platform: promote 10 generic rules from custom/ for family-agent inheritance#125
Open
fitz123 wants to merge 5 commits into
Open
platform: promote 10 generic rules from custom/ for family-agent inheritance#125fitz123 wants to merge 5 commits into
fitz123 wants to merge 5 commits into
Conversation
…ritance Promotes these rules from private-workspace custom/ to upstream platform/ so all consumers (main agent + family agents Anna/Yulia/Coder/Cyber-Architect) inherit them via .claude/rules/platform/ directory symlink: As-is: - anti-amnesia, bot-code-readonly, contradictions, every-session, ralphex-notify-thread, show-evidence, sops-no-decrypt-stdout With edits (depersonalization + carve-outs for non-code agents): - implementation-protocol: "Main agent" -> "You"; carve-outs in both "Separation of Concerns" and "Ralphex - When to Use" sections so non-code agents skip cleanly - public-repo-pii: drop hardcoded fitz123/claude-code-bot reference - runtime-context: parameterize workspace paths, drop main-only agent roster (agents discover their roster via config.yaml) Stays in private workspace custom/: - local-tools, reference-structure, release-flow, reminders, safety-workspace, task-tracking, fix-verification, heartbeats (workspace-specific tooling, repo paths, or Ninja-only access) Dual-review iterations: - Iter 1: family-angle reviewer found 2 Critical (Ninja-hardcoded in show-evidence + contradictions) + 3 High; main-angle clean. Addressed. - Iter 2: family-angle reviewer found 2 High (implementation-protocol needed second carve-out; every-session needs decisions.md in family workspaces). One fixed in rule; the other deferred to companion workspace PR that symlinks decisions.md into family workspaces and documents the symlink set as a runbook. - Iter 3: family-angle reviewer confirms clean. Follow-up (separate PR): pre-existing platform rules with hardcoded "Ninja" (delegation, memory-protocol, communication, bot-operations) — out of scope here. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Promotes 10 generic rule files from a private workspace's custom/ directory into upstream .claude/rules/platform/ so all consumers (main agent + family agents) inherit them via the platform symlink. Seven files land as-is; three (implementation-protocol.md, public-repo-pii.md, runtime-context.md) are depersonalized/parameterized for family-agent reuse.
Changes:
- Add 7 rules verbatim from the private workspace (anti-amnesia, bot-code-readonly, contradictions, every-session, ralphex-notify-thread, show-evidence, sops-no-decrypt-stdout)
- Add 3 depersonalized rules with carve-outs for non-code agents and parameterized workspace paths
- No code changes; all additions are markdown rule docs
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
.claude/rules/platform/anti-amnesia.md |
New rule: verify before claiming, write to file. |
.claude/rules/platform/bot-code-readonly.md |
New rule: bot/platform files are upstream-managed, read-only in workspace. |
.claude/rules/platform/contradictions.md |
New rule: flag contradictions instead of silently resolving. |
.claude/rules/platform/every-session.md |
New rule: read USER.md + decision log at session start. |
.claude/rules/platform/implementation-protocol.md |
New rule with non-code-agent carve-outs in both sections. |
.claude/rules/platform/public-repo-pii.md |
New rule, generalized (no hardcoded repo). |
.claude/rules/platform/ralphex-notify-thread.md |
New rule: set RALPHEX_NOTIFY_THREAD when launching ralphex from non-default topic. |
.claude/rules/platform/runtime-context.md |
New rule: explains Claude Code subprocess runtime; parameterized paths, no agent roster. |
.claude/rules/platform/show-evidence.md |
New rule: assertions need inline evidence; includes PR self-check. |
.claude/rules/platform/sops-no-decrypt-stdout.md |
New rule: never decrypt sops to stdout in agent transcripts. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fitz123
commented
May 17, 2026
Owner left 7 inline comments. Resolutions: - every-session.md: deleted (retired entirely). Added @reference/governance/decisions.md to CLAUDE.md so the directive becomes an auto-import instead of a procedural rule. USER.md, IDENTITY.md, MEMORY.md were already imported. - implementation-protocol.md: deleted (main-only - non-code agents do not use ralphex). - public-repo-pii.md: deleted (main-only - only main pushes to public repos). - ralphex-notify-thread.md: deleted (main-only - ralphex-specific). - show-evidence.md: deleted (main-only). - bot-code-readonly.md: expanded paths frontmatter from 4 to 12 entries (.github/workflows/**, .githooks/**, .gitleaks.toml, .gitleaksignore, CLAUDE.md, README.md, config.yaml, config.local.yaml.example). Added paragraph noting protect-files.sh hook only enforces .claude/skills/** for crons - interactive sessions are self-discipline only. Final scope: 5 promoted rules + CLAUDE.md import. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Per owner request — the bot-code-readonly rule was soft self-discipline.
Hook now hard-blocks writes to upstream-owned platform files from all
sessions (interactive + cron), mirroring the rule paths list.
