Skip to content

product-pipeline-probe: first end-to-end product-pipeline probe (+ CF-E fix, L10)#25

Merged
PrzemekGalarowicz merged 7 commits into
mainfrom
product-pipeline-probe
Jun 30, 2026
Merged

product-pipeline-probe: first end-to-end product-pipeline probe (+ CF-E fix, L10)#25
PrzemekGalarowicz merged 7 commits into
mainfrom
product-pipeline-probe

Conversation

@PrzemekGalarowicz

@PrzemekGalarowicz PrzemekGalarowicz commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

What this PR does

Bundles the product-pipeline integration probe and its approved follow-ups (per a "do everything, merge everything" request — multiple axes in one PR, separated by commit):

  1. product-pipeline-probe — the first measured end-to-end run of the PRODUCT pipeline (/pharn-spec → /pharn-plan → /pharn-grill → /pharn-build) on a throwaway vehicle, wrapped in the gated /pharn-dev-ship loop. Deliverable: .dev/features/product-pipeline-probe/PROBE.md (the measured hand-off matrix + findings).
  2. setter-cue-fix (CF-E fix)set-writes-scope.cjs --from-plan no longer truncates ## Files scope on an explanatory blockquote containing an exclusion cue. +2 regression tests.
  3. vehicle revertfeatures/probe-greeting/ removed (approved throwaway disposition); the .dev/ audit trail is retained.
  4. L10 — promoted lesson: product artifacts sit on the validate-SCANNED surface (root features/) that .dev/-excluded dev artifacts don't (CF-A). Human-accepted via gated /pharn-dev-memory-promote.

Probe result

The product pipeline runs as a chain (first evidence): every hand-off produced exactly the shape the next stage consumed; the spec→plan→grill→build content-hash chain held across all four stages; fix #7 bounded the build (observed an exit-2 deny); the SPEC approval gate halted. This is evidence, not a proof of bug-freedom (P0).

Findings surfaced: CF-E (new bug — fixed here), CF-A (validate scan asymmetry — promoted as L10), CF-B/CF-C (nested gate; scope thrash — documented), CF-1-amplified (regress conflation — mitigated by commit discipline), G3 (verify style gates — = L9, resolved by formatting). CF-A/G3 were deliberately not "fixed" by loosening the floor (that would let a laundered finding escape CHECK 5).

Floor verdicts (all GREEN)

validate exit 0 · /pharn-dev-regress no-regressions · /pharn-dev-verify PASS · /pharn-dev-review GREEN (0 blocking) · npm run check green (167 tests).

Note: main is Code-Owner-protected; this PR awaits your review to land.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes

    • Improved scope detection so quoted notes in file lists no longer cause authorized paths to be cut off.
    • Continued to fail closed for non-quoted exclusion text, preserving safer behavior.
  • Documentation

    • Added several end-to-end pipeline reports and verification notes covering run results, hand-offs, regression checks, and review outcomes.
    • Added a lesson learned entry clarifying differences between dev and product workflow scanning.

PrzemekGalarowicz and others added 5 commits June 30, 2026 21:36
…(vehicle + audit trail)

Push ONE trivial throwaway vehicle (features/probe-greeting/greet.mjs) through the four
product stages /pharn-spec -> /pharn-plan -> /pharn-grill -> /pharn-build to measure whether
they integrate as a chain. The vehicle is meaningless by design (P7) and is scheduled for
revert in a follow-up; the deliverable is the measured run (uncommitted PROBE.md).

Commits the process/audit artifacts + vehicle, leaving PROBE.md uncommitted so /pharn-dev-regress's
scope partition sees inside == declared (## Files) — the commit discipline the approved PLAN
specified to avoid the CF-1-amplified false escape.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…VIEW/SHIP + PROBE)

Completes the gated /pharn-dev-ship run: the grill-log, the regress + verify machine
reports and human renders, the review (GREEN, 0 blocking), the ship roll-up, and the
PROBE.md deliverable (the measured hand-off matrix + findings CF-A/B/C/E + G3). Also folds
in the prettier formatting the verify style gates (G3) required.

Floor verdicts this run: validate exit 0 (GREEN) · regress no-regressions · verify PASS.
The product pipeline runs as a chain (first evidence) — NOT a proof it is bug-free (P0).
The vehicle (features/probe-greeting/) is a throwaway slated for revert in a follow-up.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ncate scope

The --from-plan writes-scope setter broke its `## Files` scan at the first non-path line
matching its head-less-exclusion cue regex — so an explanatory blockquote (`> … not
touched …`, e.g. referencing the `### Explicitly not touched` subsection) ABOVE the path
items zeroed the scope → fail-closed exit 1, blocking a valid plan. Surfaced by the
product-pipeline-probe (CF-E).

Fix: exempt blockquote lines (`> …`) from the Boundary-2 cue in pathsFromPlanFiles —
blockquotes are explanatory commentary, never exclusion-section intros. Only blockquotes
are exempted, so a NON-blockquote head-less intro (`Files NOT written:`) and an
exclusion-only `## Files` still fail closed (both pinned by new tests). +2 tests, 167 pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…greeting/)

Per the human-approved disposition (GATE 1), the probe's vehicle was always a throwaway —
removed now that the measurement is captured. The dev audit trail
(.dev/features/product-pipeline-probe/PROBE.md etc.) is retained as the historical record of
the run; only the meaningless product code + its product-pipeline artifacts are reverted.

Floor GREEN, npm test PASS after removal.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ce (CF-A)

Promotes the durable CF-A insight from the product-pipeline-probe: validate.mjs scans root
features/ but excludes .dev/, so finding-bearing PRODUCT artifacts face CHECK 5 that the
equivalent .dev/-excluded DEV artifacts never do. Extends L9 (the style-gate half) with the
validate-CHECK-5 half. Provenance valid + id unique (check-provenance GREEN pre-write);
human-accepted via gated /pharn-dev-memory-promote.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@PrzemekGalarowicz, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 48 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b7b7dd6-8810-4732-a989-0a454ec6a8f1

📥 Commits

Reviewing files that changed from the base of the PR and between b5c8c47 and 6139e20.

📒 Files selected for processing (1)
  • .dev/features/setter-cue-fix/REVIEW.md
📝 Walkthrough

Walkthrough

This PR fixes a bug in set-writes-scope.cjs where blockquote lines containing exclusion wording incorrectly truncated authorized Files paths, adding regression tests and a fix plan. It also adds extensive documentation (PLAN, PROBE, GRILL, REVIEW, VERIFY, REGRESSION, SHIP, JSON reports) for a product-pipeline-probe dev run, plus a lessons-learned entry.

Changes

Setter Cue Fix (CF-E)

Layer / File(s) Summary
Blockquote exemption in Files parser
.claude/hooks/set-writes-scope.cjs
Exempts blockquote (> ...) lines from the exclusion-cue regex that previously truncated the authorized path list.
Regression tests for blockquote vs non-blockquote cues
.claude/hooks/set-writes-scope.test.cjs
Adds tests confirming blockquote notes don't truncate scope while non-blockquote head-less intros still fail closed.
Fix plan documentation
.dev/features/setter-cue-fix/PLAN.md
Documents the CF-E change set, scope, and audit notes for the blockquote exemption.

