chore: cut 1.15.4 patch

[satur8d]

Summary

Patch release bundling two compile-worker prompt classifier improvements that surfaced from mmnto-ai/liquid-city authoring friction. Both close fidelity gaps between lesson prose authors wrote and the compiled rule that shipped.

• PR feat(cli): test-contract scope classifier in compile prompt (#1626) #1652 (3037591d) — Test-contract scope classifier (closes core: compile-worker scope derivation mis-scopes test-contract lessons away from tests #1626). Compile-worker recognizes test-contract lessons via three signals (testing tag, test-framework calls in examples, lesson-body references) and emits test-inclusive fileGlobs instead of the default !**/*.test.* exclusion. Anti-lazy guard against "API Contracts" / "Data Contracts" keyword-only false positives.
• PR feat(core): honor declared severity from lesson prose in compile output (#1656) #1658 (66e26da2) — Declared severity override (closes core: compile LLM emits 'severity: warning' even when lesson prose declares 'Severity: error' #1656). New parseDeclaredSeverity(body) helper tolerant of markdown / punctuation shapes. buildCompiledRule honors a declaredSeverityOverride option with post-LLM deterministic override; severityOverride marker threaded through rejection paths. Telemetry via new onSeverityOverride callback recorded to .totem/temp/telemetry.jsonl tagged type: 'severity-override'. Both compile prompts gain a Declared Severity directive section; every schema and few-shot example now carries "severity".

LC impact

• liquid-city test-contract rules ("Normalize temp paths for cross-platform equality", "Spy on logger contracts in tests") previously shipped with scopes that excluded tests and silently never fired. Retriage via totem compile --upgrade <hash> closes this on a follow-up chore PR.
• liquid-city ADR-008 authoring on PR 77 burned ~10 manual severity-edit commits across R2 + R3 rounds because the compile pipeline emitted "severity": "warning" despite lesson prose declaring Severity: error. The mechanical re-edit loop goes away.

Scope

• .changeset/1.15.4-lc-velocity-classifier-improvements.md — patch-level across the fixed group. Two-section release notes.
• docs/active_work.md — preamble rewritten for 1.15.4. Recently Shipped entry covers both PRs with SHAs + per-feature detail + LC-queue state + bot-review tail from feat(core): honor declared severity from lesson prose in compile output (#1656) #1658 (four rounds, all addressed).
• .strategy submodule bump 113179c → 7892892b. Picks up strategy PR fix: LanceDB deleteByFile case-sensitivity + core test suite #125 (upstream-feedback items 015 + 016 from LC session-17) and strategy PR Epic: Frictionless 10-Minute Init (totem init) #124 (upstream-feedback item 017 — three-layer language-support-gap addendum for the pending Rust-support arc).

No code changes in this PR; the two feature PRs already landed on main with their own test suites passing.

Test plan

• pnpm run format
• pnpm exec totem lint PASS (0 violations)
• pnpm exec totem verify-manifest PASS (443 rules)
• pnpm exec totem review (deterministic fast-path, non-code changes)
• Pre-push hook PASS
• Bot review (CR + GCA)
• CI green
• Auto-generated Version Packages PR shipping 1.15.4

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a patch release (1.15.4) for the compile-worker, focusing on improving the fidelity of compiled rules based on lesson prose. By introducing a new test-contract scope classifier and a mechanism for declared severity overrides, the changes ensure that compiled rules better align with the author's original intent, particularly regarding test file coverage and severity levels. These improvements resolve specific authoring friction points and include necessary documentation updates and strategy submodule synchronization.

Highlights

• Release 1.15.4: Bundles two compile-worker prompt classifier improvements to address authoring friction in downstream projects.
• Test-Contract Scope Classifier: Teaches the compile-worker to recognize test-related lessons and emit test-inclusive file globs, preventing false negatives in test files.
• Declared Severity Override: Introduces a helper to parse severity declarations from lesson prose and allows deterministic overrides, improving fidelity between author intent and compiled rules.
• Strategy Submodule Update: Advances the strategy submodule pointer to incorporate recent upstream feedback and documentation updates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7f7e9ce3-4778-4571-a6f1-d567ec376d18

📥 Commits

Reviewing files that changed from the base of the PR and between 66e26da and 2cb0e79.

