From 4d5bbe46e3363b7228a01738662c4d6c6dbb50f2 Mon Sep 17 00:00:00 2001
From: jester <admin@zerolaghub.com>
Date: Sat, 20 Dec 2025 23:20:06 +0000
Subject: [PATCH] Create ANTI_DRIFT_GUARDRAIL.md - Protect working pipelines
 from helpful but harmful changes

---
 ANTI_DRIFT_GUARDRAIL.md | 52 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 ANTI_DRIFT_GUARDRAIL.md

diff --git a/ANTI_DRIFT_GUARDRAIL.md b/ANTI_DRIFT_GUARDRAIL.md
new file mode 100644
index 0000000..50ca779
--- /dev/null
+++ b/ANTI_DRIFT_GUARDRAIL.md
@@ -0,0 +1,52 @@
+# Anti-Drift Guardrail – zlh-grind
+
+This document exists to prevent "helpful" changes that cause operational drift.
+
+---
+
+## Purpose
+Protect working pipelines by enforcing hard rules:
+- Keep step visibility
+- Preserve contracts
+- Avoid unnecessary template churn
+- Don't silently change wire formats
+
+---
+
+## Guardrails
+
+### 1) Preserve provisioning step output
+The step-by-step orchestration logs are required.
+Do not remove, collapse, or reorder them casually.
+
+### 2) Single-template is intentional
+We use exactly one base template (`AGENT_TEMPLATE_VMID`).
+The agent installs roles at runtime based on payload.
+
+### 3) Template churn is expensive
+In this workflow:
+- Changing zlh-agent requires building + copying into the template container.
+- That means "agent change" effectively becomes a template rev.
+
+Therefore:
+- Prefer API-side compatibility fixes unless we intentionally plan a template update.
+
+### 4) Wire contract is explicit
+Agent currently expects:
+- `container_type` (snake_case) on JSON decode
+
+Until the next intentional template rev:
+- API must emit `container_type`
+- Do not switch to `containerType` / `ctype` on the wire
+
+---
+
+## Allowed Changes Here
+- Session logs
+- Open threads
+- Constraints / guardrails
+- Upstream pointers
+
+Not allowed:
+- "Better architecture" rewrites
+- Re-documenting canonical upstream specs