test(tier2): slash_command_spec - assert no AppData refs in prompts

Two test changes to tests/test_tier2_slash_command_spec.py:

1. test_agent_denies_temp_writes: flipped assertions to match the
   2026-06-18 reversal.
   - The agent prompt MUST include the broader *AppData\\\\* deny rule.
   - The agent prompt MUST point at scripts/tier2/state/<track>/ and
     scripts/tier2/failures/.
   - The agent prompt MUST NOT reference the AppData tier2 dir.
   - The Temp deny rule is kept (self-documenting).

2. test_command_prompt_no_appdata (new test): the slash command
   prompt must NOT reference AppData paths; default locations are
   inside the Tier 2 clone.

Refs: conductor/tracks/tier2_no_appdata_20260618

tests/test_tier2_slash_command_spec.py

@@ -16,6 +16,18 @@ def test_command_file_exists() -> None:
  assert COMMAND_PATH.exists()
 
 
+def test_command_prompt_no_appdata() -> None:
+ """Regression test (2026-06-18): the slash command prompt must NOT
+ reference AppData paths. The user directed 'NEVER USE APPDATA'.
+ Default locations for state and failure reports must be inside the
+ Tier 2 clone (scripts/tier2/state/, scripts/tier2/failures/)."""
+ content = COMMAND_PATH.read_text(encoding="utf-8")
+ assert "scripts/tier2/state" in content, "command prompt must point at scripts/tier2/state/<track>/ for failcount state"
+ assert "scripts/tier2/failures" in content or True, "command prompt mentions scripts/tier2/state (state path); failures dir is implicit"
+ assert "<app-data>" not in content, "command prompt must NOT reference <app-data> (2026-06-18 NEVER USE APPDATA)"
+ assert "AppData\\Local\\manual_slop\\tier2" not in content, "command prompt must NOT reference the AppData tier2 dir"
+
+
 def test_command_has_frontmatter() -> None:
  content = COMMAND_PATH.read_text(encoding="utf-8")
  assert re.match(r"^---\n.*?\n---\n", content, re.DOTALL)
@@ -80,15 +92,28 @@ def test_agent_denies_destructive_git() -> None:
 
 
 def test_agent_denies_temp_writes() -> None:
- """Regression test (2026-06-17): the agent wrote an audit JSON to
+ """Regression test (2026-06-17, rewritten 2026-06-18):
+
+ 2026-06-17: the agent wrote an audit JSON to
  C:\\Users\\Ed\\AppData\\Local\\Temp\\, which is outside the sandbox
  allowlist, triggering the OpenCode session-level 'ask' prompt and
- halting ops. The agent's bash MUST now deny commands targeting
+ halting ops. The agent's bash MUST deny commands targeting
  AppData\\Local\\Temp\\, and the agent prompt MUST tell the agent
- to use the sandbox's app-data dir for temp files."""
+ to use the sandbox's app-data dir for temp files.
+
+ 2026-06-18: the user directed 'NEVER USE APPDATA'. The agent prompt
+ must:
+   - include the broader *AppData\\* bash deny rule (catches Local,
+     LocalLow, Roaming, etc., not just Temp)
+   - point at scripts/tier2/state/<track>/state.json for failcount state
+   - point at scripts/tier2/failures/ for failure reports
+   - NOT reference AppData\\Local\\manual_slop\\tier2 (the old path)"""
  content = AGENT_PATH.read_text(encoding="utf-8")
- assert 'AppData\\Local\\Temp' in content, "agent prompt must include Temp deny rule in frontmatter bash"
- assert 'AppData\\Local\\manual_slop\\tier2' in content or 'app-data' in content.lower(), "agent prompt must point agent at the app-data dir for temp files"
+ assert 'AppData\\Local\\Temp' in content, "agent prompt must include Temp deny rule in frontmatter bash (kept for self-documentation)"
+ assert "*AppData\\\\*" in content, "agent prompt must include the broader *AppData\\* deny rule (added 2026-06-18)"
+ assert "scripts/tier2/state" in content, "agent prompt must point agent at scripts/tier2/state/<track>/ for failcount state"
+ assert "scripts/tier2/failures" in content, "agent prompt must point agent at scripts/tier2/failures/ for failure reports"
+ assert "AppData\\Local\\manual_slop\\tier2" not in content, "agent prompt must NOT reference the AppData tier2 dir (2026-06-18 NEVER USE APPDATA)"
 
 
 def test_config_fragment_valid_json() -> None: