Private
Public Access
0
0
Commit Graph

15 Commits

Author SHA1 Message Date
ed cf8e0ea8f3 fix(tier2): reconcile slash command with Tier 2's project-relative paths
Same reconciliation as the agent prompt (previous commit). Three
paths in conductor/tier2/commands/tier-2-auto-execute.md now match
the actual code defaults:

  - Pre-flight step 3: scripts/tier2/state/ -> tests/artifacts/tier2_state/
  - Protocol step 3: scripts/tier2/state/ -> tests/artifacts/tier2_state/
  - 'Temp files' convention: scripts/tier2/state/ and scripts/tier2/failures/
    -> tests/artifacts/tier2_state/ and tests/artifacts/tier2_failures/

The user must re-bootstrap the Tier 2 clone to pick up the fixed
template (pwsh -File scripts/tier2/setup_tier2_clone.ps1).

Refs: conductor/tracks/tier2_no_appdata_20260618 (post-merge followup)
2026-06-18 18:26:26 -04:00
ed a16c9e4764 fix(tier2): reconcile agent prompt with Tier 2's project-relative paths
Tier 2 (in commit 923d360d) relocated the failcount state and failure
report defaults from 'scripts/tier2/state/' to 'tests/artifacts/tier2_state/'
(matching the workspace_paths.md styleguide). This commit reconciles
the agent prompt with the actual code path:

  - 'Temp files' convention: scripts/tier2/state/<track>/state.json
    -> tests/artifacts/tier2_state/<track>/state.json
  - 'Temp files' convention: scripts/tier2/failures/
    -> tests/artifacts/tier2_failures/
  - Example audit output: scripts/tier2/state/audit_initial.json
    -> tests/artifacts/tier2_state/audit_initial.json
  - 'Failcount Contract' state path updated to match.

The user must re-bootstrap the Tier 2 clone to pick up the fixed
template (pwsh -File scripts/tier2/setup_tier2_clone.ps1).

Refs: conductor/tracks/tier2_no_appdata_20260618 (post-merge followup)
2026-06-18 18:25:55 -04:00
ed ebcad9b3b1 fix(tier2): remove AppData path from agent prompt example
The 'Temp files' convention bullet had a counter-example that
referenced the AppData path explicitly. The test
tests/test_tier2_slash_command_spec.py::test_agent_denies_temp_writes
catches this and asserts NO AppData path strings in the agent prompt.

Replaced the AppData path in the counter-example with a generic
'AppData is denied by the bash rule' reference.

Refs: conductor/tracks/tier2_no_appdata_20260618
2026-06-18 14:46:07 -04:00
ed da151f74ba docs(tier2): slash command - NEVER USE APPDATA, point at inside-clone
Four changes to conductor/tier2/commands/tier-2-auto-execute.md:

1. Pre-flight step 3: previous-run check now references
   scripts/tier2/state/<track-name>/state.json (not <app-data>).
2. Protocol step 3: failcount state init path is
   scripts/tier2/state/<track-name>/state.json (not <app-data>).
3. Conventions / Temp files: rewritten to point at inside-clone paths
   and say 'NEVER USE APPDATA'. Documents the 2026-06-18 reversal.
4. Hard Bans footer: filesystem boundary now says 'Tier 2 clone only'
   (no +AppData exception) and includes the NEVER USE APPDATA rule.

Refs: conductor/tracks/tier2_no_appdata_20260618
2026-06-18 14:31:43 -04:00
ed 2e6e422bbb docs(tier2): agent prompt - NEVER USE APPDATA, point at inside-clone
Three changes to conductor/tier2/agents/tier2-autonomous.md:

1. Frontmatter permission.read / permission.write: removed the two
   AppData allow rules; only the Tier 2 clone is allowed now.
2. Frontmatter permission.bash: added '*AppData\\\\*': deny (broader
   pattern, in addition to the existing Temp-specific deny).
3. 'Hard Bans' section: rewrote the filesystem boundary line to say
   'NEVER USE APPDATA' and point at the new deny rule.
4. 'Conventions / Temp files' bullet: replaced with inside-clone
   conventions (scripts/tier2/state/, scripts/tier2/failures/,
   scripts/tier2/artifacts/<track>/). Documents the 2026-06-18 reversal.
5. 'Failcount Contract' section: state path is now
   scripts/tier2/state/<track>/state.json (Path.cwd()-relative).

Refs: conductor/tracks/tier2_no_appdata_20260618
2026-06-18 14:31:04 -04:00
ed d0bbc70a4e fix(tier2): remove AppData allow rules from OpenCode permission JSON
Before:
  - read/write allow rules for AppData/Local/manual_slop/tier2/ and
    AppData/Local/manual_slop/tier2_failures/ existed in both the
    top-level and the tier2-autonomous agent's permission blocks.
  - Bash deny rules covered only AppData/Local/Temp/.

After:
  - read/write allow only the Tier 2 clone (C:\\projects\\manual_slop_tier2\\**).
  - Bash deny rules: *AppData\\* (broader) + *AppData\\Local\\Temp\\* (kept for clarity).

The broader *AppData\\* rule catches Local, LocalLow, Roaming, and any
other subdir, not just Temp. The narrower Temp rule is kept as a
self-documenting marker for the original 2026-06-17 regression.

Per the user's 2026-06-18 'NEVER USE APPDATA' directive.

Refs: conductor/tracks/tier2_no_appdata_20260618
2026-06-18 14:30:04 -04:00
ed 03c9df8450 fix(tier2): deny %TEMP% writes - use app-data dir for temp files
The Tier 2 agent wrote audit_exception_handling.py output to
C:\\Users\\Ed\\AppData\\Local\\Temp\\audit_initial.json via shell
redirection. This is OUTSIDE the sandbox allowlist (which is
C:\\projects\\manual_slop_tier2 + C:\\Users\\Ed\\AppData\\Local\\
manual_slop\\tier2 + C:\\Users\\Ed\\AppData\\Local\\manual_slop\\
tier2_failures). The OpenCode session-level guard fires the 'ask'
prompt for paths outside the project root, which has no answer in an
autonomous session, so ops halted mid-track.

Fix (3 layers):

1. opencode.json.fragment: add bash deny rule
   '*AppData\\Local\\Temp\\*': 'deny' to BOTH the top-level
   permission.bash (for default agents) and the tier2-autonomous
   agent's permission.bash. The agent physically cannot run shell
   commands that target the global Temp dir.

2. conductor/tier2/agents/tier2-autonomous.md: add 'Temp files'
   convention telling the agent to use
   C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\ for scratch
   / audit-output / intermediate files, NOT %TEMP%.

3. conductor/tier2/commands/tier-2-auto-execute.md: same convention
   in the slash command so the agent sees it at slash-command time.

Tests (default-on):
- test_agent_denies_temp_writes: agent prompt has the Temp deny in
  frontmatter bash + the app-data dir note
- test_config_fragment_denies_temp_writes: both top-level and agent
  bash have the deny rule

All 16 tier 2 slash command tests pass.

Also: cleaned up the leaked audit_initial.json + audit.json +
audit_after*.json from %TEMP% (they were leftovers from a prior
run). Re-ran setup against the live clone; opencode.json's agent
bash and top-level bash both have the deny rule.
2026-06-17 16:13:19 -04:00
ed 3ec601d4da fix(tier2): override top-level model to MiniMax-M3
The clone's opencode.json inherited the main repo's top-level 'model'
field (zai/glm-5) via 'git clone'. The tier2-autonomous agent has its
own 'model: minimax-coding-plan/MiniMax-M3' override, so the default
agent path was technically correct, but any other agent spawned without
an explicit model (or if the user manually switched to build/plan)
would have used zai/glm-5 instead of MiniMax-M3.

Fix:
1. Add top-level 'model: minimax-coding-plan/MiniMax-M3' to
   conductor/tier2/opencode.json.fragment.
2. setup_tier2_clone.ps1 merge now overrides 'model' from the fragment
   (was only overriding agent, permission, default_agent).
3. Added test_config_fragment_has_top_level_model (default-on) to
   assert the fragment's model field.
4. Added test_setup_script_overrides_model (opt-in TIER2_SANDBOX_TESTS=1)
   to assert the merge code.

All 17 tests pass (14 default-on + 3 opt-in).

