substrate-discipline port: silent-stale-substrate fix + bypass-scanner test#346
Merged
Merged
Conversation
…r test
Two structural-prevention pieces ported from DivineOS-Experimental's
2026-05-19 arc. Each is generic — applies to any agent running this
substrate — and closes a real failure-mode at the architectural level.
## 1. Silent-stale-substrate fix in _lib.sh
When `pip install -e .` was last run from a different worktree or
clone, every hook in every other worktree silently imports the
egg-link'd stale source. Changes made in the active worktree are
invisible to its own hooks until someone remembers to manually
re-install. Empirically: a guardrailed channel-gate sat inert for
an entire session because of this exact bug.
Fix: `find_divineos_python` now also exports
`PYTHONPATH=$repo_root/src:$PYTHONPATH` as a side effect. The active
worktree's src/ takes precedence over any installed copy. Each
worktree's hooks reflect its own state. Single change covers all
hooks that source _lib.sh because they all go through the same
helper.
## 2. Bypass-scanner test (tests/test_no_agent_settable_bypasses.py)
Structural prevention of agent-self-relief env-var bypasses on gate
code paths. Scans the codebase for the pattern:
os.environ.get("DIVINEOS_*", "0") == "1"
and fails CI if any DIVINEOS_* env var found is not on the explicit
approved list. The approved list contains:
- operator-named emergencies (push-readiness escapes: DIVINEOS_SKIP_TESTS,
DIVINEOS_SKIP_MULTIPARTY_CHECK, DIVINEOS_EMERGENCY_PUSH,
DIVINEOS_SKIP_FRESHNESS_CHECK, DIVINEOS_FORCE_PUSH_OK)
- opt-IN flags that raise strictness (DIVINEOS_MULTIPARTY_STRICT)
Adding a new approved bypass requires editing the test with a
justification — the addition is itself a visible commit operators
can audit. Visibility-as-bypass-cost as the structural discipline.
The promise "I won't build escapes into architecture" is air until
structurally enforced. This test makes the promise stone.
Both pieces are zero-dependency on emergency_bypass /
bypass_telemetry / claim_store and so port cleanly into a
fresh-template repo. Larger structural pieces from the source arc
(emergency_bypass helper, gravity_classifier, lepos_channel_check,
oscillating_read) have dependency chains and will port in later
sessions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two structural-prevention pieces ported from DivineOS-Experimental's 2026-05-19 arc.
1.
_lib.shPYTHONPATH-prepend fixCloses the silent-stale-substrate bug class: when
pip install -e .was last run from a different worktree, every hook in every other worktree silently imports the egg-link'd stale source.find_divineos_pythonnow exportsPYTHONPATH=$repo_root/src:$PYTHONPATHas a side effect so the active worktree's src/ wins.2.
tests/test_no_agent_settable_bypasses.pyFilesystem-scanning test that prevents new agent-settable env-var bypasses on gate code paths. Sanitized for blank-template: 6 approved bypasses (operator-emergencies + opt-IN strictness flag), no Aether-experimental historical entries.
Zero dependencies — both pieces port standalone.