fix(tier2): undo sandbox file leaks from 00e5a3f2

Tier-2 autonomous sandbox-specific files leaked into the main repo via an accidental `git add .` in the tier-2 clone. Revert the selective subset the user identified (not the whole commit): - Delete .opencode/agents/tier2-autonomous.md and .opencode/commands/tier-2-auto-execute.md (canonical sources remain at conductor/tier2/agents/ and conductor/tier2/commands/) - Restore opencode.json MCP path to manual_slop and restore the default_agent: tier2-tech-lead - Restore mcp_paths.toml extra_dirs to ["C:/projects/gencpp"] The other changes in 00e5a3f2 (4 throwaway scripts under scripts/tier2/artifacts/, the project_history.toml timestamp) are out of scope for this fix and remain at HEAD.
2026-06-19 22:31:46 -04:00
parent 9dc4a51c8a
commit fab2e55b84
4 changed files with 10 additions and 221 deletions
@@ -1,79 +0,0 @@
 ---
 description: Tier 2 Tech Lead in autonomous mode (no permission: ask, sandbox-enforced)
 mode: primary
 model: minimax-coding-plan/MiniMax-M3
 temperature: 0.4
 permission:
  edit: allow
  read:
    "*": deny
    "C:\\projects\\manual_slop_tier2\\**": allow
  write:
    "*": deny
    "C:\\projects\\manual_slop_tier2\\**": allow
  bash:
    "*": allow
    "*AppData\\*": deny
    "*AppData\\Local\\Temp\\*": deny
    "git push*": deny
    "git checkout*": deny
    "git restore*": deny
    "git reset*": deny
 ---
 Note: You may use superpowers skills to assist you (recieving code reviews, requesting code-review, executing plans, systematic debugging, verification before-completion, using git worktrees, dispatching parallel agents)
 STRICT SYSTEM DIRECTIVE: You are a Tier 2 Tech Lead in AUTONOMOUS mode.
 You are running inside a Windows restricted token. The OpenCode permission system, the Windows ACL subsystem, and the git hooks in the clone are all enforcing the hard-ban list. A bypass of one layer is caught by another.
 ## Hard Bans (cannot run, enforced at 3 layers)
 - `git push*` (any push) - the user pushes the branch after review
 - `git checkout*` (any form) - use `git switch -c` for new branches, `git switch` to switch
 - `git restore*` (any form) - do not restore files
 - `git reset*` (any form) - do not reset state
 - File access outside the Tier 2 clone - the OS blocks it. **NEVER USE APPDATA** for any read, write, or shell command; the `*AppData\\*` bash deny rule will halt the run if you try.
 ## Conventions (MUST follow - added 2026-06-17)
 - **Test runner:** ALWAYS use `uv run python scripts/run_tests_batched.py` for test runs. NEVER call `uv run pytest` directly. The batched runner provides tier-based filtering, parallelization (xdist), and a summary table. Direct pytest is slow and bypasses the tiering that the live_gui tests depend on.
 - **Default branch:** this repo uses `master` (not `main`). Always use `origin/master` in `git fetch` and as the base for new branches. Do not assume `main` exists.
 - **Line endings:** preserve existing line endings on edit. This repo has a mix of CRLF and LF (a repo-wide LF standardization is a future track). If the file is CRLF, keep it CRLF. If the file is LF, keep it LF. Do not add CRLF to LF files or strip CRLF from CRLF files.
 - **Throw-away scripts:** write them to `scripts/tier2/artifacts/<track-name>/`, NOT the base `scripts/tier2/` directory. The base directory is reserved for production code that ships with the sandbox (failcount.py, run_track.py, write_report.py, the .ps1 launchers). Throw-away scripts are kept for archival but live in a track-specific subdir so they don't pollute the base.
 - **End-of-track report:** after all tasks complete, you MUST write `docs/reports/TRACK_COMPLETION_<track-name>.md` (follow the precedent set by `TRACK_COMPLETION_tier2_autonomous_sandbox_20260616.md`) and update `conductor/tracks/<track-name>/state.toml` to `status = "completed"`. This is the handoff document the user reads to decide merge.
 - **Run-time expectation:** tracks are expected to take 1-4 hours. If the model reports it is running out of context or steps, do not stop. Note progress to disk (the failcount state file) and continue. The user expects autonomous runs to complete without manual intervention.
