CONSTITUTION.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="pandoc" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
  <title>HelixTranslate Constitution</title>
  <style>
    /* Default styles provided by pandoc.
    ** See https://pandoc.org/MANUAL.html#variables-for-html for config info.
    */
    html {
      color: #1a1a1a;
      background-color: #fdfdfd;
    }
    body {
      margin: 0 auto;
      max-width: 36em;
      padding-left: 50px;
      padding-right: 50px;
      padding-top: 50px;
      padding-bottom: 50px;
      hyphens: auto;
      overflow-wrap: break-word;
      text-rendering: optimizeLegibility;
      font-kerning: normal;
    }
    @media (max-width: 600px) {
      body {
        font-size: 0.9em;
        padding: 12px;
      }
      h1 {
        font-size: 1.8em;
      }
    }
    @media print {
      html {
        background-color: white;
      }
      body {
        background-color: transparent;
        color: black;
        font-size: 12pt;
      }
      p, h2, h3 {
        orphans: 3;
        widows: 3;
      }
      h2, h3, h4 {
        page-break-after: avoid;
      }
    }
    p {
      margin: 1em 0;
    }
    a {
      color: #1a1a1a;
    }
    a:visited {
      color: #1a1a1a;
    }
    img {
      max-width: 100%;
    }
    svg {
      height: auto;
      max-width: 100%;
    }
    h1, h2, h3, h4, h5, h6 {
      margin-top: 1.4em;
    }
    h5, h6 {
      font-size: 1em;
      font-style: italic;
    }
    h6 {
      font-weight: normal;
    }
    ol, ul {
      padding-left: 1.7em;
      margin-top: 1em;
    }
    li > ol, li > ul {
      margin-top: 0;
    }
    blockquote {
      margin: 1em 0 1em 1.7em;
      padding-left: 1em;
      border-left: 2px solid #e6e6e6;
      color: #606060;
    }
    code {
      white-space: pre-wrap;
      font-family: Menlo, Monaco, Consolas, 'Lucida Console', monospace;
      font-size: 85%;
      margin: 0;
      hyphens: manual;
    }
    pre {
      margin: 1em 0;
      overflow: auto;
    }
    pre code {
      padding: 0;
      overflow: visible;
      overflow-wrap: normal;
    }
    .sourceCode {
     background-color: transparent;
     overflow: visible;
    }
    hr {
      border: none;
      border-top: 1px solid #1a1a1a;
      height: 1px;
      margin: 1em 0;
    }
    table {
      margin: 1em 0;
      border-collapse: collapse;
      width: 100%;
      overflow-x: auto;
      display: block;
      font-variant-numeric: lining-nums tabular-nums;
    }
    table caption {
      margin-bottom: 0.75em;
    }
    tbody {
      margin-top: 0.5em;
      border-top: 1px solid #1a1a1a;
      border-bottom: 1px solid #1a1a1a;
    }
    th {
      border-top: 1px solid #1a1a1a;
      padding: 0.25em 0.5em 0.25em 0.5em;
    }
    td {
      padding: 0.125em 0.5em 0.25em 0.5em;
    }
    header {
      margin-bottom: 4em;
      text-align: center;
    }
    #TOC li {
      list-style: none;
    }
    #TOC ul {
      padding-left: 1.3em;
    }
    #TOC > ul {
      padding-left: 0;
    }
    #TOC a:not(:hover) {
      text-decoration: none;
    }
    span.smallcaps{font-variant: small-caps;}
    div.columns{display: flex; gap: min(4vw, 1.5em);}
    div.column{flex: auto; overflow-x: auto;}
    div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
    /* The extra [class] is a hack that increases specificity enough to
       override a similar rule in reveal.js */
    ul.task-list[class]{list-style: none;}
    ul.task-list li input[type="checkbox"] {
      font-size: inherit;
      width: 0.8em;
      margin: 0 0.8em 0.2em -1.6em;
      vertical-align: middle;
    }
    .display.math{display: block; text-align: center; margin: 0.5rem auto;}
  </style>
</head>
<body>
<header id="title-block-header">
