Skip to content

feat(leverage): re-base m6 governor on an exogenous merged-PR ship-signal — SHADOW (BRO-1707)#91

Merged
broomva merged 2 commits into
mainfrom
bro-1707-ship-signal-shadow
Jul 6, 2026
Merged

feat(leverage): re-base m6 governor on an exogenous merged-PR ship-signal — SHADOW (BRO-1707)#91
broomva merged 2 commits into
mainfrom
bro-1707-ship-signal-shadow

Conversation

@broomva

@broomva broomva commented Jul 6, 2026

Copy link
Copy Markdown
Owner

What

The m6 anti-capture governor classified sessions meta/product by edited file path over transcripts. Two weaknesses: (a) gameable — one product-path edit flips a whole session to "product" without shipping anything; (b) proxy — an edit is not a merge, and it's blind to CI/merge/revert. This re-bases the meta/product signal on merged pull requests, run in shadow mode (measured + logged, actuating on nothing) until calibrated.

How it was designed

A 9-agent design workflow (inventory → 3-approach design panel → adversarial red-team) drove this. The red-team's decisive finding reframed the whole task:

"merged-green PR" is not strongly exogenous on our repos. The agent authors the CI workflows and main is unprotected on genesis + bstack (verified gh api .../branches/main/protection → 404). So "green" is agent-influenceable — reading an unenforced gate is measuring your own homework.

Corollary: to leverage CICD gates as a control signal, the gates must be enforced. That enforcement is a consequential, outward-facing change → split to BRO-1709. This PR ships the value-weighting + hardening in shadow so nothing actuates on an uncalibrated, not-yet-exogenous signal.

The mechanism (leverage-ship-sensor.py)

  • Unit = 1 per merged PR → kills size-padding within a PR.
  • Fractional diff-path classification (product-precedence, mutually exclusive) → one product file in a 9-file meta PR moves 0.1, not the whole unit (kills the single-file flip).
  • h ⟂ U: author allowlist (fail-closed — a missing key counts nothing, never teammates) + repo allowlist (excludes houston/code-graph-rag/stimulus) + bot exclusion.
  • Exogenous gate: reads CheckRun .conclusion and StatusContext .state (Vercel/external CI); pending/STALE = non-green; a PR that modified its own .github/(workflows|actions)/ is capped at the ungated tier.
  • Graceful degradation: any gh failure → repo flagged in errors; all-fail → gh_ok:false + null (never a fabricated 0); a dead/renamed allowlist repo is caught by a cheap existence probe.

Shadow-mode integrity (structurally guaranteed)

merge_ship_shadow() merges m6s_meta_work_ship_ratio only when .control/leverage-ship-state.json is fresh (<48h). metric_id()m6s, which has no setpoint (ids are m1–m6), so evaluate() forces no_setpoint — it can never become worst, reach the SessionStart nudge, or perturb closure/m1–m6. The P20 shadow-safety lens (scored 9) confirmed non-actuation depends on the absence of a setpoint, the strongest possible form. Background runner (throttled 24h, fail-silent) never blocks session start.

P20 cross-model gate — 3 lenses, all PASS

Lens Score Outcome
Correctness 7.5 StatusContext false-green (fixed) + 3 low
Shadow-safety 9 non-actuation structurally airtight
Gaming 7 fail-open allowlist + PR-split (fixed / tracked)

Two MED findings fixed (fail-closed allowlist; StatusContext .state gate). Two gaming vectors that need the enforced gate — PR-split inflation and weaken-then-harvest — are honestly documented (a test asserts the inflation) and tracked on BRO-1709, not papered over.

Also

  • l3-stability-pretool-hook.sh: protects the governor's own dial (leverage-setpoints.yaml) + the sensors, and fixes a pre-existing malformed-JSON audit row ("tool_name":"tool_name":"Edit" — the grep captured the whole key:value pair).
  • m6 actuator message now states the corrective input (merge a product PR) + the ~7d lag — not just "freeze" (which is only anti-windup).

Validation

  • 28 hermetic tests (tests/ship-signal.test.sh, fixture-driven) + all 32 suites green + shellcheck + doctor rc=0.
  • P11 live smoke: m6s = 0.625 over 14d (bstack meta + broomva.tech product) — close to the current session-ratio 0.667 but derived from validated merged PRs.

Not fixed here (surgical discipline)

A bstack hygiene papercut: the canary/l3-rate-gate suites scaffold untracked METALAYER.md + schemas/*.schema.json into repo root (not gitignored), so git add -A after a test run pollutes. Worth a 1-line .gitignore follow-up — out of scope for BRO-1707.

