From 0aff45d156b959dc7a135cf162213ce3c62cc333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jose=20Villase=C3=B1or=20Montfort?= <195970+montfort@users.noreply.github.com> Date: Fri, 29 May 2026 00:10:55 -0600 Subject: [PATCH] docs(audit): save upstream-feedback drafts for Charter-01 Fase 1 Records the four adopter findings owed upstream to StrangeDaysTech/straymark (discussion #205): the two CLI/doc friction items already filed (straymark#207, #208) and the two pattern-candidate drafts (declared-but-not-wired at N=2; the dual-model audit calibration discipline) to file at Charter close, alongside the external_audit telemetry in external-audit-pending.yaml. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../CHARTER-01/upstream-feedback-drafts.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 .straymark/audits/CHARTER-01/upstream-feedback-drafts.md diff --git a/.straymark/audits/CHARTER-01/upstream-feedback-drafts.md b/.straymark/audits/CHARTER-01/upstream-feedback-drafts.md new file mode 100644 index 0000000..53a33d3 --- /dev/null +++ b/.straymark/audits/CHARTER-01/upstream-feedback-drafts.md @@ -0,0 +1,129 @@ +# Upstream feedback drafts — StrayMark (from Charter-01 Fase 1) + +> Adopter feedback that LNXDrive owes upstream to `StrangeDaysTech/straymark`, +> referencing the adoption discussion +> [#205](https://github.com/StrangeDaysTech/straymark/discussions/205). +> +> **Status of the four findings from the Fase-1 work:** +> +> | # | Finding | Channel | State | +> |---|---|---|---| +> | 2a | `charter drift` rejects the range its Charter template ships | CLI/format friction (ad-hoc) | ✅ filed — [straymark#207](https://github.com/StrangeDaysTech/straymark/issues/207) | +> | 2b | `charter audit --prepare` default range under-covers phase audits | Documentation gap (ad-hoc) | ✅ filed — [straymark#208](https://github.com/StrangeDaysTech/straymark/issues/208) | +> | 1 | "declared but not wired" transfers to N=2 (crate/D-Bus surface) | Pattern candidate | 🕓 draft below — file at Charter close | +> | 3 | External-audit calibration results (dual-model + calibrator-hunts-missed) | External audit results / pattern | 🕓 draft below — file at Charter close | +> +> The cadence committed in #205 is **per Charter close** for telemetry + audit +> results, so drafts (1) and (3) wait until `straymark charter close +> CHARTER-01-road-to-v0-1-0-alpha-1`. The `external_audit:` array itself lives in +> `external-audit-pending.yaml` in this directory. + +--- + +## Draft (1) — Pattern candidate: "declared but not wired" at N=2 across crate/D-Bus + +Use the `Adopter feedback / upstream finding` issue template. Paste field values: + +```markdown +### Adopter project +lnxdrive + +### Adoption discussion link +https://github.com/StrangeDaysTech/straymark/discussions/205 + +### Finding type +Pattern candidate — recurring anti-pattern or discipline worth documenting + +### Charter / telemetry reference +CHARTER-01-road-to-v0-1-0-alpha-1 + +### N-context +N=2 for the "Polish Charter as debt-detection / declared-but-not-wired" +pattern (Sentinel = N=1), now in a Rust FUSE/D-Bus/multi-crate domain. + +### Description +The Fase-1 external audit reproduced the surface-declaration anti-pattern at +N=2, and — as predicted in the adoption discussion — with MORE surface than the +Go single-service case: the gap spanned a crate boundary AND a D-Bus method +signature, not one file. + +RISK-002 was declared in the Charter as "opaque `SessionHandle` exposed by a new +`lnxdrive-daemon/src/dbus_iface.rs`". The shipped mitigation is +`Auth.CompleteAuthViaGOA(goa_account_path) -> bool` in `lnxdrive-ipc/src/service.rs` ++ `goa_auth_backend.rs` (security-equivalent, a deliberate minimum-viable +decision). No `SessionHandle` type exists; `dbus_iface.rs` was never created. +The decision was recorded in the AILOG's Context, but the Charter +`## Files to modify` table was never atomically backported — exactly the +"declared but not wired (in the doc)" gap. + +Two heterogeneous auditors flagged it independently: gemini-3-1-pro-high via the +stale table row, gpt-5.2-codex via the scope-vs-implementation mismatch. A +post-hoc review would likely have missed it; the ex-ante Charter declaration is +what made the divergence legible. + +### Proposed upstream change +Crystallize the pattern as validated at N=2. Concrete CLI idea surfaced by this +case: `charter drift` could flag `Files to modify` rows whose paths do not exist +in the tree (here `dbus_iface.rs` never existed) — a cheap mechanical signal for +"declared but not wired" that needs no semantic analysis. +``` + +--- + +## Draft (3) — External-audit results: heterogeneity + calibrator-hunts-missed + +Use the `Adopter feedback / upstream finding` issue template. Paste field values: + +```markdown +### Adopter project +lnxdrive + +### Adoption discussion link +https://github.com/StrangeDaysTech/straymark/discussions/205 + +### Finding type +Pattern candidate — recurring anti-pattern or discipline worth documenting + +### Charter / telemetry reference +CHARTER-01-road-to-v0-1-0-alpha-1 + +### N-context +N=2 for the external-audit calibration discipline (dual/multi-model) — first +real dual-model run outside Sentinel. + +### Description +First end-to-end run of `straymark-audit-prompt -> -execute -> -review` on a real +phase, pre-merge, with two auditors of different families. Two observations the +telemetry supports: + +1. Heterogeneity paid off — the families caught DIFFERENT real things: + gemini-3-1-pro-high found the RISK-002 governance drift; gpt-5.2-codex found a + dead `--capture-seconds` flag in a test script that gemini missed. Convergence + AND divergence were both signal. +2. The calibrator must hunt, not just reconcile — the single most material + finding (a daemon silently masking config-parse errors via `load_or_default`, + undermining ISSUE-002 observability) was found by the review step's own code + sweep, NOT by either auditor. This validates the skill's "find what the + auditors missed" instruction as load-bearing, not optional. + +### Telemetry excerpt (optional) +(YAML — see external-audit-pending.yaml in this directory) + +external_audit: + - auditor: "gemini-3-1-pro-high" + findings_total: 1 + findings_by_category: {hallucination: 0, implementation_gap: 1, real_debt: 0, false_positive: 0} + audit_quality: "high" + - auditor: "gpt-5.2-codex" + findings_total: 2 + findings_by_category: {hallucination: 0, implementation_gap: 1, real_debt: 1, false_positive: 0} + audit_quality: "high" +# calibrator (claude-opus-4-8): 2 auditor findings consolidated (1 agreed, 1 unique), +# 0 false positives, +1 finding missed by all auditors. Ratings: gemini 7.0/10, gpt 8.0/10. + +### Proposed upstream change +Document the calibrator's "missed-by-all" sweep as a required step (with this run +as evidence), and consider capturing per-auditor "unique vs agreed" counts in the +telemetry schema — the divergence count is what quantifies the value of adding a +second family. +```