Skip to content

docs(governance): propose no-work-loss-protection rule via evolution-pipeline #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jordyamoedo wants to merge 2 commits into
base: main
Choose a base branch
from
Open

docs(governance): propose no-work-loss-protection rule via evolution-pipeline #792

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f185af7
docs(governance): propose no-work-loss-protection FrameworkProposal
jordyamoedo Jun 15, 2026
c385d90
docs(governance): add source AuditFinding for no-work-loss-protection
jordyamoedo Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions audits/promoted/AF-20260614-no-work-loss-protection.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
audit_finding:
version: "1.0"
id: "AF-20260614-no-work-loss-protection"
date: "2026-06-14"
auditor: "external-contributor (@aiox-master in a consumer project)"
source_session: "Comparative audit of a hardened consumer fork against aiox-core v5.2.9"

context:
project: "a production consumer project (anonymized)"
epic: "framework learning-loop audit"
triggered_by: "Repeated near-loss of committed-but-unpushed work and removed worktrees during day-to-day and agentic git operations"

finding:
summary: "The framework gates quality and secrets but has no rule covering the irreversible risk class of LOST WORK (committed-but-unpushed commits, unpublished worktrees)."
evidence:
- "No rule defines durability as 'present on the remote' vs merely 'present on disk'"
- "No guard prevents cleanup/removal of a worktree whose commits were never pushed"
- "No standard 'backup bundle before a destructive op' (branch -D, worktree remove, reset --hard, push --force)"
impact_observed:
blast_radius: "high"
affected_artifacts: ["any local commit", "any git worktree"]
cost: "Near-permanent loss of work; recovery only via `git fsck` dangling-commit archaeology"

framework_candidate: true
framework_candidate_rationale: |
The failure mode is project-agnostic: any project where contributors commit
locally and/or use git worktrees faces it. The fix is a generic process rule
(plus an optional advisory cleanup guard), not project-specific logic.

references:
- kind: pattern
path: "Durability = on the remote, not on disk"
Comment on lines +30 to +32

@coderabbitai coderabbitai Bot Jun 15, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Extract the allowed kind values from the audit finding template

# Search for the references section and allowed kind values
rg -A 5 -B 2 "Allowed kind values" governance/templates/audit-finding-tmpl.yaml

Repository: SynkraAI/aiox-core

Length of output: 377

🏁 Script executed:

#!/bin/bash
# Check the actual file mentioned in the review
cat -n audits/promoted/AF-20260614-no-work-loss-protection.yaml | sed -n '25,35p'

Repository: SynkraAI/aiox-core

Length of output: 614

🏁 Script executed:

#!/bin/bash
# Also check if there are other kind values in the file to understand context
rg "kind:" audits/promoted/AF-20260614-no-work-loss-protection.yaml -B 1 -A 1

Repository: SynkraAI/aiox-core

Length of output: 150

Invalid reference kind value.

Line 31 uses kind: pattern, which is not in the allowed values list defined by the audit finding template. The template at governance/templates/audit-finding-tmpl.yaml specifies allowed kinds as: ADR | code | hook | governance-doc | existing-pattern-source | voice-clone-finding | voice-clone-personas | handoff-contract | audit | proposal.

Based on the semantic meaning, change this to existing-pattern-source:

Proposed fix 
  references:
-   - kind: pattern
+   - kind: existing-pattern-source
      path: "Durability = on the remote, not on disk"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
references:
- kind: pattern
path: "Durability = on the remote, not on disk"
references:
- kind: existing-pattern-source
path: "Durability = on the remote, not on disk"
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@audits/promoted/AF-20260614-no-work-loss-protection.yaml` around lines 30 -
32, The references section in the audit finding uses an invalid kind value of
pattern, which is not in the allowed list defined by the audit-finding-tmpl.yaml
template. Change the kind value from pattern to existing-pattern-source in the
references block that contains the path "Durability = on the remote, not on
disk" to conform to the allowed reference kinds.


proposed_disposition:
- "Add a git-sync-safety process rule (durability test, branch hygiene, base-via-PR)"
- "Optionally add an advisory worktree-cleanup guard that refuses to remove unpublished work"
- "Standardize 'backup bundle (git bundle) before any destructive git op'"
51 changes: 51 additions & 0 deletions governance/proposals/PROP-20260614-no-work-loss-protection.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
framework_proposal:
version: "1.0"
id: "PROP-20260614-no-work-loss-protection"
date: "2026-06-14"
proposer: "external-contributor (consumer-project audit)"
source_finding: "AF-20260614-no-work-loss-protection"

target:
layer: "L2"
artifact_type: "rule"
artifact_path: ".claude/rules/git-sync-safety.md (NEW) + optional advisory worktree-cleanup guard"
operation: "create"

generalization:
pattern_name: "Durability = on the remote, not on disk"
when_to_apply: |
Any project where contributors commit locally and/or use git worktrees.
Committed-but-unpushed work and unpublished worktrees are at risk from
`gc`, `reset --hard`, or a worktree cleanup. The framework already gates
quality and secrets, but not the irreversible risk class of LOST WORK.
examples_from_other_domains:
- "Multi-branch team: a worktree removed before publishing loses local commits"
- "Solo dev on a long-running task: reset --hard wipes uncommitted/unpushed work"
- "Agentic/CI flows: an automated cleanup removes a worktree the human never pushed"

migration_path:
breaking_change: false
affected_consumers: []
rollout_plan: |
Additive. Adds a process rule and (optionally) an advisory cleanup guard.
No existing behavior changes. Projects opt into the guard via config.

deprecation_plan:
deprecates: []
sunset_window: "n/a"

cost_benefit:
cost: "~1 documentation rule; optional advisory hook (~50 LOC)"
benefit: "Prevents an irreversible failure mode (lost work) framework-wide. Battle-tested in a production consumer fork, then generalized."
risk: "low — additive; advisory by default"

approval:
eliel_decision: "PENDING"
eliel_decision_at: null
eliel_decision_rationale: ""
revision_request: []

implementation:
pr_url: ""
merged_at: ""
distributed_to: []