📒 Files selected for processing (3)

• .changeset/1.15.4-lc-velocity-classifier-improvements.md
• .strategy
• docs/active_work.md

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build & Lint (windows-latest)
• GitHub Check: Build & Lint (ubuntu-latest)
• GitHub Check: Build & Lint (macos-latest)

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{md,sh,yml,yaml}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Gemini CLI and GCA do not read .gemini/gemini.md (lowercase); use GEMINI.md at repo root for Gemini CLI and config.yaml/styleguide.md for GCA

Files:

• docs/active_work.md

**/*.md

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.md: Lesson headings must be limited to 60 characters to serve as stable SARIF identifiers
README and curated wiki pages must be human-authored; exclude from deterministic lint and LLM regen

Files:

• docs/active_work.md

**/*.{md,mdx,txt}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Remove or rewrite references to planned features in user guides (keep them only in roadmap docs)

Files:

• docs/active_work.md

**/.changeset/**

📄 CodeRabbit inference engine (GEMINI.md)

Write .changeset/ files manually. Use pnpm run version (never bare pnpm version)

Files:

• .changeset/1.15.4-lc-velocity-classifier-improvements.md

🧠 Learnings (28)

📓 Common learnings

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1163
File: .totem/compiled-rules.json:6599-6607
Timestamp: 2026-04-03T17:10:29.834Z
Learning: In mmnto-ai/totem, the compiled rule with lessonHash d58c2dd2c7f123ac (“Use totem-context for inline justifications”) currently applies to Markdown and can emit incorrect remediation there. This refinement is tracked in issue `#1166`, deferred to release 1.11.0, with a broader pipeline solution tracked in `#1131`. Fixes must be applied via the compiler pipeline (baseline truth check `#701`), not by manually editing .totem/compiled-rules.json.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1625
File: .junie/skills/totem-rules/rules.md:2044-2044
Timestamp: 2026-04-23T00:38:42.085Z
Learning: mmnto-ai/totem: Mis-scoping of “test-contract” lessons to exclude test files is a known compile-worker scope-derivation issue tracked in `#1626`. Do not hand-edit generated exports (.junie/skills/totem-rules/rules.md or .totem/compiled-rules.json); fix must update the source-lesson/pipeline heuristic to include **/*.test.* and **/*.spec.* scopes and then retriage the affected cohort. Treat as non-blocking in PRs.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 965
File: .totem/compiled-rules.json:4613-4623
Timestamp: 2026-03-26T01:55:20.142Z
Learning: In `mmnto-ai/totem`, noisy or duplicate warning-severity compiled rules in `.totem/compiled-rules.json` (e.g., rules whose regex patterns overlap with existing rules, causing double-reporting of the same violation) are tracked and pruned via Rule Nursery issue `#680`. Do not flag these as blocking issues in code review — defer to the nursery process instead.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1134
File: packages/core/CHANGELOG.md:3-4
Timestamp: 2026-04-01T00:11:46.320Z
Learning: In `mmnto-ai/totem`, empty changelog sections (e.g., `## 1.x.y` with no body) in `packages/core/CHANGELOG.md` are expected and standard Changesets behavior when `mmnto/totem` (core) is bumped solely for version consistency with a CLI-only functional release. Do not flag these empty sections as missing content in code review.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1118
File: .totem/compiled-rules.json:6169-6173
Timestamp: 2026-03-31T02:02:40.705Z
Learning: In mmnto-ai/totem, .totem/compiled-rules.json is machine-generated; accuracy fixes to compiled rules are handled in the compiler pipeline and tracked under issue `#701` (“baseline truth check”). Do not request edits to compiled rules within wrap PRs; route follow-ups to `#701`.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1388
File: .totem/compiled-rules.json:6480-6481
Timestamp: 2026-04-13T03:12:22.564Z
Learning: Repo mmnto-ai/totem — For compiled rule “Use canonical CLI command forms” (lessonHash 4ae0a01d912f8742), future fix should widen the regex to match bare aliases in docs without requiring backticks and to cover both verbs: use \btotem\s+(?!lesson\b)(extract|compile)\b, delivered via source lesson update + totem lesson compile. Do not hand-edit .totem/compiled-rules.json.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 932
File: .totem/compiled-rules.json:4297-4312
Timestamp: 2026-03-24T22:27:12.418Z
Learning: In `mmnto-ai/totem`, compiled rules with lessonHash `53b9397e971ec97d` ("Hardcoded vendor-shaped secrets in test fixtures") and `e21933d263748874` ("Hardcoding vendor-shaped secret literals in test fixtures") have intentionally broad fileGlobs (`**/*.test.*`, `**/fixtures/**`) that cover intentional DLP test fixtures (e.g., `packages/cli/src/commands/doctor.test.ts`). Narrowing their scopes is tracked in issue `#918`. Do not flag these rules' fileGlobs as misscoped in code review.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 0
File: :0-0
Timestamp: 2026-04-11T23:20:23.016Z
Learning: In `mmnto-ai/totem`, direct edits to `.totem/compiled-rules.json` are valid for **lifecycle state** changes only (e.g., setting `status: 'archived'` and `archivedReason`). These are not "content edits" — content corrections (pattern rewrites, message tweaks) must flow through the source lesson and compiler pipeline. The archive workflow (introduced in `#1345`) intentionally supports lifecycle mutations in compiled-rules.json to silence bad auto-compile output while preserving provenance. This distinction should not trigger a "don't manually edit compiled-rules.json" review comment.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1011
File: .totem/compiled-rules.json:4967-4971
Timestamp: 2026-03-26T23:36:46.435Z
Learning: In `mmnto-ai/totem`, the compiler (Rule Nursery) defaults all newly compiled rules to `severity: "warning"`. Architectural enforcement rules that must block merges (e.g., forbid direct `child_process` imports, enforce use of `safeExec`, `readJsonSafe`, or the git adapter) require a manual promotion to `severity: "error"` in `.totem/compiled-rules.json` after compilation. This is an expected and valid manual edit for architectural gate rules, not a violation of the "do not manually edit compiled-rules.json" convention.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1028
File: .totem/compiled-rules.json:5693-5694
Timestamp: 2026-03-27T20:44:18.105Z
Learning: In `mmnto-ai/totem`, the compiled rule with lessonHash `7f24313c1ae3dc50` (lessonHeading: "While using shell: true fixes Windows ENOENT errors") has been corrected in its source lesson. The recommended remediation is conditional `shell: process.platform === 'win32'` (i.e., `shell: isWin`), NOT manually appending `.cmd` to the executable name. Manual `.cmd` appending is brittle with corepack, WSL, and native binary installs. The compiled rule message will reflect this after the next `totem compile` pass.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1531
File: .claude/hooks/content-hash.sh:42-42
Timestamp: 2026-04-18T15:50:49.893Z
Learning: In `mmnto-ai/totem`, `LC_ALL=C`, `--recurse-submodules`, and `--` hardening flags for `git ls-files` in `.claude/hooks/content-hash.sh` must be applied together with matching changes to `writeReviewedContentHash()` in `packages/cli/src/commands/shield.ts` (around line 446) to maintain byte-equal parity between both implementations. Applying these flags to the bash side alone would break parity. This work is tracked in issue `#1532` and requires a submodule fixture added to the parity test. Do not flag the missing flags in either file independently in code review.

