Skip to content

chore(runbooks): log merge-guard v4.4.54 post-install live-probe (dual-independent CONVERGE)#1107

Merged
michael-wojcik merged 1 commit into
mainfrom
runbook/1094-v4454-live-probe
Jul 4, 2026
Merged

chore(runbooks): log merge-guard v4.4.54 post-install live-probe (dual-independent CONVERGE)#1107
michael-wojcik merged 1 commit into
mainfrom
runbook/1094-v4454-live-probe

Conversation

@michael-wojcik

Copy link
Copy Markdown
Collaborator

Summary

Logs the v4.4.54 post-install live-probe of the INSTALLED merge-guard hooks — the gated-closure discharge for #1094 (per the standing post-install-probe discipline; PR body of #1102 deliberately carried no auto-close keyword).

Result

DUAL-INDEPENDENT FULL CONVERGE:

  • Primary probe (test-engineer): 26/26 PASS under BOTH interpreters (system /usr/bin/python3 3.9.6 floor + pyenv 3.12.7 — 52/52 row-executions, row-identical). Identity gate (installed hooks byte-identical to 7619ba1d), cured-compound ALLOW at function + real-main subprocess grades, preserved DENY in every probed leg position, laundering closed end-to-end with a passing fidelity control, clustered-flag pin unchanged, 4.4.53-installed control proving the cure non-vacuous installed-side, SEC-S1 scoped-half coverage-parity rows.
  • Blind adversarial verify (security-engineer, verdict locked pre-cross-read): CONVERGE-SAFE, zero findings — sha256 artifact identity, live hooks.json wiring, 53-row base-vs-installed delta exactly the adjudicated set, 11 installed-seam mint→authorize round trips, dual-interpreter exit semantics, live-fire non-vacuity.

Effect

Discharges the post-install gate for #1094 (closure comment follows merge). No production code changes — runbook log entry only.

…l-independent CONVERGE) (#1094)

26/26 PASS under both interpreters (3.9.6 floor + 3.12.7), 52/52 row-executions:
cured-compound ALLOW at function + real-main grades, preserved DENY everywhere
probed, laundering closed end-to-end with fidelity control, clustered pin
unchanged (4.4.53-installed non-vacuity control), SEC-S1 scoped-half
coverage-parity rows. Blind security verify: CONVERGE-SAFE, zero findings.
Copilot AI review requested due to automatic review settings July 4, 2026 12:30
@michael-wojcik michael-wojcik merged commit 73540a5 into main Jul 4, 2026
2 checks passed

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Logs the v4.4.54 post-install live-probe results for the installed merge-guard hooks, serving as the runbook “gated-closure discharge” record for #1094 (no production code changes).

Changes:

  • Appends a new runbook section for the merge-guard v4.4.54 post-install live-probe.
  • Records dual-interpreter, dual-independent convergence evidence and controls for the installed hooks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.


