{"id":"BUGKB-ONE-SHOT-GATING-2025-10-17","date":"2025-10-17T00:49:00+02:00","title":"Execution apres N due to non-hermetic gating and ternary misuse","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["REGLES/INDEX/XREF/TRANSCRIPT modifies involontairement","snapshot du jour cree","multiples .bak"],"repro":["Coller un bloc ou 'return' n'encapsule pas toutes les commandes (hors if global).","Utiliser une pseudo-ternary '?:' en PowerShell provoque une erreur de parsing, puis collage fractionne."],"detection":{"verify_cmds":["Select-String -Path REGLES_GOUVERNANCE.txt -Pattern 'SCRIPT-GENERATION-HANDOVER-RULE\\\\s+v1\\\\.0'","Get-ChildItem \\\\DS-918\\\\...\\\\_registry -Filter *.bak | Sort-Object LastWriteTime -Descending | Select -First 5 Name,LastWriteTime"],"patterns":["presence de '?' suivi de ':' (indice) - verifier manuellement","one-shot sans encapsulation globale & { ... } (regex tete absente)","lignes d'ecriture hors if ( -eq 'O')"]},"fix":{"summary":"Encapsulation hermetique & { } + EXECUTE uniquement si ( -eq 'O'); suppression du ternary","code_guardrail":["# Guardrail minimal pour one-shot","& {","   = Read-Host 'Proceed? Type O to continue (O/N)'; if( -ne 'O'){ Write-Host '[CANCEL]'; return }","  # EXECUTE ICI UNIQUEMENT","}"],"recipe_steps":["Tout le bloc (helpers+preview+O/N+execute) dans un unique scriptblock & { ... }","Aucune commande d'ecriture apres la condition","Remplacer la pseudo-ternary par un if/else PowerShell explicite"]},"guardrails":["ENCAPSULATION-ONE-SHOT v1.0 : bloc unique & { ... } obligatoire","ASCII-only, no here-strings, single-layer","Preview -> O/N -> ecriture ; .bak systematiques ; local->NAS Safe-Replace"],"verify_cmds":["Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry -Filter *.bak | Sort-Object LastWriteTime -Descending | Select -First 3 Name,LastWriteTime","Select-String -Path \\\\DS-918\\\\...\\\\REGLES_GOUVERNANCE.txt -Pattern 'ENCAPSULATION-ONE-SHOT\\\\s+v1\\\\.0'"],"tags":["powershell","paste-ready","gating","safe-create","governance"],"status":"fixed"}
{"id":"BUGKB-BOOT-PACK-KB-MISSING-2025-10-17","date":"2025-10-17T00:53:33+02:00","title":"Boot-pack incomplet (KB et Patch History absents) entraine boucles et incoherences","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["Rebouclages et echanges multiples avant d obtenir un script correct","Incoherence des regles appliquees suivant les fils","Perte de temps (manque de garde-fous connus)"],"repro":["Demarrer un fil code/script sans fournir bug_kb\\\\BUG_KB.jsonl et _patches\\\\SCRIPT_PATCH_HISTORY.txt","Le modele ne charge pas les garde-fous et recettes correctives deja connues","Livraisons non standard (ex: here-strings, gating partiel, verifs insuffisantes)"],"detection":{"verify_cmds":["Test-Path \\\\DS-918\\\\...\\\\_registry\\\\bug_kb\\\\BUG_KB.jsonl","Test-Path \\\\DS-918\\\\...\\\\_registry\\\\_patches\\\\SCRIPT_PATCH_HISTORY.txt","Select-String -Path \\\\DS-918\\\\...