feat(detection): replace NL-literal anchors with protocol tokens per #106

[loning]

TL;DR

Phase 9 #106 r2 consensus → 48 NL-literal detection anchors → protocol tokens / sentinel / emoji / heading-id。No registry introduced。349/349 tests pass。4 files,新增 test_no_new_prose_detection.py source-regression guard。

Closes #106

授权:.refactor-loop/logs/meta-judge-issue106-r2.log → META_JUDGE_DONE:consensus:structural:no DetectionInvariantV1

⟦AI:AUTO-LOOP⟧

[loning]

🤖 quality review: self-doc block missing

TL;DR

• 这是什么: PR 109 的 quality 角度独立 review。
• 结论: reject，只有 1 个问题。
• 需要 maintainer 做什么: 合入前给新增 detection guard 补清楚 Refactor (...) Old/New 说明。

---

详细说明

skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:1 新增了 NL prose detector guard，但文件只有一句 docstring，没有本 cluster 要求的 Refactor (iterN/cluster-XXX): Old/New 自说明块。这个测试的 token 列表本身是在表达“从自然语言锚点迁移到 protocol token / sentinel / heading-id”的核心意图，缺少 Old/New 说明会让后续维护者只看到一串禁用词，不知道为什么这些词被禁止继续新增。

建议在模块常量附近补一段清晰说明，例如 Old 是 source-regression tests 用 localized prose literals 当 detection anchor，New 是 detection should key on protocol tokens / sentinel / heading ids, and this test prevents new localized prose detectors。补上后我这边的 quality verdict 可以翻到 approve。

---

📎 完整 codex 原始输出(存档备查)

---
pr: 109
role: quality
verdict: reject
---

## Verdict
Reject: the code is small and focused, but the new source-regression guard is missing the mandated Old/New refactor self-doc for this detection refactor.

## Evidence
- skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:1: the new file starts with only a module docstring and then the token list; there is no `Refactor (iterN/cluster-XXX):` Old/New block explaining the NL-literal-anchor to protocol-token/sentinel/heading-id change. That makes the new detector list opaque to a non-audit reader and violates the cluster self-documentation rule.

## What would change your verdict (only if comment or reject)
Add a clear refactor self-doc block near the module docstring or `FORBIDDEN_NEW_TEST_TOKENS`, with Old explaining the localized prose literal detector pattern and New explaining the protocol-token/sentinel/heading-id contract this guard enforces.

⟦AI:AUTO-LOOP⟧

[loning]

🤖 tests reviewer: 拒绝，测试断言被弱化

TL;DR

• 这是什么:PR 109 的 tests 角度 review。
• 结论:reject，因为多处 source-regression test 从“禁止某行为”变成“出现某 token 即可”。
• 需要 maintainer 做什么:先让实现方恢复行为级断言，再进入下一轮 review。

---

详细说明

这次变更目标是把自然语言检测锚点迁到 protocol token / sentinel / heading-id，这个方向本身不在 tests review 里否定。但当前 diff 里有几处测试把业务语义测丢了:例如旧测试要求 triage prompt 明确“不写 cluster_id / legacy_cluster_id”，新测试只要求这两个字段名出现。类似地，git commit / git push / git checkout、裸 nohup python3 <daemon> &、env $(grep ... host.env) 也从“必须被禁止”变成“文本里提到即可”。

这属于断言弱化。source-regression test 的价值是防止控制器边界退化，不是统计词出现次数。修复方式不需要退回中文锚点，可以改成 protocol-token + denial semantics: forbidden action 只能出现在 deny / no-alias / controller-owner 语义下，而不是任意 section placement。

---

📎 完整 codex 原始输出(存档备查)

---

pr: 109
role: tests
verdict: reject

Verdict

Reject: the PR weakens existing source-regression tests from forbidden-behavior assertions into token-presence checks, so real controller-boundary regressions could now pass.

Evidence

• skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:1430 in test_manual_issue_reshape_requires_work_unit_v1_fields_without_audit_aliases changes the old assertion for "do not write cluster_id or legacy_cluster_id" into plain assertIn("cluster_id") and assertIn("legacy_cluster_id"). That no longer proves aliases are forbidden; the test would pass if the prompt told workers to emit those legacy fields.
• skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:1485 and :1509 in the two implement-dispatch tests replace the old full prohibition 禁止 \git commit` / `git push` / `git checkout `with separate token checks forgit commit, git push, and git checkout`. That is assertion loosening on a worker git-boundary rule; an affirmative instruction to run those commands would satisfy the new test.
• skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2667 loosens the daemon startup contract from forbidding bare nohup python3 <daemon> & / env $(grep ... host.env) to merely requiring those command fragments appear. This loses the business outcome that daemon docs must reject those unsafe startup patterns.
• skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2859 and skills/codex-refactor-loop/scripts/test_marker_only_prompts_gh_ban.py:90 replace per-line deny-word assertions for lifecycle/git tokens with section-placement checks. A line under ## GitHub post or ## codex ... that affirmatively instructs git commit, git push, gh pr create, or label edits can now pass without any 禁止 / Do NOT / controller-owner wording.

