docs(audits): record central actions/cache SHA corruption + #394 repair#396
Merged
Conversation
Diagnose-and-record audit for the estate-wide `scan / Hypatia Neurosymbolic Analysis` failure (2026-06-20/21): Unable to resolve action actions/cache@d4373f2 Root cause: the corrupt SHA (a corruption of v4.2.2's d4323d4…) was pinned centrally in the two reusable workflows (hypatia-scan-reusable.yml, governance-reusable.yml) — zero consumer workflows carried it. Already repaired and merged in standards#394 (d72fe5a): re-pinned to the genuine v4.2.0 commit 1bd1e32a…, verified against upstream `git ls-remote`. The audit also documents the propagation caveat (consumers pin reusables by standards SHA, so the post-#394 "Check Workflow Staleness" red is expected drift pending gitbot-fleet enroll-repos re-pin to d72fe5a+) and records two out-of-scope nextgen-databases findings (K9 pedigree missing metadata.name; trusted-base reduction policy red). Adds .adoc + .a2ml companion, mirroring audit-hypatia-pin-orphan-2026-05-27. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0144t85ipupFBhd9eJ8t9vaC
hyperpolymath
force-pushed
the
claude/youthful-sagan-pcquj3
branch
from
3a623f8 to
3708ab2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a diagnose-and-record audit (
.adoc+.a2mlcompanion) for theestate-wide
scan / Hypatia Neurosymbolic Analysisfailure observed2026-06-20/21:
This is documentation only — the underlying fix already shipped.
Root cause (already fixed in #394)
The corrupt SHA was pinned centrally in the two reusable workflows
(
hypatia-scan-reusable.yml,governance-reusable.yml) — zero consumerworkflows carried it. It is a corruption of v4.2.2's real commit
d4323d4….standards#394 (merged 2026-06-21, commit
d72fe5a) already re-pinned bothto the genuine
v4.2.0commit1bd1e32a….Independent verification (this session)
Via
git ls-remote https://github.com/actions/cache:d4373f26…(corrupt)1bd1e32a…(repair)refs/tags/v4.2.00057852b…v4+v4.3.027d5ce7f…main+v5+v5.0.5git grep d4373f…across standards + hypatia → zero matches.Why the audit matters (propagation caveat)
Consumers pin these reusables by standards commit SHA, not
@main(
@5eb28d7d…/@861b5e91…). So the post-#394Check Workflow Stalenessred is expected drift — the signal that a gitbot-fleet
enroll-reposre-pin to
d72fe5a+ is still pending, not a new defect. The audit alsorecords two out-of-scope
nextgen-databasesfindings (K9 pedigree missingmetadata.name; trusted-base reduction policy red).Full status recorded on the umbrella: hyperpolymath/hypatia#464. Cross-refs
hyperpolymath/nextgen-typing#69.
🤖 Generated with Claude Code
https://claude.ai/code/session_0144t85ipupFBhd9eJ8t9vaC
Generated by Claude Code