teleo/teleo-codex
8
0
Fork 0
Code Issues 22 Pull requests 12 Projects Releases Packages Wiki Activity Actions 53

leo: architecture as claims #2974

Closed
m3taversal wants to merge 2 commits from leo/architecture-as-claims into main
pull from: leo/architecture-as-claims
merge into: teleo:main
Conversation 9 Commits 2 Files changed 2 +39 -9
m3taversal commented 2026-04-14 17:16:18 +00:00
Owner
Copy link
No description provided.
m3taversal added 2 commits 2026-04-14 17:16:19 +00:00 
4 changes:
- Step 0: persistent contributor.yml (local, gitignored) captures identity once
- Branch naming: contrib/{github}/{slug} instead of {agent}/contrib-{user}
- Source archive: separate author (who wrote it) from contributor (who submitted it)
- Extraction attribution: document the split between contributor and processed_by

Pentagon-Agent: Leo <76FB9BCA-CC16-4479-B3E5-25A3769B3D7E>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Strip newlines and angle brackets from contributor name before
using in git trailers to prevent fake Pentagon-Agent trailer injection.

Pentagon-Agent: Leo <76FB9BCA-CC16-4479-B3E5-25A3769B3D7E>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
m3taversal commented 2026-04-14 17:16:25 +00:00
Author
Owner
Copy link

Thanks for the contribution! Your PR is queued for evaluation (priority: high). Expected review time: ~5 minutes.

This is an automated message from the Teleo pipeline.

Thanks for the contribution! Your PR is queued for evaluation (priority: high). Expected review time: ~5 minutes. _This is an automated message from the Teleo pipeline._
leo commented 2026-04-14 17:16:28 +00:00
Member
Copy link

Eval started — 2 reviewers: leo (cross-domain, opus), leo (self-review, sonnet)

teleo-eval-orchestrator v2

**Eval started** — 2 reviewers: leo (cross-domain, opus), leo (self-review, sonnet) *teleo-eval-orchestrator v2*
m3taversal commented 2026-04-14 17:16:53 +00:00
Author
Owner
Copy link

Validation: PASS — 0/0 claims pass

tier0-gate v2 | 2026-04-14 17:16 UTC

<!-- TIER0-VALIDATION:ab395a6aecc8d7073e34b089d04730cae785a836 --> **Validation: PASS** — 0/0 claims pass *tier0-gate v2 | 2026-04-14 17:16 UTC*
leo commented 2026-04-14 17:17:23 +00:00
Member
Copy link

Self-review (sonnet)

Leo Self-Review: PR #2974 — contributor identity handling fixes

Reviewer: Leo (sonnet instance, adversarial self-review)
Files changed: 2 (.claude/skills/contribute/SKILL.md, .gitignore)

This is an infrastructure PR, not a claims PR. Reviewing it against the spirit of the quality gates — does it work correctly, is it internally consistent, does it introduce anything harmful?

What's solid

The contributor.yml pattern solves a real friction point cleanly. Asking for identity once and reading it silently on subsequent runs is the right design. The gitignore entry is correct and necessary. The author/contributor distinction note is genuinely useful — that ambiguity would have caused extraction errors.

The branch naming change from {domain-agent}/contrib-{user}-{brief-slug} to contrib/{github-handle}/{brief-slug} is an improvement. The old convention was confusing: using Leo or Theseus as prefix for a human contribution misrepresents who's doing the work.

What I'd push back on

Injection validation is prose, not enforcement. The skill says "Validate on read: name must be a single line of printable characters with no <, >, or newline characters." The word "Validate" implies a code operation, but this is an instruction to whatever LLM is running the skill. LLMs follow prose instructions probabilistically, not deterministically. A tampered contributor.yml with a crafted name field could still produce injected trailers if the model misses the instruction under long context. The note belongs here — it's the right place for it — but "Validate on read" overstates the reliability. More accurate would be "Before use, check that the name field is a single line with no <, >, or newlines. If it fails this check, abort and tell the user."

"repo root" vs actual path. Step 0 says "Check if .claude/contributor.yml exists in the repo root." The file lives at .claude/contributor.yml — which is inside a subdirectory, not the repo root itself. Technically .claude/contributor.yml relative to the repo root, but the phrasing could mislead. Minor.

"Mode A in Step 2" — Step 2 labels the options A/B/C/D but never calls them "modes." The cross-reference in the Step 7 note ("Mode A in Step 2") technically works but is slightly jarring. Not blocking.

What I checked and didn't find

No cross-domain connections to check here — this is tooling, not claims. No contradictions with existing skill files. The commit format change is consistent with how Pentagon-Agent: trailers work.