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1127
File: packages/cli/src/commands/extract.ts:287-291
Timestamp: 2026-03-31T18:35:14.678Z
Learning: In `mmnto-ai/totem`, `parseWithRegex()` in `packages/cli/src/commands/extract.ts` (the `---LESSON---` regex fallback parser) intentionally does not capture the `scope` field introduced in PR `#1127`. The JSON path is the primary parser; the regex fallback only fires for models that cannot produce clean JSON (increasingly rare). Adding a `Scope:` capture group to the regex is deferred to a future cleanup. Do not re-flag this gap as a blocking issue in code review.

📚 Learning: 2026-03-21T03:31:30.520Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 0
File: :0-0
Timestamp: 2026-03-21T03:31:30.520Z
Learning: In the mmnto-ai/totem repo, the `.strategy` git submodule points to an intentionally private repository called `totem-strategy`. The submodule pointer should not be flagged as unverifiable or suspicious in code reviews.

Applied to files:

• .strategy

📚 Learning: 2026-03-27T22:48:00.584Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1036
File: .totem/lessons/lesson-dc433450.md:13-13
Timestamp: 2026-03-27T22:48:00.584Z
Learning: In `mmnto-ai/totem`, ADR-078 ("Product Tier Model") lives at `.strategy/adr/adr-078-product-tier-model.md` inside the private `.strategy` git submodule. Do not flag references to ADR-078 in lesson files or docs as broken/missing — the file exists in the strategy submodule, which is not cloned in the sandbox and will not appear in `fd` or `rg` searches against the main repo tree.

