Private
Public Access
0
0
Commit Graph

9 Commits

Author SHA1 Message Date
ed 9cd8536455 fix(tier2): top-level permission allowlist - sandbox paths now enforced
Regression: a Tier 2 session was denied access to
C:\\projects\\manual_slop_tier2\\scripts\\run_tests_batched.py
with 'Allowed base directories are: gencpp, manual_slop'. The
tier2-autonomous agent had a correct permission.read allowlist, but
the top-level permission block (inherited from the main repo's
opencode.json via 'git clone') had no read/write keys, and OpenCode
uses the top-level for the default agent path. The agent's
permission.read was merged but apparently not enforced for the
default-agent access check.

Fix:
1. Add a top-level 'permission' block to
   conductor/tier2/opencode.json.fragment with:
   - permission.edit: 'deny' (default agents locked down)
   - permission.read: deny *, allow sandbox clone + app-data dirs
   - permission.write: same
   - permission.bash: deny *, allowlist of read-only git commands +
     uv run python scripts/{run_tests_batched.py,tier2/*} + basic
     shell commands. git push/checkout/restore/reset remain denied.

2. Update setup_tier2_clone.ps1 to also patch the top-level
   'permission' block (was only merging the tier2-autonomous agent
   block). The script preserves the user's mcp, model, instructions,
   watcher, and plugin settings from the inherited opencode.json.

3. Update test_tier2_slash_command_spec.py:
   - Rename test_command_fetches_origin_main -> ..._master (we
     changed the slash command on 2026-06-17).
   - Add test_config_fragment_has_top_level_permission to assert
     the new top-level permission block has the right deny-all +
     allowlist shape.

The tier2-autonomous agent's permission block is unchanged; it
overrides the top-level for that agent's tool calls.
2026-06-17 13:43:53 -04:00
ed abf92a8b31 feat(tier2): add fetch_tier2_branch.ps1 - bridge from sandbox to main repo
The Tier 2 sandbox blocks git push (and all other destructive git ops).
After Tier 2 finishes a track, this script is the bridge: it fetches the
tier2/<track> branch from the sandboxed clone (C:\projects\manual_slop_tier2)
into the main repo (C:\projects\manual_slop), creating a local
review/<track> branch so the working tree is untouched.

Usage:
  pwsh -File scripts\\tier2\\fetch_tier2_branch.ps1 -TrackName send_result_to_send_20260616

Supports -WhatIf for dry-run. Does NOT push to origin (user's call).
2026-06-17 01:52:04 -04:00
ed cba5457b9d feat(tier2): add run_tier2_sandboxed.ps1 launcher with restricted token (skeleton) 2026-06-16 19:49:47 -04:00
ed a9be60ae50 feat(tier2): add setup_tier2_clone.ps1 bootstrap script with -WhatIf support 2026-06-16 19:47:06 -04:00
ed 796da0de60 feat(tier2): add run_track.py CLI with init/status/report modes + git fetch/switch 2026-06-16 19:27:08 -04:00
ed 73ab2778ca feat(report): implement write_failure_report + 8 tests, 100% coverage 2026-06-16 19:13:30 -04:00
ed 190766fe03 feat(failcount): add default failcount.toml thresholds 2026-06-16 19:01:31 -04:00
ed fc92e1aa74 feat(failcount): add FailcountState + FailcountConfig dataclasses + all stub functions 2026-06-16 18:59:38 -04:00
ed 9f2ff29c2e feat(tier2): create scripts/tier2/ package 2026-06-16 18:57:09 -04:00