feat(leverage): re-base m6 governor on an exogenous merged-PR ship-signal — SHADOW (BRO-1707)#91
Conversation
…gnal — SHADOW (BRO-1707)
The m6 anti-capture governor classified sessions meta/product by edited file path.
Two weaknesses: (a) gameable — one product-path edit flips a whole session to
"product"; (b) proxy — an edit is not a merge, blind to CI/merge/revert. This adds
an exogenous ship-signal that re-bases the meta/product signal on MERGED PRs, run
in SHADOW mode (measured + logged, actuating on nothing) until calibrated.
Design driven by a 9-agent workflow (inventory → design panel → red-team). The
red-team's decisive finding: "merged-green PR" is NOT strongly exogenous on our
repos — the agent authors the CI and main is unprotected on genesis + bstack
(verified 404), so green is agent-influenceable. Hence self-modified-gate PRs are
capped, and promotion-to-actuate is gated on enforcing the CICD gates (BRO-1709).
- scripts/leverage-ship-sensor.py (NEW): agent-authored merged PRs → fractional
diff-path classification, unit-weighted (1/PR). Kills size-padding (unit) + the
single-file flip (fractional). Author + repo allowlist exclude teammate/upstream
(h ⟂ U). Self-modified-.github/workflows PR capped at ungated tier. gh failure →
errors; all-fail → gh_ok:false + null (never a fabricated 0). Writes
.control/leverage-ship-state.json.
- scripts/leverage-sensor.py: merge_ship_shadow() merges m6s_meta_work_ship_ratio
when fresh (<48h). id "m6s" has no setpoint → no_setpoint → NEVER worst / nudged /
in closure. m1-m6 + --brief contract unchanged.
- scripts/knowledge-wakeup-hook.sh: refresh ship-signal in the background (throttle
24h, fail-silent) — never blocks session start.
- scripts/l3-stability-pretool-hook.sh: protect the governor's dial
(leverage-setpoints.yaml) + the sensors; fix malformed-JSON audit row
("tool_name":"tool_name":"Edit").
- assets/templates/leverage-setpoints.yaml: ship_signal config + m6 actuator message
now states the corrective input + ~7d lag (not just "freeze").
- tests/ship-signal.test.sh: 21 hermetic assertions. Live smoke: m6s=0.625/14d.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
P20 3-lens gate PASSED (correctness 7.5 / shadow-safety 9 / gaming 7, no HIGH). Fixes for the two MED + the LOW findings: - fail-CLOSED author allowlist — a missing/mistyped author_allowlist yielded a null signal path but the loop's `if author_allow and ...` short-circuit meant an EMPTY set counted ALL authors (teammates included), breaking h⟂U. Now empty allowlist → null signal, never count-all. - green gate reads StatusContext `.state` (Vercel/external CI), not just CheckRun `.conclusion` — a PR merged with a failing status check but passing GH-Actions was false-greened (verified live: all 3 repos emit mixed rollups). Pending/STALE now count as non-green (merged-before-green). - product-precedence mutual-exclusion — a path matching BOTH families (apps/x/docs/) no longer double-counts (tot > files, shares !=1). Mirrors leverage-sensor's rule. - broaden self-CI detection to .github/(workflows|actions)/. - atomic state write (temp+os.replace) for the background-write vs Stop-read race. - render_human shows a dim [shadow] m6s line (calibration visibility; brief stays clean). - correct the docstring overclaim: PR-split is NOT ratio-neutral — splitting a pure-product PR inflates its credit (unit=PR, PR-count agent-controlled). Tracked as a BRO-1709 open item (needs per-surface normalization + enforced gate), with a test documenting the inflation. Same for weaken-then-harvest CI. Tests 21→28. All 34 suites green, shellcheck clean, live smoke m6s=0.625. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Warning Review limit reached
Next review available in: 20 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (8)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
What
The m6 anti-capture governor classified sessions meta/product by edited file path over transcripts. Two weaknesses: (a) gameable — one product-path edit flips a whole session to "product" without shipping anything; (b) proxy — an edit is not a merge, and it's blind to CI/merge/revert. This re-bases the meta/product signal on merged pull requests, run in shadow mode (measured + logged, actuating on nothing) until calibrated.
How it was designed
A 9-agent design workflow (inventory → 3-approach design panel → adversarial red-team) drove this. The red-team's decisive finding reframed the whole task:
Corollary: to leverage CICD gates as a control signal, the gates must be enforced. That enforcement is a consequential, outward-facing change → split to BRO-1709. This PR ships the value-weighting + hardening in shadow so nothing actuates on an uncalibrated, not-yet-exogenous signal.
The mechanism (
leverage-ship-sensor.py).conclusionand StatusContext.state(Vercel/external CI); pending/STALE = non-green; a PR that modified its own.github/(workflows|actions)/is capped at the ungated tier.ghfailure → repo flagged inerrors; all-fail →gh_ok:false+ null (never a fabricated 0); a dead/renamed allowlist repo is caught by a cheap existence probe.Shadow-mode integrity (structurally guaranteed)
merge_ship_shadow()mergesm6s_meta_work_ship_ratioonly when.control/leverage-ship-state.jsonis fresh (<48h).metric_id()→m6s, which has no setpoint (ids are m1–m6), soevaluate()forcesno_setpoint— it can never becomeworst, reach the SessionStart nudge, or perturb closure/m1–m6. The P20 shadow-safety lens (scored 9) confirmed non-actuation depends on the absence of a setpoint, the strongest possible form. Background runner (throttled 24h, fail-silent) never blocks session start.P20 cross-model gate — 3 lenses, all PASS
Two MED findings fixed (fail-closed allowlist; StatusContext
.stategate). Two gaming vectors that need the enforced gate — PR-split inflation and weaken-then-harvest — are honestly documented (a test asserts the inflation) and tracked on BRO-1709, not papered over.Also
l3-stability-pretool-hook.sh: protects the governor's own dial (leverage-setpoints.yaml) + the sensors, and fixes a pre-existing malformed-JSON audit row ("tool_name":"tool_name":"Edit"— the grep captured the whole key:value pair).Validation
tests/ship-signal.test.sh, fixture-driven) + all 32 suites green + shellcheck + doctor rc=0.Not fixed here (surgical discipline)
A bstack hygiene papercut: the canary/l3-rate-gate suites scaffold untracked
METALAYER.md+schemas/*.schema.jsoninto repo root (not gitignored), sogit add -Aafter a test run pollutes. Worth a 1-line.gitignorefollow-up — out of scope for BRO-1707.BRO-1707. Promotion-to-actuate is BRO-1709 (enforce gates → flip to actuating
m6+ per-surface normalization).🤖 Generated with Claude Code