Private
Public Access
0
0
Commit Graph

8 Commits

Author SHA1 Message Date
ed 284d4c42fd docs(tier2): ban output filtering + prefer targeted tier runs
Two new rules for Tier 2 (added per user directive 2026-06-27 after
Tier 2 ran the full batch and piped through Select-Object -Last 20,
losing the full record):

1. NEVER filter test output (Select-Object, head, tail, | Select -First N).
   ALWAYS redirect to a log file, then read it with read_file/grep.
2. Prefer targeted tier runs (--tier tier3, --filter test_<file>) over
   the full 11-tier batch. The full batch is for the USER post-merge,
   not for Tier 2 per-task verification.

Applied to 3 files: tier2-autonomous.md, tier-2-auto-execute.md,
workflow.md Tier 2 Autonomous Sandbox conventions.
2026-06-27 11:58:19 -04:00
ed eae758771f conductor(tier-setup): MANDATORY pre-action reading + pre-commit abort on leak
ROOT CAUSE (post-mortem at docs/reports/TIER2_MCP_REGRESSION_20260624.md):
- Tier 1 asserted claims from old reports without re-verifying (SSDL campaign
  was designed from a static text string '6 nil-check functions' in
  src/code_path_audit_gen.py:108 that was never a runtime measurement)
- Tier 2 (autonomous) made an empty fix commit (2b7e2de1) for the MCP
  regression; the pre-commit hook silently stripped opencode.json +
  mcp_paths.toml and the agent reported success without verifying with
  'git show HEAD --stat'
- Both happened because neither tier read the critical files before acting

THE FIX (this commit):

1. .agents/agents/tier1-orchestrator.md: add MANDATORY pre-action reading
   list (6 files: AGENTS.md, conductor/workflow.md, current track spec/plan,
   the 3 code_styleguides). Reference the 2026-06-24 SSDL failures.

2. .agents/agents/tier2-tech-lead.md: add MANDATORY pre-action reading list
   (8 files: AGENTS.md, workflow.md, edit_workflow.md, the githooks
   forbidden-files.txt, the tier2_leak_prevention spec, the 3 styleguides)
   + the MANDATORY pre-commit verification gate (3 checks per commit).

3. .agents/agents/tier3-worker.md: add 4-file read list (AGENTS.md, task
   spec, relevant styleguide, the actual code being modified). Tier 3 doesn't
   need the full 8-file list — Tier 2's task spec is the contract.

4. .agents/agents/tier4-qa.md: same 4-file read list (analysis context).

5. conductor/tier2/agents/tier2-autonomous.md: add the 8-file MANDATORY
   pre-action reading list + the MANDATORY pre-commit verification gate.

6. conductor/tier2/commands/tier-2-auto-execute.md: add the 8-file list
   to the pre-flight section (step 0).

7. conductor/tier2/githooks/pre-commit: change behavior from 'silent strip
   + commit anyway' to 'strip + ABORT commit with diagnostic message'.
   The previous behavior led to empty commits (the 2026-06-24 regression).
   The agent MUST investigate the leak before retrying the commit.

ENFORCEMENT (all tiers):
- First commit of any track must include 'TIER-N READ <list> before <task>'
  in the commit message. The failcount contract treats an unacknowledged
  first commit as a red-phase failure (per the error_handling.md Rule #0
  precedent).

NOT IN THIS COMMIT (deferred to followup tracks per the post-mortem):
- Rule 4 (CI gate for required files via scripts/audit_branch_required_files.py)
- AGENTS.md addition of the canonical 'MANDATORY Pre-Action Reading' section
  (separate track to ensure the project-root rules reflect the same list)
- Cross-platform agent files (.opencode/, .claude/, .gemini/) — those are
  generated from the canonical .agents/agents/ files; this commit updates
  the canonical sources.

7 files modified, 109 insertions, 6 deletions.
2026-06-24 21:36:18 -04:00
ed 387adff579 fix(tier2): expand %TEMP% deny patterns to catch env-var forms
Follow-up to the 'NEVER USE APPDATA' directive. The agent kept
trying to use \C:\Users\Ed\AppData\Local\Temp / \C:\Users\Ed\AppData\Local\Temp / %TEMP% / %TMP% — the previous
deny rule (*AppData\\\\* and *AppData\\Local\\Temp\\*) only matched
the literal expanded path, not the env-var form. The agent would
self-block based on its own interpretation of the rule, but it still
TRIED before self-blocking (the 'fucking tired of it fucking with
AppData' complaint).

Fix:
1. opencode.json.fragment: add bash deny patterns matched against
   the LITERAL command string (before shell expansion):
     *\C:\Users\Ed\AppData\Local\Temp*    - PowerShell env var (the form the agent tried)
     *\C:\Users\Ed\AppData\Local\Temp*     - PowerShell env var
     *%TEMP%*        - cmd env var
     *%TMP%*         - cmd env var
     *GetTempPath*   - .NET API
     *gettempdir*    - Python tempfile module
     *mkstemp*       - Python tempfile.mkstemp
   Applied to BOTH the top-level permission.bash (for default agents)
   and the tier2-autonomous agent's permission.bash.

2. conductor/tier2/agents/tier2-autonomous.md: rewrite the Temp
   files section to explicitly list ALL forbidden literals and
   reiterate 'every one of those literal command strings is denied
   at the bash level'. Updated changelog note.

3. conductor/tier2/commands/tier-2-auto-execute.md: same.

4. tests/test_tier2_slash_command_spec.py: extend
   test_config_fragment_denies_temp_writes to assert each of the 9
   patterns in both the top-level and the agent's bash.

Verified: re-ran setup against the live clone. tier2 agent's bash
has 13 deny patterns (9 AppData/temp + 4 git). 37/37 default-on
tests pass.