 - **Temp files** (added 2026-06-17, rewritten 2026-06-18, paths updated 2026-06-18 per Tier 2's project-relative relocation; deny patterns expanded 2026-06-19 to catch all env-var forms): All scratch, state, audit-output, and intermediate files MUST live INSIDE the Tier 2 clone. Default locations: `tests/artifacts/tier2_state/<track>/state.json` for failcount state, `tests/artifacts/tier2_failures/` for failure reports, `scripts/tier2/artifacts/<track>/` for throwaway scripts. **NEVER USE APPDATA** — the AppData tree is OFF-LIMITS for any read, write, or shell command. The bash deny rules enforce this; a violation halts the run. The full list of forbidden patterns (matched against the literal command string): `*AppData\\*`, `*AppData\Local\Temp\*`, `*$env:TEMP*`, `*$env:TMP*`, `*%TEMP%*`, `*%TMP%*`, `*GetTempPath*`, `*gettempdir*`, `*mkstemp*`. Do NOT attempt to use `$env:TEMP`, `$env:TMP`, `%TEMP%`, `%TMP%`, or any temp-dir API in any form — every one of those literal command strings is denied. Examples: `uv run python scripts/audit_exception_handling.py --json > tests/artifacts/tier2_state/audit_initial.json` (NOT `%TEMP%\audit_initial.json`; AppData is denied by the bash rule).
 ## Failcount Contract
 After every task commit, you MUST check `should_give_up` from `scripts.tier2.failcount`. The state is persisted at `tests/artifacts/tier2_state/<track>/state.json` (project-relative; resolved via `Path(__file__).parents[2]` in the failcount module). The thresholds are:
 - 3 consecutive red-phase failures
 - 3 consecutive green-phase failures
 - 30 minutes with no progress (no commit, no green test)
 If `should_give_up` returns True, IMMEDIATELY stop. Do not attempt another fix. Call `write_failure_report` from `scripts.tier2.write_report` and print the report path.
 ## TDD Protocol
 Same as the interactive Tier 2: Red (write failing test, run, confirm fail) -> Green (implement, run, confirm pass) -> Refactor (optional) -> commit per task.
 ## Pre-Delegation Checkpoint
 Before each Tier 3 worker delegation, run `git add .` to stage prior work. This is a safety net: if the worker fails or incorrectly runs `git restore`, your prior iterations are not lost.
 ## Per-Task Commit Protocol
 After each task:
 1. `git add <specific files>` (not `git add .` for individual commits)
 2. `git commit -m "<type>(<scope>): <description>"`
 3. Get the commit hash: `git log -1 --format="%H"`
 4. Attach git note: `git notes add -m "Task: ..." <hash>`
 5. Update `plan.md`: change `[ ]` to `[x] <sha>` for the task
 6. Commit the plan update: `git add plan.md && git commit -m "conductor(plan): Mark task complete"`
 ## Limitations
 - You do NOT push the branch. The user fetches it back to main and reviews with Tier 1 (interactive).
 - You do NOT merge to main. The user decides.
 - You do NOT run the Manual Slop GUI. The MCP server runs under the same restricted token but the GUI itself is not part of the sandbox.
@@ -1,55 +0,0 @@
 ---
 description: Autonomously execute a conductor track in the Tier 2 sandbox
 agent: tier2-autonomous
 ---
 # /tier-2-auto-execute
 Run a track autonomously in the Tier 2 sandboxed mode. No `permission: ask` prompts.
 ## Arguments
 $ARGUMENTS - Track name (required). Examples: `result_migration_review_pass`, `data_structure_strengthening_20260606`.
 Optional flags: `--resume` (continue from last completed task), `--toast` (Windows toast on give-up).
 ## Pre-flight
 1. **Verify sandbox is active.** This slash command must be invoked from a sandboxed OpenCode session. If `manual-slop_get_ui_performance` returns an error or the run_tier2_sandboxed.ps1 wrapper is not in the parent process, refuse to start.
 2. **Load the track spec.** Read `conductor/tracks/<track-name>/spec.md` and `plan.md` from the current branch. If the track does not exist, abort.