<h1 class="title">HelixTranslate Constitution</h1>
</header>
<h1 id="helixtranslate-constitution">HelixTranslate — Constitution</h1>
<blockquote>
<p><strong>Status:</strong> Active. This document is the project’s
authoritative rule set. When a rule here conflicts with
<code>CLAUDE.md</code>, <code>AGENTS.md</code>, or any guide, the
Constitution wins.</p>
</blockquote>
<h2 id="inherited-from-constitutionconstitution.md">INHERITED FROM
constitution/Constitution.md</h2>
<p>This constitution <strong>extends</strong> the Helix Universal
Constitution at <code>constitution/Constitution.md</code>. All clauses
there apply unless explicitly overridden below with an explicit
<code>Override §X.Y</code> section. The universal clauses are
authoritative for any topic this file does not cover; the
project-specific rules below (CONST-033 … CONST-036 and the Definition
of Done) extend them and never weaken any universal clause. When this
file disagrees with the constitution submodule, the constitution
wins.</p>
<h2 id="mission">Mission</h2>
<p>See README.md.</p>
<h2 id="mandatory-standards">Mandatory Standards</h2>
<ol type="1">
<li><strong>Reproducibility:</strong> every change is reproducible from
a clean clone
(<code>git clone &lt;repo&gt; &amp;&amp; &lt;project bootstrap&gt;</code>);
no hidden steps.</li>
<li><strong>Tests track behavior, not code:</strong> test what the
user-visible behavior is, not what the implementation looks like.</li>
<li><strong>No silent skips, no silent mocks above unit
tests.</strong></li>
<li><strong>Conventional Commits</strong> for all commits.</li>
<li><strong>SSH-only for git operations</strong> (<code>git@…</code>);
HTTPS prohibited.</li>
</ol>
<h2 id="numbered-rules">Numbered Rules</h2>
<!-- Rules are numbered CONST-NNN. New rules append. Removed rules
     keep their number with a "**Retired:** …" line. -->
<!-- BEGIN host-power-management addendum (CONST-033) -->
<h3 id="const-033-host-power-management-is-forbidden">CONST-033 — Host
Power Management is Forbidden</h3>
<p><strong>Status:</strong> Mandatory. Non-negotiable. Applies to every
project, submodule, container entry point, build script, test,
challenge, and systemd unit shipped from this repository.</p>
<p><strong>Rule:</strong> No code in this repository may invoke a
host-level power- state transition (suspend, hibernate, hybrid-sleep,
suspend-then- hibernate, poweroff, halt, reboot, kexec) on the host
machine. This includes — but is not limited to:</p>
<ul>
<li><code>systemctl {suspend,hibernate,hybrid-sleep,suspend-then-hibernate,poweroff,halt,reboot,kexec}</code></li>
<li><code>loginctl {suspend,hibernate,hybrid-sleep,suspend-then-hibernate,poweroff,halt,reboot}</code></li>
<li><code>pm-{suspend,hibernate,suspend-hybrid}</code></li>
<li><code>shutdown {-h,-r,-P,-H,now,--halt,--poweroff,--reboot}</code></li>
<li>DBus calls to
<code>org.freedesktop.login1.Manager.{Suspend,Hibernate,HybridSleep,SuspendThenHibernate,PowerOff,Reboot}</code></li>
<li>DBus calls to
<code>org.freedesktop.UPower.{Suspend,Hibernate,HybridSleep}</code></li>
<li><code>gsettings set ... sleep-inactive-{ac,battery}-type</code> to
any value other than <code>'nothing'</code> or <code>'blank'</code></li>
</ul>
<p><strong>Why:</strong> The host runs mission-critical parallel
CLI-agent and container workloads. On 2026-04-26 18:23:43 the host was
auto- suspended by the GDM greeter’s idle policy mid-session, killing
HelixAgent and 41 dependent services. Recurring memory-pressure SIGKILLs
of <code>user@1000.service</code> (perceived as “logged out”) have the
same outcome. Auto-suspend, hibernate, and any power-state transition
are unsafe for this host.</p>
<p><strong>Defence in depth (mandatory artifacts in every
project):</strong> 1.