Product Pipeline Probe Documentation

Layer / File(s) Summary
Probe plan
.dev/features/product-pipeline-probe/PLAN.md
Defines objective, probe vehicle, hand-off protocol, Files scope, contracts, audits, and resolved open questions for the probe run.
Probe run results
.dev/features/product-pipeline-probe/PROBE.md
Records hand-off matrix, confirmations, findings (including new CF-E bug), guarantee audit, and disposition.
Grill advisory findings
.dev/features/product-pipeline-probe/GRILL.md
Records hash integrity check and structured advisory findings with a non-blocking verdict.
Review and proposed lessons
.dev/features/product-pipeline-probe/REVIEW.md
Documents trust review, four-lens evaluation, GREEN verdict, and proposed canon lessons.
Verify gate results
.dev/features/product-pipeline-probe/VERIFY.md, .../verify-report.json
Documents FLOOR gate pass results and corresponding JSON report.
Regression report
.dev/features/product-pipeline-probe/REGRESSION.md, .../regression-report.json
Documents no-regressions comparison and corresponding JSON report.
Ship roll-up
.dev/features/product-pipeline-probe/SHIP.md
Summarizes stage results, gates, and deliverable pointers.
Lessons learned
.dev/memory-bank/lessons-learned.md
Adds L10 entry on validate-scan asymmetry between .dev/ and root features/.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

A blockquote whispered "not touched here,"
the scanner blinked but had no fear,
🐇 hop, hop, through PLAN and PROBE,
docs piled high around the globe,
tests confirm the fix held tight—
this bunny rests, the scope is right. 🥕

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning The PR does not implement /pharn-eval orchestration, the variance runner, the expected fixture, or the hermetic variance tests required by #7. Add the /pharn-eval orchestrator, floor/check-variance.mjs, expected fixture, hermetic variance fixtures, and GREEN review docs.
Out of Scope Changes check ⚠️ Warning Several changes (.dev probe docs, CF-E fix, L10 promotion, vehicle revert) are unrelated to the linked /pharn-eval variance-runner work. Split the probe/docs, scope-fix, and lesson-promotion work into separate PRs, or link issues that explicitly cover those changes.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and directly describes the main probe plus the CF-E fix and L10 promotion.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch product-pipeline-probe

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (4)
.dev/features/product-pipeline-probe/PLAN.md (2)

125-130: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Historical note: CF-E fix is in this PR, not a separate increment.

The blockquote comment states "fix is a SEPARATE increment," but this PR actually includes the set-writes-scope.cjs blockquote-exemption fix (CF-E). This is understandable as a frozen historical observation from the probe run, but readers may be confused since the fix ships together with these documents. Consider adding a post-script or inline note clarifying that the fix was later bundled into the same PR.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dev/features/product-pipeline-probe/PLAN.md around lines 125 - 130, The
historical note in the PLAN.md blockquote is misleading because it says the CF-E
fix is a separate increment even though this PR includes the
set-writes-scope.cjs blockquote-exemption fix. Update the note near the “Files”
section to clearly state that the CF-E fix was bundled into this PR, and keep
the existing reference to PROBE.md while adding a brief clarifying post-script
or inline note so readers understand the scope.

175-176: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Historical note: vehicle revert is in this PR, not a follow-up increment.

The plan states "revert the vehicle … in a follow-up increment," but the PR objectives and commit history indicate the features/probe-greeting/ vehicle was reverted in this same PR. Like the CF-E note, this is a frozen historical expectation that may confuse readers since the revert ships together. Consider a clarifying note.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dev/features/product-pipeline-probe/PLAN.md around lines 175 - 176, The
PLAN.md note about reverting the vehicle is stale and conflicts with the PR’s
actual scope; update the `features/probe-greeting/` historical note to clearly
state that the vehicle revert happened in this same PR, not in a later
follow-up. Keep the rest of the `validate.mjs` and floor-check guidance
unchanged, but clarify the expectation in the relevant plan section so readers
are not misled.
.dev/features/product-pipeline-probe/PROBE.md (2)

154-156: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Historical note: vehicle revert is bundled in this PR.