Applied to files:

• .strategy

📚 Learning: 2026-03-30T05:03:53.061Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1110
File: packages/cli/src/hooks/auto-context.ts:77-91
Timestamp: 2026-03-30T05:03:53.061Z
Learning: In `packages/cli/src/hooks/auto-context.ts`, `truncateResults()` intentionally exempts the first included search result from the per-result `maxCharacters` budget (the `included === 0` guard allows the first item to overrun). This is deliberate to ensure at least one result is shown even if it exceeds the per-result character budget. During code review, do not flag this first-block budget exemption as a violation; treat the real enforcement gate as the total-payload cap in `.claude/hooks/session-context.js` (ADR-013).

Applied to files:

• .strategy

📚 Learning: 2026-04-09T05:03:27.048Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1297
File: docs/wiki/context-caching.md:0-0
Timestamp: 2026-04-09T05:03:27.048Z
Learning: In mmnto-ai/totem, do not request or suggest model-name-specific gating (e.g., `claude-sonnet-4-6`) for context caching. In `buildSystemField`, context caching is controlled by the `anthropic:` provider prefix and the `enableContextCaching` config flag only; caching should not be tied to the model name during code review.

Applied to files:

• .strategy

📚 Learning: 2026-04-10T17:31:50.739Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1316
File: packages/cli/src/commands/handoff.ts:4-6
Timestamp: 2026-04-10T17:31:50.739Z
Learning: In `packages/cli/src/commands/handoff.ts` (mmnto-ai/totem), allow the static top-level imports of `readAllLessons` from `mmnto/totem` and `sanitize` from `../utils.js`. These are intentionally annotated with `totem-context:` and support back sync of exported helpers used directly by unit tests (`readRecentLessons`, `buildJournalScaffold`). Do not flag these imports as violations of any CLI lazy-load/dynamic-import guideline in this specific file; converting them to async/dynamic imports would break test ergonomics.

Applied to files:

• .strategy

📚 Learning: 2026-04-18T04:10:57.267Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1522
File: packages/pack-agent-security/test/fixtures/bad-obfuscation.ts:0-0
Timestamp: 2026-04-18T04:10:57.267Z
Learning: In mmnto-ai/totem, ensure comments used to suppress rule-engine findings follow exactly the forms recognized by packages/core/src/rule-engine.ts:isSuppressed: (1) `// totem-ignore-next-line` must be placed on the line immediately preceding the flagged line; (2) `// totem-context: <reason>` must appear either on the preceding line or inline on the same line as the flagged expression. A bare `// totem-ignore:` directive (without `-next-line`) is not recognized and will not suppress the rule. For fixture files where the flagged line is the intentional attack pattern under test, use the inline `// totem-context: <reason>` on the same line.

Applied to files:

• .strategy

📚 Learning: 2026-03-26T23:36:46.435Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1011
File: .totem/compiled-rules.json:4967-4971
Timestamp: 2026-03-26T23:36:46.435Z
Learning: In `mmnto-ai/totem`, the compiler (Rule Nursery) defaults all newly compiled rules to `severity: "warning"`. Architectural enforcement rules that must block merges (e.g., forbid direct `child_process` imports, enforce use of `safeExec`, `readJsonSafe`, or the git adapter) require a manual promotion to `severity: "error"` in `.totem/compiled-rules.json` after compilation. This is an expected and valid manual edit for architectural gate rules, not a violation of the "do not manually edit compiled-rules.json" convention.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-18T19:32:25.001Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1544
File: .totem/specs/1480-1481.md:0-0
Timestamp: 2026-04-18T19:32:25.001Z
Learning: In `mmnto-ai/totem`, the ADR-088 unverified flag (`CompiledRule.unverified: true`) does NOT touch or force severity. Emitted severity passes through from the LLM output or manual pattern as-is. The `parsed.severity ?? 'warning'` default in `buildCompiledRule` (compile-lesson.ts ~line 299) is pre-existing general compile behavior, orthogonal to ADR-088. A doctor advisory for rules that carry both `unverified: true` and explicitly authored `severity: 'error'` is tracked in PR `#1483`. Do not flag the unverified path as silently downgrading severity in code review.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-03-25T00:50:00.878Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 935
File: .totem/compiled-rules.json:4504-4521
Timestamp: 2026-03-25T00:50:00.878Z
Learning: In `mmnto-ai/totem`, the rule engine in `run-compiled-rules.ts` (around line 209) enforces severity semantics: only violations with `severity: "error"` are collected into the `errors` array and cause a `throw` that blocks merges. Violations with `severity: "warning"` are logged but do not block. Do not flag `"severity": "warning"` entries in `compiled-rules.json` as incorrectly advisory or unexpectedly blocking — the distinction is already enforced at runtime.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-04-23T00:38:42.085Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1625
File: .junie/skills/totem-rules/rules.md:2044-2044
Timestamp: 2026-04-23T00:38:42.085Z
Learning: mmnto-ai/totem: Mis-scoping of “test-contract” lessons to exclude test files is a known compile-worker scope-derivation issue tracked in `#1626`. Do not hand-edit generated exports (.junie/skills/totem-rules/rules.md or .totem/compiled-rules.json); fix must update the source-lesson/pipeline heuristic to include **/*.test.* and **/*.spec.* scopes and then retriage the affected cohort. Treat as non-blocking in PRs.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-03T17:10:29.834Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1163
File: .totem/compiled-rules.json:6599-6607
Timestamp: 2026-04-03T17:10:29.834Z
Learning: In mmnto-ai/totem, the compiled rule with lessonHash d58c2dd2c7f123ac (“Use totem-context for inline justifications”) currently applies to Markdown and can emit incorrect remediation there. This refinement is tracked in issue `#1166`, deferred to release 1.11.0, with a broader pipeline solution tracked in `#1131`. Fixes must be applied via the compiler pipeline (baseline truth check `#701`), not by manually editing .totem/compiled-rules.json.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-23T20:02:57.991Z

Learnt from: CR
Repo: mmnto-ai/totem PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-23T20:02:57.991Z
Learning: Applies to packages/core/src/run-compiled-rules.ts : Limit SARIF output to error-severity findings to avoid overwhelming PR reviews

Applied to files:

• docs/active_work.md

📚 Learning: 2026-04-17T02:53:39.654Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1508
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-04-17T02:53:39.654Z
Learning: In mmnto-ai/totem, the compile --export pipeline filters out rules with status: "archived" (implemented in packages/cli/src/commands/compile.ts; covered by packages/cli/src/commands/compile-export-archive-filter.test.ts). Do not flag archived entries appearing in exported Copilot instructions going forward.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-03-25T02:28:36.893Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 940
File: .totem/compiled-rules.json:4596-4604
Timestamp: 2026-03-25T02:28:36.893Z
Learning: In `mmnto-ai/totem`, shallow glob patterns in `.totem/compiled-rules.json` (e.g., `*.ts` instead of `**/*.ts`) are a known LLM compiler output quality issue. The fix must be applied to the compiler prompt or post-processing logic, not by hand-editing `compiled-rules.json`. Do not flag individual compiled rule entries for shallow globs when the root cause is the compiler pipeline.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-03-24T22:27:12.418Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 932
File: .totem/compiled-rules.json:4297-4312
Timestamp: 2026-03-24T22:27:12.418Z
Learning: In `mmnto-ai/totem`, compiled rules with lessonHash `53b9397e971ec97d` ("Hardcoded vendor-shaped secrets in test fixtures") and `e21933d263748874` ("Hardcoding vendor-shaped secret literals in test fixtures") have intentionally broad fileGlobs (`**/*.test.*`, `**/fixtures/**`) that cover intentional DLP test fixtures (e.g., `packages/cli/src/commands/doctor.test.ts`). Narrowing their scopes is tracked in issue `#918`. Do not flag these rules' fileGlobs as misscoped in code review.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-11T23:20:23.016Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 0
File: :0-0
Timestamp: 2026-04-11T23:20:23.016Z
Learning: In `mmnto-ai/totem`, direct edits to `.totem/compiled-rules.json` are valid for **lifecycle state** changes only (e.g., setting `status: 'archived'` and `archivedReason`). These are not "content edits" — content corrections (pattern rewrites, message tweaks) must flow through the source lesson and compiler pipeline. The archive workflow (introduced in `#1345`) intentionally supports lifecycle mutations in compiled-rules.json to silence bad auto-compile output while preserving provenance. This distinction should not trigger a "don't manually edit compiled-rules.json" review comment.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-03-26T23:56:46.524Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1011
File: .totem/compiled-rules.json:4853-4864
Timestamp: 2026-03-26T23:56:46.524Z
Learning: In `mmnto-ai/totem`, the compiled rule with lessonHash `63c83c4071355e7f` (pattern: `\\bon[A-Z]\\w*\\?\\.\\(`, message: "Avoid optional chaining for diagnostic callbacks (e.g., onWarn?.())...") is a pre-existing warning-severity rule from a prior compilation. Its semantic tension with the core-console ban rules is tracked for evaluation via the Rule Nursery pipeline (issue `#680`). Do not re-flag this rule as a blocking inconsistency in code review.

Applied to files:

• docs/active_work.md
• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-03-27T05:26:52.361Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1025
File: .totem/compiled-rules.json:5571-5587
Timestamp: 2026-03-27T05:26:52.361Z
Learning: In `mmnto-ai/totem`, the compiled rule with lessonHash `32e90839c8057a47` (lessonHeading: "Architectural gate rules, such as forbidding direct") uses a regex pattern that requires both `child_process` and `warn` on the same line and is applied line-by-line, so it cannot catch multi-line ESLint/package.json config objects. This limitation is acknowledged and the proper fix (an ast-grep config-aware rule) is tracked via Rule Nursery issue `#680`. Do not re-flag this rule's single-line regex as insufficient in code review.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-03-26T01:55:20.142Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 965
File: .totem/compiled-rules.json:4613-4623
Timestamp: 2026-03-26T01:55:20.142Z
Learning: In `mmnto-ai/totem`, noisy or duplicate warning-severity compiled rules in `.totem/compiled-rules.json` (e.g., rules whose regex patterns overlap with existing rules, causing double-reporting of the same violation) are tracked and pruned via Rule Nursery issue `#680`. Do not flag these as blocking issues in code review — defer to the nursery process instead.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-03-26T01:55:25.072Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 965
File: .totem/compiled-rules.json:0-0
Timestamp: 2026-03-26T01:55:25.072Z
Learning: In `mmnto-ai/totem`, overly broad compiled rules (e.g., the `\bno\b` rule in `.totem/compiled-rules.json` with lessonHash `b72a0b3300871bb6`) are a known rule quality issue. The Rule Nursery (issue `#680`) tracks trigger/suppress ratios and will auto-downgrade noisy rules over time. Do not flag individual broad compiled-rule patterns as blocking — the systemic fix lives in the Rule Nursery pipeline, not in per-rule edits to `compiled-rules.json`.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-04-12T15:58:52.811Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 0
File: :0-0
Timestamp: 2026-04-12T15:58:52.811Z
Learning: In `mmnto-ai/totem`, when reviewing `.totem/compiled-rules.json` diffs that contain negative lookahead regex patterns, check whether a `.+` quantifier appears immediately before the target character class inside the lookahead (e.g., `(?! .+[—–-] .+)` instead of the correct `(?! [—–-] .+)`). The leading `.+` consumes the separator, causing the lookahead to never match and the rule to fire on all inputs. This is a recurring LLM (Sonnet compiler) regex generation failure mode. The fixed pattern places the character class first: `(?! [—–-] .+)`. Flag any such misplaced `.+` prefix as a correctness bug during compiled-rules.json review.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-04-23T19:46:46.138Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1640
File: packages/core/src/compile-lesson.ts:870-877
Timestamp: 2026-04-23T19:46:46.138Z
Learning: In `mmnto-ai/totem`, `CompilerOutputBaseSchema.reasonCode` in `packages/core/src/compiler-schema.ts` (line ~390) is defined as `z.enum(['context-required', 'semantic-analysis-required']).optional()`. `parseCompilerResponse` routes all LLM output through `CompilerOutputSchema.safeParse`, so the TypeScript type of `parsed.reasonCode` at call sites is `'context-required' | 'semantic-analysis-required' | undefined`. A `?? 'out-of-scope'` nullish coalesce is therefore the correct and complete clamp. Do not suggest an additional runtime whitelist guard on top of this schema boundary — it is redundant. The schema is the single source of truth enforced by `refineReasonCodeRequiresNonCompilable` and tested at compiler-schema.test.ts:560.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-03-22T18:56:51.482Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 832
File: docs/roadmap.md:34-38
Timestamp: 2026-03-22T18:56:51.482Z
Learning: In mmnto-ai/totem, treat “marketing/violating prose” (e.g., words like “premium”, “battle-tested”, “harder”) appearing in Markdown files that are generated by `totem docs` as a known systemic issue (issue `#833`) caused by the generation step. During code review, do not flag these individual instances in `totem docs`-generated docs (including `docs/roadmap.md`); require fixes only at the `totem docs` generation/pipeline level (templates/rules/filters), not by editing each occurrence in the generated output.

