azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(harness-guard): FATAL-promotion prerequisite — test matrix + pair-required conflict rule (VERSION 1.4.3)

Browse Source 
Builds the false-positive/true-positive proof the plan requires before the guard can be
promoted to blocking, and fixes the one false-positive it surfaced.

- test-harness-guard.sh: 12-case matrix in a throwaway repo, runs the REAL guard, asserts
  WARN/clean for real conflicts/secrets/keys vs legit content (setext underlines, dividers,
  docs that mention a marker, encrypted sops, public keys, .example templates).
- harness-guard.sh: conflict rule now requires a real hunk (BOTH ^<<<<<<< AND ^>>>>>>>),
  dropping the lone =======$ trigger that false-positived on a 7-char setext underline /
  divider. Identical true-positive power (git writes all three markers); FP surface -> 0.
- /self-check: new harness.guard_selftest runs the matrix in an isolated temp repo (read-only
  vs the real tree) so guard correctness is continuously proven.

Verified 12/12 pass, true positives intact, real-tree FP surface = 0. FATAL flip (todo
f1c11d0d, on/after 2026-06-22) is now evidence-backed + one-step.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-06-08 08:41:53 -07:00
parent cfa264947b
commit 512ceb4727
8 changed files with 221 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.claude/harness/CHANGELOG.md
View File

@@ -67,3 +67,15 @@ or old harness during a heterogeneous rollout. See
link (time-entry-protocol.md -> /syncro). Semantic contradiction pass (read both, judge actual
conflict) delegated to the model in SKILL.md, mirroring the memory pass. Verified PASS; negative-
tested (WARN fires when the pointer is removed). New pairs: add to manifest.command_standard_links.
## 1.4.3 — 2026-06-08 (guard FATAL-promotion prerequisite: test matrix + refinement)
- Built `.claude/scripts/test-harness-guard.sh` — a 12-case false-positive/true-positive matrix
for harness-guard.sh (spins a throwaway repo, stages synthetic content, runs the REAL guard,
asserts WARN/clean). Required by the plan before promoting the guard to FATAL.
- The matrix surfaced a false-positive vector: the conflict rule's lone `=======$` alternative
fired on a markdown setext underline / divider of exactly seven `=`. REFINED harness-guard.sh to
require a real hunk — BOTH `^<<<<<<< ` AND `^>>>>>>> ` present — which has identical true-positive
power (git always writes all three markers) and eliminates the false positive. Verified 12/12 pass;
real-tree false-positive surface = 0.
- Wired the matrix into /self-check as `harness.guard_selftest` (runs in an isolated temp repo, so
the read-only-vs-real-tree contract holds). The eventual FATAL flip is now evidence-backed.

2
.claude/harness/VERSION
View File

@@ -1 +1 @@
1.4.2
1.4.3