Verified: re-ran setup against the live clone; opencode.json's
top-level 'model' is now minimax-coding-plan/MiniMax-M3.
2026-06-17 14:50:01 -04:00
ed 9cd8536455 fix(tier2): top-level permission allowlist - sandbox paths now enforced
Regression: a Tier 2 session was denied access to
C:\\projects\\manual_slop_tier2\\scripts\\run_tests_batched.py
with 'Allowed base directories are: gencpp, manual_slop'. The
tier2-autonomous agent had a correct permission.read allowlist, but
the top-level permission block (inherited from the main repo's
opencode.json via 'git clone') had no read/write keys, and OpenCode
uses the top-level for the default agent path. The agent's
permission.read was merged but apparently not enforced for the
default-agent access check.

Fix:
1. Add a top-level 'permission' block to
   conductor/tier2/opencode.json.fragment with:
   - permission.edit: 'deny' (default agents locked down)
   - permission.read: deny *, allow sandbox clone + app-data dirs
   - permission.write: same
   - permission.bash: deny *, allowlist of read-only git commands +
     uv run python scripts/{run_tests_batched.py,tier2/*} + basic
     shell commands. git push/checkout/restore/reset remain denied.

2. Update setup_tier2_clone.ps1 to also patch the top-level
   'permission' block (was only merging the tier2-autonomous agent
   block). The script preserves the user's mcp, model, instructions,
   watcher, and plugin settings from the inherited opencode.json.

3. Update test_tier2_slash_command_spec.py:
   - Rename test_command_fetches_origin_main -> ..._master (we
     changed the slash command on 2026-06-17).
   - Add test_config_fragment_has_top_level_permission to assert
     the new top-level permission block has the right deny-all +
     allowlist shape.

The tier2-autonomous agent's permission block is unchanged; it
overrides the top-level for that agent's tool calls.
2026-06-17 13:43:53 -04:00
ed 07a0e66a19 docs(tier2): apply user feedback - 6 workflow conventions
User feedback from the first sandbox run (send_result_to_send_20260616,
2026-06-17) identified 6 conventions Tier 2 must follow. Update the agent
prompt template, slash command template, user guide, and workflow doc:

1. Test runner: ALWAYS use 'uv run python scripts/run_tests_batched.py'
   (NOT 'uv run pytest'). The batched runner provides tier filtering,
   parallelization (xdist), and a summary table that direct pytest lacks.

2. Default branch: this repo uses 'master', not 'main'. The Tier 2 slash
   command now does 'git fetch origin master' (was 'origin main').

3. Line endings: preserve existing. This repo has a mix of CRLF and LF;
   a repo-wide LF standardization is a future track.

4. Throw-away scripts: write to 'scripts/tier2/artifacts/<track>/', NOT
   the base 'scripts/tier2/' directory. The base is reserved for
   production code; throw-away scripts are kept for archival but
   isolated per-track.

5. End-of-track report: write 'docs/reports/TRACK_COMPLETION_<track>.md'
   and update 'state.toml' to 'status=completed'. The user reads this
   to decide merge. Previously this was implicit; now it's explicit.

6. Run-time expectation: tracks are 1-4 hours. If context runs out, Tier
   2 notes progress to disk and continues. The --resume flag picks up
   from the last completed task.

Also updated the user guide with a 'Conventions' section and a
troubleshooting entry for the resume flow. The verify-the-sandbox
checklist now uses 'origin master' instead of 'origin main'.
2026-06-17 02:13:29 -04:00
ed e487d34b40 feat(tier2): add post-checkout detection hook (logs to tier2_checkout_log.txt) 2026-06-16 19:51:16 -04:00
ed 01be39236b feat(tier2): add pre-push hook that refuses all pushes 2026-06-16 19:50:58 -04:00
ed 154a370728 feat(tier2): add opencode.json.fragment with deny rules + path allowlist 2026-06-16 19:19:37 -04:00
ed 016381c4ff feat(tier2): create tier2-autonomous agent profile template 2026-06-16 19:18:36 -04:00
ed 7380e23bc0 feat(tier2): create tier-2-auto-execute slash command template 2026-06-16 19:17:41 -04:00