Files
claudetools/.claude/memory/feedback_submodule_autosync_discipline.md
Mike Swanson ef55121d95 errorlog lint follow-ups: bitdefender log-gap fix + submodule memory + Windows CORE rules
- bitdefender gz.py: add "missing name" to _EXPECTED_ERROR_MARKERS — closes the last gap in
  Howard's errorlog suppression ("Missing name 'X' in 'options' object" validation errors were
  still logged). Verified all 10 real spam messages now suppressed; genuine errors still log.
- memory feedback_submodule_autosync_discipline: capture the recurring auto-synced-submodule
  rule (worktree or push-by-SHA + ls-remote verify; assert HEAD==origin/main before audits;
  never checkout-- shared files). Recurred on Howard-Home x3 + GURU-5070 this session.
- CLAUDE.md CORE Windows bullet: promote the two top recurring mechanical traps (/tmp path
  mismatch, curl.exe/plink quote-stripping) to always-loaded hard rules so they stop repeating.

Lint of errorlog.md: bitdefender expected-validation spam was ~70% of entries (Howard's
suppression now complete); fabb3421/Mail.Send drift closed earlier this session; wiki-compile
lock-release doc already fixed (entries predate the fix).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 17:48:00 -07:00

39 lines
2.6 KiB
Markdown

---
name: feedback_submodule_autosync_discipline
description: In auto-synced submodules (guru-rmm/guru-connect) don't trust local branch refs — use a worktree or push-by-SHA + verify; assert HEAD==origin/main before audits. Recurring fleet friction.
metadata:
type: feedback
---
The superproject's background auto-sync resets each submodule's working tree to the **pinned
gitlink** (which intentionally lags `main`), and 3-4 Claude sessions can share one submodule
checkout. So inside `projects/msp-tools/guru-rmm` (and guru-connect) **local branch refs / HEAD do
NOT reliably survive across tool calls or sessions** — a `git switch -c feat` can get reset to the
gitlink mid-work, commits land on a detached HEAD, and `push -u origin <branch>` ships a stale ref.
**Do this instead:**
- **Feature work:** `git worktree add <path> origin/main`, edit + commit + push there, then
`worktree remove` — OR commit in place, capture `sha=$(git rev-parse HEAD)`, and push by EXPLICIT
sha: `git push origin <sha>:refs/heads/<branch-or-main>`. Then VERIFY: `git ls-remote origin <ref>`.
(This session: that push-by-SHA is exactly how the BUG-019 merge + docs landed cleanly.)
- **Before any audit/analysis that reads the working tree:** assert `HEAD == origin/main`
(`git rev-parse HEAD` vs `git rev-parse origin/main`); if behind, `git fetch` + checkout
origin/main first, or read `git show origin/main:<file>`. A stale gitlink makes you "fix"
already-fixed code (a real audit wasted a fix on a bug already closed in main).
- **Never `git checkout -- <shared file>`** to clean up a dirty submodule tree — it clobbers a
concurrent session's uncommitted work. Move untracked files aside instead.
- HTTPS auth to the gururmm/guru-connect remote (git.azcomputerguru.com) on GURU-5070 uses the
vaulted `services/gitea` api-token via GIT_ASKPASS (the gitea skill can't inject it — parent repo
is HTTP, submodule is a different host; SSH key not authorized here).
**Why:** recurring across the fleet (Howard-Home detached-HEAD x2 + a stale-gitlink audit;
GURU-5070 hit a non-fast-forward on a docs push this session). Each occurrence costs a
re-diagnose/rebuild cycle. Howard fixed the `sync.sh` submodule-clobber root cause + moved to
worktrees (2026-06-21), but the defensive discipline still applies.
**How to apply:** worktree or push-by-SHA + `ls-remote` verify for writes; assert HEAD==origin/main
(or read `origin/main:<file>`) before audits; never `checkout --` shared files.
Related: [[gururmm-session-logs-submodule-save]] [[feedback_gururmm_build_verification]]
[[feedback_verify_committed_state_before_push]] [[using-git-worktrees]]