ci: add fabrication-rot grep guard for retired honesty patterns#224
Merged
operatoruplift merged 1 commit intomasterfrom Apr 28, 2026
Merged
ci: add fabrication-rot grep guard for retired honesty patterns#224operatoruplift merged 1 commit intomasterfrom
operatoruplift merged 1 commit intomasterfrom
Conversation
Adds a fourth grep-guard alongside copy-check, capability-check, and trust-gate. Each rule encodes a fabrication pattern we've explicitly retired and points at the original cleanup PR so a future contributor can read the prior agreement before reintroducing it. 10 rules covering: - Gold Agent fake balances (0.0847 oz, $278.24, $3284.50/oz) retired in #209 - Webacy fake "wallet grade A, not flagged, not sanctioned" risk grades retired in #209 - Fabricated x402-devnet-${Date.now()} tx signature pattern retired in #173 - Random-vector fake (Math.floor(Math.random() * 2000) + 100) on /memory retired in #210 - Fake-Pro confirm fall-through tx_signature pattern retired in #182 - Pre-seeded fake "Operator Uplift Architecture" memory node retired in #210 - "API key generated (expires in 30 days)" toast lie retired in #212 - 2-second setTimeout fake-install alert on /store retired in #216 Comment-line heuristic skips lines starting with //, /*, *, or <!-- so the audit-trail comments documenting these retirements (e.g. the new /api/gold route's comment block explaining why the lib was deleted) don't trigger false positives. Wired into pnpm check via scripts/check.mjs and added a top-level script `pnpm fabrication-rot-check` for direct invocation. Sanity-tested both directions: - Clean state: 197 files scanned, 0 hits - Plant a 'balanceOz: 0.0847' in lib/: guard fires with the rule name and the retiring-PR pointer, exit code 1.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
2 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
The orchestrator test scaffolds fake check scripts and asserts the "X passed, Y failed, Z skipped" summary. Adding fabrication-rot as the 4th check in #224 shifted those counts and broke 3 of 5 tests: fail-fast: "0 passed, 1 failed, 2 not run" -> 3 not run --all: "1 passed, 2 failed" -> 2 passed, 2 failed mix: "1 passed, 1 failed, 1 skipped" -> 1 passed, 1 failed, 2 skipped Updated each scenario to include a fabrication-rot-check entry where the prior 3-script setups are now 4-script setups, and adjusted the expected counts. The skips-missing-scripts test now also asserts the new SKIP line for fabrication-rot. The orchestrator contract (run, skip-if-missing, fail-propagate, fail-fast) is unchanged; only the count of registered checks moves.
5 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
) Continuation of #227 (privacy policy), #228 (problem-statement pillars), and #229 (compliance section). Four more homepage surfaces still made the same retired claim: 1. src/sections/Pricing.tsx — Free tier feature list said "Runs on your computer, your data never leaves it" + "Lightweight Mac app, opens instantly". Replaced with what the free tier actually unlocks today: try /chat with no signup, BYOK or Google sign-in for live mode, approval gate before any send. 2. src/sections/Comparison.tsx — Feature checklist had "Runs on your computer" and "Works offline" rows comparing Operator Uplift to ChatGPT/Claude/Gemini/Grok. Both rows removed; rewrote the list to focus on what we can demonstrate: tap-to-approve, signed receipts, on-chain audit log, switch-AI mid-conversation, real Gmail/Calendar via OAuth, exportable memory, MIT license, HIPAA-aware/GDPR posture. 3. src/sections/FAQ.tsx — Two answers explicitly told users their data stays on their machine and we never see it. Rewrote to be specific about today (web app routes through Vercel + the AI provider you pick) and roadmap (desktop+Ollama is in development). Repointed at the privacy policy and the MIT license as verification paths. 4. src/sections/CloudVsLocal.tsx — Whole section was structured around a hosting comparison ("Your data on your device", "Works offline", "Cryptographically private"). The whole premise contradicted the cloud-deployed reality. Re-structured as Chat-only AI vs Operator Uplift on the *behavior* axis instead of the *hosting* axis: each bullet ties to a real shipped feature (OAuth, approval gate, signed receipt, audit log, AI switching, MIT license). Section heading updated from "The last AI you will need to trust" to "An assistant that does the work, not just talks about it." Skipped this pass: ProductPage and MarketOpportunity. ProductPage sits behind /product (separate audit). MarketOpportunity is explicitly aspirational future-state framing for a market pitch, not a current factual claim about how the website works. The fabrication-rot guard from #224 doesn't catch these because the claims weren't structured patterns — they were free-form English that varied per surface. Honesty regression here is harder to grep-guard; the consumer-copy spec's banned-phrase list could be expanded if a future regression actually happens.
3 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
) Update the "Honesty regression net" section to accurately describe what's locked in after the local-machine claim cleanups landed in PRs #225-#240: - PR range bumped from #147-#224 to #147-#240 - consumer-copy.spec.ts banned-phrase list documented in full, including the 8 retired local-machine claims added in #240 - fabrication-rot-check.mjs documented as 20 rules (was 10), with the new local-machine patterns enumerated alongside the original retired-fabrication catalog (Gold Agent, Webacy, x402, random- vector, expires-in-30-days, fake-install) This is documentation-only — no source changes. Verifies pnpm check 4/4 still passes after the description is brought up to date.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a fourth grep-guard alongside copy-check, capability-check, and trust-gate. Each rule encodes a fabrication pattern we've explicitly retired and points at the original cleanup PR so a future contributor can read the prior agreement before reintroducing it.
10 rules covering:
Comment-line heuristic skips lines starting with `//`, `/`, ``, or `<!--` so audit-trail comments documenting these retirements (e.g. the new `/api/gold` route's comment block) don't trigger false positives.
Wired into `pnpm check` via `scripts/check.mjs` and added a top-level script `pnpm fabrication-rot-check` for direct invocation.
Test plan
lib/_fab_test.tscontainingbalanceOz: 0.0847→ guard fires with rule name and retiring-PR pointer, exit 1