Note: the user's prior commit (fix(tier2): remove AppData allow
rules from OpenCode permission JSON) already removed the AppData
allow rules from read/write and added the broader *AppData\\\\*
deny rule. This commit layers on top of that with the env-var-form
deny patterns.
2026-06-19 07:41:15 -04:00
ed cf8e0ea8f3 fix(tier2): reconcile slash command with Tier 2's project-relative paths
Same reconciliation as the agent prompt (previous commit). Three
paths in conductor/tier2/commands/tier-2-auto-execute.md now match
the actual code defaults:

  - Pre-flight step 3: scripts/tier2/state/ -> tests/artifacts/tier2_state/
  - Protocol step 3: scripts/tier2/state/ -> tests/artifacts/tier2_state/
  - 'Temp files' convention: scripts/tier2/state/ and scripts/tier2/failures/
    -> tests/artifacts/tier2_state/ and tests/artifacts/tier2_failures/

The user must re-bootstrap the Tier 2 clone to pick up the fixed
template (pwsh -File scripts/tier2/setup_tier2_clone.ps1).

Refs: conductor/tracks/tier2_no_appdata_20260618 (post-merge followup)
2026-06-18 18:26:26 -04:00
ed da151f74ba docs(tier2): slash command - NEVER USE APPDATA, point at inside-clone
Four changes to conductor/tier2/commands/tier-2-auto-execute.md:

1. Pre-flight step 3: previous-run check now references
   scripts/tier2/state/<track-name>/state.json (not <app-data>).
2. Protocol step 3: failcount state init path is
   scripts/tier2/state/<track-name>/state.json (not <app-data>).
3. Conventions / Temp files: rewritten to point at inside-clone paths
   and say 'NEVER USE APPDATA'. Documents the 2026-06-18 reversal.
4. Hard Bans footer: filesystem boundary now says 'Tier 2 clone only'
   (no +AppData exception) and includes the NEVER USE APPDATA rule.

Refs: conductor/tracks/tier2_no_appdata_20260618
2026-06-18 14:31:43 -04:00
ed 03c9df8450 fix(tier2): deny %TEMP% writes - use app-data dir for temp files
The Tier 2 agent wrote audit_exception_handling.py output to
C:\\Users\\Ed\\AppData\\Local\\Temp\\audit_initial.json via shell
redirection. This is OUTSIDE the sandbox allowlist (which is
C:\\projects\\manual_slop_tier2 + C:\\Users\\Ed\\AppData\\Local\\
manual_slop\\tier2 + C:\\Users\\Ed\\AppData\\Local\\manual_slop\\
tier2_failures). The OpenCode session-level guard fires the 'ask'
prompt for paths outside the project root, which has no answer in an
autonomous session, so ops halted mid-track.

Fix (3 layers):

1. opencode.json.fragment: add bash deny rule
   '*AppData\\Local\\Temp\\*': 'deny' to BOTH the top-level
   permission.bash (for default agents) and the tier2-autonomous
   agent's permission.bash. The agent physically cannot run shell
   commands that target the global Temp dir.

2. conductor/tier2/agents/tier2-autonomous.md: add 'Temp files'
   convention telling the agent to use
   C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\ for scratch
   / audit-output / intermediate files, NOT %TEMP%.

3. conductor/tier2/commands/tier-2-auto-execute.md: same convention
   in the slash command so the agent sees it at slash-command time.

Tests (default-on):
- test_agent_denies_temp_writes: agent prompt has the Temp deny in
  frontmatter bash + the app-data dir note
- test_config_fragment_denies_temp_writes: both top-level and agent
  bash have the deny rule

All 16 tier 2 slash command tests pass.

Also: cleaned up the leaked audit_initial.json + audit.json +
audit_after*.json from %TEMP% (they were leftovers from a prior
run). Re-ran setup against the live clone; opencode.json's agent
bash and top-level bash both have the deny rule.
2026-06-17 16:13:19 -04:00
ed 07a0e66a19 docs(tier2): apply user feedback - 6 workflow conventions
User feedback from the first sandbox run (send_result_to_send_20260616,
2026-06-17) identified 6 conventions Tier 2 must follow. Update the agent
prompt template, slash command template, user guide, and workflow doc:

1. Test runner: ALWAYS use 'uv run python scripts/run_tests_batched.py'
   (NOT 'uv run pytest'). The batched runner provides tier filtering,
   parallelization (xdist), and a summary table that direct pytest lacks.

2. Default branch: this repo uses 'master', not 'main'. The Tier 2 slash
   command now does 'git fetch origin master' (was 'origin main').

3. Line endings: preserve existing. This repo has a mix of CRLF and LF;
   a repo-wide LF standardization is a future track.

4. Throw-away scripts: write to 'scripts/tier2/artifacts/<track>/', NOT
   the base 'scripts/tier2/' directory. The base is reserved for
   production code; throw-away scripts are kept for archival but
   isolated per-track.

5. End-of-track report: write 'docs/reports/TRACK_COMPLETION_<track>.md'
   and update 'state.toml' to 'status=completed'. The user reads this
   to decide merge. Previously this was implicit; now it's explicit.

6. Run-time expectation: tracks are 1-4 hours. If context runs out, Tier
   2 notes progress to disk and continues. The --resume flag picks up
   from the last completed task.

Also updated the user guide with a 'Conventions' section and a
troubleshooting entry for the resume flow. The verify-the-sandbox
checklist now uses 'origin master' instead of 'origin main'.
2026-06-17 02:13:29 -04:00
ed 7380e23bc0 feat(tier2): create tier-2-auto-execute slash command template 2026-06-16 19:17:41 -04:00