Digest.Id: BOOTPACK
Digest.Version: 2.3
Digest.Date: 2025-11-08
SoT.Write: \\DS-918\chatgpt\ChatGPT-Gouvernance-Projets\_registry
SoT.Read: https://repogpt.telki.fr/
Index.Blocking.Source: https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/KB_BLOCKING_INDEX__docdigest_latest.txt
RuleIndex.Source: https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/RULES_INDEX__docdigest_latest.txt
RuleIndex.Enforce: read-every-time, fail-closed
RuleIndex.Require: Count.Total>0 ; Count.WithSHA>=Count.MUSTHAVE ; MustHavePresent=TRUE ; Staleness<=1d
Provenance.Require: true
Provenance.Policy: https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/PROVENANCE_POLICY__docdigest_latest.txt
Delivery.Verify.Policy: https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/DELIVERY_VERIFY_POLICY__docdigest_latest.txt
Safe.Deploy.Policy: https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/SAFE_DEPLOY_POLICY__docdigest_latest.txt
Gate.Acceptance.Fields: entries,blocking,ptr_exists,ptr_sha_match,json_entries
Mode.Default: Preview-only
Write.Trigger: appliquer le patch maintenant
Write.Path: staging->tmp->atomic-move->bak_YYYYMMDD_HHMMSS
Write.Verify: sha256(local,tmp,final)
Compat.PS: 5.1-only ; Encoding: ps1=UTF-8+BOM ; sh=/bin/sh ASCII ; txt/json.txt=UTF-8 no-BOM
Scope: ONE-BUG-ONE-SCRIPT
Policy.FailClosed: true
[MUSTREAD]
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/GOV_SCRIPT_GATE__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/SAFE_WRITE_RULE__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/STYLE_GUARD_PS51__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/DEV_LINKS_PACK__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/PROVENANCE_POLICY__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/PACKAGING_POLICY__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/DELIVERY_VERIFY_POLICY__docdigest_latest.txt
https://repogpt.telki.fr/ChatGPT-Gouvernance-Projets/_registry/rules/SAFE_DEPLOY_POLICY__docdigest_latest.txt
[BUG_KB_JSON_POINTER]
Path = \\DS-918\chatgpt\ChatGPT-Gouvernance-Projets\_registry\bug_kb\BUG_KB.json.txt
SHA256 = 864394F3EF8F1722ED68B3E60F784F059601334C9BF6FF090C30EBF5F6524AAE
Entries = 6
[BUG_KB_JSON]
<<<JSON
{"id":"BUGKB-ONE-SHOT-GATING-2025-10-17","date":"2025-10-17T00:49:00+02:00","title":"Execution apres N due to non-hermetic gating and ternary misuse","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["REGLES/INDEX/XREF/TRANSCRIPT modifies involontairement","snapshot du jour cree","multiples .bak"],"repro":["Coller un bloc ou 'return' n'encapsule pas toutes les commandes (hors if global).","Utiliser une pseudo-ternary '?:' en PowerShell provoque une erreur de parsing, puis collage fractionne."],"detection":{"verify_cmds":["Select-String -Path REGLES_GOUVERNANCE.txt -Pattern 'SCRIPT-GENERATION-HANDOVER-RULE\\\\s+v1\\\\.0'","Get-ChildItem \\\\DS-918\\\\...\\\\_registry -Filter *.bak | Sort-Object LastWriteTime -Descending | Select -First 5 Name,LastWriteTime"],"patterns":["presence de '?' suivi de ':' (indice) - verifier manuellement","one-shot sans encapsulation globale & { ... } (regex tete absente)","lignes d'ecriture hors if ( -eq 'O')"]},"fix":{"summary":"Encapsulation hermetique & { } + EXECUTE uniquement si ( -eq 'O'); suppression du ternary","code_guardrail":["# Guardrail minimal pour one-shot","& {","   = Read-Host 'Proceed? Type O to continue (O/N)'; if( -ne 'O'){ Write-Host '[CANCEL]'; return }","  # EXECUTE ICI UNIQUEMENT","}"],"recipe_steps":["Tout le bloc (helpers+preview+O/N+execute) dans un unique scriptblock & { ... }","Aucune commande d'ecriture apres la condition","Remplacer la pseudo-ternary par un if/else PowerShell explicite"]},"guardrails":["ENCAPSULATION-ONE-SHOT v1.0 : bloc unique & { ... } obligatoire","ASCII-only, no here-strings, single-layer","Preview -> O/N -> ecriture ; .bak systematiques ; local->NAS Safe-Replace"],"verify_cmds":["Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry -Filter *.bak | Sort-Object LastWriteTime -Descending | Select -First 3 Name,LastWriteTime","Select-String -Path \\\\DS-918\\\\...\\\\REGLES_GOUVERNANCE.txt -Pattern 'ENCAPSULATION-ONE-SHOT\\\\s+v1\\\\.0'"],"tags":["powershell","paste-ready","gating","safe-create","governance"],"status":"fixed"}
{"id":"BUGKB-BOOT-PACK-KB-MISSING-2025-10-17","date":"2025-10-17T00:53:33+02:00","title":"Boot-pack incomplet (KB et Patch History absents) entraine boucles et incoherences","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["Rebouclages et echanges multiples avant d obtenir un script correct","Incoherence des regles appliquees suivant les fils","Perte de temps (manque de garde-fous connus)"],"repro":["Demarrer un fil code/script sans fournir bug_kb\\\\BUG_KB.jsonl et _patches\\\\SCRIPT_PATCH_HISTORY.txt","Le modele ne charge pas les garde-fous et recettes correctives deja connues","Livraisons non standard (ex: here-strings, gating partiel, verifs insuffisantes)"],"detection":{"verify_cmds":["Test-Path \\\\DS-918\\\\...\\\\_registry\\\\bug_kb\\\\BUG_KB.jsonl","Test-Path \\\\DS-918\\\\...\\\\_registry\\\\_patches\\\\SCRIPT_PATCH_HISTORY.txt","Select-String -Path \\\\DS-918\\\\...\\\\_registry\\\\REGLES_GOUVERNANCE.txt -Pattern 'BOOT-PACK-KB-REQUIRED\\\\s+v1\\\\.0'"],"patterns":["Audit BOOT-PACK: elements manquants (KB JSONL, Patch History)","REGLES_GOUVERNANCE.txt sans section BOOT-PACK-KB-REQUIRED v1.0"]},"fix":{"summary":"Rendre KB et Patch History obligatoires dans le BOOT-PACK + enforcer et audit","code_guardrail":["# Guardrail (pseudocode):","if (-not (Test-Path bug_kb\\\\BUG_KB.jsonl) -or -not (Test-Path _patches\\\\SCRIPT_PATCH_HISTORY.txt)) {","  Write-Host '[BLOCK] KB/Patch History manquants. Fournissez le BOOT-PACK complet.'","  return","}"],"recipe_steps":["Ajouter la regle BOOT-PACK-KB-REQUIRED v1.0 dans REGLES_GOUVERNANCE.txt","Exiger le BOOT-PACK complet a l ouverture de tout fil code/script","Refuser de livrer des scripts tant que KB et Patch History ne sont pas fournis","Utiliser l audit BOOT-PACK avant generation","Mettre a jour la memoire du modele pour cette exigence"]},"guardrails":["BOOT-PACK-KB-REQUIRED v1.0","SAFE-CREATE-ENFORCER v1.1","ENCAPSULATION-ONE-SHOT v1.0","SCRIPT-GENERATION-HANDOVER-RULE v1.0"],"verify_cmds":["Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry\\\\bug_kb -Filter BUG_KB.jsonl","Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry\\\\_patches -Filter SCRIPT_PATCH_HISTORY.txt"],"tags":["governance","boot-pack","kb","patch-history","paste-ready","safe-create"],"status":"fixed"}
{"id":"BUGKB-CMD-CARET-LONGLINE-2025-10-17","date":"2025-10-17T23:43:26+02:00","title":"Blocage par ^ (cmd) et one-liner trop long dans PowerShell","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["Commande tronquee et/ou bloquee sur Read-Host","Variables vides","Ecritures partielles ou echouees"],"repro":["Coller un one-liner tres long qui depasse la largeur buffer","Utiliser ^ (cmd) au lieu de separateurs PowerShell","Coller une chaine entre guillemets avec du code PowerShell"],"detection":{"verify_cmds":["Get-History | Select -Last 5","[Console]::BufferWidth","(Get-Content ","\\\\DS-918\\chatgpt\\ChatGPT-Gouvernance-Projets\\_registry\\bug_kb\\BUG_KB.jsonl"," -ErrorAction SilentlyContinue | Select-Object -Last 3)"],"patterns":["Presence du caractere ^ dans PowerShell","Commande coupee sur plusieurs prompts PS>","Read-Host attend sans suite logique"]},"fix":{"summary":"Utiliser un bloc & { ... } multi-lignes; pas de ^; pas de here-strings; pas de pseudo-ternary; couper les installs en mini one-shots","recipe_steps":["Toujours executer des blocs & { ... } multi-lignes","Ne pas utiliser ^ dans PowerShell","Eviter les here-strings et les chaines enormes","Segmenter en mini one-shots si la ligne devient longue"],"code_guardrail":["# Encapsulation","& {","  # code ici","}"]},"guardrails":["ENCAPSULATION-ONE-SHOT v1.0","ASCII-only","No here-strings","No ^ in PowerShell"],"tags":["powershell","paste-ready","gating","safe-create"],"status":"fixed"}
{"id":"BUGKB-REGEX-REPLACE-MULTILINE-CONCAT-2025-10-18_00-03-27","repro":["Patch par -replace multi-ligne"],"impact":["Exporteur cassé","Concat chemins"],"status":"fixed","date":"2025-10-18T00:03:27+02:00","env":["Win11","PS no admin","NAS SMB"],"guardrails":["ASCII-only","No here-strings",".bak"],"fix":{"summary":"Réécriture complète ou motifs bornés","recipe_steps":["Réécrire fichier","Sauvegarde .bak"]},"title":"Mauvais -replace multi-ligne","detection":{"patterns":["chemins collés","PathNotFound"]}}
{"id":"BUGKB-UNC-EXEC-POLICY-BYPASS-2025-10-18_00-03-27","repro":["Appel direct & \\\\UNC\\*.ps1"],"impact":["PSSecurityException"],"status":"fixed","date":"2025-10-18T00:03:27+02:00","env":["Win11","PS no admin","NAS SMB"],"guardrails":["ENCAPSULATION-ONE-SHOT v1.0","ASCII-only"],"fix":{"summary":"-File + Bypass ou copie TEMP","recipe_steps":["Use -File -ExecutionPolicy Bypass","Copie vers $env:TEMP","Unblock-File si autorisé"]},"title":"Blocage exécution UNC non signé","detection":{"patterns":["about_Execution_Policies"]}}
{"id":"KB-PS51-NO-TERNARY-20251108_151037","title":"PowerShell 5.1 n’a pas l’opérateur ternaire ? : (token PS7)","area":"scripting/powershell","component":"installers/generators","environment":"Windows PowerShell 5.1","kind":"style/compat","severity":"high","blocking":false,"date":"2025-11-08T15:10:37.601513","guard":"STYLE_GUARD_PS51.NoPS7Tokens","symptoms":["ParserError: Jeton inattendu '?'","Parenthèse fermante manquante suite au parseur","Scripts générés incompatibles PS 5.1"],"repro":["Exécuter un script contenant l’opérateur ternaire '? :' sous Windows PowerShell 5.1"],"expected":"Aucun usage de tokens PS7 (dont '? :'); utiliser if/else explicite","fix":["Remplacer toutes les expressions ternaires par if/else explicite","Ajouter vérification statique: refuser motif '?\\s*:' hors chaînes","Exécuter test minimal sous PS 5.1 après génération"],"files_affected":["install_docdigests_*.ps1","generate_*_docdigest_*.ps1"],"status":"resolved","resolved_at":"2025-11-08T15:32:25.692846","resolution":"All generators/installer scripts audited for PS5.1; no ternary tokens remain."}
>>>
# DOC-VERSION-FOOTER
DOC-DIGEST=v1 | TXT-ONLY | compat=Acceptance_v1.2+GOV_SCRIPT_GATE_v1.7