What would change your verdict (only if comment or reject)

Restore behavior-level source-regression checks that prove the forbidden actions are actually forbidden, not just mentioned. For the migrated NL-literal policy, assert protocol tokens plus denial semantics, for example "legacy alias tokens appear only in a no-alias / without-alias rule", git lifecycle tokens appear only in lines or sections with an explicit deny/owner protocol token, and unsafe daemon startup examples remain covered by a negative contract.

REVIEW_DONE:109:tests:reject
⟦AI:AUTO-LOOP⟧

⟦AI:AUTO-LOOP⟧

[loning]

🤖 架构复审通过: NL 检测已收敛到协议 token

TL;DR

• 这是什么:PR 109 的 architect 角度复审。
• 结论:approve, 没发现 CLAUDE.md / AGENTS.md 架构合规阻塞。
• 下一步:controller 可把本角色视为架构侧通过, 继续汇总其他 reviewer。

---

详细说明

我按三点核对:实际三点 diff、issue106 r2 consensus/implement 授权、CLAUDE.md/AGENTS.md 约束。PR 只改 skills/codex-refactor-loop/scripts/test_*.py, 没新增 runtime registry、daemon、生命周期 actor、schema/protocol 默认, 也没有把 C#/.NET/protobuf 默认带回来。

关键证据是新的 test_no_new_prose_detection.py 把“不要用 localized prose 当检测事实源”落成 source-regression guard；test_skill_entrypoint_contract.py 改为 sentinel、REFERENCE.md#... anchor、daemon 文件名和 marker token；host-language-policy 的六个 HOST_* 空默认和旧 C#/.NET/protobuf 默认删除 guard 仍保留。

---

📎 完整 codex 原始输出(存档备查)

---
pr: 109
role: architect
verdict: approve
---

## Verdict
Approve: no architecture compliance blocker found; the PR keeps NL-prose detection out of machine checks while preserving host-neutral policy and existing controller boundaries.

## Evidence
- `skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:15` adds a source-regression guard against reintroducing localized prose detector tokens in changed `test_*.py` files. This supports CLAUDE.md: `**变更必须可验证**:行为约束必须落到机械验证手段(behavior test / source-regression test / 段落 lint);仅靠"agent 应该记得"承载的约束视为未落地。`
- `skills/codex-refactor-loop/scripts/test_skill_entrypoint_contract.py:70` through `:85` swaps human prose literals for sentinel and `REFERENCE.md#...` anchors; `:134` through `:151` keeps heavy templates out of `SKILL.md` by asserting reference anchors plus emoji heading placement. This matches CLAUDE.md: `**内核最小化**:SKILL.md 只承载稳定不变量与触发条件;可机械化、可参考化的部分下沉到 `scripts/` / `prompts/` / `REFERENCE.md`。`
- `skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2883` through `:2920` keeps the exact six `HOST_*` host-language policy variables and rejects aliases; `:2922` through `:2957` continues guarding against old C#/.NET/protobuf prompt defaults outside the refactor comment. This preserves CLAUDE.md: `**事实源唯一**:同一约束禁止在多处平行声明。版本号 → `.version-bump.json`;host 运行时事实 → `host.env`;skill 行为 → 该 skill 的 SKILL.md 与 `scripts/test_*.py`。`
- `skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2845` through `:2865` still constrains non-controller prompt mentions of `git commit`, `git push`, `git checkout`, PR creation/merge, and issue close to explicit ban/post/marker sections. This preserves CLAUDE.md: `**强类型边界,窄扩展点**:任何 controller-runtime 例外必须 narrow allowlist + no lifecycle authority by default;授权来源必须 durable artifact + 仓库级文档双重锚定。`
- `skills/codex-refactor-loop/scripts/test_marker_only_prompts_gh_ban.py:22` through `:38` still requires marker-only prompts to contain lifecycle-ban tokens, and `:79` through `:94` verifies lifecycle snippets appear only inside the ban/redline/marker-allowlist areas. No new lifecycle actor, split actor, store abstraction, external repo reference, schema/protocol default, compat shim, or parallel pathway appears in the PR diff.
- Scope is honest against the issue-106 implement authorization: the diff is limited to `skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py`, `test_marker_only_prompts_gh_ban.py`, new `test_no_new_prose_detection.py`, and `test_skill_entrypoint_contract.py`, all under the declared `skills/codex-refactor-loop/scripts/*.py` scan/refactor scope.

REVIEW_DONE:109:architect:approve

⟦AI:AUTO-LOOP⟧

⟦AI:AUTO-LOOP⟧

[loning]

🤖 Quality review: approve

TL;DR

• 这是什么:quality 角度复核 PR feat(detection): replace NL-literal anchors with protocol tokens per #106 #109 的测试重构。
• 结论:approve,没有发现命名、复杂度、死代码、过度抽象或 drive-by cleanup 问题。
• 下一步:controller 可以把这条 quality 结论纳入 review gate。

---

详细说明

本轮只看 readability / simplicity / naming / dead code / scope。PR 把脆弱的自然语言字面断言改成更窄的 protocol token、section scope、heading/link anchor 检查，整体符合 cluster 意图。

我也打开了 4 个 touched files 的完整内容。新增 helper 的职责命名清楚，DENIAL_OR_CONTROLLER_OWNER_RE、assert_denial_or_controller_owner_context、section_between、changed_test_files 都是单一用途；没有看到单实现抽象、不可达私有代码、3 处以上可抽取重复、超过 80 行的新方法，Refactor self-doc blocks 也在关键新增/修改处保留并能读懂。

本地验证说明:我没有把当前 worktree 切到 PR 分支。尝试跑测试时命中了当前 auto-refact-dev 本地树和 PR diff 不一致的问题，所以不把该结果作为本次 quality verdict 的依据。

---

📎 完整 codex 原始输出(存档备查)

---
pr: 109
role: quality
verdict: approve
---

## Verdict
Approve: the refactor is focused, readable, and replaces brittle NL-literal checks with clearer protocol-token/section-scoped assertions without adding avoidable abstraction.

## Evidence
- `skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:15`: self-doc explains the old brittle prose-detector pattern and the new protocol-token principle clearly enough for a non-audit reader.
- `skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:36`: `changed_test_files()` is small and directly named for its purpose; no dead helper surface or generic Manager/Handler naming.
- `skills/codex-refactor-loop/scripts/test_marker_only_prompts_gh_ban.py:14`: `DENIAL_OR_CONTROLLER_OWNER_RE` is a domain-specific name for the reusable context check, not a vague helper abstraction.
- `skills/codex-refactor-loop/scripts/test_marker_only_prompts_gh_ban.py:84`: lifecycle-token validation stays in one test method with straightforward loops and no excessive branching.
- `skills/codex-refactor-loop/scripts/test_skill_entrypoint_contract.py:21`: the markdown heading and section helpers reduce repeated parsing without introducing a standalone abstraction layer.
- `skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:61`: shared `assert_denial_or_controller_owner_context()` removes repeated regex assertion boilerplate and keeps failure messages specific to the token and line.
- `skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:1493`: changed prompt-render checks now assert token presence plus redline context instead of pinning one localized sentence, which keeps the test intent readable.
- `skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2690`: daemon startup checks are scoped to the relevant section and unsafe examples, avoiding unrelated prose pinning.

## What would change your verdict (only if comment or reject)
N/A

⟦AI:AUTO-LOOP⟧

[loning]

🤖 Architect review: approve

TL;DR

• 这是什么: PR 109 把测试里的自然语言探测锚点换成协议 token / sentinel / heading anchor。
• 结论: architect 角度 approve,没有发现 CLAUDE.md / AGENTS.md 架构退化。
• 下一步: controller 可以继续等其它 reviewer/CI 信号,我这里没有 must-fix。

---

详细说明

我按 CLAUDE.md / AGENTS.md、实际三点 diff、issue-106 implement 授权范围检查了这次改动。改动集中在 skills/codex-refactor-loop/scripts/test_*.py,没有新增 lifecycle actor、并行路径、compat shim、外部仓库引用或 schema/protocol 默认。

关键点: test_no_new_prose_detection.py 增加了防止新测试重新引入本地化 prose detector 的 source-regression guard；test_skill_entrypoint_contract.py 改为检查 REFERENCE.md#... anchor、sentinel 和结构位置；marker-only prompt 的 lifecycle 禁令仍被约束在 denial/controller-owner context。

---

📎 完整 codex 原始输出(存档备查)

---

pr: 109
role: architect
verdict: approve

Verdict

Approve: no architecture compliance blocker found; the PR replaces brittle NL-prose detectors with protocol tokens, anchors, and source-regression checks while preserving host-neutral boundaries.