<code>scripts/host-power-management/install-host-suspend-guard.sh</code>
— privileged installer, manual prereq, run once per host with sudo.
Masks <code>sleep.target</code>, <code>suspend.target</code>,
<code>hibernate.target</code>, <code>hybrid-sleep.target</code>; writes
<code>AllowSuspend=no</code> drop-in; sets logind
<code>IdleAction=ignore</code> and <code>HandleLidSwitch=ignore</code>.
2.
<code>scripts/host-power-management/user_session_no_suspend_bootstrap.sh</code>
— per-user, no-sudo defensive layer. Idempotent. Safe to source from
<code>start.sh</code> / <code>setup.sh</code> /
<code>bootstrap.sh</code>. 3.
<code>scripts/host-power-management/check-no-suspend-calls.sh</code> —
static scanner. Exits non-zero on any forbidden invocation. 4.
<code>pkg/challenge_runner/scripts/host_no_auto_suspend_challenge.sh</code>
— asserts the running host’s state matches layer-1 masking. 5.
<code>pkg/challenge_runner/scripts/no_suspend_calls_challenge.sh</code>
— wraps the scanner as a challenge that runs in CI /
<code>run_all_challenges.sh</code>.</p>
<p><strong>Enforcement:</strong> Every project’s CI /
<code>run_all_challenges.sh</code> equivalent MUST run both challenges
(host state + source tree). A violation in either channel blocks merge.
Adding files to the scanner’s <code>EXCLUDE_PATHS</code> requires an
explicit justification comment identifying the non-host context.</p>
<p><strong>See also:</strong> <code>docs/HOST_POWER_MANAGEMENT.md</code>
for full background and runbook.</p>
<!-- END host-power-management addendum (CONST-033) -->
<!-- BEGIN llmsverifier-single-source-of-truth addendum (CONST-034) -->
<h3
id="const-034-llmsverifier-is-the-single-source-of-truth-for-all-llm-models">CONST-034
— LLMsVerifier is the Single Source of Truth for All LLM Models</h3>
<p><strong>Status:</strong> Mandatory. Non-negotiable. Applies to all
translation workflows, API endpoints, CLI commands, distributed workers,
and WebSocket sessions.</p>
<p><strong>Rule:</strong> LLMsVerifier SHALL be the EXCLUSIVE and ONLY
source of truth for all LLM models available to HelixTranslate. No model
may be used in HelixTranslate that does not originate from LLMsVerifier
and pass its verification gate.</p>
<p><strong>Requirements:</strong> 1. <strong>F-SSOT-001:</strong> Only
models verified by LLMsVerifier are eligible for use. 2.
<strong>F-SSOT-002:</strong> HelixTranslate MUST NOT maintain any
independent model registry, hardcoded model lists, or fallback model
definitions outside of LLMsVerifier-provided data. 3.
<strong>F-SSOT-003:</strong> All model metadata (name, ID, capabilities,
token limits, pricing, features) SHALL be retrieved from LLMsVerifier at
runtime or build time. 4. <strong>F-SSOT-004:</strong> Model information
SHALL be cached locally with configurable TTL, but cache invalidation
MUST trigger re-fetch from LLMsVerifier. 5. <strong>F-SSOT-005:</strong>
If LLMsVerifier is unreachable, HelixTranslate SHALL either use expired
cache with warning or enter degraded mode with explicit user
notification. No unauthorized models SHALL be used. 6.
