fix(update-system): allow writing-samples/README.md as system-owned file

[msabihahmed]

What does this PR do?

Adds writing-samples/README.md to SYSTEM_PATHS and short-circuits the apply-time safety check when a file appears verbatim in the SYSTEM_PATHS allowlist, so the explicit allowlist takes precedence over USER_PATHS prefix matches. DATA_CONTRACT.md is updated with a one-line note documenting the exception.

Related issue

Closes #549

Type of change

• Bug fix
• New feature
• Documentation / translation
• Refactor (no behavior change)

Checklist

• I have read CONTRIBUTING.md
• I linked a related issue above (required for features and architecture changes)
• My PR does not include personal data (CV, email, real names)
• I ran node test-all.mjs and all tests pass (65 passed, 0 failed, 15 pre-existing warnings)
• My changes respect the Data Contract (no modifications to user-layer files)
• My changes align with the project roadmap

Notes

• SYSTEM_PATHS lookup uses exact-string Array.includes(), so only the explicitly-listed writing-samples/README.md is exempted — other files under writing-samples/ remain protected by the existing USER_PATHS prefix check.
• New guard runs before the USER_PATHS loop, ensuring the explicit allowlist always wins over prefix matches without changing behavior for any other path.

Summary by CodeRabbit

• Chores
  • Enhanced the auto-updater to recognize a specific onboarding document inside the writing-samples area as system-owned so it can be updated automatically, and to skip that document during user-path violation checks—protecting other user-created content in the same directory.

[github-actions]

Welcome to career-ops, @msabihahmed! Thanks for your first PR.

A few things to know:

• Tests will run automatically — check the status below
• Make sure you've linked a related issue (required for features)
• Read CONTRIBUTING.md if you haven't

We'll review your PR soon. Join our Discord if you have questions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e4438ac5-1656-40ba-ad64-19ea665b7270

📥 Commits

Reviewing files that changed from the base of the PR and between 7d49388 and 06b6382.

📒 Files selected for processing (1)

• DATA_CONTRACT.md

---

📝 Walkthrough

Walkthrough

Fixes a path-ownership conflict by treating writing-samples/README.md as a system-owned path: the README is added to SYSTEM_PATHS and the apply() validation now skips system-paths before running USER_PATHS prefix checks.

Changes

System Path Exception for Writing Samples

Layer / File(s)	Summary
Documentation Contract DATA_CONTRACT.md	Documented that writing-samples/README.md is system-owned while writing-samples/* remains user-layer except the README.
System Path Configuration update-system.mjs (e.g., SYSTEM_PATHS additions around lines 74–81)	Added writing-samples/README.md to SYSTEM_PATHS so it can be updated/checked out and included in backup/rollback handling.
Validation Safety Guard update-system.mjs (apply() validation change around lines 287–289)	In the apply() loop, skip USER_PATHS prefix validation for files explicitly listed in SYSTEM_PATHS, preventing false user-modified violations for the README.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: Add writing-samples to match users natural voice/writing style #450: Introduced the writing-samples/ directory and the original behavior that required this README exception; direct follow-up fix.
• fix(update-system): include all language modes and current system scripts #366: Also modifies update-system.mjs's SYSTEM_PATHS whitelist; related changes to system-owned path allowlisting.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding writing-samples/README.md as a system-owned file exception, which is the primary objective of the PR.
Linked Issues check	✅ Passed	All requirements from issue #549 are met: writing-samples/README.md added to SYSTEM_PATHS, apply-time safety check updated to exempt exact-path allowlist entries, and DATA_CONTRACT.md updated to document the exception.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to addressing issue #549: SYSTEM_PATHS modification, safety check logic adjustment, and DATA_CONTRACT.md documentation—no unrelated changes detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

DATA_CONTRACT.md (1)

26-65: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

writing-samples/README.md is absent from the System Layer table.

The exception is noted in the User Layer row (line 21), but the System Layer table has no corresponding entry. An auditor reading only the System Layer section would have no record of this file being system-owned. Adding an explicit row makes the contract auditable from both directions.

📝 Proposed addition to System Layer table

 | `docs/*` | Documentation |
 | `VERSION` | Current version number |
 | `DATA_CONTRACT.md` | This file |
+| `writing-samples/README.md` | System-owned onboarding documentation for the writing-samples directory |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@DATA_CONTRACT.md` around lines 26 - 65, The System Layer table in
DATA_CONTRACT.md is missing an explicit row for writing-samples/README.md;
update the "System Layer (safe to auto-update)" table by adding a new row
mapping `writing-samples/README.md` to its purpose (e.g., "Writing samples
README — system-owned documentation") so the file is recorded in the
system-owned list; edit the table where the other file rows (like
`modes/_shared.md`) are defined to include this new entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@DATA_CONTRACT.md`:
- Line 21: The diff reclassifies writing-samples/README.md from USER_PATHS to
SYSTEM_PATHS in DATA_CONTRACT.md, which triggers the project rule that
user-layer reclassifications require explicit maintainer sign-off; get that
sign-off before merging by either (A) adding a maintainer approval comment on
the PR or (B) updating DATA_CONTRACT.md to include a documented exception entry
for writing-samples/README.md that includes a maintainer signature or
"Approved-by" line and date, and ensure the PR description references the
justification and links the maintainer approval; confirm the PR cannot be merged
without that explicit acknowledgement.

---

Outside diff comments:
In `@DATA_CONTRACT.md`:
- Around line 26-65: The System Layer table in DATA_CONTRACT.md is missing an
explicit row for writing-samples/README.md; update the "System Layer (safe to
auto-update)" table by adding a new row mapping `writing-samples/README.md` to
its purpose (e.g., "Writing samples README — system-owned documentation") so the
file is recorded in the system-owned list; edit the table where the other file
rows (like `modes/_shared.md`) are defined to include this new entry.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 73fa07d3-79e2-4fd7-88ae-66a4253f8c26

📥 Commits

Reviewing files that changed from the base of the PR and between 9ae201d and 7d49388.

📒 Files selected for processing (2)

• DATA_CONTRACT.md
• update-system.mjs