Evidence

• skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:15 adds the required Old/New refactor self-documentation, and :20 through :71 adds a source-regression guard against reintroducing localized prose detector tokens in changed test_*.py files. This supports CLAUDE.md: **变更必须可验证**:行为约束必须落到机械验证手段(behavior test / source-regression test / 段落 lint);仅靠"agent 应该记得"承载的约束视为未落地。
• skills/codex-refactor-loop/scripts/test_skill_entrypoint_contract.py:70 through :89 swaps human prose literals for the sentinel and REFERENCE.md#... anchors; :134 through :151 keeps heavy templates out of SKILL.md by asserting reference anchors plus emoji heading placement. This matches CLAUDE.md: **内核最小化**:SKILL.md 只承载稳定不变量与触发条件;可机械化、可参考化的部分下沉到 scripts//prompts//REFERENCE.md。
• skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2890 through :2904 still constrains non-controller prompt mentions of git commit, git push, git checkout, PR creation/merge, and issue close to explicit denial/controller-owner contexts. This preserves CLAUDE.md: **强类型边界,窄扩展点**:任何 controller-runtime 例外必须 narrow allowlist + no lifecycle authority by default;授权来源必须 durable artifact + 仓库级文档双重锚定。
• skills/codex-refactor-loop/scripts/test_marker_only_prompts_gh_ban.py:27 through :43 still requires marker-only prompts to contain lifecycle-ban tokens, and :84 through :105 verifies lifecycle snippets appear only in explicit denial/controller-owner contexts. No new lifecycle actor, split actor, store abstraction, external repo reference, schema/protocol default, compat shim, or parallel pathway appears in the PR diff.
• skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py:2922 through :2959 keeps the exact six HOST_* host-language policy variables and rejects aliases. This preserves CLAUDE.md: **事实源唯一**:同一约束禁止在多处平行声明。版本号 → .version-bump.json;host 运行时事实 → host.env;skill 行为 → 该 skill 的 SKILL.md 与 scripts/test_*.py。
• Scope is honest against the issue-106 implement authorization: the diff is limited to skills/codex-refactor-loop/scripts/test_ensure_project_rules_fixed_points.py, test_marker_only_prompts_gh_ban.py, new test_no_new_prose_detection.py, and test_skill_entrypoint_contract.py, all under the declared skills/codex-refactor-loop/scripts/*.py scan/refactor scope.

REVIEW_DONE:109:architect:approve

⟦AI:AUTO-LOOP⟧

⟦AI:AUTO-LOOP⟧

[loning]

🤖 tests review: reject, source-regression guard can no-op

TL;DR

• 这是什么: PR feat(detection): replace NL-literal anchors with protocol tokens per #106 #109 的 tests 视角复审。
• 结论: reject, 新增的 no-prose-detection 测试在取不到 origin/auto-refact-dev 时会直接扫描空列表并通过。
• 下一步: 修成 fail-closed，或在 CI 明确 fetch base ref，并断言本 PR 至少扫描到一个变更测试文件。

---

详细说明

主要问题在 skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:36-52: changed_test_files() 调 git diff --name-only origin/auto-refact-dev ...，但 diff 命令或 untracked 查询失败时返回 []。后面的测试只比较 offenders == []，所以 baseline 不存在、git 查询失败、没有扫描任何文件时都会绿。

这会让 #106 的 source-regression guard 变成可选项。当前 .github/workflows/consensus-rnd-ci.yml 里 actions/checkout@v4 没有 fetch-depth: 0，也没有显式 fetch origin/auto-refact-dev，测试依赖的 remote-tracking ref 没有被 CI job contract 固化。建议让测试 fail-closed，或先修 CI 获取 base ref；最好再断言这个 PR shape 下至少扫描到一个 changed test file。

---

📎 完整 codex 原始输出(存档备查)

---
pr: 109
role: tests
verdict: reject
---

## Verdict
Reject: the new no-prose-detection regression test can silently no-op when its git baseline lookup fails, so the added rule is not reliably enforced in CI.

