docs(memory): add 'direct push vs PR — strip-list test' standing rule

Captures tonight's realization that PRs shouldn't be the default
for dev-only file updates. The rule uses the strip_for_main.sh
strip list as the objective test: if every file in the change
is in the strip list (FLOW.md, MEMORY.md, .plans/*, etc.), direct
push is OK. Otherwise, PR required.

Rationale: PR merges create 'Merge pull request #N' commits in
the visible develop history that persist when the repo flips
public. Strip-target files are private dev state and don't
deserve that paper trail. Substantive code and CI-affecting
changes still need the full PR + CI + review treatment.

Admin bypass is the mechanism, not the policy.

Future: path-filter ci.yml so non-admins get the same fast path
on docs-only PRs — add as tech debt in a separate cycle.

Dogfooding the rule: this commit is dev-only (MEMORY.md is in
the strip list), so it direct-pushes to develop without a PR.

Author: devonartis

MEMORY.md

@@ -244,6 +244,7 @@ Each cherry-pick batch has acceptance tests in `tests/<batch-name>/`:
 - **MEMORY.md lessons learned EVERY session** — before clearing context or ending a session, update MEMORY.md with lessons learned. This is not optional. If you learned something, write it down. If the user corrected you, write down what they said and why.
 - **Strong code comments on ALL code** — every function, handler, and type must have comments explaining what it does, who can call it (role/scope), why it exists, and its boundaries. See `.claude/rules/golang.md` for the full standard. Code must be self-documenting — if you have to read three other files to understand who can call a function, the comments are insufficient.
 - **Role model document required** — `docs/roles.md` defines who does what: Admin (operator), App (software managing agents), Agent (does work). All code and tests must align with these roles. See `TECH-DEBT.md` TD-012 for the gap. No acceptance test should be written without understanding the role model first.
+- **Direct push vs PR to develop — the strip-list test.** A change can be direct-pushed to `develop` (admin bypass) if and only if every modified file is in `scripts/strip_for_main.sh`'s strip list — meaning the change won't reach main and won't touch CI. That covers: `FLOW.md`, `MEMORY.md`, `MEMORY_ARCHIVE.md`, `TECH-DEBT.md`, `.plans/*`, `.claude/*`, `.agents/*`, `audit/*`, `adr/*`, `.vscode/*`, `AGENTS.md`, `CLAUDE.md`, `COWORK_SESSION.md`, `COWORK_DOCS_AUDIT.md`, `.active_module`, `generate_pdf.py`, `tests/*/evidence/DOC-AUDIT-REPORT.md`. Everything else — code, `.github/workflows/*`, `scripts/*` (non-stripped), `.gosec.yml`, `.golangci.yml`, public docs (`docs/*`, `README.md`, `CONTRIBUTING.md`, `SECURITY.md`), `CHANGELOG.md`, `go.mod`, `go.sum`, `Dockerfile`, `docker-compose*.yml`, `.gitignore`, `.githooks/*`, `.github/*` (non-workflow allowlist files) — requires a PR so CI gates the change and the merge leaves a reviewable paper trail. **Why:** PR merges create `Merge pull request #N` commits in the visible `develop` history that persist when the repo flips public — strip-target file updates don't deserve that trail, but substantive changes and CI-affecting changes absolutely do. **Admin bypass is the mechanism, not the policy. The rule above is the policy — don't bypass just because the admin bit lets you.** Future work: path-filter `ci.yml` so non-admin contributors also get the fast path on docs-only PRs (separate cycle — add to TECH-DEBT.md).
 
 ## Backburner Designs (review after migration is complete)