<strong>F-GATE-001:</strong> ONLY models that have PASSED LLMsVerifier
validation, verification, and scoring pipeline SHALL be presented to end
users. 7. <strong>F-GATE-002:</strong> Models MUST satisfy ALL three
criteria: (a) validation passed, (b) verification passed, (c) positive
scoring (&gt; 0 overall score). 8. <strong>F-GATE-003:</strong> The
scoring algorithm:
<code>Overall Score = (Responsiveness x 0.30) + (Code Capability x 0.25) + (Feature Richness x 0.25) + (Reliability x 0.20)</code>.
Models with score &lt;= 0 SHALL be rejected. 9.
<strong>F-GATE-004:</strong> Models MUST have
<code>VerificationStatus == "verified"</code> AND
<code>CanSeeCode == true</code> to be eligible. 10.
<strong>F-GATE-005:</strong> Models MUST have
<code>AffirmativeResponse == true</code> to be eligible.</p>
<p><strong>Enforcement:</strong> Any code change that introduces a
hardcoded model list, bypasses the verification gate, or uses an
unverified model constitutes a Constitution violation and MUST be
reverted.</p>
<!-- END llmsverifier-single-source-of-truth addendum (CONST-034) -->
<!-- BEGIN anti-bluff-testing addendum (CONST-035) -->
<h3 id="const-035-anti-bluff-testing-constitution-mandatory">CONST-035 —
Anti-Bluff Testing Constitution (MANDATORY)</h3>
<p><strong>Status:</strong> Mandatory. Non-negotiable. Applies to every
test, challenge, HelixQA bank entry, and CI pipeline in this repository
and all submodules.</p>
<p><strong>§35.1 The Problem (Historical Mandate)</strong></p>
<blockquote>
<p>“We had been in position that all tests do execute with success and
all Challenges as well, but in reality the most of the features does not
work and can’t be used!”</p>
</blockquote>
<p>This is the <strong>worst possible outcome</strong>: green tests +
broken features. Every rule below exists to prevent this.</p>
<p><strong>§35.2 The Six Anti-Bluff Rules</strong></p>
<p>Every test, Challenge, and HelixQA bank entry MUST:</p>
<ol type="1">
<li><p><strong>Assert on a concrete end-user-visible outcome</strong> —
translated text content, DB row, downloadable file, visible dashboard
element, API response body. NOT just “no error” or “200 OK” or “exit
code 0”.</p></li>
<li><p><strong>Run against the real system</strong> — mocks ONLY in unit
tests (<code>go test -short</code>). ALL other test types MUST use real
services, real databases, real LLM providers (or documented
<code>SKIP-OK: #&lt;ticket&gt;</code>).</p></li>
<li><p><strong>Include a matching negative assertion</strong> — test
MUST fail when the feature is broken. E.g., if testing “English→Serbian
translation”, also assert the output is NOT in English.</p></li>
<li><p><strong>Emit copy-pasteable evidence</strong> — response body
snippet, screenshot filename, DB row dump, log excerpt, video
timestamp.</p></li>
<li><p><strong>Verify “fails when feature is removed”</strong> —
deliberately break the feature (comment out implementation, change API
key to invalid), re-run test, test MUST FAIL.</p></li>
<li><p><strong>No blind shells</strong> — no
<code>&amp;&amp; echo PASS</code>, no <code>|| true</code>, no
<code>tee</code> exit-code laundering, no
<code>test -f file &amp;&amp; echo "PASS"</code> without checking file
content.</p></li>
</ol>
<p><strong>§35.3 HelixQA-Specific Anti-Bluff Rules</strong></p>
<ul>
<li>Bank entries declare <strong>executable actions</strong> (never
prose).</li>
<li>Each entry declares <strong>concrete success predicates</strong>:
<code>assertBodyContains: 'translated text'</code>,
<code>assertVisible: 'Translation Complete'</code>.</li>
<li><strong>Stagnation guard</strong> — frame N+1 identical to N for
&gt;10 seconds = FAIL.</li>
<li>Vision-model <code>verified=true</code> with empty/tautological
reasoning = <code>INCONCLUSIVE</code> (not PASS).</li>
<li><code>IsBlankScreenshot()</code> must pass before any vision
analysis.</li>
</ul>
<p><strong>§35.4 Functional Probe Floor</strong></p>
<ul>