## Evidence
- `skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:36`-`52`: `changed_test_files()` shells out to `git diff --name-only origin/auto-refact-dev ...`, but if that command fails it returns `[]`; `test_new_or_modified_tests_do_not_add_prose_detection_tokens` then passes with `offenders == []`. This is not a business assertion, it converts missing baseline evidence into success.
- `.github/workflows/consensus-rnd-ci.yml:27` runs `actions/checkout@v4` with default depth/ref behavior and no `fetch-depth: 0` or explicit fetch of `origin/auto-refact-dev`; the new test therefore depends on a remote-tracking ref that is not established by the test job contract. The guard added for issue #106 can pass without scanning any modified test files.
- I did not find added sleeps/delays, `[Skip]`, manual traits, or mock-only pseudo-coverage in the current diff. The other modified tests generally replace localized prose literals with protocol/section/denial-context assertions and still check concrete source-regression outcomes.

## What would change your verdict (only if comment or reject)
Make `test_no_new_prose_detection.py` fail closed when the baseline diff cannot be computed, or make CI fetch the required base ref before running the suite. The test should also assert that at least one changed test file was scanned for this PR shape, so a broken git query cannot become a green no-op.

REVIEW_DONE:109:tests:reject
⟦AI:AUTO-LOOP⟧

⟦AI:AUTO-LOOP⟧

[loning]

🤖 tests reviewer — approve

TL;DR

• 这是什么:PR feat(detection): replace NL-literal anchors with protocol tokens per #106 #109 的测试质量复审。
• 结论:approve,新增 source-regression guard 有真实断言,CI 也补了 origin/auto-refact-dev fetch。
• 下一步:controller 可把 tests 角色视为通过;无需 maintainer 修测试。

---

详细说明

我按三点看了测试质量:有没有真实业务/契约结果断言,有没有靠 sleep/delay、[Skip] 或弱化断言过 CI,以及新增守卫是否能在 CI 环境稳定运行。这个 diff 主要是把测试里的自然语言锚点换成 protocol token / sentinel / heading-id 这类更稳定的检测面。

关键点:新的 test_no_new_prose_detection.py 会计算相对 origin/auto-refact-dev 变更过的 test_*.py,git 命令失败会 fail closed,并且 guard 自己变更时要求至少还扫描到 1 个其他测试文件。.github workflow 同步改成 fetch-depth: 0 并显式 fetch base ref,所以 CI 里不会因为浅 clone 缺 base 而误判。

---

📎 完整 codex 原始输出(存档备查)

---
pr: 109
role: tests
verdict: approve
---

## Verdict
Test coverage and quality are adequate for this diff.

## Evidence
- Reviewed diff `origin/auto-refact-dev...origin/refactor/issue106-detection-no-nl-literals`; touched files are CI wiring plus tests only, with no production code requiring separate behavior coverage.
- `.github/workflows/consensus-rnd-ci.yml:28` sets `fetch-depth: 0` and line 32 fetches `origin auto-refact-dev`, which gives the new source-regression test its required `origin/auto-refact-dev` comparison ref in CI.
- `skills/codex-refactor-loop/scripts/test_no_new_prose_detection.py:36` computes changed `test_*.py` files, lines 51-56 fail closed on git command errors, lines 65-70 prevent the guard-only change from scanning nothing, and lines 71-82 assert the concrete no-regression outcome: changed tests must not contain the listed localized prose detector tokens.
- `skills/codex-refactor-loop/scripts/test_marker_only_prompts_gh_ban.py:84` strengthens lifecycle-token coverage by checking all forbidden token mentions across the prompt body, not just presence in the ban section, and rejects affirmative lifecycle mentions outside denial/controller-owner context.
- `skills/codex-refactor-loop/scripts/test_skill_entrypoint_contract.py:91` still checks ordered Phase 0 obligations and now also asserts the five concrete restart-helper-managed daemon names at lines 117-125, so replacing the old prose anchor did not drop daemon coverage.
- No new sleep/delay test pacing, `[Skip]`/manual category escape, weakened assertion pattern, or mock-only pseudo-coverage was introduced in the PR diff.
- Verification in isolated worktree `.worktrees/pr109-tests`: focused tests passed, 12 tests in 0.058s; full `python3 -m unittest discover -s skills/codex-refactor-loop/scripts -p 'test_*.py'` passed, 349 tests in 41.773s; `git diff --check origin/auto-refact-dev...HEAD` passed.

REVIEW_DONE:109:tests:approve
⟦AI:AUTO-LOOP⟧

⟦AI:AUTO-LOOP⟧