{"id":"BUGKB-ONE-SHOT-GATING-2025-10-17","date":"2025-10-17T00:49:00+02:00","title":"Execution apres N due to non-hermetic gating and ternary misuse","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["REGLES/INDEX/XREF/TRANSCRIPT modifies involontairement","snapshot du jour cree","multiples .bak"],"repro":["Coller un bloc ou \u0027return\u0027 n\u0027encapsule pas toutes les commandes (hors if global).","Utiliser une pseudo-ternary \u0027?:\u0027 en PowerShell provoque une erreur de parsing, puis collage fractionne."],"detection":{"verify_cmds":["Select-String -Path REGLES_GOUVERNANCE.txt -Pattern \u0027SCRIPT-GENERATION-HANDOVER-RULE\\\\s+v1\\\\.0\u0027","Get-ChildItem \\\\DS-918\\\\...\\\\_registry -Filter *.bak | Sort-Object LastWriteTime -Descending | Select -First 5 Name,LastWriteTime"],"patterns":["presence de \u0027?\u0027 suivi de \u0027:\u0027 (indice) - verifier manuellement","one-shot sans encapsulation globale \u0026 { ... } (regex tete absente)","lignes d\u0027ecriture hors if ( -eq \u0027O\u0027)"]},"fix":{"summary":"Encapsulation hermetique \u0026 { } + EXECUTE uniquement si ( -eq \u0027O\u0027); suppression du ternary","code_guardrail":["# Guardrail minimal pour one-shot","\u0026 {","   = Read-Host \u0027Proceed? Type O to continue (O/N)\u0027; if( -ne \u0027O\u0027){ Write-Host \u0027[CANCEL]\u0027; return }","  # EXECUTE ICI UNIQUEMENT","}"],"recipe_steps":["Tout le bloc (helpers+preview+O/N+execute) dans un unique scriptblock \u0026 { ... }","Aucune commande d\u0027ecriture apres la condition","Remplacer la pseudo-ternary par un if/else PowerShell explicite"]},"guardrails":["ENCAPSULATION-ONE-SHOT v1.0 : bloc unique \u0026 { ... } obligatoire","ASCII-only, no here-strings, single-layer","Preview -\u003e O/N -\u003e ecriture ; .bak systematiques ; local-\u003eNAS Safe-Replace"],"verify_cmds":["Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry -Filter *.bak | Sort-Object LastWriteTime -Descending | Select -First 3 Name,LastWriteTime","Select-String -Path \\\\DS-918\\\\...\\\\REGLES_GOUVERNANCE.txt -Pattern \u0027ENCAPSULATION-ONE-SHOT\\\\s+v1\\\\.0\u0027"],"tags":["powershell","paste-ready","gating","safe-create","governance"],"status":"fixed"}