diff --git a/docs/guide_tier2_autonomous.md b/docs/guide_tier2_autonomous.md index 32fd37db..1fc8e0ce 100644 --- a/docs/guide_tier2_autonomous.md +++ b/docs/guide_tier2_autonomous.md @@ -21,8 +21,9 @@ The bootstrap: 2. Sets `origin = C:\projects\manual_slop` (local path; no remote) 3. Copies the agent, slash command, and opencode.json templates to the clone 4. Installs the git hooks (`pre-push` refuses all pushes; `post-checkout` logs checkouts) -5. Creates `C:\Users\Ed\AppData\Local\manual_slop\tier2\` with restricted ACLs -6. Creates a "Tier 2 (Sandboxed)" desktop shortcut +5. Creates a "Tier 2 (Sandboxed)" desktop shortcut + +**As of 2026-06-18:** the bootstrap no longer creates any directory on AppData. Tier 2 state and failure reports live inside the clone at `scripts/tier2/state//state.json` and `scripts/tier2/failures/_.md`. The user directive is "NEVER USE APPDATA" — enforced by the OpenCode `*AppData\\*` bash deny rule. ## Per-track invocation @@ -56,7 +57,7 @@ After Tier 2 finishes (success or give-up): | `git checkout*` (any form) | `permission.bash` deny rule | n/a | `post-checkout` hook logs the checkout | | `git restore*` (any form) | `permission.bash` deny rule | n/a | n/a | | `git reset*` (any form) | `permission.bash` deny rule | n/a | n/a | -| File access outside Tier 2 clone + app-data dir | `permission.read`/`write` path allowlist | Windows ACL | n/a | +| File access outside Tier 2 clone (AppData, Temp, Documents, etc. all denied) | `permission.read`/`write` path allowlist + `*AppData\\*` bash deny | Windows ACL | n/a | ## The failcount threshold @@ -69,7 +70,7 @@ Override via `scripts/tier2/failcount.toml`. ## The failure report -Written to `C:\Users\Ed\AppData\Local\manual_slop\tier2_failures\_.md` with 7 sections: +Written to `scripts/tier2/failures/_.md` (inside the Tier 2 clone, relative to the clone root) with 7 sections: 1. Header (track, branch, started, stopped, duration, give-up signal) 2. Tasks completed 3. Current task (where it stopped) @@ -116,8 +117,9 @@ And verify allowed operations work: - **"Permission denied" on file access inside the sandbox**: the Windows ACL may be too restrictive. Re-run the bootstrap (`setup_tier2_clone.ps1` is idempotent). -- **"Failcount state not found"**: the `/tier2//` - dir may be missing. The bootstrap creates it; check `$env:LOCALAPPDATA`. +- **"Failcount state not found"**: the `scripts/tier2/state//` + dir may be missing. The failcount module creates it on first save; + check that the Tier 2 clone's working directory is correct. - **"Pre-push hook not firing"**: check that `.git/hooks/pre-push` is executable. On Windows, Git Bash runs the hook; check `git config core.hooksPath` if you have a custom hooks dir. @@ -125,6 +127,6 @@ And verify allowed operations work: `no_progress_minutes` in `scripts/tier2/failcount.toml`. - **"Tier 2 ran out of context"**: the model stopped mid-track. The user (interactive Tier 1) should `cd` to the Tier 2 clone, inspect - `/tier2//state.json` for the last completed task, + `scripts/tier2/state//state.json` for the last completed task, and re-invoke with `/tier-2-auto-execute --resume` to continue. The state file persists across runs.