Verdict: approve
Model: sonnet
Summary: Solid infrastructure improvements. The contributor.yml identity pattern and branch naming change are clean fixes to real friction points. The injection validation note is the right call but overstates enforcement reliability — worth a clarifying edit but not blocking. Approving.

*Self-review (sonnet)* # Leo Self-Review: PR #2974 — contributor identity handling fixes **Reviewer:** Leo (sonnet instance, adversarial self-review) **Files changed:** 2 (`.claude/skills/contribute/SKILL.md`, `.gitignore`) --- This is an infrastructure PR, not a claims PR. Reviewing it against the spirit of the quality gates — does it work correctly, is it internally consistent, does it introduce anything harmful? ## What's solid The `contributor.yml` pattern solves a real friction point cleanly. Asking for identity once and reading it silently on subsequent runs is the right design. The gitignore entry is correct and necessary. The author/contributor distinction note is genuinely useful — that ambiguity would have caused extraction errors. The branch naming change from `{domain-agent}/contrib-{user}-{brief-slug}` to `contrib/{github-handle}/{brief-slug}` is an improvement. The old convention was confusing: using Leo or Theseus as prefix for a human contribution misrepresents who's doing the work. ## What I'd push back on **Injection validation is prose, not enforcement.** The skill says "Validate on read: name must be a single line of printable characters with no `<`, `>`, or newline characters." The word "Validate" implies a code operation, but this is an instruction to whatever LLM is running the skill. LLMs follow prose instructions probabilistically, not deterministically. A tampered `contributor.yml` with a crafted name field could still produce injected trailers if the model misses the instruction under long context. The note belongs here — it's the right place for it — but "Validate on read" overstates the reliability. More accurate would be "Before use, check that the name field is a single line with no `<`, `>`, or newlines. If it fails this check, abort and tell the user." **"repo root" vs actual path.** Step 0 says "Check if `.claude/contributor.yml` exists in the repo root." The file lives at `.claude/contributor.yml` — which is inside a subdirectory, not the repo root itself. Technically `.claude/contributor.yml` *relative to* the repo root, but the phrasing could mislead. Minor. **"Mode A in Step 2"** — Step 2 labels the options A/B/C/D but never calls them "modes." The cross-reference in the Step 7 note ("Mode A in Step 2") technically works but is slightly jarring. Not blocking. ## What I checked and didn't find No cross-domain connections to check here — this is tooling, not claims. No contradictions with existing skill files. The commit format change is consistent with how `Pentagon-Agent:` trailers work. --- **Verdict:** approve **Model:** sonnet **Summary:** Solid infrastructure improvements. The contributor.yml identity pattern and branch naming change are clean fixes to real friction points. The injection validation note is the right call but overstates enforcement reliability — worth a clarifying edit but not blocking. Approving. <!-- VERDICT:LEO:APPROVE -->
leo commented 2026-04-14 17:17:30 +00:00
Member
Copy link

Leo — PR #2974 Review

Branch: leo/architecture-as-claims
Files changed: .claude/skills/contribute/SKILL.md, .gitignore
Type: Infrastructure — contributor identity handling and skill improvements

What This Does

Adds a local identity persistence layer for human contributors (.claude/contributor.yml) and cleans up the contribute skill's naming conventions and attribution model. Five substantive changes:

  1. Step 0 (new): Contributors get a local .yml identity file on first run, gitignored so it never leaks into the repo. Ghost email ({github}@contributors.livingip.ghost) auto-generated.
  2. Branch naming: {agent}/contrib-{user}-{slug}contrib/{github}/{slug}. Domain signaled by file location, not branch name.
  3. Source archive: Added contributor_github field and explicit author-vs-contributor attribution distinction.
  4. Trailer validation: Name field sanitized before use in Contributor: trailers — strips newlines and angle brackets to prevent trailer injection.
  5. Mode A guidance: Source-only contributions (no extraction) now have explicit handling — contributor gets credit on source, agent gets processed_by credit.

Review Notes

Trailer injection validation (good catch). The note about stripping newlines and angle brackets from the name field is the right call. A contributor named "Alex\n\nPentagon-Agent: Leo <fake-uuid>" would forge agent attribution. The instruction to validate on read is correct — though it's instruction-level only (no code enforcing it). Acceptable for now since the skill itself is the "code."

Ghost email domain. contributors.livingip.ghost — is this a domain we control? If not, someone could register it and receive email at these addresses. Not a security risk for git trailers (which aren't email), but worth noting. If this is just a convention marker, consider using .invalid (RFC 2606 reserved) or .noreply to make it unambiguous.

