From 33ee527309ffe184a356fa0489fbcce5b1457a76 Mon Sep 17 00:00:00 2001 From: Pierre Brisorgueil Date: Wed, 3 Jun 2026 08:48:08 +0200 Subject: [PATCH 1/2] feat(skills/update-stack): drop ledger condition + auto-derive scan list (#3777) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two coupled changes to step 3ter drift gate: 1. Drop `DOWNSTREAM_PATCHES.md` ledger exception — block on ANY shared non-test file divergence vs `devkit-node/master`. User decision 2026-06-02 (memory `feedback_no_dev_in_shared_modules`): drift in shared files must never happen, not be documented. Resolution path becomes revert / promote-up / relocate. 2. Replace hardcoded module list (`modules/home auth users tasks uploads billing lib config/defaults`) with `modules lib config`. Old enum silently missed `modules/audit`, `modules/core`, `modules/organizations`. Re-audit on trawl_node with corrected scan surfaced 1 undeclared drift (`modules/core/doc/index.yml`). Mirrors infra#37 (PRF Phase 0.5 gate) for `/update-stack`-time enforcement. --- .claude/skills/update-stack/SKILL.md | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.claude/skills/update-stack/SKILL.md b/.claude/skills/update-stack/SKILL.md index 4cb155db2..f6419970d 100644 --- a/.claude/skills/update-stack/SKILL.md +++ b/.claude/skills/update-stack/SKILL.md @@ -88,9 +88,9 @@ BODY Proceed to Phase 2 and track the upstream fix separately — do not block downstream alignment on it. -### 3ter. Block on undeclared drift +### 3ter. Block on drift -After `/verify` passes, run a final diff sweep before starting Phase 2. Any stack file that diverges from upstream **and** is not declared in `DOWNSTREAM_PATCHES.md` blocks the flow. +After `/verify` passes, run a final diff sweep before starting Phase 2. Any shared non-test stack file that diverges from upstream blocks the flow. No ledger exception (user decision 2026-06-02 — drift must never happen, not be documented). ```bash git fetch devkit-node master --quiet @@ -101,24 +101,23 @@ while IFS= read -r f; do [ -z "$upstream_blob" ] && continue # downstream-only file — skip local_blob=$(git rev-parse "HEAD:$f" 2>/dev/null) if [ "$upstream_blob" != "$local_blob" ]; then - if ! grep -qF "'$f'" DOWNSTREAM_PATCHES.md 2>/dev/null; then - echo "BLOCK: undeclared drift on stack file: $f" - echo " Fix A — revert to upstream: git checkout devkit-node/master -- $f" - echo " Fix B — declare it: add '$f' + rationale to DOWNSTREAM_PATCHES.md" - drift_found=1 - fi + echo "BLOCK: drift on shared stack file: $f" + echo " Fix A — revert to upstream: git checkout devkit-node/master -- $f" + echo " Fix B — promote upstream: open a devkit PR with the change, merge, /update-stack here" + echo " Fix C — relocate: move logic to a downstream-only module or config/defaults/.config.js" + drift_found=1 fi -done < <(git ls-files modules/home modules/auth modules/users modules/tasks modules/uploads modules/billing lib config/defaults 2>/dev/null \ +done < <(git ls-files modules lib config 2>/dev/null \ | grep -vE "/(tests|__tests__)/" | grep -vE "\.(test|spec)\.(js|jsx|ts|tsx)$") [ "$drift_found" -eq 1 ] && exit 1 -echo "3ter: no undeclared drift — OK" +echo "3ter: no drift — OK" ``` **Rules:** -- Missing `DOWNSTREAM_PATCHES.md` = no declared divergences allowed (treat as empty). -- Declare diverging paths in `DOWNSTREAM_PATCHES.md` as `'path/to/file'` (single-quoted) — the gate matches on the quoted token to avoid substring collisions. -- Downstream-only files (new modules, helpers, lib additions) are not scanned — the sweep only covers the stack directories listed above. +- Block on ANY shared-file divergence. No "declare and skip" path — the `DOWNSTREAM_PATCHES.md` ledger model was abandoned 2026-06-02 (memory `feedback_no_dev_in_shared_modules`). +- Scan covers the full stack tree (`modules`, `lib`, `config`) — auto-discovers every shared module. Per-file `git ls-tree` on upstream filters downstream-only files. +- Test files (`/tests*/`, `/__tests__/`, `*.test.