TPI-008 eval-first monkey model git auth recovery gate

notes/pr7_update_summary.md

@@ -0,0 +1,25 @@
+# PR #7 Update Summary
+
+## What this PR adds
+
+- a Git auth recovery plan
+- a remote reflection contract
+- a push decision surface for whether both repos can reflect their pending local state remotely
+
+## What still remains
+
+- no remaining Git auth recovery work in this loop
+- later loops may return to provider handoff or execution only after consuming the restored remote surfaces
+
+## First required recovery action
+
+This turn established that HTTPS + GitHub CLI credential helper is the working route.
+
+## Progress in this turn
+
+- `gh auth status` is healthy and `gh auth git-credential get` returns credentials
+- `gh auth setup-git --hostname github.com` succeeded
+- `exp/eval-first-007` was pushed and PR #6 head reflection recovered
+- SSH was checked but rejected because publickey auth failed
+- `exp/eval-first-008` was rebased onto the reflected base and pushed with `--force-with-lease`
+- `golf-soris-tpi-lab` replayed the local TPI-007 result onto current `origin/main` and pushed successfully

notes/tpi_008_git_auth_plan.md

@@ -0,0 +1,45 @@
+# TPI-008 Git Auth Plan
+
+## Objective
+
+Restore Git push/auth capability so the latest local TPI-007 state can be reflected remotely.
+
+## Public-facing name
+
+`MonkeyModel_GitAuthRecovery`
+
+## Immediate problem
+
+- `parameter-golf` local branch `exp/eval-first-007` was ahead of remote by 2 commits
+- `golf-soris-tpi-lab` local `main` was ahead by 2 and behind by 17
+- HTTPS push had previously stalled on the GitHub CLI credential path
+- PR #6 had become outdated because its head branch was not reflected remotely
+
+## Candidate recovery paths
+
+1. fix HTTPS credential flow
+2. switch origin remotes to SSH and push with existing key material
+3. use a temporary fallback only if it preserves clarity about divergence
+
+## Preferred direction
+
+Prefer a clean Git path that preserves local history and lets both repos push normally.
+
+## Facts established in this turn
+
+- `origin` uses HTTPS in both repos
+- `credential.https://github.com.helper` is `!/usr/bin/gh auth git-credential`
+- `gh auth status` is healthy and has `repo` scope
+- `gh auth git-credential get` returns a usable username/password pair
+- `gh auth setup-git --hostname github.com` completed successfully
+- `git push --dry-run origin exp/eval-first-007` succeeds
+- SSH is not the chosen path because `ssh -T git@github.com` returns `Permission denied (publickey)`
+
+## Chosen recovery path
+
+- choose HTTPS + GitHub CLI credential helper
+- do not switch remotes to SSH in this loop
+
+## Success condition
+
+Both repos can push pending local commits and PR #6 reflects the latest local TPI-007 absent-handoff state.

notes/tpi_008_push_decision.md

@@ -0,0 +1,44 @@
+# TPI-008 Push Decision
+
+## Status
+
+completed
+
+## Objective
+
+Record whether Git push/auth recovery has succeeded and whether the latest local TPI-007 state has been reflected remotely.
+
+## Required decision fields
+
+- push path selected: HTTPS + GitHub CLI credential helper
+- parameter-golf pushed or not: yes
+- golf-soris-tpi-lab pushed or not: yes
+- PR #6 updated or not: yes
+
+## Classification
+
+- `recovered`
+- `partial`
+- `blocked`
+
+## Remote reflection result
+
+- `exp/eval-first-007` was pushed from `fd91b70` to `15a0640`
+- `exp/eval-first-008` was rebased onto the reflected `exp/eval-first-007` and pushed with `--force-with-lease`
+- `golf-soris-tpi-lab` local TPI-007 results were replayed onto `origin/main` and pushed as the new `main`
+- PR #6 head remains `exp/eval-first-007` and now points at the latest local absent-handoff state
+- PR #7 head remains `exp/eval-first-008` and now points at the updated TPI-008 recovery notes
+
+## Classification result
+
+- `recovered`
+
+## Interpretation
+
+- Auth recovery succeeded for HTTPS pushes.
+- SSH remains non-viable in this workspace and is not needed.
+- Remote reflection also succeeded for both repos.
+
+## Gate
+
+Only after classification reaches `recovered` should later loops continue external-handoff or execution-resume work.

notes/tpi_008_remote_reflection_contract.md

@@ -0,0 +1,40 @@
+# TPI-008 Remote Reflection Contract
+
+## Objective
+
+Define the minimum steps needed to reflect the latest local TPI-007 state to the remote repositories.
+
+## Required outcomes
+
+- both repos can authenticate to their remotes
+- pending local commits can be pushed
+- remote branches match the expected local branch heads
+- PR #6 becomes an accurate review surface for the latest TPI-007 state
+
+## Minimum recovery steps
+
+1. inspect current `origin` remote URLs
+2. identify whether HTTPS or SSH is in use
+3. choose one working push path
+4. push `parameter-golf` branch `exp/eval-first-007` so PR #6 is current again
+5. rebase `exp/eval-first-008` onto the reflected `exp/eval-first-007`
+6. push `exp/eval-first-008`
+7. replay local TPI-007 result commits onto current `golf-soris-tpi-lab` `origin/main`
+8. add TPI-008 inspection artifacts on top of the synchronized `main`
+9. push `golf-soris-tpi-lab`
+6. verify remote branch heads
+7. verify PR #6 reflects the latest local state
+
+## Preferred outcome
+
+Use a normal Git push path that preserves local history and avoids manual out-of-band patching.
+
+## Current execution notes
+
+- `parameter-golf` is a pure auth / reflection problem
+- `golf-soris-tpi-lab` is not blocked on auth; it is blocked on non-fast-forward history and needs replay onto `origin/main`
+- for TPI-007 overlap in `golf-soris-tpi-lab`, keep remote theory/templates and keep local completed result files
+
+## Gate
+
+Do not continue external-handoff or execution work until remote reflection is repaired or explicitly declared impossible in this loop.