0%

Section 10: Bootstrap-Bypass Marker Lifecycle

Status: Not Started Goal: The root enabler of the §08 fabrication is a stale bootstrap-bypass marker (owning bootstrap archived 2026-05-15) that disables hook_dispatch’s raw-edit blocking project-wide. Restore that protection safely — confirm write.py can perform the plan edits the bypass currently permits, add a marker-expiry guard, then remove the stale marker.

Success Criteria:

  • write.py coverage inventory: every plan-edit surface maps to a working write.py / bug_tracker.api route, OR the gap is named (blocks safe removal).
  • Marker-expiry guard: hook_dispatch honors a bypass marker ONLY while its owning bootstrap is open (owning-section reference / expiry); refuses an archived-owner or expired marker.
  • Stale .claude/.plan-corpus-bootstrap-active removed once coverage confirmed.
  • Regression test: raw Edit to a plans/ file is DENIED with the marker absent/expired.

Context: .claude/.plan-corpus-bootstrap-active (content: plan-json-migration §01 bootstrap window) bypasses hook_dispatch.decide() unconditionally (hook_dispatch.py:293-295). Its owning section plans/completed/scripts-first-workflow-architecture/_archive/2026-05-15-pre-fold/plan-json-migration/section-01-invariant-gates.md was archived 2026-05-15 (still status: in-progress); the §01.N close-out that should have removed the marker never ran. Result: hook_dispatch returns allow for every Edit/Write to plans/** + bug-tracker/** — the raw-edit fabrication vector for §08. Removing the marker re-blocks raw edits but forces all mutation through write.py, whose callers note it “does not cover overview/index rewrites yet” — hence the coverage confirmation gate before removal.

Depends on: None to start (10.1 + 10.2 are independent); 10.3 (removal) is gated on 10.1 confirming coverage. High priority within the rewire — this is the raw-edit protection layer companion to §01’s write-routine layer.

Intelligence Reconnaissance

Queries run 2026-05-26:

  • scripts/intel-query.sh search "hook_dispatch bootstrap bypass marker" — N/A on the Rust-only code-symbol graph; this section edits scripts/plan_corpus/hook_dispatch.py + a marker file. Recorded per plan-schema non-Rust allowance.
  • Direct grounding (this session): hook_dispatch.py:290-295ORI_HOOK_DISPATCH_BYPASS=1 env OR .claude/.plan-corpus-bootstrap-active marker → _allow() unconditionally. Marker present (42 bytes, 2026-05-15), tracked/committed, owning section archived under _archive/2026-05-15-pre-fold/. plan-complete.py:418-420 notes write.py “JSON-native scope does not cover overview/index rewrites yet.”

Results summary [ori]: bypass surface = hook_dispatch.decide() marker/env short-circuit. Safe-removal precondition = write.py (+ bug_tracker.api) covers the plan-edit surfaces the bypass currently allows. Durable fix = marker-expiry guard keyed on owning-section status / expiry date so an archived-owner marker stops being honored. UNVERIFIED: full write.py edit-surface coverage — that inventory IS 10.1.

10.1 Inventory + confirm write.py coverage of plan-edit surfaces

File(s): scripts/plan_corpus/write.py; scripts/plan_corpus/bug_tracker/api.py (read-only inventory)

  • Inventory the plan-edit surfaces currently performed via raw Edit (because the bypass allows it): frontmatter status/reviewed flips, checkbox flips, sections: array updates, 00-overview.md Quick-Reference + mission-criteria updates, index.md status updates, HISTORY-block appends.
  • Map each surface to a working write.py / bug_tracker.api route. For any surface write.py cannot perform, record the gap explicitly — that gap blocks marker removal (10.3) until closed (the gap closure is plan-json-migration work; cite it, do not silently absorb).
  • Subsection close-out (10.1) — MANDATORY before 10.2:
    • Tasks [x]; coverage inventory recorded; update subsection statuscomplete.
    • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

10.2 Marker-expiry guard in hook_dispatch (honor only open bootstraps)

File(s): scripts/plan_corpus/hook_dispatch.py; scripts/plan_corpus/tests/

  • Extend the marker contract: a bootstrap-bypass marker MUST carry an owning-section path (or an expiry date). hook_dispatch.decide() honors the marker ONLY when the owning section is genuinely open (status not complete, not under an _archive/ path) AND (if present) the expiry has not passed; otherwise it ignores the marker and enforces normally.
  • Tests: marker with an open owning-section → honored (allow); marker with an archived/complete owning-section → NOT honored (deny on plan-path edit); expired marker → NOT honored.
  • Subsection close-out (10.2) — MANDATORY before 10.3:
    • Tasks [x]; python3 -m pytest scripts/plan_corpus/tests/ -q green for the new cases; update subsection statuscomplete.
    • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

10.3 Remove the stale marker; verify raw-edit blocking restored

File(s): .claude/.plan-corpus-bootstrap-active (removal)

  • GATED on 10.1: only proceed when write.py coverage is confirmed (no blocking gap) OR the marker-expiry guard (10.2) makes the stale marker inert.
  • Remove .claude/.plan-corpus-bootstrap-active (the plan-json-migration §01 bootstrap is archived; its window is over).
  • Verify: python3 -m scripts.plan_corpus.hook_dispatch --tool Edit --args '{"file_path":"plans/foo/section-01.md"}' now returns deny (raw-edit blocking restored).
  • Subsection close-out (10.3) — MANDATORY before 10.N:
    • Tasks [x]; raw plan edit denied; update subsection statuscomplete.
    • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

10.N Completion Checklist

  • 10.1–10.3 [x] and status complete.
  • write.py coverage confirmed (or gap named + cited as a blocker).
  • Marker-expiry guard live; archived-owner / expired markers not honored.
  • Stale marker removed; hook_dispatch denies raw Edit/Write to plans/** + bug-tracker/**.
  • python3 -m pytest scripts/plan_corpus/tests/ -q green (marker-expiry cases).
  • Plan sync — close via §06 /independent-review (bootstrap caveat); update 00-overview.md + index.md.
  • Repo hygiene checkcompiler_repo/diagnostics/repo-hygiene.sh --check.

Exit Criteria: The stale bootstrap-bypass marker is removed; hook_dispatch re-blocks raw plan-file edits; a marker-expiry guard prevents any future bootstrap bypass from silently outliving its window; write.py coverage of plan-edit surfaces is confirmed (or the blocking gap is named and cited).