\\\\_registry\\\\REGLES_GOUVERNANCE.txt -Pattern 'BOOT-PACK-KB-REQUIRED\\\\s+v1\\\\.0'"],"patterns":["Audit BOOT-PACK: elements manquants (KB JSONL, Patch History)","REGLES_GOUVERNANCE.txt sans section BOOT-PACK-KB-REQUIRED v1.0"]},"fix":{"summary":"Rendre KB et Patch History obligatoires dans le BOOT-PACK + enforcer et audit","code_guardrail":["# Guardrail (pseudocode):","if (-not (Test-Path bug_kb\\\\BUG_KB.jsonl) -or -not (Test-Path _patches\\\\SCRIPT_PATCH_HISTORY.txt)) {","  Write-Host '[BLOCK] KB/Patch History manquants. Fournissez le BOOT-PACK complet.'","  return","}"],"recipe_steps":["Ajouter la regle BOOT-PACK-KB-REQUIRED v1.0 dans REGLES_GOUVERNANCE.txt","Exiger le BOOT-PACK complet a l ouverture de tout fil code/script","Refuser de livrer des scripts tant que KB et Patch History ne sont pas fournis","Utiliser l audit BOOT-PACK avant generation","Mettre a jour la memoire du modele pour cette exigence"]},"guardrails":["BOOT-PACK-KB-REQUIRED v1.0","SAFE-CREATE-ENFORCER v1.1","ENCAPSULATION-ONE-SHOT v1.0","SCRIPT-GENERATION-HANDOVER-RULE v1.0"],"verify_cmds":["Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry\\\\bug_kb -Filter BUG_KB.jsonl","Get-ChildItem \\\\DS-918\\\\chatgpt\\\\ChatGPT-Gouvernance-Projets\\\\_registry\\\\_patches -Filter SCRIPT_PATCH_HISTORY.txt"],"tags":["governance","boot-pack","kb","patch-history","paste-ready","safe-create"],"status":"fixed"}
{"id":"BUGKB-CMD-CARET-LONGLINE-2025-10-17","date":"2025-10-17T23:43:26+02:00","title":"Blocage par ^ (cmd) et one-liner trop long dans PowerShell","env":["Win11","PowerShell console (no admin)","NAS SMB"],"impact":["Commande tronquee et/ou bloquee sur Read-Host","Variables vides","Ecritures partielles ou echouees"],"repro":["Coller un one-liner tres long qui depasse la largeur buffer","Utiliser ^ (cmd) au lieu de separateurs PowerShell","Coller une chaine entre guillemets avec du code PowerShell"],"detection":{"verify_cmds":["Get-History | Select -Last 5","[Console]::BufferWidth","(Get-Content ","\\\\DS-918\\chatgpt\\ChatGPT-Gouvernance-Projets\\_registry\\bug_kb\\BUG_KB.jsonl"," -ErrorAction SilentlyContinue | Select-Object -Last 3)"],"patterns":["Presence du caractere ^ dans PowerShell","Commande coupee sur plusieurs prompts PS>","Read-Host attend sans suite logique"]},"fix":{"summary":"Utiliser un bloc & { ... } multi-lignes; pas de ^; pas de here-strings; pas de pseudo-ternary; couper les installs en mini one-shots","recipe_steps":["Toujours executer des blocs & { ... } multi-lignes","Ne pas utiliser ^ dans PowerShell","Eviter les here-strings et les chaines enormes","Segmenter en mini one-shots si la ligne devient longue"],"code_guardrail":["# Encapsulation","& {","  # code ici","}"]},"guardrails":["ENCAPSULATION-ONE-SHOT v1.0","ASCII-only","No here-strings","No ^ in PowerShell"],"tags":["powershell","paste-ready","gating","safe-create"],"status":"fixed"}
{"id":"BUGKB-REGEX-REPLACE-MULTILINE-CONCAT-2025-10-18_00-03-27","repro":["Patch par -replace multi-ligne"],"impact":["Exporteur cassé","Concat chemins"],"status":"fixed","date":"2025-10-18T00:03:27+02:00","env":["Win11","PS no admin","NAS SMB"],"guardrails":["ASCII-only","No here-strings",".bak"],"fix":{"summary":"Réécriture complète ou motifs bornés","recipe_steps":["Réécrire fichier","Sauvegarde .bak"]},"title":"Mauvais -replace multi-ligne","detection":{"patterns":["chemins collés","PathNotFound"]}}