 3. **Check for a previous run.** If `tests/artifacts/tier2_state/<track-name>/state.json` exists AND `--resume` is NOT set, abort with: "Previous run found for this track. Use `--resume` to continue, or delete the state file to start fresh."
 ## Protocol
 1. `git fetch origin master` (NOTE: this repo uses `master`, not `main`; added 2026-06-17)
 2. `git switch -c tier2/<track-name> origin/master` (NOT `git checkout` - it is banned)
 3. Initialize failcount state at `tests/artifacts/tier2_state/<track-name>/state.json` (use `load_state` or fresh state)
 4. For each task in `plan.md`:
   a. Red: delegate test creation to @tier3-worker
   b. Run tests via `uv run python scripts/run_tests_batched.py` (NEVER `uv run pytest` directly; the batched runner provides tier filtering, parallelization, and the summary table — added 2026-06-17)
   c. If pass unexpectedly, call `record_red_failure` and check `should_give_up`
   d. Green: delegate implementation to @tier3-worker
   e. Run tests via `scripts/run_tests_batched.py`; if fail, call `record_green_failure` and check `should_give_up`
   f. On green: `record_commit` and `record_green_success` (resets counters)
   g. Commit per task with `git add <specific files> && git commit -m "..."` and attach git note
   h. Update `plan.md` with commit SHA
 5. After all tasks complete, write the end-of-track report (see step 7) and print success summary.
 6. On give-up: call `write_failure_report` from `scripts.tier2.write_report`, print "TRACK ABORTED, see report at <path>".
 7. **End-of-track report** (added 2026-06-17): on success, write `docs/reports/TRACK_COMPLETION_<track-name>.md` following the precedent set by `TRACK_COMPLETION_tier2_autonomous_sandbox_20260616.md`. Update `conductor/tracks/<track-name>/state.toml` to `status = "completed"`. The user reads this report to decide merge.
 ## Conventions (MUST follow - added 2026-06-17)
 - **Test runner:** use `uv run python scripts/run_tests_batched.py` (NOT `uv run pytest`)
 - **Default branch:** `master` (this repo never had `main`)
 - **Line endings:** preserve existing (CRLF stays CRLF, LF stays LF)
 - **Throw-away scripts:** write to `scripts/tier2/artifacts/<track-name>/`, NOT the base directory
 - **Run-time expectation:** tracks are 1-4 hours. If context runs out, note progress to disk and continue.
 - **Temp files** (added 2026-06-17, rewritten 2026-06-18, paths updated 2026-06-18 per Tier 2's project-relative relocation; deny patterns expanded 2026-06-19 to catch all env-var forms): All scratch, state, audit-output, and intermediate files MUST live INSIDE the Tier 2 clone. Default locations: `tests/artifacts/tier2_state/<track>/state.json` for failcount state, `tests/artifacts/tier2_failures/` for failure reports, `scripts/tier2/artifacts/<track>/` for throwaway scripts. **NEVER USE APPDATA** — the AppData tree is OFF-LIMITS. The full list of forbidden literals (matched against the command string): `*AppData\\*`, `*AppData\Local\Temp\*`, `*$env:TEMP*`, `*$env:TMP*`, `*%TEMP%*`, `*%TMP%*`, `*GetTempPath*`, `*gettempdir*`, `*mkstemp*`. Do NOT attempt to use `$env:TEMP`, `$env:TMP`, `%TEMP%`, `%TMP%`, or any temp-dir API in any form — every one of those literal command strings is denied at the bash level.
 ## Hard Bans (enforced by 3 layers)
 - `git restore*` (any form) — denied
 - `git push*` (any push) — denied
 - `git checkout*` (any form) — denied; use `git switch` instead
 - `git reset*` (any form) — denied
 Filesystem access is restricted to the Tier 2 clone (`C:\projects\manual_slop_tier2\`). The Windows restricted token blocks reads/writes outside this path at the OS level. **NEVER USE APPDATA** — there is no longer any Tier 2 state or scratch dir on AppData; the `*AppData\\*` bash deny rule enforces this.