Applied to files:

• docs/active_work.md

📚 Learning: 2026-03-27T20:44:18.105Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1028
File: .totem/compiled-rules.json:5693-5694
Timestamp: 2026-03-27T20:44:18.105Z
Learning: In `mmnto-ai/totem`, the compiled rule with lessonHash `7f24313c1ae3dc50` (lessonHeading: "While using shell: true fixes Windows ENOENT errors") has been corrected in its source lesson. The recommended remediation is conditional `shell: process.platform === 'win32'` (i.e., `shell: isWin`), NOT manually appending `.cmd` to the executable name. Manual `.cmd` appending is brittle with corepack, WSL, and native binary installs. The compiled rule message will reflect this after the next `totem compile` pass.

Applied to files:

• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-06T17:10:32.088Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 0
File: :0-0
Timestamp: 2026-04-06T17:10:32.088Z
Learning: In `mmnto-ai/totem`, manual (Pipeline 1) compiled rules are identified in `findUpgradeCandidates` by the guard `rule.lessonHeading === rule.message`. These rules never receive `telemetryPrefix` in `compileLesson`, so they are excluded from upgrade candidacy to prevent permanent false positives. Do not flag this skip guard as overly broad in code review.

Applied to files:

• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-13T03:12:22.564Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1388
File: .totem/compiled-rules.json:6480-6481
Timestamp: 2026-04-13T03:12:22.564Z
Learning: Repo mmnto-ai/totem — For compiled rule “Use canonical CLI command forms” (lessonHash 4ae0a01d912f8742), future fix should widen the regex to match bare aliases in docs without requiring backticks and to cover both verbs: use \btotem\s+(?!lesson\b)(extract|compile)\b, delivered via source lesson update + totem lesson compile. Do not hand-edit .totem/compiled-rules.json.

Applied to files:

• .changeset/1.15.4-lc-velocity-classifier-improvements.md

📚 Learning: 2026-04-12T21:16:14.364Z

Learnt from: satur8d
Repo: mmnto-ai/totem PR: 1384
File: .totem/compiled-rules.json:6448-6462
Timestamp: 2026-04-12T21:16:14.364Z
Learning: Repo mmnto-ai/totem: The compiled rule discouraging shell:true by recommending manual ".cmd" (lessonHash 7f24313c1ae3dc50) was archived in commit 66b8cf74. The canonical replacement is lessonHash 09a2284e29ae960b (“Prefer cross-spawn for Windows shim resolution”), scoped to packages/core/src/sys/**/*.ts with severity "warning". Keep nuance: in packages/mcp/src/tools/**, shell: process.platform === 'win32' remains an accepted pattern when command/args are fully hardcoded.

Applied to files:

• .changeset/1.15.4-lc-velocity-classifier-improvements.md

🔇 Additional comments (7)

.strategy (1)

1-1: Submodule bump is clean and expected for this patch cut.

No issues here—this is a valid .strategy pointer advance and aligns with the release objective.

Based on learnings: in mmnto-ai/totem, the .strategy submodule is intentionally private and its pointer updates should not be flagged as suspicious/unverifiable.

docs/active_work.md (2)

3-3: LGTM — 1.15.4 summary is accurate.

The active work summary correctly documents both classifier improvements (test-contract scope and declared severity override), corpus counts, and the LC-velocity theme. Technical details match the changeset and code snippets.

---

7-15: LGTM — Recently Shipped section is complete and accurate.

Both classifier improvements are documented with appropriate technical detail:

• PR #1652: Test-contract scope classifier correctly describes the three positive signals and false-positive trap guard
• PR #1658: Declared severity override accurately covers the parseDeclaredSeverity helper, override flow through buildCompiledRule, telemetry callback, and prompt updates

Strategy submodule bump and corpus counts are properly recorded.

.changeset/1.15.4-lc-velocity-classifier-improvements.md (4)

1-8: LGTM — Frontmatter and introduction are correct.

Package scope (all patch-level) is appropriate for classifier/prompt improvements with no breaking changes. Introduction correctly frames the improvements as addressing consumer friction.

---

10-17: LGTM — Test-contract scope classifier documentation is accurate.