<li>TCP-open is the FLOOR, not the ceiling.</li>
<li>PostgreSQL → <code>SELECT 1</code> returns <code>1</code>.</li>
<li>Redis → <code>PING</code> returns <code>PONG</code>.</li>
<li>API → <code>GET /health</code> returns
<code>{"status": "healthy"}</code> with non-empty body.</li>
<li>Translation → actual translated text in response, not just
session_id.</li>
</ul>
<p><strong>§35.5 Evidence Requirements</strong></p>
<ul>
<li>Every PASS must carry positive evidence captured during
execution.</li>
<li>No metadata-only PASS, no configuration-only PASS, no
“absence-of-error” PASS.</li>
<li>Evidence types: API response bodies, downloaded files, database
query results, browser console output, screenshots, video frames.</li>
</ul>
<p><strong>§35.6 Bluff Taxonomy (FORBIDDEN Patterns)</strong></p>
<table>
<colgroup>
<col style="width: 31%" />
<col style="width: 25%" />
<col style="width: 42%" />
</colgroup>
<thead>
<tr>
<th>Bluff Type</th>
<th>Example</th>
<th>Why It’s Wrong</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Wrapper bluff</strong></td>
<td>Test asserts function returns, but caller ignores return value</td>
<td>Passes but feature unused</td>
</tr>
<tr>
<td><strong>Contract bluff</strong></td>
<td>System advertises capability but rejects it in dispatch</td>
<td>Advertises what it can’t do</td>
</tr>
<tr>
<td><strong>Structural bluff</strong></td>
<td>Checks file exists but doesn’t verify content</td>
<td>File exists but is empty/corrupt</td>
</tr>
<tr>
<td><strong>Comment bluff</strong></td>
<td>Code comment promises behavior code doesn’t have</td>
<td>Tests comment, not code</td>
</tr>
<tr>
<td><strong>Skip bluff</strong></td>
<td><code>t.Skip("not running yet")</code> without <code>SKIP-OK</code>
marker</td>
<td>Hides broken test</td>
</tr>
</tbody>
</table>
<p><strong>§35.7 Mutation Testing (Mandatory)</strong></p>
<ul>
<li>Every challenge MUST have a paired mutation test.</li>
<li>Mutation deliberately breaks the feature → the challenge MUST then
FAIL.</li>
<li>A challenge without a paired mutation = BLUFF challenge =
Constitution violation.</li>
</ul>
<p><strong>§35.8 Audit Ritual</strong></p>
<p>Every Full-QA cycle MUST: 1. Pick 5 random tests + 5 random
challenges. 2. Comment out the target implementation. 3. Re-run
tests/challenges. 4. Confirm they FAIL. 5. Restore implementation. 6.
Document results in session report.</p>
<p><strong>§35.9 User Mandate (NON-NEGOTIABLE)</strong></p>
<p>The bar is NOT “tests pass” but <strong>“users can use the
feature.”</strong> A translation that “completes” but produces garbage
text is a FAIL. An API that returns 200 but with wrong content is a
FAIL. A dashboard that “loads” but shows no data is a FAIL.</p>
<!-- END anti-bluff-testing addendum (CONST-035) -->
<!-- BEGIN helixqa-mandate addendum (CONST-036) -->
<h3 id="const-036-helixqa-is-the-sole-authorized-qa-tool">CONST-036 —
HelixQA is the Sole Authorized QA Tool</h3>
<p><strong>Status:</strong> Mandatory. Non-negotiable.</p>
<p><strong>Rule:</strong> All automated UI/UX testing of the Web
Dashboard and API endpoints MUST use HelixQA. No custom Playwright
scripts, no curl-based test harnesses outside HelixQA banks.</p>
<p><strong>Requirements:</strong> 1. <strong>HelixQA-only for Web
Dashboard and API testing.</strong> 2. <strong>Vision-driven
only.</strong> Screenshot → LLM analysis → action decision. No hardcoded
selectors, no sleep timers. 3. <strong>Universal Solution
Principle.</strong> When HelixQA cannot interact with a HelixTranslate
UI element, the fix MUST be implemented in HelixQA itself, never by
adding test hooks to HelixTranslate. 4. <strong>Live log
monitoring.</strong> Every session streams API logs, gRPC logs,
translation logs. 5. <strong>Screen-state tracking.</strong> Frame N vs
N+1. Stagnation &gt;10s = critical failure. 6. <strong>Executable
actions in banks</strong>, never prose. 7. <strong>Video mandatory for
Web Dashboard sessions.</strong> Screenshots at every step. 8.
<strong>Evidence validation.</strong> Post-translation must contain
actual translated text, not placeholder.</p>
<!-- END helixqa-mandate addendum (CONST-036) -->
<h2 id="definition-of-done">Definition of Done</h2>
<p>A change is done when:</p>
<ol type="1">
<li>The code change is committed.</li>
<li>All project-level tests pass on a clean clone.</li>
<li>All challenges in <code>pkg/challenge_runner/scripts/</code> pass on
the running host.</li>
<li>Governance docs (<code>CONSTITUTION.md</code>,
<code>AGENTS.md</code>, <code>CLAUDE.md</code>) are coherent with the
change.</li>
<li>All HelixQA banks pass for all configured platforms.</li>
<li>Anti-bluff audit (CONST-035 §35.8) passes — random tests confirmed
to fail when feature removed.</li>
<li>Every modified/added feature has a registered challenge.</li>
<li>Evidence from the most recent QA session is archived in
<code>docs/reports/qa-sessions/</code>.</li>
</ol>
<h2 id="see-also">See also</h2>
<ul>
<li><code>README.md</code> — project overview, quickstart.</li>
<li><code>AGENTS.md</code> — guidance for AI coding agents (Codex,
Cursor, etc.).</li>
<li><code>CLAUDE.md</code> — guidance specifically for Claude Code.</li>
<li><code>docs/HOST_POWER_MANAGEMENT.md</code> — CONST-033 background
and runbook.</li>
<li><code>docs/research/llms_verifer/</code> — LLMsVerifier integration
materials.</li>
<li><code>docs/research/helix_qa/</code> — HelixQA integration
materials.</li>
</ul>
<h2 id="const-035-anti-bluff-operative-rule-mandatory">CONST-035 —
Anti-Bluff Operative Rule (MANDATORY)</h2>
<blockquote>
<p>“We had been in position that all tests do execute with success and
all Challenges as well, but in reality the most of the features does not
work and can’t be used! This MUST NOT be the case.”</p>
</blockquote>
<p><strong>The operative rule:</strong> Execution of tests and
Challenges MUST guarantee the quality, the completion and full usability
by end users of the product.</p>
<ul>
<li>A green test or challenge for a feature that does not actually work
is a <strong>BLUFF</strong> and is <strong>FORBIDDEN</strong>.</li>
<li>Every test must assert concrete user-visible outcomes, not just
internal state.</li>
<li>Every challenge must run real code and verify real behavior;
grep/file-existence checks are <strong>NOT sufficient</strong>.</li>
<li>Mutation testing is <strong>MANDATORY</strong>: deliberately break
the feature → the test/challenge <strong>MUST then FAIL</strong>.</li>
<li>The bar for shipping is <strong>NOT “tests pass”</strong> but
<strong>“users can use the feature.”</strong></li>
<li>No false-success results are tolerable.</li>
</ul>
<h2 id="mirrored-constitution-anchors-11.4.15411.4.157">Mirrored
constitution anchors (§11.4.154–§11.4.157)</h2>
<p>Condensed consumer-side mirrors of the four universal anchors most
recently added to the constitution submodule. Canonical text lives in
<code>constitution/Constitution.md</code>; these mirrors carry the
literal <code>11.4.N</code> tokens the propagation gates
(<code>CM-COVENANT-114-154/155/156/157-PROPAGATION</code>) require
(§11.4.35). Faithful condensations — no clause weakened, nothing
invented.</p>
<p><strong>§11.4.154 — Window-scoped capture + fresh-corpus rotation for
feature/QA recordings (User mandate, 2026-06-15).</strong> Refines
§11.4.2/.5/.107/.153 recording discipline with two capture-hygiene
invariants. <strong>(A) Window-scoped, NOT whole-screen</strong> — every
feature/QA video MUST capture ONLY the window/surface of the app/service
under test (GUI window / CLI-TUI terminal pane / web tab-viewport /
device-emulator frame), NEVER the whole desktop/monitor or unrelated
windows (whole-desktop capture leaks operator-private content
§11.4.10/.83, dilutes the §11.4.107 liveness/freeze oracle, breaks the
§11.4.137 OCR/ROI oracle); target by stable identity (window id/title,
device serial, browser context, tmux target) per §11.4.111, never a
fixed full-screen index; platform genuinely cannot capture below
whole-screen ⇒ honest §11.4.3 SKIP + tracked migration item. <strong>(B)
Fresh-corpus rotation</strong> — when a new recording run for a scope
begins, the agent’s OWN prior in-scope stale recordings at the raw
recording path MUST be removed FIRST so the live corpus reflects the
current run (§11.4.107 not-stale + §11.4.86 roster-freshness); “remove
old” = the agent’s own prior recordings for the SAME scope/project ONLY,
NEVER another project’s/operator-authored files (uncertain ⇒ surface,
don’t delete §11.4.122/§9.2); committed
<code>docs/qa/&lt;run-id&gt;/</code> evidence (§11.4.83) is the durable
record, NOT rotated. Classification: universal (§11.4.17). Composes
§11.4.2/.5/.10/.83/.86/.107/.111/.122/.128/.137/.153/§9.2/.6. Canonical
authority: constitution submodule <code>Constitution.md</code>
§11.4.154. Non-compliance is a release blocker.</p>
<p><strong>§11.4.155 — Project-name-prefixed feature/QA recording
filenames (User mandate, 2026-06-15).</strong> Every recorded video the
project produces (§11.4.153 real-use, §11.4.154 window-scoped, §11.4.128
always-on device, any raw/curated artefact at the recording path + the
committed <code>docs/qa/&lt;run-id&gt;/</code> trail §11.4.83) MUST have
a filename that STARTS WITH the PROJECT-NAME prefix, ALWAYS; an
unprefixed recording is a §11.4.155 violation (un-greppable +
un-attributable multi-project corpus — the §11.4.151 identify-and-grep
failure on the recording axis). <strong>Prefix resolution (closed-set,
deterministic — §11.4.6, IDENTICAL to §11.4.151):</strong> (1)
<code>HELIX_RELEASE_PREFIX</code> from <code>.env</code> (git-ignored
§11.4.30, documented in tracked <code>.env.example</code> §11.4.77) else
(2) lowercased snake_case project-root dir name §11.4.29; SAME prefix
for EVERY recording in a checkout; canonical form
<code>&lt;PREFIX&gt;---&lt;feature-or-scope&gt;---&lt;run-id&gt;.&lt;ext&gt;</code>;
MUST equal the §11.4.151-resolved release-tag prefix (divergence is
itself a violation — one project, one name). Honest boundary (§11.4.6):
the prefix guarantees attribution + greppability, NOT content validity
(still §11.4.107/.137/.153) and does NOT relax §11.4.154’s
window-scope/rotation. Classification: universal (§11.4.17). Composes
§11.4.151/.128/.153/.154/.111/.83/.6/.29/.30/.35/.77/.86. Canonical
authority: constitution submodule <code>Constitution.md</code>
§11.4.155. Non-compliance is a release blocker.</p>
<p><strong>§11.4.156 — All CI/CD automation (GitHub Actions / GitLab
pipelines / equivalents) MUST be disabled (User mandate,
2026-06-15).</strong> Every repository this Constitution governs — main
repo, this constitution submodule, every owned + nested submodule we
author and push — MUST ship with ALL server-side CI/CD automation
DISABLED: no push to any owned upstream may trigger a GitHub Actions
run, GitLab pipeline, or equivalent
(Jenkins/CircleCI/Travis/Drone/Woodpecker/Bitbucket/Azure, any
<code>on: push</code>/<code>schedule</code>/<code>workflow_dispatch</code>).
