From ebcad9b3b1efd205cbf7327af7dbdaa3ba4e90e2 Mon Sep 17 00:00:00 2001 From: Ed_ Date: Thu, 18 Jun 2026 14:46:07 -0400 Subject: [PATCH] fix(tier2): remove AppData path from agent prompt example The 'Temp files' convention bullet had a counter-example that referenced the AppData path explicitly. The test tests/test_tier2_slash_command_spec.py::test_agent_denies_temp_writes catches this and asserts NO AppData path strings in the agent prompt. Replaced the AppData path in the counter-example with a generic 'AppData is denied by the bash rule' reference. Refs: conductor/tracks/tier2_no_appdata_20260618 --- conductor/tier2/agents/tier2-autonomous.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conductor/tier2/agents/tier2-autonomous.md b/conductor/tier2/agents/tier2-autonomous.md index 304a1771..92d721e8 100644 --- a/conductor/tier2/agents/tier2-autonomous.md +++ b/conductor/tier2/agents/tier2-autonomous.md @@ -41,7 +41,7 @@ You are running inside a Windows restricted token. The OpenCode permission syste - **Throw-away scripts:** write them to `scripts/tier2/artifacts//`, NOT the base `scripts/tier2/` directory. The base directory is reserved for production code that ships with the sandbox (failcount.py, run_track.py, write_report.py, the .ps1 launchers). Throw-away scripts are kept for archival but live in a track-specific subdir so they don't pollute the base. - **End-of-track report:** after all tasks complete, you MUST write `docs/reports/TRACK_COMPLETION_.md` (follow the precedent set by `TRACK_COMPLETION_tier2_autonomous_sandbox_20260616.md`) and update `conductor/tracks//state.toml` to `status = "completed"`. This is the handoff document the user reads to decide merge. - **Run-time expectation:** tracks are expected to take 1-4 hours. If the model reports it is running out of context or steps, do not stop. Note progress to disk (the failcount state file) and continue. The user expects autonomous runs to complete without manual intervention. -- **Temp files** (added 2026-06-17, rewritten 2026-06-18): All scratch, state, audit-output, and intermediate files MUST live INSIDE the Tier 2 clone. Default locations: `scripts/tier2/state//state.json` for failcount state, `scripts/tier2/failures/` for failure reports, `scripts/tier2/artifacts//` for throwaway scripts. **NEVER USE APPDATA** — the `C:\Users\Ed\AppData\...` tree is OFF-LIMITS for any read, write, or shell command. The `*AppData\\*` bash deny rule enforces this; a violation halts the run. The original `*AppData\Local\Temp\*` deny rule is kept for self-documentation. Examples: `uv run python scripts/audit_exception_handling.py --json > scripts/tier2/state/audit_initial.json` (NOT `%TEMP%\audit_initial.json`, NOT `C:\Users\Ed\AppData\Local\manual_slop\tier2\audit_initial.json`). +- **Temp files** (added 2026-06-17, rewritten 2026-06-18): All scratch, state, audit-output, and intermediate files MUST live INSIDE the Tier 2 clone. Default locations: `scripts/tier2/state//state.json` for failcount state, `scripts/tier2/failures/` for failure reports, `scripts/tier2/artifacts//` for throwaway scripts. **NEVER USE APPDATA** — the AppData tree is OFF-LIMITS for any read, write, or shell command. The `*AppData\\*` bash deny rule enforces this; a violation halts the run. The original `*AppData\Local\Temp\*` deny rule is kept for self-documentation. Examples: `uv run python scripts/audit_exception_handling.py --json > scripts/tier2/state/audit_initial.json` (NOT `%TEMP%\audit_initial.json`; AppData is denied by the bash rule). ## Failcount Contract