PROBE.md states "revert in a follow-up — human-approved 2026-06-30." The PR objectives indicate the features/probe-greeting/ revert is part of this same PR. A clarifying footnote would help readers.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dev/features/product-pipeline-probe/PROBE.md around lines 154 - 156, Add a
clarifying footnote in PROBE.md near the vehicle note to state that the
features/probe-greeting/ revert is bundled in this PR, and keep the existing
guidance tied to greet.mjs so readers understand the revert is no longer a
follow-up. Update the wording in the “vehicle is meaningless by design” section
to reference the bundled revert explicitly without changing the surrounding
probe-policy context.

62-82: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Historical note: CF-E parser fix ships in this PR.

PROBE.md records that "The parser fragility itself is NOT fixed here — it is a candidate for a separate increment." The set-writes-scope.cjs blockquote-exemption fix (CF-E) is actually included in this PR. This is accurate as a frozen run-time observation, but consider a post-hoc footnote for readers since the fix is bundled.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dev/features/product-pipeline-probe/PROBE.md around lines 62 - 82, The
PROBE.md note is outdated because it says the CF-E parser fragility is not fixed
here, but this PR actually includes the set-writes-scope.cjs
blockquote-exemption change. Update the historical note to reflect that the CF-E
fix is bundled in this PR, and add a short post-hoc footnote if needed so
readers understand the observation is frozen while the parser change itself
shipped here.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.claude/hooks/set-writes-scope.cjs:
- Around line 175-179: The blockquote exemption in set-writes-scope.cjs is too
broad and lets quoted exclusion headers like “> Files NOT written:” bypass
Boundary 2. Narrow the isBlockquote handling in the scope-detection logic so
only explanatory quoted notes are exempt, while quoted intro lines that precede
normal path items still fail closed; update the condition around the
line-scanning check and add a regression test for the quoted-intro exclusion
case.

In @.dev/features/product-pipeline-probe/GRILL.md:
- Around line 123-127: The advisory verdict count in the GRILL.md summary is
inconsistent with the documented findings. Update the summary near the verdict
so it matches the actual YAML blocks produced by the grill, or add the missing
finding if one was omitted; use the “ADVISORY VERDICT” section and the
structured findings list as the source of truth when reconciling the total.

---

Nitpick comments:
In @.dev/features/product-pipeline-probe/PLAN.md:
- Around line 125-130: The historical note in the PLAN.md blockquote is
misleading because it says the CF-E fix is a separate increment even though this
PR includes the set-writes-scope.cjs blockquote-exemption fix. Update the note
near the “Files” section to clearly state that the CF-E fix was bundled into
this PR, and keep the existing reference to PROBE.md while adding a brief
clarifying post-script or inline note so readers understand the scope.
- Around line 175-176: The PLAN.md note about reverting the vehicle is stale and
conflicts with the PR’s actual scope; update the `features/probe-greeting/`
historical note to clearly state that the vehicle revert happened in this same
PR, not in a later follow-up. Keep the rest of the `validate.mjs` and
floor-check guidance unchanged, but clarify the expectation in the relevant plan
section so readers are not misled.

In @.dev/features/product-pipeline-probe/PROBE.md:
- Around line 154-156: Add a clarifying footnote in PROBE.md near the vehicle
note to state that the features/probe-greeting/ revert is bundled in this PR,
and keep the existing guidance tied to greet.mjs so readers understand the
revert is no longer a follow-up. Update the wording in the “vehicle is
meaningless by design” section to reference the bundled revert explicitly
without changing the surrounding probe-policy context.
- Around line 62-82: The PROBE.md note is outdated because it says the CF-E
parser fragility is not fixed here, but this PR actually includes the
set-writes-scope.cjs blockquote-exemption change. Update the historical note to
reflect that the CF-E fix is bundled in this PR, and add a short post-hoc
footnote if needed so readers understand the observation is frozen while the
parser change itself shipped here.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 33a7f0ad-6a5e-4a0f-a3ca-7a9f7e3010df

📥 Commits

Reviewing files that changed from the base of the PR and between 8d8d23a and b5c8c47.

📒 Files selected for processing (13)
  • .claude/hooks/set-writes-scope.cjs
  • .claude/hooks/set-writes-scope.test.cjs
  • .dev/features/product-pipeline-probe/GRILL.md
  • .dev/features/product-pipeline-probe/PLAN.md
  • .dev/features/product-pipeline-probe/PROBE.md
  • .dev/features/product-pipeline-probe/REGRESSION.md
  • .dev/features/product-pipeline-probe/REVIEW.md
  • .dev/features/product-pipeline-probe/SHIP.md
  • .dev/features/product-pipeline-probe/VERIFY.md
  • .dev/features/product-pipeline-probe/regression-report.json
  • .dev/features/product-pipeline-probe/verify-report.json
  • .dev/features/setter-cue-fix/PLAN.md
  • .dev/memory-bank/lessons-learned.md

Comment on lines +175 to +179
const isBlockquote = /^\s*>/.test(line);
if (
!isPathItem &&
!isBlockquote &&
/\bnot\W*(touch|writ|modif|edit|chang)|\bexplicitly\W*excluded|\bout\W*of\W*scope|\boff\W*limits/i.test(line)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Don't blanket-exempt quoted exclusion intros.

This now suppresses Boundary 2 for any > ... line, so a shape like > Files NOT written: followed by normal - \path`items is treated as authorized scope instead of failing closed. Sincewrites-scope.jsonis the write-authorization boundary, that widens permissions for an exclusion-only## Files` block. Keep the exemption narrow to explanatory notes, and add a regression for the quoted-intro case.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.claude/hooks/set-writes-scope.cjs around lines 175 - 179, The blockquote
exemption in set-writes-scope.cjs is too broad and lets quoted exclusion headers
like “> Files NOT written:” bypass Boundary 2. Narrow the isBlockquote handling
in the scope-detection logic so only explanatory quoted notes are exempt, while
quoted intro lines that precede normal path items still fail closed; update the
condition around the line-scanning check and add a regression test for the
quoted-intro exclusion case.

Comment on lines +123 to +127
**ADVISORY VERDICT: 7 concerns raised (0 blocking-severity, 4 important, 3 minor) — for the human to weigh
before `/pharn-dev-build`.** The spec→plan chain is intact (content-hash verified). The grill gates nothing; the
only floor-grade results this run produced are the writes-scope pin on this log and the spec-hash match above.
"Grill produced a GRILL.md" does **not** mean the plan is good — it means the chain held and these concerns were
surfaced for the human (P0).

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Finding count mismatch: claims 7 concerns but only 6 are documented.

The advisory verdict states "7 concerns raised (0 blocking-severity, 4 important, 3 minor)," but the structured findings contain only 6 YAML blocks: 3 important (P0 fix-#7, P6 timing, P6 RED-risk) and 3 minor (P0 taint, P6 floor-conflation, P1 AC). Either one concern is missing from the document or the count should read "6 concerns (3 important, 3 minor)."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.dev/features/product-pipeline-probe/GRILL.md around lines 123 - 127, The
advisory verdict count in the GRILL.md summary is inconsistent with the
documented findings. Update the summary near the verdict so it matches the
actual YAML blocks produced by the grill, or add the missing finding if one was
omitted; use the “ADVISORY VERDICT” section and the structured findings list as
the source of truth when reconciling the total.

Reviews the CF-E fix that landed under "do everything" without a review pass. All four
lenses clean: P0 (the "more permissive, never removes a path" claim verified), P1 (hook
ships 2 binding tests), P2 (exemption can't inject a path — blockquote lines are never
collected), P3 (one axis). Advisory: Boundary-2's content-cue heuristic remains fragile
for non-blockquote pre-path prose; proposed candidate lesson (prefer structural anchors
over prose cues, relates to L6).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@PrzemekGalarowicz PrzemekGalarowicz merged commit 0888102 into main Jun 30, 2026
6 checks passed
@PrzemekGalarowicz PrzemekGalarowicz deleted the product-pipeline-probe branch June 30, 2026 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant