fix(TAP-1876): name the file-based remediation in validate-command.sh denial + ship python-introspection skill#20
Merged
Conversation
… denial + ship python-introspection skill Claude burned ~28 of 50 loops in the 2026-05-15 → 2026-05-16 tapps-brain campaign retrying `python3 -c "…"` for read-only introspection. The hook correctly denied each attempt, but the denial message said nothing about the workaround — file-based execution is allowed and trivial. Three changes, all of which carry the same answer (`python3 /tmp/snippet.py`) to a different surface: 1. templates/hooks/validate-command.sh section 4 now emits the BLOCKED line WITH a per-interpreter remediation suggesting the right /tmp/ extension (.py / .js / .pl / .rb / .sh) and the file-based invocation Claude should use instead. The .ralph/ runtime copy is kept byte-identical per the TAP-624 parity rule. 2. New Tier-B skill at templates/skills/global/python-introspection/ walks a decision ladder — Read/Grep first, then file-based script, then a project-tree snippet for repeated use — with one worked example (import + version check) and an explicit anti-pattern list. 3. lib/skill_retro.sh gains a new friction signal: interpreter_dash_c_denials. When the rolling window catches ≥3 BLOCKED lines matching `(python|python3|perl|ruby|node|bash|sh|zsh) -[ce]`, skill_retro_apply auto-installs python-introspection so the next loop reaches for the file-based path instead. The 15 new bats cases cover BLOCKED + remediation text for all seven interpreters, confirm file-based invocations still pass through, gate the friction-detector at the 3-denial threshold, and re-assert the template/.ralph byte-parity invariant. Full unit (1741) + integration (203) suites green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
wtthornton
added a commit
that referenced
this pull request
May 16, 2026
…1876, TAP-1877) Cuts 2.15.1 over the 2026-05-15 → 2026-05-16 tapps-brain log review. All three tickets land as fixes to observable regressions in the coordinator brief flow, the validate-command.sh denial UX, and the post-run Execution stats WARN line. - TAP-1875 (#19) — coordinator brief.json missing on ~88% of cache-miss spawns. Tighter agent contract + harness-side prompt + one-time retry + brain_learn_failure regression signal. - TAP-1876 (#20) — python3 -c friction in validate-command.sh denial flow. Remediation message + Tier-B python-introspection skill + skill_retro auto-install hook. - TAP-1877 (#21) — '(00 scope, N system)' double-zero leak in Execution stats WARN. Replaced `grep -c | echo 0` idiom with documented `tr -cd '0-9' || true` pattern; extracted into testable helper. CLAUDE.md "Coordinator brief" section updated with the TAP-1875 retry + brain_learn invariants. Unit suite 1751/1751 green, integration 203/203 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Claude burned ~28 of 50 loops in the 2026-05-15 → 2026-05-16 tapps-brain campaign retrying
python3 -c "…"for read-only introspection. The hook correctly denied each attempt, but the denial message said nothing about the workaround — file-based execution is allowed and trivial.templates/hooks/validate-command.shsection 4 now emits theBLOCKEDline WITH a per-interpreter remediation suggesting the right/tmp/extension (.py/.js/.pl/.rb/.sh)..ralph/runtime copy kept byte-identical per the TAP-624 parity rule.templates/skills/global/python-introspection/— decision ladder (Read/Grep first, then file-based script, then project-tree snippet) with one worked example + anti-pattern list.lib/skill_retro.shgains aninterpreter_dash_c_denialsfriction signal — at ≥3 BLOCKED lines matching(python|python3|perl|ruby|node|bash|sh|zsh) -[ce],skill_retro_applyauto-installs the new skill.Test plan
tests/unit/test_validate_command.bats(+15 cases): BLOCKED + remediation text for all 7 interpreters, file-based invocations stay allowed, skill files exist + describe remediation, friction detector gates at the 3-denial threshold, byte-parity guard🤖 Generated with Claude Code