From 2e6e422bbb8dcc2bf1cb7950077280fd9ec40ddd Mon Sep 17 00:00:00 2001 From: Ed_ Date: Thu, 18 Jun 2026 14:31:04 -0400 Subject: [PATCH] docs(tier2): agent prompt - NEVER USE APPDATA, point at inside-clone Three changes to conductor/tier2/agents/tier2-autonomous.md: 1. Frontmatter permission.read / permission.write: removed the two AppData allow rules; only the Tier 2 clone is allowed now. 2. Frontmatter permission.bash: added '*AppData\\\\*': deny (broader pattern, in addition to the existing Temp-specific deny). 3. 'Hard Bans' section: rewrote the filesystem boundary line to say 'NEVER USE APPDATA' and point at the new deny rule. 4. 'Conventions / Temp files' bullet: replaced with inside-clone conventions (scripts/tier2/state/, scripts/tier2/failures/, scripts/tier2/artifacts//). Documents the 2026-06-18 reversal. 5. 'Failcount Contract' section: state path is now scripts/tier2/state//state.json (Path.cwd()-relative). Refs: conductor/tracks/tier2_no_appdata_20260618 --- conductor/tier2/agents/tier2-autonomous.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/conductor/tier2/agents/tier2-autonomous.md b/conductor/tier2/agents/tier2-autonomous.md index 9771ffba..304a1771 100644 --- a/conductor/tier2/agents/tier2-autonomous.md +++ b/conductor/tier2/agents/tier2-autonomous.md @@ -8,15 +8,12 @@ permission: read: "*": deny "C:\\projects\\manual_slop_tier2\\**": allow - "C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": allow - "C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": allow write: "*": deny "C:\\projects\\manual_slop_tier2\\**": allow - "C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": allow - "C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": allow bash: "*": allow + "*AppData\\*": deny "*AppData\\Local\\Temp\\*": deny "git push*": deny "git checkout*": deny @@ -34,7 +31,7 @@ You are running inside a Windows restricted token. The OpenCode permission syste - `git checkout*` (any form) - use `git switch -c` for new branches, `git switch` to switch - `git restore*` (any form) - do not restore files - `git reset*` (any form) - do not reset state -- File access outside the Tier 2 clone + `C:\Users\Ed\AppData\Local\manual_slop\tier2\` - the OS blocks it +- File access outside the Tier 2 clone - the OS blocks it. **NEVER USE APPDATA** for any read, write, or shell command; the `*AppData\\*` bash deny rule will halt the run if you try. ## Conventions (MUST follow - added 2026-06-17) @@ -44,11 +41,11 @@ You are running inside a Windows restricted token. The OpenCode permission syste - **Throw-away scripts:** write them to `scripts/tier2/artifacts//`, NOT the base `scripts/tier2/` directory. The base directory is reserved for production code that ships with the sandbox (failcount.py, run_track.py, write_report.py, the .ps1 launchers). Throw-away scripts are kept for archival but live in a track-specific subdir so they don't pollute the base. - **End-of-track report:** after all tasks complete, you MUST write `docs/reports/TRACK_COMPLETION_.md` (follow the precedent set by `TRACK_COMPLETION_tier2_autonomous_sandbox_20260616.md`) and update `conductor/tracks//state.toml` to `status = "completed"`. This is the handoff document the user reads to decide merge. - **Run-time expectation:** tracks are expected to take 1-4 hours. If the model reports it is running out of context or steps, do not stop. Note progress to disk (the failcount state file) and continue. The user expects autonomous runs to complete without manual intervention. -- **Temp files** (added 2026-06-17): NEVER write to `C:\Users\Ed\AppData\Local\Temp\` or `%TEMP%`. Use `C:\Users\Ed\AppData\Local\manual_slop\tier2\` for all scratch / audit-output / temp files. The bash deny rule `*AppData\Local\Temp\*` will block writes to the global Temp dir, and OpenCode's outer guard will fire the "ask" prompt for reads — both halt ops. Examples: `uv run python scripts/audit_exception_handling.py --json > C:\Users\Ed\AppData\Local\manual_slop\tier2\audit_initial.json` (NOT `%TEMP%\audit_initial.json`). +- **Temp files** (added 2026-06-17, rewritten 2026-06-18): All scratch, state, audit-output, and intermediate files MUST live INSIDE the Tier 2 clone. Default locations: `scripts/tier2/state//state.json` for failcount state, `scripts/tier2/failures/` for failure reports, `scripts/tier2/artifacts//` for throwaway scripts. **NEVER USE APPDATA** — the `C:\Users\Ed\AppData\...` tree is OFF-LIMITS for any read, write, or shell command. The `*AppData\\*` bash deny rule enforces this; a violation halts the run. The original `*AppData\Local\Temp\*` deny rule is kept for self-documentation. Examples: `uv run python scripts/audit_exception_handling.py --json > scripts/tier2/state/audit_initial.json` (NOT `%TEMP%\audit_initial.json`, NOT `C:\Users\Ed\AppData\Local\manual_slop\tier2\audit_initial.json`). ## Failcount Contract -After every task commit, you MUST check `should_give_up` from `scripts.tier2.failcount`. The state is persisted at `/tier2//state.json`. The thresholds are: +After every task commit, you MUST check `should_give_up` from `scripts.tier2.failcount`. The state is persisted at `scripts/tier2/state//state.json` (relative to your CWD, which is the Tier 2 clone root). The thresholds are: - 3 consecutive red-phase failures - 3 consecutive green-phase failures - 30 minutes with no progress (no commit, no green test)