*`, `*.spec.*`) are excluded — downstream test adaptations are acceptable. - This gate runs **after** `/verify` (never blocks on transient verify failures) and **before** Phase 2 (failure is recoverable — no merge commit yet). - Ref: plan `2026-05-30-trawl-devkit-perfect-alignment.md` Tasks E.1 + E.2. From b3041ce2aa98df99876ab3cb96ea4e94b0841c45 Mon Sep 17 00:00:00 2001 From: Pierre Brisorgueil Date: Wed, 3 Jun 2026 08:54:29 +0200 Subject: [PATCH 2/2] docs(skills/update-stack): address Copilot review (#3778) - Rewrite Phase 1 'Stack modules' line to point at auto-discovery (no hardcoded enumeration that drifts with new modules). - Rewrite 3bis 'stack code' line same way. - Tighten test-files exclusion description to match the actual regex (paths containing /tests/ or /__tests__/; *.test.{js,jsx,ts,tsx} / *.spec.{js,jsx,ts,tsx}). The previous '/tests*/' wording was sloppy. --- .claude/skills/update-stack/SKILL.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.claude/skills/update-stack/SKILL.md b/.claude/skills/update-stack/SKILL.md index f6419970d..f840baae1 100644 --- a/.claude/skills/update-stack/SKILL.md +++ b/.claude/skills/update-stack/SKILL.md @@ -17,7 +17,7 @@ Two-phase workflow. Phase 1 brings the stack down ISO. Phase 2 aligns the projec **Goal: stack modules and lib exit this phase identical to upstream. Zero downstream logic in them.** -Stack modules: `home`, `auth`, `users`, `tasks`, `uploads`, `billing` — Stack core: `lib/` (existing files), `config/defaults/` (stack-owned files only) +Stack scope = every file under `modules/`, `lib/`, `config/` (defaults, templates, assets) that exists in `devkit-node/master`. Auto-discovered by the step 3ter gate; do not enumerate by hand. ### 1. Setup remote + merge @@ -60,7 +60,7 @@ Failures typically indicate regressions from conflict resolution — fix these b ### 3bis. Report stack issues -If `/verify` failures originate from **stack module code** (`home`, `auth`, `users`, `tasks`, `uploads`) or **stack core** (`lib/`, `config/defaults/`) and not from conflict resolution mistakes, open a GitHub issue on `pierreb-devkit/Node`. +If `/verify` failures originate from a **stack file** (any file under `modules/`, `lib/`, or `config/` present in `devkit-node/master`) and not from conflict resolution mistakes, open a GitHub issue on `pierreb-devkit/Node`. **How to determine the failure origin:** - **Stack code failure:** error occurs in unmodified stack module files (resolved with `--theirs`) @@ -117,7 +117,7 @@ echo "3ter: no drift — OK" **Rules:** - Block on ANY shared-file divergence. No "declare and skip" path — the `DOWNSTREAM_PATCHES.md` ledger model was abandoned 2026-06-02 (memory `feedback_no_dev_in_shared_modules`). - Scan covers the full stack tree (`modules`, `lib`, `config`) — auto-discovers every shared module. Per-file `git ls-tree` on upstream filters downstream-only files. -- Test files (`/tests*/`, `/__tests__/`, `*.test.*`, `*.spec.*`) are excluded — downstream test adaptations are acceptable. +- Test files (paths containing `/tests/` or `/__tests__/`, or filenames ending `.test.{js,jsx,ts,tsx}` / `.spec.{js,jsx,ts,tsx}`) are excluded — downstream test adaptations are acceptable. - This gate runs **after** `/verify` (never blocks on transient verify failures) and **before** Phase 2 (failure is recoverable — no merge commit yet). - Ref: plan `2026-05-30-trawl-devkit-perfect-alignment.md` Tasks E.1 + E.2.