ed
6240b07b9e
ROOT CAUSE: Tier 2 used 'git stash' during the cruft_elimination_20260627
track execution and corrupted the user's in-progress files. The user
explicitly stated: 'if an agent fucks up, their tendency to want to revert
is not correct and instead they must live with the timeline and just do
corrections with a new commit. They can grab artifacts, code, etc, from
old commits but they cannot reset to that.'
This commit adds HARD BANs on git stash* and git clean -fd* at 3 layers
(per the existing 3-layer defense model documented in
conductor/tier2/agents/tier2-autonomous.md):
LAYER 1: AGENTS.md
- Added new HARD BAN: 'git stash* (any form: git stash, git stash pop,
git stash apply, git stash drop, git stash clear) is FORBIDDEN.
Stashing inverts the safety net of the working tree'
LAYER 2: conductor/tier2/opencode.json.fragment (Tier 2 autonomous)
- Added 'git stash*', 'git stash pop*', 'git stash apply*',
'git stash drop*', 'git stash clear*', 'git clean -fd*', 'git clean -fdx*'
to BOTH the top-level permission.bash deny list AND the
agent.tier2-autonomous.permission.bash deny list
- Also added 'git revert*' (was missing from fragment; already banned in prompt)
- These are now HARD DENIED at the OpenCode permission layer; the agent
cannot run them even if it tries
LAYER 3: conductor/tier2/agents/tier2-autonomous.md
- Added 'git stash* (any form)' to the Hard Bans list
- Added 'THE TIMELINE-IS-IMMUTABLE PRINCIPLE' section spelling out
exactly what to do when you fuck up:
- When you make a wrong commit, write a NEW commit that fixes it
- The git history is immutable on this branch
- You CAN grab artifacts from old commits via 'git show <sha>:<path> > <new-path>'
- You CANNOT reset the branch HEAD to an old commit
- 'git revert', 'git reset --hard', 'git reset --soft', 'git stash' are
all attempts to rewrite history and BANNED
- Correct pattern: pause, read the actual file, write a forward
corrective commit with a commit message that explains the fix
This addresses the root cause of the 2026-06-27 cruft_elimination
corruption. Future Tier 2 autonomous runs will be blocked from running
git stash* at 2 layers (OpenCode permission deny + Tier 2 prompt hard
ban list) and reminded at the agent-prompt layer (THE TIMELINE-IS-
IMMUTABLE PRINCIPLE section).
107 lines
2.9 KiB
Plaintext
107 lines
2.9 KiB
Plaintext
{
|
|
"$schema": "https://opencode.ai/config.json",
|
|
"default_agent": "tier2-autonomous",
|
|
"model": "minimax-coding-plan/MiniMax-M3",
|
|
"permission": {
|
|
"edit": "deny",
|
|
"read": {
|
|
"*": "deny",
|
|
"C:\\projects\\manual_slop_tier2\\**": "allow"
|
|
},
|
|
"write": {
|
|
"*": "deny",
|
|
"C:\\projects\\manual_slop_tier2\\**": "allow"
|
|
},
|
|
"bash": {
|
|
"*": "deny",
|
|
"git status*": "allow",
|
|
"git diff*": "allow",
|
|
"git log*": "allow",
|
|
"git add*": "allow",
|
|
"git commit*": "allow",
|
|
"git switch*": "allow",
|
|
"git branch*": "allow",
|
|
"git fetch*": "allow",
|
|
"git remote*": "allow",
|
|
"git rev-parse*": "allow",
|
|
"git show*": "allow",
|
|
"git config --get*": "allow",
|
|
"ls*": "allow",
|
|
"cat*": "allow",
|
|
"head*": "allow",
|
|
"tail*": "allow",
|
|
"find*": "allow",
|
|
"echo*": "allow",
|
|
"mkdir*": "allow",
|
|
"cp*": "allow",
|
|
"mv*": "allow",
|
|
"rm*": "allow",
|
|
"uv run python scripts/run_tests_batched.py*": "allow",
|
|
"uv run python scripts/tier2/*": "allow",
|
|
"pwsh -File scripts/tier2/*": "allow",
|
|
"*AppData\\*": "deny",
|
|
"*AppData\\Local\\Temp\\*": "deny",
|
|
"*$env:TEMP*": "deny",
|
|
"*$env:TMP*": "deny",
|
|
"*%TEMP%*": "deny",
|
|
"*%TMP%*": "deny",
|
|
"*GetTempPath*": "deny",
|
|
"*gettempdir*": "deny",
|
|
"*mkstemp*": "deny",
|
|
"git push*": "deny",
|
|
"git checkout*": "deny",
|
|
"git restore*": "deny",
|
|
"git reset*": "deny",
|
|
"git revert*": "deny",
|
|
"git stash*": "deny",
|
|
"git stash pop*": "deny",
|
|
"git stash apply*": "deny",
|
|
"git stash drop*": "deny",
|
|
"git stash clear*": "deny",
|
|
"git clean -fd*": "deny",
|
|
"git clean -fdx*": "deny"
|
|
}
|
|
},
|
|
"agent": {
|
|
"tier2-autonomous": {
|
|
"model": "minimax-coding-plan/MiniMax-M3",
|
|
"temperature": 0.4,
|
|
"permission": {
|
|
"edit": "allow",
|
|
"read": {
|
|
"*": "deny",
|
|
"C:\\projects\\manual_slop_tier2\\**": "allow"
|
|
},
|
|
"write": {
|
|
"*": "deny",
|
|
"C:\\projects\\manual_slop_tier2\\**": "allow"
|
|
},
|
|
"bash": {
|
|
"*": "allow",
|
|
"*AppData\\*": "deny",
|
|
"*AppData\\Local\\Temp\\*": "deny",
|
|
"*$env:TEMP*": "deny",
|
|
"*$env:TMP*": "deny",
|
|
"*%TEMP%*": "deny",
|
|
"*%TMP%*": "deny",
|
|
"*GetTempPath*": "deny",
|
|
"*gettempdir*": "deny",
|
|
"*mkstemp*": "deny",
|
|
"git push*": "deny",
|
|
"git checkout*": "deny",
|
|
"git restore*": "deny",
|
|
"git reset*": "deny",
|
|
"git revert*": "deny",
|
|
"git stash*": "deny",
|
|
"git stash pop*": "deny",
|
|
"git stash apply*": "deny",
|
|
"git stash drop*": "deny",
|
|
"git stash clear*": "deny",
|
|
"git clean -fd*": "deny",
|
|
"git clean -fdx*": "deny"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|