Bypass triggers (all log to stderr for transcript visibility):
1. PROTECT_FILES_BYPASS=1 — explicit opt-out
2. CLAUDE_PROJECT_DIR contains /.ralphex/worktrees/ — ralphex pipeline
3. git remote.origin.url at CLAUDE_PROJECT_DIR matches
*fitz123/claude-code-bot(.git)?(/)?$ — upstream dev checkout
CLAUDE.md and config.yaml removed from the rule paths list (workspace
edits these locally via merge=ours / per-workspace bindings).
Dual-review iterations:
- Iter 1: 2 Critical found (ralphex worktrees blocked, upstream dev
blocked). Addressed via bypass logic.
- Iter 2: 2 Critical in bypass (basename spoofable, PWD fallthrough)
+ 1 High (silent env bypass). All addressed: git-remote check
instead of basename, fail-closed on missing CLAUDE_PROJECT_DIR,
stderr logging.
- Iter 3: clean.
Test matrix (7 cases, all pass):
T1 USER.md → allowed
T2 workspace bot/src → BLOCKED
T3 upstream dev (real remote) → BYPASS + log
T4 spoofed /tmp/claude-code-bot (no remote) → BLOCKED
T5 CLAUDE_PROJECT_DIR unset → BLOCKED (fail-closed)
T6 ralphex worktree → BYPASS + log
T7 PROTECT_FILES_BYPASS=1 → BYPASS + log
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
.claude/hooks/protect-files.sh:100
- The
README.mdglob*/README.md|README.mdwill match every README.md anywhere in the tree (e.g.,reference/README.md,docs/README.md,.claude/skills/<x>/README.md), not just the repository-root README that thebot-code-readonly.mdfrontmatter entryREADME.mdis meant to designate. Sincereference/anddocs/are explicitly listed as workspace-local/editable in the rule (lines 23–27), this hook will block legitimate edits to nested READMEs. Consider anchoring the match to the project root (e.g., compare against$PROJECT_ROOT/README.mdafter realpath normalization) rather than a trailing-component glob. The same concern applies to*/config.local.yaml.example|config.local.yaml.example.
*/README.md|README.md) match=1 ;;
*/config.local.yaml.example|config.local.yaml.example) match=1 ;;
Copilot flagged that case patterns like */bot/*|bot/* match the `bot/` segment at ANY depth — false-blocking nested paths like `reference/bot/notes.md` or `docs/bot/x.md`. The frontmatter list in bot-code-readonly.md is rooted (bot/**, .github/workflows/**, etc) so the hook must match the same way. Compute REL_PATH = FILE_PATH minus $CLAUDE_PROJECT_DIR prefix once, then match against rooted patterns (`bot/*`, `.github/workflows/*`, ...). Same anchoring applied to the existing skills block. Tests (8 cases, all pass): T1 USER.md → allowed T2 /workspace/bot/src/foo.ts → BLOCKED T3 /workspace/reference/bot/notes.md → ALLOWED (was wrongly blocked) T4 /workspace/docs/bot/x.md → ALLOWED (was wrongly blocked) T5 /workspace/reference/.github/workflows/x.yml → ALLOWED T6 .github/workflows/x.yml at root → BLOCKED T7 CLAUDE.md → allowed T8 upstream dev repo bypass → BYPASS + log Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Owner
Author
|
@copilot please re-review — fixes pushed since the last review |
Agent-Logs-Url: https://github.com/fitz123/claude-code-bot/sessions/c0947a7f-0ad9-4031-ba90-7eb97358feb9 Co-authored-by: fitz123 <10243861+fitz123@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promotes 5 rules (down from 10 after owner review) from a private workspace
.claude/rules/custom/to upstream.claude/rules/platform/. Family agents inherit them via the.claude/rules/platform/directory symlink.What lands
anti-amnesia.mdbot-code-readonly.mdprotect-files.shhook only enforces.claude/skills/**for cronscontradictions.mdruntime-context.mdsops-no-decrypt-stdout.mdPlus CLAUDE.md: added
@reference/governance/decisions.mdto the existing@USER.md/@IDENTITY.md/@MEMORY.mdimport block. Replaces the previously promotedevery-session.mdrule — auto-import achieves the same effect without procedural instruction.What does NOT promote (per owner review)
every-session.md— replaced by@reference/governance/decisions.mdimport aboveimplementation-protocol.md— main + coder only, non-code agents do not use ralphexpublic-repo-pii.md— only main pushes to public reposralphex-notify-thread.md— ralphex-specificshow-evidence.md— main-onlyThese stay in main workspace
custom/. Plus the original 8stay customrules: local-tools, reference-structure, release-flow, reminders, safety-workspace, task-tracking, fix-verification, heartbeats.Dual-review iterations
Companion workspace PR
After this merges:
reference/governance/decisions.mdinto anna/yulia/cyber-architect workspaces (so the new@-importfrom upstream CLAUDE.md resolves there)reference/runbooks/create-family-workspace.mddocumenting required symlinksOut-of-scope follow-up
Pre-existing platform rules with hardcoded "Ninja" (
delegation,memory-protocol,communication,bot-operations). Separate small PR.Test plan
@reference/@memoryliterals first (merged separately as PR Telegram polling may silently stop after network failure (unconfirmed) #4).