Skip to content

CI: Compile Manifest Attestation cannot see the cohort freeze — @mmnto/strategy-doctrine optional dep never materializes (no registry read auth), #2137 WARN-downgrade unreachable #2289

Description

@satur8d

The seam

verify-manifest's #2137 freeze-downgrade (lesson-only input-hash staleness → WARN, exit 0 while the rule-compilation freeze stands) works locally but is UNREACHABLE in the Compile Manifest Attestation workflow: the cohort freeze registry rides @mmnto/strategy-doctrine (optionalDependency), and CI never materializes it — the runner has no @mmnto registry read auth, so pnpm silently skips the optional dep (resolved 590, added 589, downloaded 0 — exactly one package short). readCohortFreezes then reports absent-package, which is a SILENT no-freeze-visible (by design, conservative), and the gate blocks.

First hit: #2288 (the first lesson-touching PR since #2137 shipped) — attestation FAILED on the exact staleness class the downgrade was built for, with zero diagnostic trail (the silent absent-package path prints nothing, so the CI log shows a bare input-hash FAIL that contradicts the local PASS-under-freeze).

Consequence

Every lesson-landing PR during the freeze needs the [UPDATE-RULES] bypass — which also skips the OUTPUT-hash check (the compiled-rules.json tamper guard), a strictly worse posture than the designed WARN-downgrade.

Candidate fixes (not mutually exclusive)

  1. Registry read auth in the attestation workflow — couples to feat(doctor): adopt npm-registry-read-auth parity row + wire its capability-probe (strategy#630) — bump @mmnto/strategy-doctrine 0.1.10→0.1.11 #2213 (npm-registry-read-auth parity row / capability probe, strategy#630). Makes the optional dep materialize; the consult then sees the cohort freeze and the designed downgrade fires in CI.
  2. Warn on absent-package when the dep is DECLAREDreadCohortFreezes stays silent on absent-package; when @mmnto/strategy-doctrine appears in the workspace manifest but is not installed, a warning ("declared but not installed — cohort freezes not visible") would have named the root cause in the CI log instead of leaving a bare hash mismatch.
  3. Freeze-visibility parity probe — a doctor row asserting "if the lockfile declares the doctrine pin, the freeze file is readable here"; CI drift from local becomes a named failure rather than a symptom.

Option 1 is the real fix; option 2 is a cheap diagnosability win worth doing regardless.

🤖 Generated with Claude Code

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions