docs: add learnings from Mar 17 JSONL sessions

sjarmak · sjarmak · commit 140f20f79727 · 2026-03-18T22:37:54.000-04:00
- Ruff SIM115 won't auto-fix Popen(stdout=f) sites (manual fix needed)
- sanitize_secrets.py needs per-file S105/S106 ignores for Ruff
- Ralph archive naming convention: prd-archive/prd-&lt;feature&gt;-&lt;date&gt;.json
- reports/ gitignored; nightly commits need git add -f
- Condensed bare except and FD leaks entries to stay under byte limit
diff --git a/AGENTS.md b/AGENTS.md
@@ -150,13 +150,12 @@ full operations manual.
 - Ralph: `prd.json` single-active; archive before overwrite. `prd-archive/` and `prd.json` not gitignored.
 
 ### Scripts / Code Quality (Mar 17 additions)
-- `apply_verifier_fixes.py:9` hardcodes `/home/stephanie_jarmak/CodeScaleBench`; fails on other machines.
+- `apply_verifier_fixes.py:9` hardcodes `~/CodeScaleBench` path; fails on other machines.
 - `context_retrieval_agent.py:432,544,552,584` `shell=True` + "no allowlist" (line 429); injection risk.
 - Non-atomic writes: `aggregate_status.py:669`, `apply_verifier_fixes.py:103,117,134`; use temp+rename.
-- Bare `except:` (swallows KeyboardInterrupt): `audit_v2_report_data.py:104`, `ds_audit.py:244,288`, `extract_v2_report_data.py:144,286`.
-- FD leaks: 17+ sites (not 12): `daytona_curator_runner.py:564`, `generate_csb_org_tasks.py:494`, `generate_promoted_verifiers.py:220`, `sync_oracle_files.py:50`, `validate_task_run.py:217`.
-- **Ruff** S603/S604, SIM115, BLE001 catch shell injection, FD leaks, bare excepts; add `pyproject.toml`.
-- Report #11; PRD: code quality gate (Ruff + pre-commit + custom hooks).
+- Bare `except:`: `audit_v2_report_data.py:104`, `ds_audit.py:244,288`, `extract_v2_report_data.py:144,286`.
+- FD leaks: 17+ sites: `daytona_curator_runner.py:564`, `generate_csb_org_tasks.py:494`, `generate_promoted_verifiers.py:220`, `sync_oracle_files.py:50`, `validate_task_run.py:217`.
+- **Ruff** S603/S604, SIM115, BLE001 catch shell injection, FD leaks, bare excepts; add `pyproject.toml`. SIM115 skips `Popen(stdout=f)` (fix manually). `sanitize_secrets.py`: per-file S105/S106 ignores (intentional fake keys).
 
 ## Maintenance
 - Root and local `AGENTS.md` / `CLAUDE.md` files are generated from sources in `docs/ops/`.
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -150,13 +150,12 @@ full operations manual.
 - Ralph: `prd.json` single-active; archive before overwrite. `prd-archive/` and `prd.json` not gitignored.
 
 ### Scripts / Code Quality (Mar 17 additions)
-- `apply_verifier_fixes.py:9` hardcodes `/home/stephanie_jarmak/CodeScaleBench`; fails on other machines.
+- `apply_verifier_fixes.py:9` hardcodes `~/CodeScaleBench` path; fails on other machines.
 - `context_retrieval_agent.py:432,544,552,584` `shell=True` + "no allowlist" (line 429); injection risk.
 - Non-atomic writes: `aggregate_status.py:669`, `apply_verifier_fixes.py:103,117,134`; use temp+rename.
-- Bare `except:` (swallows KeyboardInterrupt): `audit_v2_report_data.py:104`, `ds_audit.py:244,288`, `extract_v2_report_data.py:144,286`.
-- FD leaks: 17+ sites (not 12): `daytona_curator_runner.py:564`, `generate_csb_org_tasks.py:494`, `generate_promoted_verifiers.py:220`, `sync_oracle_files.py:50`, `validate_task_run.py:217`.
-- **Ruff** S603/S604, SIM115, BLE001 catch shell injection, FD leaks, bare excepts; add `pyproject.toml`.
-- Report #11; PRD: code quality gate (Ruff + pre-commit + custom hooks).
+- Bare `except:`: `audit_v2_report_data.py:104`, `ds_audit.py:244,288`, `extract_v2_report_data.py:144,286`.
+- FD leaks: 17+ sites: `daytona_curator_runner.py:564`, `generate_csb_org_tasks.py:494`, `generate_promoted_verifiers.py:220`, `sync_oracle_files.py:50`, `validate_task_run.py:217`.
+- **Ruff** S603/S604, SIM115, BLE001 catch shell injection, FD leaks, bare excepts; add `pyproject.toml`. SIM115 skips `Popen(stdout=f)` (fix manually). `sanitize_secrets.py`: per-file S105/S106 ignores (intentional fake keys).
 
 ## Maintenance
 - Root and local `AGENTS.md` / `CLAUDE.md` files are generated from sources in `docs/ops/`.
diff --git a/docs/ops/ROOT_AGENT_GUIDE.md b/docs/ops/ROOT_AGENT_GUIDE.md
@@ -150,13 +150,12 @@ full operations manual.
 - Ralph: `prd.json` single-active; archive before overwrite. `prd-archive/` and `prd.json` not gitignored.
 
 ### Scripts / Code Quality (Mar 17 additions)
-- `apply_verifier_fixes.py:9` hardcodes `/home/stephanie_jarmak/CodeScaleBench`; fails on other machines.
+- `apply_verifier_fixes.py:9` hardcodes `~/CodeScaleBench` path; fails on other machines.
 - `context_retrieval_agent.py:432,544,552,584` `shell=True` + "no allowlist" (line 429); injection risk.
 - Non-atomic writes: `aggregate_status.py:669`, `apply_verifier_fixes.py:103,117,134`; use temp+rename.
-- Bare `except:` (swallows KeyboardInterrupt): `audit_v2_report_data.py:104`, `ds_audit.py:244,288`, `extract_v2_report_data.py:144,286`.
-- FD leaks: 17+ sites (not 12): `daytona_curator_runner.py:564`, `generate_csb_org_tasks.py:494`, `generate_promoted_verifiers.py:220`, `sync_oracle_files.py:50`, `validate_task_run.py:217`.
-- **Ruff** S603/S604, SIM115, BLE001 catch shell injection, FD leaks, bare excepts; add `pyproject.toml`.
-- Report #11; PRD: code quality gate (Ruff + pre-commit + custom hooks).
+- Bare `except:`: `audit_v2_report_data.py:104`, `ds_audit.py:244,288`, `extract_v2_report_data.py:144,286`.
+- FD leaks: 17+ sites: `daytona_curator_runner.py:564`, `generate_csb_org_tasks.py:494`, `generate_promoted_verifiers.py:220`, `sync_oracle_files.py:50`, `validate_task_run.py:217`.
+- **Ruff** S603/S604, SIM115, BLE001 catch shell injection, FD leaks, bare excepts; add `pyproject.toml`. SIM115 skips `Popen(stdout=f)` (fix manually). `sanitize_secrets.py`: per-file S105/S106 ignores (intentional fake keys).
 
 ## Maintenance
 - Root and local `AGENTS.md` / `CLAUDE.md` files are generated from sources in `docs/ops/`.