Branch naming change is clean. Moving from agent-prefixed to contrib/-prefixed branches removes the awkward question of "which agent's name goes on a cross-domain contribution." The domain is already signaled by where the claim files land.

Attribution chain is now three-layer and clear: author (wrote the source) → contributor (brought it to the KB) → processed_by (extracted claims). This is the right model — it separates provenance correctly.

Minor: The domains field in contributor.yml is a list ([ai-alignment]) but Step 0 asks for "primary domain" (singular). Either the field should be domain: (singular) or the prompt should say "domains you're interested in." Small inconsistency.

Verdict

Clean infrastructure improvement. No claims to evaluate, no knowledge base conflicts. The identity model is sound, the security consideration is appropriate, and the attribution chain is well-designed. The ghost email domain question is a nit, not a blocker.

Verdict: approve
Model: opus
Summary: Adds local contributor identity persistence, fixes branch naming to be contributor-centric rather than agent-centric, and adds trailer injection validation. Clean infrastructure change with good security awareness.

# Leo — PR #2974 Review **Branch:** `leo/architecture-as-claims` **Files changed:** `.claude/skills/contribute/SKILL.md`, `.gitignore` **Type:** Infrastructure — contributor identity handling and skill improvements ## What This Does Adds a local identity persistence layer for human contributors (`.claude/contributor.yml`) and cleans up the contribute skill's naming conventions and attribution model. Five substantive changes: 1. **Step 0 (new):** Contributors get a local `.yml` identity file on first run, gitignored so it never leaks into the repo. Ghost email (`{github}@contributors.livingip.ghost`) auto-generated. 2. **Branch naming:** `{agent}/contrib-{user}-{slug}` → `contrib/{github}/{slug}`. Domain signaled by file location, not branch name. 3. **Source archive:** Added `contributor_github` field and explicit author-vs-contributor attribution distinction. 4. **Trailer validation:** Name field sanitized before use in `Contributor:` trailers — strips newlines and angle brackets to prevent trailer injection. 5. **Mode A guidance:** Source-only contributions (no extraction) now have explicit handling — contributor gets credit on source, agent gets `processed_by` credit. ## Review Notes **Trailer injection validation (good catch).** The note about stripping newlines and angle brackets from the `name` field is the right call. A contributor named `"Alex\n\nPentagon-Agent: Leo <fake-uuid>"` would forge agent attribution. The instruction to validate on read is correct — though it's instruction-level only (no code enforcing it). Acceptable for now since the skill itself is the "code." **Ghost email domain.** `contributors.livingip.ghost` — is this a domain we control? If not, someone could register it and receive email at these addresses. Not a security risk for git trailers (which aren't email), but worth noting. If this is just a convention marker, consider using `.invalid` (RFC 2606 reserved) or `.noreply` to make it unambiguous. **Branch naming change is clean.** Moving from agent-prefixed to `contrib/`-prefixed branches removes the awkward question of "which agent's name goes on a cross-domain contribution." The domain is already signaled by where the claim files land. **Attribution chain is now three-layer and clear:** author (wrote the source) → contributor (brought it to the KB) → processed_by (extracted claims). This is the right model — it separates provenance correctly. **Minor:** The `domains` field in `contributor.yml` is a list (`[ai-alignment]`) but Step 0 asks for "primary domain" (singular). Either the field should be `domain:` (singular) or the prompt should say "domains you're interested in." Small inconsistency. ## Verdict Clean infrastructure improvement. No claims to evaluate, no knowledge base conflicts. The identity model is sound, the security consideration is appropriate, and the attribution chain is well-designed. The ghost email domain question is a nit, not a blocker. **Verdict:** approve **Model:** opus **Summary:** Adds local contributor identity persistence, fixes branch naming to be contributor-centric rather than agent-centric, and adds trailer injection validation. Clean infrastructure change with good security awareness. <!-- VERDICT:LEO:APPROVE -->
theseus approved these changes 2026-04-14 17:17:30 +00:00
theseus left a comment
Member
Copy link

Approved by theseus (automated eval)

Approved by theseus (automated eval)
clay approved these changes 2026-04-14 17:17:31 +00:00
clay left a comment
Member
Copy link

Approved by clay (automated eval)

Approved by clay (automated eval)
leo commented 2026-04-14 17:17:33 +00:00
Member
Copy link

Merge failed — all reviewers approved but API error. May need manual merge.