GENERALISES + makes ABSOLUTE the §11.4.75 Layer-5 posture across ALL
governed repos; enforcement migrates to the LOCAL §11.4.75 git-hook
ritual + §11.4.40 pre-tag sweep, never a remote runner. ALL hold:
<strong>(A)</strong> zero active root-level
<code>.github/workflows/*.yml|yaml</code> / <code>.gitlab-ci.yml</code>
/ equivalent; <strong>(B)</strong> “disabled” = a push triggers ZERO
runs — delete OR rename to a non-trigger name (the §11.4.75
<code>.disabled-local-only</code> pattern); a
live-<code>on:</code>+<code>if:false</code> workflow is NOT compliant;
<strong>(C)</strong> scope = repos we author+push — vendored/third-party
nested configs are INERT, OUT of scope (§11.4.29 vendor-exempt);
<strong>(D)</strong> no new CI may be added; <strong>(E)</strong>
pre-push verify the tracked workflow set is empty for authored repos.
Honest boundary (§11.4.6): file-level disabling stops FILE-triggered
runs, NOT provider-side server settings (org-default required workflows,
branch-protection checks) — the operator turns those off. Composes
§11.4.75/.29/.6/.40/.42/.109/.113/§2.1. Classification: universal
(§11.4.17). The parent repo currently has NO active CI workflow files —
already §11.4.156-compliant. Canonical authority: constitution submodule
<code>Constitution.md</code> §11.4.156. Non-compliance is a release
blocker.</p>
<p><strong>§11.4.157 — GEMINI.md maintained in lockstep with CLAUDE.md /
AGENTS.md / QWEN.md (User mandate, 2026-06-15).</strong>
<code>GEMINI.md</code> is a FIRST-CLASS governance context carrier EQUAL
to <code>CLAUDE.md</code>/<code>AGENTS.md</code>/<code>QWEN.md</code>,
never optional/best-effort. ALL hold: <strong>(A)</strong> five-carrier
lockstep — no governance change is complete until <code>GEMINI.md</code>
carries it alongside the other three mirrors (added to the §11.4.26
propagation + cross-reference set explicitly); <strong>(B)</strong> no
silent drift — <code>GEMINI.md</code> lagging the other mirrors’ highest
rule is a §11.4.157 violation (§11.4.65-class), back-fill required;
<strong>(C)</strong> equal status — <code>GEMINI.md</code> restates the
SAME literal <code>11.4.N</code> anchors the propagation gates require
(§11.4.35), fleet count INCLUDES <code>GEMINI.md</code>;
<strong>(D)</strong> consumer projects’ own CLAUDE/AGENTS/QWEN/GEMINI
bind too (§11.4.35). Honest boundary (§11.4.6): claiming
<code>GEMINI.md</code> “in sync” while a back-fill is incomplete is
itself a §11.4.157 violation. Composes
§11.4.26/.35/.17/.44/.65/.140/.156. Classification: universal
(§11.4.17). This parent repo now maintains <code>CLAUDE.md</code> +
<code>AGENTS.md</code> + <code>QWEN.md</code> + <code>GEMINI.md</code>
in lockstep alongside <code>CONSTITUTION.md</code>; every future
governance edit MUST land in all carriers. Canonical authority:
constitution submodule <code>Constitution.md</code> §11.4.157.
Non-compliance is a release blocker.</p>
</body>
</html>