The three classification signals, test-inclusive glob set, and false-positive trap guard are correctly documented. The downstream impact example (two liquid-city rules with inverted scope) provides concrete evidence of the fix's value.

---

19-26: LGTM — Declared severity override documentation is technically accurate.

All implementation details verified against code snippets:

• parseDeclaredSeverity helper correctly described with markdown/punctuation tolerance patterns
• declaredSeverityOverride option and override flow accurately documented
• onSeverityOverride callback and telemetry sink correctly described with cwd-aware behavior and fire-and-forget semantics
• Prompt directive updates documented

The downstream impact (10 manual severity-edit commits) provides concrete evidence of the authoring friction this feature resolves.

---

28-30: LGTM — Strategy submodule bump is correctly documented.

Submodule pointer advance and strategy PR references are accurate and consistent with docs/active_work.md.

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Test files are now automatically detected and included in generated file patterns when appropriate.
  • Lesson severity levels can now be declared as prose annotations and will override compiled severity when specified.
  • Telemetry tracking added for severity overrides to monitor compilation behavior.

• Chores

  • Updated submodule reference to latest version.

Walkthrough

Adds two classifier improvements for version 1.15.4: a Test-Contract Scope Classifier teaching the compiler to detect and emit test-inclusive fileGlobs for hazards in test files, and a Declared Severity feature that parses prose severity declarations and can override compiled severity with deterministic logic and telemetry tracking. Updates .strategy submodule pointer.

Changes

Cohort / File(s)	Summary
Changeset & Release Notes .changeset/1.15.4-lc-velocity-classifier-improvements.md, docs/active_work.md	Documents two classifier improvements: Test-Contract Scope Classifier directive added to compiler prompts to detect and emit test-inclusive fileGlobs; Declared Severity feature exports parseDeclaredSeverity() helper, extends rule compilation with declaredSeverityOverride option, and wires onSeverityOverride callback for telemetry. Updates active cut from 1.15.3 to 1.15.4.
Submodule .strategy	Submodule pointer bumped to newer commit.

Sequence Diagram

sequenceDiagram
    participant Compiler
    participant LLM
    participant RuleBuilder as Rule Builder
    participant Telemetry
    
    Compiler->>LLM: Request compiled rule (with prompt)
    LLM-->>Compiler: Return severity + lesson body
    Compiler->>RuleBuilder: buildCompiledRule(lesson, declaredSeverityOverride)
    RuleBuilder->>RuleBuilder: parseDeclaredSeverity(body)
    Note over RuleBuilder: Extract prose severity<br/>("**Severity:** error|warning")
    RuleBuilder->>RuleBuilder: Apply override if severity changed
    RuleBuilder-->>Compiler: Return compiled rule + severityOverride marker
    Compiler->>Telemetry: onSeverityOverride callback<br/>(if override changed result)
    Telemetry->>Telemetry: Append severity-override<br/>record to .totem/temp/telemetry.jsonl

Loading

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly Related PRs

• feat(cli): test-contract scope classifier in compile prompt (#1626) #1652: Modifies compiler prompts to add the same Test-Contract Scope Classifier directive and supporting specs.
• feat(core): honor declared severity from lesson prose in compile output (#1656) #1658: Implements identical code-level changes including parseDeclaredSeverity, declaredSeverityOverride plumbing, onSeverityOverride callback, telemetry wiring, and .strategy bump.
• feat: route compile to Claude Sonnet + ast-grep prompt bias #1220: Updates COMPILER_SYSTEM_PROMPT with classifier logic.

Poem

🎯 Severities now speak their truth—
No guessing games, just prose laid bare;
Test files bloom where tests belong,
Determinism's steady care. ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	Description deviates significantly from the required template structure, omitting sections like Mechanical Root Cause, Fix Applied, Out of Scope, and Tests Added/Updated.	Restructure the description to follow the template: add Mechanical Root Cause, Fix Applied, Out of Scope sections, and explicitly address the Tests Added/Updated section (checking the N/A box with justification if applicable).

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately reflects the PR's core purpose: a patch release cut for version 1.15.4, concise and directly related to the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/cut-1.15.4-patch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request prepares the 1.15.4 patch release, introducing two major compile-worker improvements: a Test-contract scope classifier (PR #1652) for better test file globbing and a Declared severity override (PR #1658) to honor prose-based severity declarations. The changes also include a strategy submodule bump and updates to the active work documentation. I have no feedback to provide.