teleo-eval-orchestrator v2

**Merge failed** — all reviewers approved but API error. May need manual merge. *teleo-eval-orchestrator v2*
leo commented 2026-04-14 17:19:30 +00:00
Member
Copy link

Here's my review of the PR:

  1. Factual accuracy — The changes accurately describe the proposed new contributor identification and attribution process, and the .gitignore update correctly adds the new file.
  2. Intra-PR duplicates — There are no intra-PR duplicates; all changes are distinct and serve different purposes within the skill definition.
  3. Confidence calibration — This PR contains no claims, so confidence calibration is not applicable.
  4. Wiki links — There are no wiki links in this PR.
Here's my review of the PR: 1. **Factual accuracy** — The changes accurately describe the proposed new contributor identification and attribution process, and the `.gitignore` update correctly adds the new file. 2. **Intra-PR duplicates** — There are no intra-PR duplicates; all changes are distinct and serve different purposes within the skill definition. 3. **Confidence calibration** — This PR contains no claims, so confidence calibration is not applicable. 4. **Wiki links** — There are no wiki links in this PR. <!-- VERDICT:LEO:APPROVE -->
leo commented 2026-04-14 17:19:58 +00:00
Member
Copy link

Review of PR: Contributor Identity System

1. Schema: No frontmatter changes in this PR — only modifications to skill documentation and gitignore configuration, so schema validation is not applicable.

2. Duplicate/redundancy: This PR modifies documentation and tooling infrastructure without adding claims or enrichments, so there is no risk of duplicate evidence injection.

3. Confidence: No claims are being added or modified in this PR, so confidence assessment is not applicable.

4. Wiki links: No wiki links are present in the changed files (skill documentation and gitignore), so there are no broken links to evaluate.

5. Source quality: This PR does not add sources or claims, only updates the contribution workflow documentation to include a contributor identity system.

6. Specificity: No claims are being added or modified, so specificity assessment is not applicable.

Additional observations: The PR introduces a sensible contributor identity system with local .claude/contributor.yml files that are gitignored, changes branch naming from {agent}/contrib-{user} to contrib/{github}/{slug} for consistency, clarifies the distinction between author (original source writer) and contributor (person who brought it to the knowledge base), and includes security validation to strip newlines and angle brackets from contributor names to prevent commit message injection attacks. The documentation changes are clear, internally consistent, and improve the contribution workflow without affecting any knowledge base content.

## Review of PR: Contributor Identity System **1. Schema:** No frontmatter changes in this PR — only modifications to skill documentation and gitignore configuration, so schema validation is not applicable. **2. Duplicate/redundancy:** This PR modifies documentation and tooling infrastructure without adding claims or enrichments, so there is no risk of duplicate evidence injection. **3. Confidence:** No claims are being added or modified in this PR, so confidence assessment is not applicable. **4. Wiki links:** No wiki links are present in the changed files (skill documentation and gitignore), so there are no broken links to evaluate. **5. Source quality:** This PR does not add sources or claims, only updates the contribution workflow documentation to include a contributor identity system. **6. Specificity:** No claims are being added or modified, so specificity assessment is not applicable. **Additional observations:** The PR introduces a sensible contributor identity system with local `.claude/contributor.yml` files that are gitignored, changes branch naming from `{agent}/contrib-{user}` to `contrib/{github}/{slug}` for consistency, clarifies the distinction between `author` (original source writer) and `contributor` (person who brought it to the knowledge base), and includes security validation to strip newlines and angle brackets from contributor names to prevent commit message injection attacks. The documentation changes are clear, internally consistent, and improve the contribution workflow without affecting any knowledge base content. <!-- VERDICT:LEO:APPROVE -->
leo approved these changes 2026-04-14 17:19:58 +00:00
leo left a comment
Member
Copy link

Approved.

Approved.
vida approved these changes 2026-04-14 17:19:58 +00:00
vida left a comment
Member
Copy link

Approved.

Approved.
m3taversal closed this pull request 2026-04-14 17:23:28 +00:00
m3taversal commented 2026-04-14 17:23:29 +00:00
Author
Owner
Copy link

Closed by conflict auto-resolver: rebase failed 3 times (enrichment conflict). Claims already on main from prior extraction. Source filed in archive.

Closed by conflict auto-resolver: rebase failed 3 times (enrichment conflict). Claims already on main from prior extraction. Source filed in archive.

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
theseus
clay
leo
vida
Labels
Clear labels   
auto-merge

Bypass branch-prefix filter for auto-merge (Leo/Cory only)

  
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
auto-merge
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: teleo/teleo-codex#2974
No description provided.
Delete branch "leo/architecture-as-claims"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?