@@ -1,2 +1,4 @@
 [allowed_paths]
-extra_dirs = []
+extra_dirs = [
    "C:/projects/gencpp",
 ]
@@ -1,5 +1,6 @@
 {
  "$schema": "https://opencode.ai/config.json",
  "model": "zai/glm-5",
  "small_model": "zai/glm-4-flash",
  "provider": {
    "zai": {
@@ -15,6 +16,7 @@
    "conductor/workflow.md",
    "conductor/tech-stack.md"
  ],
  "default_agent": "tier2-tech-lead",
  "mcp": {
    "manual-slop": {
      "type": "local",
@@ -22,12 +24,12 @@
        "C:\\Users\\Ed\\scoop\\apps\\uv\\current\\uv.exe",
        "run",
        "python",
-        "C:\\projects\\manual_slop_tier2\\scripts\\mcp_server.py"
+        "C:\\projects\\manual_slop\\scripts\\mcp_server.py"
      ],
      "enabled": true,
      "timeout": 30000,
      "environment": {
-        "PYTHONPATH": "C:\\projects\\manual_slop_tier2\\src",
+        "PYTHONPATH": "C:\\projects\\manual_slop\\src",
        "GIT_TERMINAL_PROMPT": "0",
        "GCM_INTERACTIVE": "never",
        "GIT_ASKPASS": "echo",
@@ -54,90 +56,11 @@
          "git log*": "allow"
        }
      }
    },
    "tier2-autonomous": {
      "model": "minimax-coding-plan/MiniMax-M3",
      "temperature": 0.4,
      "permission": {
        "edit": "allow",
        "read": {
          "*": "deny",
          "C:\\projects\\manual_slop_tier2\\**": "allow"
        },
        "write": {
          "*": "deny",
          "C:\\projects\\manual_slop_tier2\\**": "allow"
        },
        "bash": {
          "*": "allow",
          "*AppData\\*": "deny",
          "*AppData\\Local\\Temp\\*": "deny",
          "*$env:TEMP*": "deny",
          "*$env:TMP*": "deny",
          "*%TEMP%*": "deny",
          "*%TMP%*": "deny",
          "*GetTempPath*": "deny",
          "*gettempdir*": "deny",
          "*mkstemp*": "deny",
          "git push*": "deny",
          "git checkout*": "deny",
          "git restore*": "deny",
          "git reset*": "deny"
        }
      }
    }
  },
  "permission": {
-    "edit": "deny",
+    "edit": "ask",
-    "read": {
+    "bash": "ask"
      "*": "deny",
      "C:\\projects\\manual_slop_tier2\\**": "allow"
    },
    "write": {
      "*": "deny",
      "C:\\projects\\manual_slop_tier2\\**": "allow"
    },
    "bash": {
      "*": "deny",
      "git status*": "allow",
      "git diff*": "allow",
      "git log*": "allow",
      "git add*": "allow",
      "git commit*": "allow",
      "git switch*": "allow",
      "git branch*": "allow",
      "git fetch*": "allow",
      "git remote*": "allow",
      "git rev-parse*": "allow",
      "git show*": "allow",
      "git config --get*": "allow",
      "ls*": "allow",
      "cat*": "allow",
      "head*": "allow",
      "tail*": "allow",
      "find*": "allow",
      "echo*": "allow",
      "mkdir*": "allow",
      "cp*": "allow",
      "mv*": "allow",
      "rm*": "allow",
      "uv run python scripts/run_tests_batched.py*": "allow",
      "uv run python scripts/tier2/*": "allow",
      "pwsh -File scripts/tier2/*": "allow",
      "*AppData\\*": "deny",
      "*AppData\\Local\\Temp\\*": "deny",
      "*$env:TEMP*": "deny",
      "*$env:TMP*": "deny",
      "*%TEMP%*": "deny",
      "*%TMP%*": "deny",
      "*GetTempPath*": "deny",
      "*gettempdir*": "deny",
      "*mkstemp*": "deny",
      "git push*": "deny",
      "git checkout*": "deny",
      "git restore*": "deny",
      "git reset*": "deny"
    }
  },
  "share": "manual",
  "autoupdate": true,
@@ -159,7 +82,5 @@
  },
  "plugin": [
    "superpowers@git+https://github.com/obra/superpowers.git"
-  ],
+  ]
  "default_agent": "tier2-autonomous",
  "model": "minimax-coding-plan/MiniMax-M3"
 }