{"id":"BUGKB-UNC-EXEC-POLICY-BYPASS-2025-10-18_00-03-27","repro":["Appel direct & \\\\UNC\\*.ps1"],"impact":["PSSecurityException"],"status":"fixed","date":"2025-10-18T00:03:27+02:00","env":["Win11","PS no admin","NAS SMB"],"guardrails":["ENCAPSULATION-ONE-SHOT v1.0","ASCII-only"],"fix":{"summary":"-File + Bypass ou copie TEMP","recipe_steps":["Use -File -ExecutionPolicy Bypass","Copie vers $env:TEMP","Unblock-File si autorisé"]},"title":"Blocage exécution UNC non signé","detection":{"patterns":["about_Execution_Policies"]}}
{"id":"KB-PS51-NO-TERNARY-20251108_151037","title":"PowerShell 5.1 n’a pas l’opérateur ternaire ? : (token PS7)","area":"scripting/powershell","component":"installers/generators","environment":"Windows PowerShell 5.1","kind":"style/compat","severity":"high","blocking":false,"date":"2025-11-08T15:10:37.601513","guard":"STYLE_GUARD_PS51.NoPS7Tokens","symptoms":["ParserError: Jeton inattendu '?'","Parenthèse fermante manquante suite au parseur","Scripts générés incompatibles PS 5.1"],"repro":["Exécuter un script contenant l’opérateur ternaire '? :' sous Windows PowerShell 5.1"],"expected":"Aucun usage de tokens PS7 (dont '? :'); utiliser if/else explicite","fix":["Remplacer toutes les expressions ternaires par if/else explicite","Ajouter vérification statique: refuser motif '?\\s*:' hors chaînes","Exécuter test minimal sous PS 5.1 après génération"],"files_affected":["install_docdigests_*.ps1","generate_*_docdigest_*.ps1"],"status":"resolved","resolved_at":"2025-11-08T15:32:25.692846","resolution":"All generators/installer scripts audited for PS5.1; no ternary tokens remain."}
{"id":"KB-PS51-NO-TERNARY-REGRESSION-20251108_154956","title":"Regression: usage du ternaire PS7 lors de la génération verify_gov_zip_v1.0.ps1 (PS 5.1 incompatible)","area":"scripting/powershell","component":"tooling/verify_script","environment":"Windows PowerShell 5.1","kind":"compat/regression","severity":"high","blocking":false,"date":"2025-11-08T15:49:56.931986","guard":"STYLE_GUARD_PS51.NoPS7Tokens","symptoms":["ParserError: Jeton inattendu '?'","Erreur lors de l'exécution de verify_gov_zip_v1.0.ps1 (PS 5.1)"],"repro":["Lancer le script verify_gov_zip_v1.0.ps1 sous PS 5.1"],"expected":"Pas de '? :' ; utiliser if/else explicite ; pas d'appel inline dans les interpolations","fix":["Réécriture v1.1 sans ternaire et sans appel inline","Ajouter auto-selfcheck regex dans scripts générés (prohiber '?\\s*:')"],"files_affected":["verify_gov_zip_v1.0.ps1"],"status":"resolved","resolved_at":"2025-11-08T16:02:56.911121","resolution":"Self-check intégré dans les scripts; vérif ZIP+manifest en place; génération PS5.1 safe validée."}
{"id":"KB-PS51-NOWTAG-SUBEXPR-20251108_163222","title":"PS5.1: sous-expression $(...) obligatoire pour appels inline (NowTag)","area":"scripting/powershell","component":"tooling/deploy_script","environment":"Windows PowerShell 5.1","kind":"compat/syntax","severity":"medium","blocking":false,"date":"2025-11-08T16:32:22.700569","symptoms":["ParserError: Une expression est attendue après '('","Echec sur (NowTag) au lieu de $(NowTag)"],"expected":"Utiliser la sous-expression PowerShell $(NowTag) dans les concaténations de chaîne, pas (NowTag)","fix":["gov_safe_deploy_from_zip_v1.4+ : utilisation de $(NowTag)","Garde STYLE_GUARD_PS51 active; tests sur exécution locale"],"files_affected":["gov_safe_deploy_from_zip_v1.3.ps1"],"status":"resolved","resolved_at":"2025-11-08T16:32:22.700569"}