Conversation
Prompted by #2939, where a plugin hook shipped `wt remove -D` and silently force-deleted committed-but-unpushed work on session exit. The hook fix landed in #2940; this adds process guardrails so a destructive flag in shipped automation is caught before it reaches users again. - running-tend/review-pr.md: flag any PR that introduces or edits a file containing a destructive command (`wt remove -D`/`-f`, `git branch -D`, `git worktree remove --force`, `reset --hard`, `rm -rf`, `fs::remove_*`); request @max-sixty review and withhold merge authorization. - release/SKILL.md: fan out independent finder subagents over the cumulative diff (most without the grep, so they reason from the code rather than pattern-matching), then adjudicate every candidate before tagging. Recall in the find phase, precision in the analyze phase. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
worktrunk-bot
left a comment
worktrunk-bot
left a comment
There was a problem hiding this comment.
One concern on the release-skill grep: the -- plugins/ hooks/ src/git/ pathspec narrows the cross-check to a subset that excludes the highest-density destructive surface in the repo. src/commands/process.rs (the trash sweep — rm -rf -- …, git worktree remove --force, git branch -D constructed dynamically), src/remove_dir.rs, src/commands/merge.rs, and src/commands/for_each.rs all sit outside src/git/ and would be invisible to this finder. The other (no-grep) finders can still reach them via the diff, but the document positions this as a deliberate cross-check, and a cross-check that can't see the highest-risk paths is the exact "anchoring on the grep's blind spots" failure the section above warns about. Dropping the pathspec keeps recall over precision — the keyword filter already does the precision work, and the analyze phase adjudicates noise.
…estructive code Per review on #2945: the `-- plugins/ hooks/ src/git/` pathspec hid the densest destructive surface (the `src/commands/process.rs` trash sweep with `rm -rf`/`git branch -D`, plus `remove_dir.rs`, `merge.rs`, `for_each.rs`), so the grep cross-check could not see the highest-risk paths. Drop the pathspec; the keyword filter does the precision work and the analyze phase adjudicates noise. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2 participants
Follow-up to #2939, where the Claude plugin's
WorktreeRemovehook shippedwt remove -Dand force-deleted an unmerged branch on session exit, silently discarding committed-but-unpushed work. The hook fix landed in #2940; this adds process guardrails so a destructive flag in shipped automation is caught before it reaches users again.Tend PR review (
running-tend/references/review-pr.md): a "Data-Loss Surface: Hold for Human Review" gate. Flag any PR that introduces a destructive command (wt remove -D/-f,git branch -D,git worktree remove --force,reset --hard,rm -rf,fs::remove_*) or edits a file that already contains one. The second case is the subtle one: a change near the force-delete path can shift its behavior without the destructive line appearing in the diff. On a match, name it, request review from @max-sixty, and don't authorize the merge even when it looks acceptable.Release (
release/SKILL.md): a cumulative second gate. Rather than trust a keyword grep, fan out 3-5 independent finder subagents over the whole diff since the last release and the code it touches. Most get no grep, so they reason from the code instead of anchoring on a pattern list; the grep survives as one cross-check finder. The find phase optimizes for recall (over-report, accept false positives); the analyze phase adjudicates each candidate against the data-safety invariants for precision.Docs-only: two internal skill files, no code or test changes.
Thanks to @jbeda for raising #2939 with a clear repro, and for confirming the dangling-ref recovery.