"""Default-on regression test: no script under ./scripts/ may write to
the global %TEMP% directory (C:\\Users\\Ed\\AppData\\Local\\Temp\\).

The Tier 2 sandbox is supposed to keep all scratch / intermediate
files inside the Tier 2 clone (C:\\projects\\manual_slop_tier2 +
scripts/tier2/state/ + scripts/tier2/failures/). Writing to the
global Temp dir breaks that boundary: the OpenCode session fires
the 'ask' prompt for paths outside the project root, halting
autonomous ops.

Per the user's 2026-06-18 'NEVER USE APPDATA' directive, Tier 2
state and failure reports no longer live under
C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\ or
C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\; they
live inside the clone under scripts/tier2/state/ and
scripts/tier2/failures/.

The test delegates to scripts/audit_no_temp_writes.py --strict
which exits 1 on any violation. If this test fails, a new script
under ./scripts/ is using %TEMP% and the Tier 2 sandbox boundary
has been violated.
"""
import subprocess
from pathlib import Path

import pytest


def test_no_script_emits_to_temp() -> None:
 audit = Path("scripts/audit_no_temp_writes.py").resolve()
 assert audit.exists(), f"audit script missing: {audit}"
 result = subprocess.run(
  ["uv", "run", "python", str(audit), "--strict"],
  capture_output=True, text=True, timeout=60,
 )
 assert result.returncode == 0, (
  f"audit found %TEMP% usage in scripts:\n{result.stdout}\n{result.stderr}\n\n"
  f"Fix: move scratch files to tests/artifacts/ or "
  f"scripts/tier2/state/ or scripts/tier2/failures/ instead of %TEMP%."
 )
 assert "CLEAN" in result.stdout, f"unexpected audit output: {result.stdout}"