Quartz 4

Governance Gates Network

2 min read

Governance Gates Network

This map shows the 8 cascade-failure gates from Amendment §A1 (2026-05-01), each grounded in a specific incident. Read this before creating plan files, adding KB directories, starting new services, or touching credentials — the gates define what must happen in the same task as the triggering action.

Diagram

mindmap
  root((Governance Gates))
    G-PLAN-INDEX-REQUIRED
      Stops 89% orphan-plan rate
      Incident: Binance/EU plan loss
      Same task: project_*.md + MEMORY.md entry
    G-MEMORY-FOLD-PROTECTION
      Stops incident recurrence
      Incidents: 9870 wrong-inbox, 374-dup-SMS
      Incident-derived rules above line 150
    G-BLOCKER-SURFACING
      Stops 47 hidden blockers
      Incident: 32 plans with silent blockers
      Mirror to SESSION-AUDIT same session
    G-NO-PLAINTEXT-CREDS
      Stops credential exposure
      Incident: TOOLS.md 15 plaintext secrets
      Use op://Aurora refs only
    G-SERVICE-PRE-START-DOC
      Stops undocumented live services
      Incident: 23 undoc services found
      Register in port-map BEFORE start
    G-KB-SYNC-WITH-CLAUDEMD
      Stops invisible KB docs
      Incident: Binance/EU miss
      Add to Platforms list same change
    G-GOVERNANCE-LOG-FRESHNESS
      Stops stale governance loop
      Files: CHANGELOG, WORKFLOW-PATTERNS
      Weekly cron alerts if >14 days stale
    G-FAILED-SERVICE-MTTR
      Stops silent data outages
      Incident: cost-monitor, discord-thread
      Fix or disable within 24h of failed state

How to read this

  • Each gate has a same-task requirement — something that MUST happen in the same session/task as the trigger action, not deferred.
  • G-PLAN-INDEX-REQUIRED: creating any file in ~/.claude/plans/ MUST include a matching project_*.md in memory + MEMORY.md index entry.
  • G-MEMORY-FOLD-PROTECTION: MEMORY.md auto-loads ~200 lines — incident-derived rules must stay above line 150 or they become invisible.
  • G-BLOCKER-SURFACING: any plan with unresolved ## Open Blockers items MUST mirror them to SESSION-AUDIT.md NEXT ACTIONS in the same session.
  • G-NO-PLAINTEXT-CREDS: no xoxb-, eyJ, sk-[A-Za-z0-9]{20,}, Bearer, pat-, pplx-, or figd_ tokens in any tracked file — use op://Aurora/<item>/<field> references.
  • G-SERVICE-PRE-START-DOC: new systemd units / PM2 processes / TCP-bound processes must appear in CLAUDE.md port map AND workspace/ARCHITECTURE.md BEFORE first start.
  • G-KB-SYNC-WITH-CLAUDEMD: any new workspace/knowledge-base/<dir>/ requires same-change update to the “Platforms with KB docs” line in CLAUDE.md.
  • G-GOVERNANCE-LOG-FRESHNESS: WORKFLOW-PATTERNS.md, SYSTEM-FRICTION-LOG.md, CHANGELOG.md, AUDIT-LOG.md each must be touched within 14 days.
  • G-FAILED-SERVICE-MTTR: services in failed state >24h must be fixed, disabled, or archived.
  • ports-topology — G-SERVICE-PRE-START-DOC gates every new port addition shown there
  • agents-tier-structure — agent SOUL.md changes gated by Agent Identity First (companion to these gates)
  • mcp-server-catalog — G-NO-PLAINTEXT-CREDS applies to .mcp.json env blocks

See also

  • CLAUDE.md — “MANDATORY: Cascade-Failure Gates (Amendment §A1, 2026-05-01)” section (authoritative)
  • SESSION-AUDIT.md — where blockers get mirrored (G-BLOCKER-SURFACING target)
  • ~/.claude/plans/openclaw-fragmentation-fix-2026-05-01.md — master plan defining all 8 gates

Graph View

Backlinks