You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CI: Compile Manifest Attestation cannot see the cohort freeze — @mmnto/strategy-doctrine optional dep never materializes (no registry read auth), #2137 WARN-downgrade unreachable #2289
verify-manifest's #2137 freeze-downgrade (lesson-only input-hash staleness → WARN, exit 0 while the rule-compilation freeze stands) works locally but is UNREACHABLE in the Compile Manifest Attestation workflow: the cohort freeze registry rides @mmnto/strategy-doctrine (optionalDependency), and CI never materializes it — the runner has no @mmnto registry read auth, so pnpm silently skips the optional dep (resolved 590, added 589, downloaded 0 — exactly one package short). readCohortFreezes then reports absent-package, which is a SILENT no-freeze-visible (by design, conservative), and the gate blocks.
First hit: #2288 (the first lesson-touching PR since #2137 shipped) — attestation FAILED on the exact staleness class the downgrade was built for, with zero diagnostic trail (the silent absent-package path prints nothing, so the CI log shows a bare input-hash FAIL that contradicts the local PASS-under-freeze).
Consequence
Every lesson-landing PR during the freeze needs the [UPDATE-RULES] bypass — which also skips the OUTPUT-hash check (the compiled-rules.json tamper guard), a strictly worse posture than the designed WARN-downgrade.
Warn on absent-package when the dep is DECLARED — readCohortFreezes stays silent on absent-package; when @mmnto/strategy-doctrine appears in the workspace manifest but is not installed, a warning ("declared but not installed — cohort freezes not visible") would have named the root cause in the CI log instead of leaving a bare hash mismatch.
Freeze-visibility parity probe — a doctor row asserting "if the lockfile declares the doctrine pin, the freeze file is readable here"; CI drift from local becomes a named failure rather than a symptom.
Option 1 is the real fix; option 2 is a cheap diagnosability win worth doing regardless.
The seam
verify-manifest's #2137 freeze-downgrade (lesson-only input-hash staleness → WARN, exit 0 while therule-compilationfreeze stands) works locally but is UNREACHABLE in the Compile Manifest Attestation workflow: the cohort freeze registry rides@mmnto/strategy-doctrine(optionalDependency), and CI never materializes it — the runner has no@mmntoregistry read auth, so pnpm silently skips the optional dep (resolved 590, added 589, downloaded 0— exactly one package short).readCohortFreezesthen reportsabsent-package, which is a SILENT no-freeze-visible (by design, conservative), and the gate blocks.First hit: #2288 (the first lesson-touching PR since #2137 shipped) — attestation FAILED on the exact staleness class the downgrade was built for, with zero diagnostic trail (the silent absent-package path prints nothing, so the CI log shows a bare input-hash FAIL that contradicts the local PASS-under-freeze).
Consequence
Every lesson-landing PR during the freeze needs the
[UPDATE-RULES]bypass — which also skips the OUTPUT-hash check (thecompiled-rules.jsontamper guard), a strictly worse posture than the designed WARN-downgrade.Candidate fixes (not mutually exclusive)
readCohortFreezesstays silent on absent-package; when@mmnto/strategy-doctrineappears in the workspace manifest but is not installed, a warning ("declared but not installed — cohort freezes not visible") would have named the root cause in the CI log instead of leaving a bare hash mismatch.Option 1 is the real fix; option 2 is a cheap diagnosability win worth doing regardless.
🤖 Generated with Claude Code