ed/manual_slop
Private
Public Access
0
0
Fork 0
Code Activity
Files
b94dd85f14530bd3dfd75aa98a42f600c3ef832a
manual_slop/conductor/tier2/opencode.json.fragment
T
ed 03c9df8450 fix(tier2): deny %TEMP% writes - use app-data dir for temp files 
The Tier 2 agent wrote audit_exception_handling.py output to
C:\\Users\\Ed\\AppData\\Local\\Temp\\audit_initial.json via shell
redirection. This is OUTSIDE the sandbox allowlist (which is
C:\\projects\\manual_slop_tier2 + C:\\Users\\Ed\\AppData\\Local\\
manual_slop\\tier2 + C:\\Users\\Ed\\AppData\\Local\\manual_slop\\
tier2_failures). The OpenCode session-level guard fires the 'ask'
prompt for paths outside the project root, which has no answer in an
autonomous session, so ops halted mid-track.

Fix (3 layers):

1. opencode.json.fragment: add bash deny rule
   '*AppData\\Local\\Temp\\*': 'deny' to BOTH the top-level
   permission.bash (for default agents) and the tier2-autonomous
   agent's permission.bash. The agent physically cannot run shell
   commands that target the global Temp dir.

2. conductor/tier2/agents/tier2-autonomous.md: add 'Temp files'
   convention telling the agent to use
   C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\ for scratch
   / audit-output / intermediate files, NOT %TEMP%.

3. conductor/tier2/commands/tier-2-auto-execute.md: same convention
   in the slash command so the agent sees it at slash-command time.

Tests (default-on):
- test_agent_denies_temp_writes: agent prompt has the Temp deny in
  frontmatter bash + the app-data dir note
- test_config_fragment_denies_temp_writes: both top-level and agent
  bash have the deny rule

All 16 tier 2 slash command tests pass.

Also: cleaned up the leaked audit_initial.json + audit.json +
audit_after*.json from %TEMP% (they were leftovers from a prior
run). Re-ran setup against the live clone; opencode.json's agent
bash and top-level bash both have the deny rule.
2026-06-17 16:13:19 -04:00

83 lines
2.5 KiB
Plaintext
Raw Blame History

{
"$schema": "https://opencode.ai/config.json",
"default_agent": "tier2-autonomous",
"model": "minimax-coding-plan/MiniMax-M3",
"permission": {
"edit": "deny",
"read": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
},
"write": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
},
"bash": {
"*": "deny",
"git status*": "allow",
"git diff*": "allow",
"git log*": "allow",
"git add*": "allow",
"git commit*": "allow",
"git switch*": "allow",
"git branch*": "allow",
"git fetch*": "allow",
"git remote*": "allow",
"git rev-parse*": "allow",
"git show*": "allow",
"git config --get*": "allow",
"ls*": "allow",
"cat*": "allow",
"head*": "allow",
"tail*": "allow",
"find*": "allow",
"echo*": "allow",
"mkdir*": "allow",
"cp*": "allow",
"mv*": "allow",
"rm*": "allow",
"uv run python scripts/run_tests_batched.py*": "allow",
"uv run python scripts/tier2/*": "allow",
"pwsh -File scripts/tier2/*": "allow",
"*AppData\\Local\\Temp\\*": "deny",
"git push*": "deny",
"git checkout*": "deny",
"git restore*": "deny",
"git reset*": "deny"
}
},
"agent": {
"tier2-autonomous": {
"model": "minimax-coding-plan/MiniMax-M3",
"temperature": 0.4,
"permission": {
"edit": "allow",
"read": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
},
"write": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
},
"bash": {
"*": "allow",
"*AppData\\Local\\Temp\\*": "deny",
"git push*": "deny",
"git checkout*": "deny",
"git restore*": "deny",
"git reset*": "deny"
}
}
}
}
}
View Git Blame Copy Permalink