| Run date (UTC) | Operator | Plugin version | Verdict | Harness-independence evidence | Notes (corpus; controls; per-set outcomes) |
| -------------- | -------- | -------------- | ------- | ----------------------------- | ------------------------------------------ |
| 2026-07-04 | michael-wojcik | 4.4.54 installed (hooks byte-identical to origin/main 7619ba1d, verified by full `diff -r` excl. `__pycache__` + sha256 of `merge_guard_common.py`) | **26/26 PASS under BOTH interpreters (52/52 row-executions, row-identical) · DUAL-INDEPENDENT FULL CONVERGE** — #1094 branch-delete cross-leg over-block REMOVED at BOTH grades: function-grade (5 cured separator families `&&`/`;`/`\|\|`/`\|`/`&` → `is_dangerous` False + `detect` None + `extract_command_context` `{}` mint-scan clean) AND real-main subprocess grade (`git branch new-feature && echo -D` and `git branch backup ; ls -D` → pre main exit 0 ALLOW, no token present); same-leg dangerous STILL gates in every probed leg position incl. the CRITICAL `cd /repo && git branch -D temp` (function-grade True/branch-delete + real-main exit 2 `permissionDecision: deny`), quoted-separator `git commit -m "a && b" && git branch -D temp`, env-prefix, both spelled-out arm orders; classification parity (read floor == detect) asserted on EVERY row; #1094 laundering CLOSED end-to-end at the real mains (ambiguous-compound approve → post main exit 0, mints 0 → escalated single `git branch -D new-feature` DENIES exit 2); faithful round-trip §0 control (approve `git branch -D stale` → mints exactly 1 → same single AUTHORIZEs exit 0) PASSED before any REFUSE was interpreted; clustered-flag pin `cd /repo && git branch -Df temp` ungated-by-design UNCHANGED (False on installed 4.4.53 AND 4.4.54 — pre-adjudicated limitation, NOT a finding); reversed-order `echo -D && git branch new` stays ungated (pre-existing-False pin); SEC-S1 session-gate SCOPED half confirmed on the installed mains (coverage-parity rows, see Notes): mint under session A carries `session_id=sessA` in the token → authorize attempt under session B DENIES exit 2 → same-session A AUTHORIZEs exit 0, 3/3 both interpreters. No HALT. | DUAL-INDEPENDENT: a pact-security-engineer ran a BLIND parallel adversarial verify of the same installed surface (harness + results NOT shared in either direction before verdict lock; reconciliation routed through the lead) → locked verdict **CONVERGE-SAFE, zero findings** — FULL CONVERGE with this probe's 26/26×2. JOINT-COVERAGE SPLIT: SE covered the populated-TOKEN half (11 mint→authorize round trips across op/target/bound-flags axes, AUTHORIZE + mismatch-DENY); on the session-scoping sub-axis BOTH runs were INERT-half (SE empirically confirmed `get_session_id()==""` in their probe env), so the SCOPED half was added HERE post-reconciliation (S0-S2 rows) to match the v4.4.53 precedent's joint coverage. RUNTIME SPAN covered by THIS harness alone: the identical probe files run under macOS `/usr/bin/python3` 3.9.6 (runtime floor) AND pyenv 3.12.7 — 26/26 PASS both, zero row divergence (a version-specific regex/slicing divergence would have contradicted). IDENTITY GATE first: full `diff -r` of `/Users/mj/.claude/plugins/cache/pact-plugin/PACT/4.4.54/hooks` vs the worktree at 7619ba1d byte-identical (excl. `__pycache__`); probe output asserts the imported module `__file__` is under the 4.4.54 cache path (A0 row) so no repo-copy contamination is possible. Harness-fidelity control (B0 mint→authorize round trip) PASSED before interpreting any deny. | Corpus recovered VERBATIM from the merged artifacts (NOT re-derived from prose): `TestBranchDeleteLiteralArmCrossLegSweep` cured/preserved/parity/pin rows (7619ba1d) + the `\|\|`/`\|`/`&` separator-cure rows (ecde737c) + the branch-delete laundering canary shape (test_merge_guard_auth_symmetry.py). Part A = in-process import of the INSTALLED `shared/merge_guard_common.py` (function grade: `is_dangerous_command` / `detect_command_operation_type` / `extract_command_context`). Part B = REAL SUBPROCESSES of the installed `merge_guard_pre.py`/`merge_guard_post.py` mains (hooks.json `python3 <hook>.py` shape); per-scenario isolated `CLAUDE_CONFIG_DIR` (== `TOKEN_DIR`, import-time env binding) + `HOME`, no `CLAUDE_PROJECT_DIR` → `get_session_id()`=="" → session gate INERT; zero `~/.claude` contamination; dangerous literals confined to the harness `.py` + subprocess stdin (an inline `python -c` control attempt was itself DENIED by the LIVE session guard — expected behavior, harness moved to a file). **4.4.53-INSTALLED CONTROL** (both interpreters): the cured compound `git branch new-feature && echo -D` WAS `is_dangerous=True`/`OP=branch-delete` on the prior installed version — the over-block existed installed-side pre-fix, so the v4.4.54 ALLOW is the CURE (installed-side non-vacuity), and the clustered pin is False on BOTH versions (UNCHANGED — not a v4.4.54 delta). This row DISCHARGES the post-install gate for #1094 (gated-closure discipline: the fix-level certification ran worktree hooks pre-merge — suite 10595/0/0 at commit ecde737c tip; this is the installed-binary confirmation per the v4.4.45/v4.4.53 post-install standard). Residual honestly graded: none new — the mint/authorize round-trip grade WAS achieved installed-side (B0/B3 real-main subprocess), no downgrade needed. **SEC-S1 SCOPED-HALF ROWS (S0-S2, coverage-parity NOT fix certification — PR #1102 did not touch session-gate code)**: real-main subprocesses with `CLAUDE_PROJECT_DIR` set and per-session `pact-session-context.json` files pre-seeded under `{CLAUDE_CONFIG_DIR}/pact-sessions/{slug}/{session_id}/` (the sessions root derives from `get_claude_config_dir()`, NOT `Path.home()` — a first harness draft seeded `HOME/.claude/pact-sessions` and correctly produced a session-UNSCOPED token, caught by the S0 `token_sid` assertion and fixed harness-side; the hook was never wrong); asymmetric predicate verified: populated current-session honors only a matching token (`sessB` attempt vs `sessA` token → deny; `sessA` → authorize), while the main probe's B rows cover the `get_session_id()==""` INERT half — both branches of the session-scoping gate now exercised on the INSTALLED binary this cycle, matching the v4.4.53 joint-coverage standard. |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants