pdurlej/platform

Fork 0

test(memory): pin sacred-path consistency between memory.py and safety.py #807

Merged

Iskra merged 3 commits from claude/issues/memory-sacred-path-consistency into main

2026-06-26 13:13:55 +02:00

claude commented

2026-06-18 15:27:16 +02:00

Collaborator

Problem

Sacred-path truth is split. The canonical repo-wide rules live in control-plane/platformctl/safety.py (SACRED_EXACT_PATHS / SACRED_PREFIX_PATHS / SACRED_PATH_GLOBS / SACRED_NAME_GLOBS), and PR #806 generated policies/sacred-paths.yaml from them with a drift test.

But there is a third, independent source of truth that nothing guards against drift:

memory.py:20 — SACRED_PATH_PATTERNS, a tuple of compiled regexes (.ssh, .codex, secret-material, runtime/legacy-import/env, open-loops.json).
memory.py:235 — pre_tool_guard uses them to block destructive memory-control-plane operations in the PreToolUse hook: operation in DESTRUCTIVE_OPERATIONS and any(pattern.search(normalized) ...).

If safety.py gains a new sacred concept that the memory hook should also cover, memory.py can silently fall behind.

Investigation (step 1)

Why it is regex-based, and whether it can reuse safety.is_sacred_path. It cannot:

Different normalization. pre_tool_guard normalizes with str(Path(path).expanduser()) only (memory.py:234) — no .resolve(). safety._normalize runs Path(...).resolve(strict=False) (safety.py:132), resolving relative paths against the control-plane process CWD. Hook payloads carry raw, possibly-relative or remote (/home/openclaw/...) path strings matched on operation+path alone, so CWD resolution is wrong here.
Different concept sets. safety.py is a host-specific absolute-path enforcement layer (safety.py:26-99); memory.py is a coarse component match anywhere in a string.
Scopes overlap but neither contains the other. memory.py covers ~/.ssh + secret-material + open-loops.json (absent from safety.py), and intentionally ignores /etc/ssh/sshd_config and the /opt/... host paths (which safety.py owns). So the literal property "no path safety.py treats as sacred is missed by memory.py" is false by design (e.g. /etc/ssh/sshd_config has no .ssh component).

Decision (step 2): option (b) — keep regexes, add a consistency test

Deriving memory.py from safety.py (option a) would change protective behavior. The genuine, testable invariant is agreement where the scopes overlap — the only shared concept is the .codex component.

Test (step 3)

New file control-plane/platformctl/tests/test_memory_sacred_consistency.py:

Overlap drift guard — every safety.py rule sharing the .codex component is blocked by the memory destructive guard, derived from safety.py's own constants (SACRED_EXACT_PATHS + SACRED_PREFIX_PATHS) so new .codex rules are covered automatically. Includes an anti-vacuity check and a non-circular bidirectional anchor (safety.is_sacred_path AND pre_tool_guard must agree).
Pattern contract — each of the 5 patterns blocks destructive ops, allows reads, ignores near-misses (e.g. secret-materials.md, my-open-loops.json); a tripwire ties len(SACRED_PATH_PATTERNS) to the fixture set so the pattern tuple can't change without re-checking agreement.
Canonical anchor — safety.py-only host paths (/etc/ssh/sshd_config, /opt/..., remote workspace) stay sacred under safety.py, asserted positively so a future tightening of memory.py never trips this test.

Also a cross-reference comment at memory.py:20 so the third source of truth is intentional, not silent.

Proof the guard is non-vacuous

Simulating removal of the .codex pattern leaks 6 safety.py sacred paths past the memory guard (~/.codex/AGENTS.md, ~/.codex/config.toml, /home/openclaw/.codex/sessions/, ~/.codex/archived_sessions/, ~/.codex/automations/, ~/.codex/sessions/) → test_safety_overlap_* fails.

Verification

python3 -m pytest platformctl/tests/test_memory_sacred_consistency.py → 23 passed.
test_safety_phase3.py → 128 passed (no regression).
Pre-existing env-only failures in test_memory_control_plane.py (subprocess ModuleNotFoundError: No module named 'click') are unrelated — confirmed identical on the clean baseline with this branch's source stashed.

Classification

Class/security-sensitive (sacred-path enforcement) → tier/full canary + operator merge. No secret values touched.

🤖 Generated with Claude Code

## Problem Sacred-path truth is split. The canonical repo-wide rules live in `control-plane/platformctl/safety.py` (`SACRED_EXACT_PATHS` / `SACRED_PREFIX_PATHS` / `SACRED_PATH_GLOBS` / `SACRED_NAME_GLOBS`), and PR #806 generated `policies/sacred-paths.yaml` from them with a drift test. But there is a **third, independent source of truth** that nothing guards against drift: - [`memory.py:20`](control-plane/platformctl/memory.py#L20) — `SACRED_PATH_PATTERNS`, a tuple of compiled regexes (`.ssh`, `.codex`, `secret-material`, `runtime/legacy-import/env`, `open-loops.json`). - [`memory.py:235`](control-plane/platformctl/memory.py#L235) — `pre_tool_guard` uses them to block destructive memory-control-plane operations in the `PreToolUse` hook: `operation in DESTRUCTIVE_OPERATIONS and any(pattern.search(normalized) ...)`. If `safety.py` gains a new sacred concept that the memory hook should also cover, `memory.py` can silently fall behind. ## Investigation (step 1) **Why it is regex-based, and whether it can reuse `safety.is_sacred_path`.** It cannot: 1. **Different normalization.** `pre_tool_guard` normalizes with `str(Path(path).expanduser())` only ([`memory.py:234`](control-plane/platformctl/memory.py#L234)) — no `.resolve()`. `safety._normalize` runs `Path(...).resolve(strict=False)` ([`safety.py:132`](control-plane/platformctl/safety.py#L132)), resolving **relative** paths against the control-plane process CWD. Hook payloads carry raw, possibly-relative or remote (`/home/openclaw/...`) path strings matched on operation+path alone, so CWD resolution is wrong here. 2. **Different concept sets.** `safety.py` is a host-specific **absolute-path** enforcement layer ([`safety.py:26-99`](control-plane/platformctl/safety.py#L26)); `memory.py` is a coarse **component** match anywhere in a string. 3. **Scopes overlap but neither contains the other.** `memory.py` covers `~/.ssh` + `secret-material` + `open-loops.json` (absent from `safety.py`), and intentionally ignores `/etc/ssh/sshd_config` and the `/opt/...` host paths (which `safety.py` owns). So the literal property "no path `safety.py` treats as sacred is missed by `memory.py`" is **false by design** (e.g. `/etc/ssh/sshd_config` has no `.ssh` component). ## Decision (step 2): option (b) — keep regexes, add a consistency test Deriving `memory.py` from `safety.py` (option a) would change protective behavior. The genuine, testable invariant is **agreement where the scopes overlap** — the only shared concept is the `.codex` component. ## Test (step 3) New file [`control-plane/platformctl/tests/test_memory_sacred_consistency.py`](control-plane/platformctl/tests/test_memory_sacred_consistency.py): - **Overlap drift guard** — every `safety.py` rule sharing the `.codex` component is blocked by the memory destructive guard, derived from `safety.py`'s own constants (`SACRED_EXACT_PATHS + SACRED_PREFIX_PATHS`) so new `.codex` rules are covered automatically. Includes an anti-vacuity check and a non-circular bidirectional anchor (`safety.is_sacred_path` AND `pre_tool_guard` must agree). - **Pattern contract** — each of the 5 patterns blocks destructive ops, allows reads, ignores near-misses (e.g. `secret-materials.md`, `my-open-loops.json`); a tripwire ties `len(SACRED_PATH_PATTERNS)` to the fixture set so the pattern tuple can't change without re-checking agreement. - **Canonical anchor** — `safety.py`-only host paths (`/etc/ssh/sshd_config`, `/opt/...`, remote workspace) stay sacred under `safety.py`, asserted **positively** so a future tightening of `memory.py` never trips this test. Also a cross-reference comment at [`memory.py:20`](control-plane/platformctl/memory.py#L20) so the third source of truth is intentional, not silent. ### Proof the guard is non-vacuous Simulating removal of the `.codex` pattern leaks **6** `safety.py` sacred paths past the memory guard (`~/.codex/AGENTS.md`, `~/.codex/config.toml`, `/home/openclaw/.codex/sessions/`, `~/.codex/archived_sessions/`, `~/.codex/automations/`, `~/.codex/sessions/`) → `test_safety_overlap_*` fails. ## Verification - `python3 -m pytest platformctl/tests/test_memory_sacred_consistency.py` → **23 passed**. - `test_safety_phase3.py` → 128 passed (no regression). - Pre-existing env-only failures in `test_memory_control_plane.py` (subprocess `ModuleNotFoundError: No module named 'click'`) are unrelated — confirmed identical on the clean baseline with this branch's source stashed. ## Classification Class/security-sensitive (sacred-path enforcement) → **tier/full canary + operator merge**. No secret values touched. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

claude added 1 commit

2026-06-18 15:27:16 +02:00

test(memory): pin sacred-path consistency between memory.py and safety.py

canary-required / collect-diff (pull_request) Successful in 4s

Details

python-ci / Python 3.12 (pull_request) Successful in 42s

Details

platformctl plan / auto-apply scope (pull_request) Successful in 16s

Details

pyfallow / Pyfallow gate (control-plane) (pull_request) Successful in 16s

Details

python-ci / Python 3.11 (pull_request) Successful in 39s

Details

python-ci / Python 3.13 (pull_request) Successful in 44s

Details

canary-required / canary (pull_request) Successful in 17s

Details

patchwarden-pr-sanity / collect-diff (pull_request) Successful in 5s

Details

base-is-main / guard (pull_request) Successful in 1s

Details

patchwarden-client-dry-run / collect-diff (pull_request) Successful in 4s

Details

patchwarden-client-dry-run / dry-run (pull_request) Successful in 18s

Details

patchwarden-pr-sanity / sanity (pull_request) Successful in 3m51s

Details

250b8ced32

memory.py:20 declares an independent SACRED_PATH_PATTERNS (compiled regexes)
used by pre_tool_guard (memory.py:235) to block destructive memory-control-plane
operations in the PreToolUse hook. This is a third sacred-path truth alongside
safety.py (SACRED_EXACT/PREFIX/PATH_GLOBS/NAME_GLOBS) and the generated
policies/sacred-paths.yaml — and it can drift silently.

Decision: keep the regexes (option b). They cannot reuse safety.is_sacred_path:
that layer resolves Path objects against the process CWD (safety.py:132-133),
which is wrong for hook payloads carrying raw, relative or remote path strings.
The two are genuinely different concept sets whose scopes only overlap (neither
contains the other), so deriving one from the other would change protection.

Add tests/test_memory_sacred_consistency.py pinning the relationship:
- overlap agreement: every safety.py rule sharing the `.codex` component is
  blocked by the memory guard, derived from safety.py's own constants so new
  `.codex` rules are covered automatically (proven non-vacuous: removing the
  pattern leaks 6 safety.py sacred paths past the guard).
- pattern contract: each of the 5 patterns blocks destructive ops, allows reads,
  ignores near-misses; a tripwire ties pattern count to the fixture set.
- canonical anchor: safety.py-only host paths (e.g. /etc/ssh/sshd_config) stay
  sacred under safety.py, asserted positively so tightening memory.py never trips.

Also add a cross-reference comment at memory.py:20 so the third source of truth
is intentional, not silent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

patchwarden commented

2026-06-18 15:34:15 +02:00

First-time contributor

Patchwarden PR sanity

Operator signal: 🛑 STOP - reviewer finding(s) must be addressed or explicitly accepted.

Automerge signal: ❌ NOT READY - no unattended merge or APPROVED review should be published.

Verdict: 🛑 STOP - a model reviewer reported actionable findings.

Next step: Address the reviewer finding(s), or leave a human decision explaining why the risk is accepted.

PR: 807
Commit: 7dbee837a933a08bc66f492816430d00ef0bfdd5
Status: advisory_findings
Reviewer health: findings
Security-sensitive label: present
Authority: Patchwarden policy signal; branch protection and automerge controller remain merge authority.
Model mix: glm-5.2:cloud, deepseek-v4-pro:cloud, kimi-k2.7-code:cloud

What I checked

Changed files: 2
Deterministic blocker scan: clean
Model reviewer lanes: 3
Comment contract: this comment is updated in place via a hidden Patchwarden marker.

Approval Handoff

State: not_ready_reviewer_findings
Action: address reviewer finding(s) or leave a human decision before any unattended approval.
Boundary: branch protection and the automerge controller remain merge authority.

Signal Board

Legend: ✅ evidence is sufficient; 🟡 controller still has work; ⚠️ automation retries first; 🛑/❌ do not approve or merge.

Lane	Signal	Meaning
🧪 Deterministic sanity	✅ `clean`	No deterministic blockers found.
🧠 Model reviewers	❌ `findings`	Address reviewer finding(s) before approval.
🛡️ Patchwarden approval	❌ `not_ready_reviewer_findings`	No unattended APPROVED review should be published.
🚦 Unattended automerge	❌ `ineligible`	Outside the narrow safe-docs/status unattended lane.
🙋 Owner attention	🔁 `automation first`	Retry, repair, or inspect automation before asking the owner.

Scope blocker: non-doc/status path(s): control-plane/platformctl/memory.py, control-plane/platformctl/tests/test_memory_sacred_consistency.py
Risk label blocker: class/security-sensitive, tier/full
Security-sensitive blocker: class/security-sensitive is present.
🧭 Merge authority: branch protection and automerge controller remain authoritative.

Required Fixes

No deterministic blockers.

Reviewer Details

Model reviewer lanes

`global-glm` / `glm-5.2:cloud`

Status: ok
Verdict: OK
Findings: none

`global-deepseek` / `deepseek-v4-pro:cloud`

Status: ok
Verdict: OK
Findings: none

`redteam` / `kimi-k2.7-code:cloud`

Status: ok
Verdict: NOT_OK
high Symlink/path-aliasing bypass of regex-only sacred guard
- Evidence: memory.py new comment at SACRED_PATH_PATTERNS deliberately rejects filesystem resolution ('Deliberately NOT derived from safety.is_sacred_path... matched on operation+path alone') and keeps component regex search on the raw string. test_mem
- Next: Resolve the payload against its intended workspace/base directory (not the control-plane CWD) before regex matching, or add an explicit regression test and operator comment accepting the residual aliasing risk and requiring downstream enforcement.

Policy notes

Patchwarden PR sanity is the first merge-lane signal for this PR.
Models produce findings; Patchwarden/policy produces decisions.
Model findings alone do not fail the status check; they require human or agent disposition.
Formal approval is separate from this comment and requires clean reviewer health.
Automerge remains delegated to branch protection and the automerge pilot.

# Patchwarden PR sanity **Operator signal:** 🛑 STOP - reviewer finding(s) must be addressed or explicitly accepted. **Automerge signal:** ❌ NOT READY - no unattended merge or APPROVED review should be published. **Verdict:** 🛑 STOP - a model reviewer reported actionable findings. **Next step:** Address the reviewer finding(s), or leave a human decision explaining why the risk is accepted. - PR: `807` - Commit: `7dbee837a933a08bc66f492816430d00ef0bfdd5` - Status: `advisory_findings` - Reviewer health: `findings` - Security-sensitive label: `present` - Authority: Patchwarden policy signal; branch protection and automerge controller remain merge authority. - Model mix: `glm-5.2:cloud`, `deepseek-v4-pro:cloud`, `kimi-k2.7-code:cloud` ## What I checked - Changed files: `2` - Deterministic blocker scan: `clean` - Model reviewer lanes: `3` - Comment contract: this comment is updated in place via a hidden Patchwarden marker. ## Approval Handoff - State: `not_ready_reviewer_findings` - Action: address reviewer finding(s) or leave a human decision before any unattended approval. - Boundary: branch protection and the automerge controller remain merge authority. ## Signal Board - Legend: ✅ evidence is sufficient; 🟡 controller still has work; ⚠️ automation retries first; 🛑/❌ do not approve or merge. | Lane | Signal | Meaning | | --- | --- | --- | | 🧪 Deterministic sanity | ✅ `clean` | No deterministic blockers found. | | 🧠 Model reviewers | ❌ `findings` | Address reviewer finding(s) before approval. | | 🛡️ Patchwarden approval | ❌ `not_ready_reviewer_findings` | No unattended APPROVED review should be published. | | 🚦 Unattended automerge | ❌ `ineligible` | Outside the narrow safe-docs/status unattended lane. | | 🙋 Owner attention | 🔁 `automation first` | Retry, repair, or inspect automation before asking the owner. | - Scope blocker: non-doc/status path(s): `control-plane/platformctl/memory.py`, `control-plane/platformctl/tests/test_memory_sacred_consistency.py` - Risk label blocker: `class/security-sensitive`, `tier/full` - Security-sensitive blocker: `class/security-sensitive` is present. 🧭 Merge authority: branch protection and automerge controller remain authoritative. ## Required Fixes No deterministic blockers. ## Reviewer Details <details> <summary>Model reviewer lanes</summary> ### `global-glm` / `glm-5.2:cloud` - Status: `ok` - Verdict: `OK` - Findings: none ### `global-deepseek` / `deepseek-v4-pro:cloud` - Status: `ok` - Verdict: `OK` - Findings: none ### `redteam` / `kimi-k2.7-code:cloud` - Status: `ok` - Verdict: `NOT_OK` - **`high`** Symlink/path-aliasing bypass of regex-only sacred guard - Evidence: `memory.py new comment at SACRED_PATH_PATTERNS deliberately rejects filesystem resolution ('Deliberately NOT derived from safety.is_sacred_path... matched on operation+path alone') and keeps component regex search on the raw string. test_mem` - Next: Resolve the payload against its intended workspace/base directory (not the control-plane CWD) before regex matching, or add an explicit regression test and operator comment accepting the residual aliasing risk and requiring downstream enforcement. </details> ## Policy notes - Patchwarden PR sanity is the first merge-lane signal for this PR. - Models produce findings; Patchwarden/policy produces decisions. - Model findings alone do not fail the status check; they require human or agent disposition. - Formal approval is separate from this comment and requires clean reviewer health. - Automerge remains delegated to branch protection and the automerge pilot.

Iskra commented

2026-06-23 03:01:19 +02:00

Collaborator

Iskra judgment

Field	Value
Target	`pdurlej/platform#pull_request#807`
Priority	p1
Action	patchwarden_candidate
Scores	reach 4 / impact 4 / confidence 4
Piotr fit	high
Effort	small
Labels	`judge/p1`, `judge/patchwarden-candidate`
Judge	`iskra` via `openclaw`

Rationale: This pins drift between independent sacred-path guard sources, reducing the chance that destructive memory-control-plane protections silently fall behind governance policy.

Caveat: The packet excerpt does not include the full diff or test output, so review should verify the pinned consistency check matches intended guard semantics.

Structured openclaw.judge.v0 payload

<!-- openclaw.judge.v0 -->
{
  "confidence": 4,
  "effort_hint": "small",
  "escalation": {
    "kind": "patchwarden_review",
    "reason": "The PR touches safety-adjacent guard consistency and should receive focused review before merge."
  },
  "evidence_refs": [
    {
      "note": "Public repository metadata and dry-run packet only.",
      "type": "snapshot",
      "value": "pr-title-body-labels-and-target-snapshot"
    }
  ],
  "impact": 4,
  "judge_actor": {
    "name": "iskra",
    "runtime": "openclaw"
  },
  "judged_at": "2026-06-23T00:00:00Z",
  "labels_to_apply": [
    "judge/p1",
    "judge/patchwarden-candidate"
  ],
  "piotr_fit": "high",
  "priority": "p1",
  "rationale_summary": "This pins drift between independent sacred-path guard sources, reducing the chance that destructive memory-control-plane protections silently fall behind governance policy.",
  "reach": 4,
  "recommended_next_action": "patchwarden_candidate",
  "rerun_reason": "no_prior_judgment",
  "schema": "openclaw.judge.v0",
  "target": {
    "kind": "pull_request",
    "number": 807,
    "repo": "pdurlej/platform"
  },
  "target_snapshot": {
    "body_hash": "sha256:72a1058113741f4db8a168b5a3a50d38c5071b20c4ed5b29e726acffa92b133f",
    "commit_count": 1,
    "evidence_hash": "sha256:abba4c82a8ea0223b969a93da11258eda797de95b31920f6b7bd17241d9d0f52",
    "head_sha": "250b8ced32772af7c9a323cf6a4b4ba942e7d942",
    "labels": [],
    "labels_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "state": "open",
    "title_hash": "sha256:6618066de7fe9b582e7b1d9ddcda6d4948f6a87cabbb1395793b445ed8f0dfd4",
    "updated_at": "2026-06-18T15:34:15+02:00"
  },
  "top_caveat": "The packet excerpt does not include the full diff or test output, so review should verify the pinned consistency check matches intended guard semantics."
}
<!-- /openclaw.judge.v0 -->

### Iskra judgment | Field | Value | | --- | --- | | Target | `pdurlej/platform#pull_request#807` | | Priority | p1 | | Action | patchwarden_candidate | | Scores | reach 4 / impact 4 / confidence 4 | | Piotr fit | high | | Effort | small | | Labels | `judge/p1`, `judge/patchwarden-candidate` | | Judge | `iskra` via `openclaw` | **Rationale:** This pins drift between independent sacred-path guard sources, reducing the chance that destructive memory-control-plane protections silently fall behind governance policy. **Caveat:** The packet excerpt does not include the full diff or test output, so review should verify the pinned consistency check matches intended guard semantics. <details> <summary>Structured openclaw.judge.v0 payload</summary> ```json  { "confidence": 4, "effort_hint": "small", "escalation": { "kind": "patchwarden_review", "reason": "The PR touches safety-adjacent guard consistency and should receive focused review before merge." }, "evidence_refs": [ { "note": "Public repository metadata and dry-run packet only.", "type": "snapshot", "value": "pr-title-body-labels-and-target-snapshot" } ], "impact": 4, "judge_actor": { "name": "iskra", "runtime": "openclaw" }, "judged_at": "2026-06-23T00:00:00Z", "labels_to_apply": [ "judge/p1", "judge/patchwarden-candidate" ], "piotr_fit": "high", "priority": "p1", "rationale_summary": "This pins drift between independent sacred-path guard sources, reducing the chance that destructive memory-control-plane protections silently fall behind governance policy.", "reach": 4, "recommended_next_action": "patchwarden_candidate", "rerun_reason": "no_prior_judgment", "schema": "openclaw.judge.v0", "target": { "kind": "pull_request", "number": 807, "repo": "pdurlej/platform" }, "target_snapshot": { "body_hash": "sha256:72a1058113741f4db8a168b5a3a50d38c5071b20c4ed5b29e726acffa92b133f", "commit_count": 1, "evidence_hash": "sha256:abba4c82a8ea0223b969a93da11258eda797de95b31920f6b7bd17241d9d0f52", "head_sha": "250b8ced32772af7c9a323cf6a4b4ba942e7d942", "labels": [], "labels_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "state": "open", "title_hash": "sha256:6618066de7fe9b582e7b1d9ddcda6d4948f6a87cabbb1395793b445ed8f0dfd4", "updated_at": "2026-06-18T15:34:15+02:00" }, "top_caveat": "The packet excerpt does not include the full diff or test output, so review should verify the pinned consistency check matches intended guard semantics." }  ``` </details>

Iskra added the

judge/p1

judge/patchwarden-candidate

labels

2026-06-23 03:01:20 +02:00

Iskra referenced this pull request from pdurlej/judging-claw

2026-06-23 03:01:20 +02:00

[Judging Claw] patchwarden_candidate for pdurlej/platform#807 (p1) #133

Iskra commented

2026-06-24 03:01:07 +02:00

Collaborator

Iskra judgment

Field	Value
Target	`pdurlej/platform#pull_request#807`
Priority	p1
Action	patchwarden_candidate
Scores	reach 4 / impact 4 / confidence 4
Piotr fit	high
Effort	small
Labels	`judge/p1`, `judge/patchwarden-candidate`
Judge	`iskra` via `openclaw`

Rationale: This PR appears to pin an important safety invariant between memory hook sacred-path handling and canonical repo-wide sacred-path policy, reducing silent drift in destructive-operation guards.

Caveat: The packet excerpt does not include the full diff or test output, so review should confirm the generated policy and regex coverage preserve intended behavior.

Structured openclaw.judge.v0 payload

<!-- openclaw.judge.v0 -->
{
  "confidence": 4,
  "effort_hint": "small",
  "escalation": {
    "kind": "patchwarden_review",
    "reason": "Patchwarden should verify the consistency test and guard semantics before merge."
  },
  "evidence_refs": [
    {
      "note": "Public repository metadata, prior judgment, labels, and dry-run packet excerpt only.",
      "type": "snapshot",
      "value": "issue-or-pr-title-body-labels-and-target-snapshot"
    },
    {
      "note": "Previous public judgment already classified this as p1 patchwarden-candidate and the target changed since then.",
      "type": "snapshot",
      "value": "previous-public-judgment-and-target-changed-rerun"
    }
  ],
  "impact": 4,
  "judge_actor": {
    "name": "iskra",
    "runtime": "openclaw"
  },
  "judged_at": "2026-06-24T01:00:28Z",
  "labels_to_apply": [
    "judge/p1",
    "judge/patchwarden-candidate"
  ],
  "piotr_fit": "high",
  "priority": "p1",
  "rationale_summary": "This PR appears to pin an important safety invariant between memory hook sacred-path handling and canonical repo-wide sacred-path policy, reducing silent drift in destructive-operation guards.",
  "reach": 4,
  "recommended_next_action": "patchwarden_candidate",
  "rerun_reason": "target_changed",
  "schema": "openclaw.judge.v0",
  "target": {
    "kind": "pull_request",
    "number": 807,
    "repo": "pdurlej/platform"
  },
  "target_snapshot": {
    "body_hash": "sha256:72a1058113741f4db8a168b5a3a50d38c5071b20c4ed5b29e726acffa92b133f",
    "commit_count": 1,
    "evidence_hash": "sha256:174b7ea770f516cdaa0ac16679e9382c01606d5afff1f029f61a52cc6cc07461",
    "head_sha": "250b8ced32772af7c9a323cf6a4b4ba942e7d942",
    "labels": [
      "judge/p1",
      "judge/patchwarden-candidate"
    ],
    "labels_hash": "sha256:0201cd844d34972d5631e146e07a0345e98dbce67192eca387a3cae40e5f2754",
    "state": "open",
    "title_hash": "sha256:6618066de7fe9b582e7b1d9ddcda6d4948f6a87cabbb1395793b445ed8f0dfd4",
    "updated_at": "2026-06-23T03:01:20+02:00"
  },
  "top_caveat": "The packet excerpt does not include the full diff or test output, so review should confirm the generated policy and regex coverage preserve intended behavior."
}
<!-- /openclaw.judge.v0 -->

### Iskra judgment | Field | Value | | --- | --- | | Target | `pdurlej/platform#pull_request#807` | | Priority | p1 | | Action | patchwarden_candidate | | Scores | reach 4 / impact 4 / confidence 4 | | Piotr fit | high | | Effort | small | | Labels | `judge/p1`, `judge/patchwarden-candidate` | | Judge | `iskra` via `openclaw` | **Rationale:** This PR appears to pin an important safety invariant between memory hook sacred-path handling and canonical repo-wide sacred-path policy, reducing silent drift in destructive-operation guards. **Caveat:** The packet excerpt does not include the full diff or test output, so review should confirm the generated policy and regex coverage preserve intended behavior. <details> <summary>Structured openclaw.judge.v0 payload</summary> ```json  { "confidence": 4, "effort_hint": "small", "escalation": { "kind": "patchwarden_review", "reason": "Patchwarden should verify the consistency test and guard semantics before merge." }, "evidence_refs": [ { "note": "Public repository metadata, prior judgment, labels, and dry-run packet excerpt only.", "type": "snapshot", "value": "issue-or-pr-title-body-labels-and-target-snapshot" }, { "note": "Previous public judgment already classified this as p1 patchwarden-candidate and the target changed since then.", "type": "snapshot", "value": "previous-public-judgment-and-target-changed-rerun" } ], "impact": 4, "judge_actor": { "name": "iskra", "runtime": "openclaw" }, "judged_at": "2026-06-24T01:00:28Z", "labels_to_apply": [ "judge/p1", "judge/patchwarden-candidate" ], "piotr_fit": "high", "priority": "p1", "rationale_summary": "This PR appears to pin an important safety invariant between memory hook sacred-path handling and canonical repo-wide sacred-path policy, reducing silent drift in destructive-operation guards.", "reach": 4, "recommended_next_action": "patchwarden_candidate", "rerun_reason": "target_changed", "schema": "openclaw.judge.v0", "target": { "kind": "pull_request", "number": 807, "repo": "pdurlej/platform" }, "target_snapshot": { "body_hash": "sha256:72a1058113741f4db8a168b5a3a50d38c5071b20c4ed5b29e726acffa92b133f", "commit_count": 1, "evidence_hash": "sha256:174b7ea770f516cdaa0ac16679e9382c01606d5afff1f029f61a52cc6cc07461", "head_sha": "250b8ced32772af7c9a323cf6a4b4ba942e7d942", "labels": [ "judge/p1", "judge/patchwarden-candidate" ], "labels_hash": "sha256:0201cd844d34972d5631e146e07a0345e98dbce67192eca387a3cae40e5f2754", "state": "open", "title_hash": "sha256:6618066de7fe9b582e7b1d9ddcda6d4948f6a87cabbb1395793b445ed8f0dfd4", "updated_at": "2026-06-23T03:01:20+02:00" }, "top_caveat": "The packet excerpt does not include the full diff or test output, so review should confirm the generated policy and regex coverage preserve intended behavior." }  ``` </details>

Iskra referenced this pull request from pdurlej/judging-claw

2026-06-24 03:01:08 +02:00

[Judging Claw] patchwarden_candidate for pdurlej/platform#807 (p1) #136

codex referenced this pull request

2026-06-25 12:36:28 +02:00

goal(patchwarden): enable unattended merge-safety loop for eligible Platform PRs #823

codex added the

class/security-sensitive

risk/process

tier/full

owner-attention

status:operator-needed

labels

2026-06-26 00:27:23 +02:00

codex added 1 commit

2026-06-26 10:45:56 +02:00

Merge remote-tracking branch 'origin/main' into claude/issues/memory-sacred-path-consistency

base-is-main / guard (pull_request) Successful in 2s

Details

canary-required / collect-diff (pull_request) Successful in 4s

Details

pyfallow / Pyfallow gate (control-plane) (pull_request) Successful in 16s

Details

python-ci / Python 3.11 (pull_request) Successful in 42s

Details

patchwarden-client-dry-run / collect-diff (pull_request) Successful in 4s

Details

patchwarden-pr-sanity / collect-diff (pull_request) Successful in 5s

Details

platformctl plan / auto-apply scope (pull_request) Successful in 17s

Details

python-ci / Python 3.12 (pull_request) Successful in 44s

Details

python-ci / Python 3.13 (pull_request) Successful in 43s

Details

canary-required / canary (pull_request) Successful in 17s

Details

patchwarden-client-dry-run / dry-run (pull_request) Successful in 18s

Details

patchwarden-pr-sanity / sanity (pull_request) Successful in 38s

Details

bca9b89e8f

codex added 1 commit

2026-06-26 13:04:35 +02:00

Merge remote-tracking branch 'origin/main' into claude/issues/memory-sacred-path-consistency

canary-required / collect-diff (pull_request) Successful in 4s

Details

patchwarden-client-dry-run / collect-diff (pull_request) Successful in 5s

Details

patchwarden-pr-sanity / collect-diff (pull_request) Successful in 4s

Details

python-ci / Python 3.11 (pull_request) Successful in 42s

Details

python-ci / Python 3.12 (pull_request) Successful in 45s

Details

base-is-main / guard (pull_request) Successful in 1s

Details

platformctl plan / auto-apply scope (pull_request) Successful in 17s

Details

pyfallow / Pyfallow gate (control-plane) (pull_request) Successful in 16s

Details

patchwarden-client-dry-run / dry-run (pull_request) Successful in 19s

Details

patchwarden-pr-sanity / sanity (pull_request) Successful in 2m37s

Details

python-ci / Python 3.13 (pull_request) Successful in 44s

Details

canary-required / canary (pull_request) Successful in 16s

Details

7dbee837a9

Iskra approved these changes

2026-06-26 13:13:54 +02:00

Iskra left a comment

Operator live approval present for #807: branch is current and all latest CI/Patchwarden contexts are green. Approval recorded by Iskra as merge actor for the sacred-path consistency test PR.