/ — stale settings.json, settings.local.json, history.jsonl containing the now-revoked PAT were removed; design docs in same folder untouched.
  1. #702 (P1+P2) — lands the doc that #704 and #706 reference.
  2. #703 (PAT scrub) — independent; can land anytime, but better before further changelog edits.
  3. #704 (P3) — wires PR-time enforcement; link in warning resolves once #702 is merged.
  4. Resolve #705 — user decides on global CLAUDE.md addition (approve / modify / revert).
  5. #706 (P4 repo) — merge after #705 closes.
  6. this handover PR — informational; merge whenever.

One-time setup before #704 takes effect: create the infra-verified label in repo settings (gh label create infra-verified --color BFD4F2 --description "Source citations verified for infra-touching PR" --repo neid404/fragjulia). Without the label the warning still fires correctly; the label is just the clear-mechanism.

What's next: P5

Three irreversible-action hooks at ~/.claude/hooks/. Per the plan, scoped narrow:

  • pretooluse-secret-output.sh — deny git diff on *.env|*.yaml|*.yml|compose* and curl with literal Authorization: Bearer ... containing token-shaped substrings. Suggest safe alternatives (--stat, variable interpolation).
  • session-start-audit.sh — scan permissions.allow (NOT env, which is the legitimate PAT home) for token-shaped substrings; escalate if found.
  • pretooluse-onedrive-clone-deny.sh — hard-deny git clone | gh repo clone | git init if target dir under any forbidden path (/OneDrive/, /Dokumente/, /Documents/, /Downloads/, /AppData/Local/Temp/).

P5 hooks are user-level files at ~/.claude/hooks/. Per the rule established in #705, treat any ~/.claude/settings.json change as PR-style; create review issue + stage diff before applying.

What's deferred

  • L4 / P6 — install coleam00/claude-memory-compiler auto-memory loop. Re-evaluate after the process layer (P1–P5) has 4 weeks of operation. With processes encoded as docs, the auto-memory channel may not be needed; if it is, install in isolated test profile first per the plan.
  • Block-level escalation of infra-source-citation — currently warn-level. If after 4 weeks reviewers routinely ignore the warning without infra-verified, change the warn step to exit 1 in docs-guard.yml.
  • Closed-issue audit (SSOT-9) — separate work item. When written, layer the source-tier check on top per the plan's open question 4.

Decisions locked in this session

  • One process doc, not two (Tier hierarchy + bounce + cite + verify all live in decision-processes.mdx).
  • No SessionStart digest at L1 — MEMORY.md already loads into every session via the system prompt.
  • No state-file approach for model-pull gating — it was theater (agent can read once, ignore thereafter). Replaced with PR-time citation requirement.
  • No strict-whitelist totalitarian permissions mode — user opted out per session direction.
  • Voxtral-class drift = silent-conflict-resolution (same pattern, not separate counts).
  • Hooks for irreversible patterns only; reversible patterns (wrong model download) handled at process layer.
  • Each step lands as one PR; PRs are pushed but not merged — user reviews and merges.

Audit trail

  • Plan: C:\Users\dapar\.claude\plans\how-do-i-run-velvet-wren.md
  • Memories created: feedback_no_local_global_claude_md_edits_prior_pr.md, project_pat_rotation_2026-04-25.md
  • Memories cited as seed for decision-processes.mdx: feedback_bounce_conflicts_no_silent_resolution.md, feedback_infra_ids_repo_canonical.md, feedback_tier4_handoff_verify_before_dismissal.md
  • Closed historical issues with body scrubs done earlier in session: #640, #641 (PAT prefix removed)
  • External research: Claude Code hooks reference, coleam00/claude-memory-compiler, Civic — Deterministic guardrails

Voice Stack Bring-Up Verification — 2026-04-25

R-10 verification probe results for the self-hosted voice stack on EC2. Probes 1 and 3 green; Probe 2 partial — infrastructure verified, full reply-generation deferred to the plugin-upgrade epic.

2026-05-02 — Audit cron: DRY_RUN flip after 7-day shake-out

Both audit workflows (closed-issue-audit daily, changelog-audit-weekly Mondays) flipped from DRY_RUN 'true' to 'false' after the 7-day post-merge observation window from PR #684 (merged 2026-04-25) showed clean run logs. closed-issue-audit now writes the missing-changelog label and a single comment to issues closed-as-completed without a matching changelog closes: reference. The weekly digest remains a workflow-run-page summary; no new issue spam.

On this page

What this epic isState of workOpen PRsOpen issueLocal-file stateRecommended merge orderWhat's next: P5What's deferredDecisions locked in this sessionAudit trail