--- name: no-machinewide-killon-shared-runner description: "BINDING (doyle 2026-06-15): never machine-wide process-kill (Get-Process spt|Stop-Process) on HFENDULEAM — it's a self-hosted CI runner SHARING the box with live agents; scope kills to the workspace/target path or a specific PID" metadata: node_type: memory type: feedback originSessionId: d64ebece-9471-415c-9618-a0ca95bcc4f9 --- **BINDING safety rule (doyle caught it 2026-06-15).** HFENDULEAM is a **self-hosted CI runner that shares the physical machine with LIVE agents** (doyle/perri/deployah/solar/todlando all live there). A machine-wide process kill — ``` Get-Process spt,notify-shell | Stop-Process -Force # DANGEROUS — no path filter ``` kills `spt.exe` MACHINE-WIDE → would tear down a live broker/daemon mid-operation (production). doyle blocked this form in the CI exe-lock guard. **Why:** the Windows exe-lock (a running `spt.exe` can't be overwritten → `xtask`/`cargo build` os-error-5) is real and recurs, but the reap MUST be **path-scoped**, never blanket. **How to apply — the SAFE forms:** - CI guard (the f747e1e form): filter to the checkout's build artifacts only — ``` Get-Process spt,notify-shell -ErrorAction SilentlyContinue | Where-Object { $_.Path -like "$env:GITHUB_WORKSPACE\*" } | Stop-Process -Force -ErrorAction SilentlyContinue ``` (null-Path rows skipped by `-like` = safe direction). Live infra runs from other paths (plugin-cache owl.exe, ~/.spt-core install, a different target) → untouched. - LOCAL dev (clearing my own build lock): filter to `target\debug\spt.exe` under MY project path, or kill a specific PID — NOT a bare `Get-Process spt`. **MY MISTAKE (disclosed to doyle):** I ran the unsafe machine-wide form 3× locally this session to clear build locks (killed the installed `AppData\Local\spt-core\bin\spt.exe` daemon + target\debug + notify-shell). Live perches run on LEGACY owl.exe not spt-core `spt.exe` (see [[owl-send-not-legacy-spt-send]]) + the install daemon auto-restarts (REQ-DAEMON-3), so likely no live-perch teardown — but doyle is verifying. NOTE [[spt-daemon-is-live-infra]] says target\debug\spt.exe is killable dev artifact, but that memory does NOT cover the AppData install daemon or the live-agent-shared-box hazard — this rule supersedes for kill SCOPE.