From c7c21e6acfffb6cc15f26b69813a662555d4bad6 Mon Sep 17 00:00:00 2001 From: Shay Date: Sun, 24 May 2026 14:35:27 -0700 Subject: [PATCH] chore(ci): print remediation hint when lane SHA verification fails (#230) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a pinned lane drifts, the script prints actual/expected SHAs but gives no guidance. Authors then have to look up that --update exists and that CLAIMS.md needs regenerating alongside. Adds a remediation block printed only on mismatch, listing the most common drift sources (core/cognition/result.py, chat/runtime.py, generate/realizer.py, capability registries) and the two commands needed to re-pin: --update + generate_claims.py. Why this is the right scope: branch protection now blocks merge on red lane-shas CI (enabled 2026-05-24), so the remaining gap is discoverability — telling authors what to do, not enforcing that they do it. A one-line message change carries that signal without adding hooks, templates, or infrastructure. No behavior change on success. --- scripts/verify_lane_shas.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/verify_lane_shas.py b/scripts/verify_lane_shas.py index 4031fbe1..86d8f4c6 100644 --- a/scripts/verify_lane_shas.py +++ b/scripts/verify_lane_shas.py @@ -254,6 +254,16 @@ def main(argv: list[str] | None = None) -> int: total = len(results) matched = sum(1 for r in results if r.matched) print(f"\nlanes: {matched}/{total} match pinned SHAs") + if matched < total: + print( + "\nremediation:\n" + " if the drift is intentional (e.g. you touched core/cognition/result.py,\n" + " chat/runtime.py, generate/realizer.py, capability registries, or other\n" + " lane-affecting code), re-pin with:\n" + " python scripts/verify_lane_shas.py --update\n" + " then run `python scripts/generate_claims.py` and commit both changes.\n" + " if the drift is unintentional, investigate the upstream change before re-pinning." + ) return 0 if all(r.matched for r in results) else 1