BRO-1707. Promotion-to-actuate is BRO-1709 (enforce gates → flip to actuating m6 + per-surface normalization).

🤖 Generated with Claude Code

Carlos D. Escobar-Valbuena and others added 2 commits July 5, 2026 23:39
…gnal — SHADOW (BRO-1707)

The m6 anti-capture governor classified sessions meta/product by edited file path.
Two weaknesses: (a) gameable — one product-path edit flips a whole session to
"product"; (b) proxy — an edit is not a merge, blind to CI/merge/revert. This adds
an exogenous ship-signal that re-bases the meta/product signal on MERGED PRs, run
in SHADOW mode (measured + logged, actuating on nothing) until calibrated.

Design driven by a 9-agent workflow (inventory → design panel → red-team). The
red-team's decisive finding: "merged-green PR" is NOT strongly exogenous on our
repos — the agent authors the CI and main is unprotected on genesis + bstack
(verified 404), so green is agent-influenceable. Hence self-modified-gate PRs are
capped, and promotion-to-actuate is gated on enforcing the CICD gates (BRO-1709).

- scripts/leverage-ship-sensor.py (NEW): agent-authored merged PRs → fractional
  diff-path classification, unit-weighted (1/PR). Kills size-padding (unit) + the
  single-file flip (fractional). Author + repo allowlist exclude teammate/upstream
  (h ⟂ U). Self-modified-.github/workflows PR capped at ungated tier. gh failure →
  errors; all-fail → gh_ok:false + null (never a fabricated 0). Writes
  .control/leverage-ship-state.json.
- scripts/leverage-sensor.py: merge_ship_shadow() merges m6s_meta_work_ship_ratio
  when fresh (<48h). id "m6s" has no setpoint → no_setpoint → NEVER worst / nudged /
  in closure. m1-m6 + --brief contract unchanged.
- scripts/knowledge-wakeup-hook.sh: refresh ship-signal in the background (throttle
  24h, fail-silent) — never blocks session start.
- scripts/l3-stability-pretool-hook.sh: protect the governor's dial
  (leverage-setpoints.yaml) + the sensors; fix malformed-JSON audit row
  ("tool_name":"tool_name":"Edit").
- assets/templates/leverage-setpoints.yaml: ship_signal config + m6 actuator message
  now states the corrective input + ~7d lag (not just "freeze").
- tests/ship-signal.test.sh: 21 hermetic assertions. Live smoke: m6s=0.625/14d.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
P20 3-lens gate PASSED (correctness 7.5 / shadow-safety 9 / gaming 7, no HIGH).
Fixes for the two MED + the LOW findings:

- fail-CLOSED author allowlist — a missing/mistyped author_allowlist yielded a
  null signal path but the loop's `if author_allow and ...` short-circuit meant an
  EMPTY set counted ALL authors (teammates included), breaking h⟂U. Now empty
  allowlist → null signal, never count-all.
- green gate reads StatusContext `.state` (Vercel/external CI), not just CheckRun
  `.conclusion` — a PR merged with a failing status check but passing GH-Actions was
  false-greened (verified live: all 3 repos emit mixed rollups). Pending/STALE now
  count as non-green (merged-before-green).
- product-precedence mutual-exclusion — a path matching BOTH families (apps/x/docs/)
  no longer double-counts (tot > files, shares !=1). Mirrors leverage-sensor's rule.
- broaden self-CI detection to .github/(workflows|actions)/.
- atomic state write (temp+os.replace) for the background-write vs Stop-read race.
- render_human shows a dim [shadow] m6s line (calibration visibility; brief stays clean).
- correct the docstring overclaim: PR-split is NOT ratio-neutral — splitting a
  pure-product PR inflates its credit (unit=PR, PR-count agent-controlled). Tracked as
  a BRO-1709 open item (needs per-surface normalization + enforced gate), with a test
  documenting the inflation. Same for weaken-then-harvest CI.

Tests 21→28. All 34 suites green, shellcheck clean, live smoke m6s=0.625.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@broomva, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 20 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cba65fc2-9afc-4e89-bf5e-bc6b4cd553ec

📥 Commits

Reviewing files that changed from the base of the PR and between 4a41a18 and c2884e1.

📒 Files selected for processing (8)
  • CHANGELOG.md
  • VERSION
  • assets/templates/leverage-setpoints.yaml
  • scripts/knowledge-wakeup-hook.sh
  • scripts/l3-stability-pretool-hook.sh
  • scripts/leverage-sensor.py
  • scripts/leverage-ship-sensor.py
  • tests/ship-signal.test.sh
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch bro-1707-ship-signal-shadow

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@broomva broomva merged commit 8e90631 into main Jul 6, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant