Added: 2026-04-20 | Source: sw-audit | Work: audit-2026-04-20
Audit finding: F36 (BLOCKER)
Location:
- adapters/shared/specwright-state-paths.mjs:140-153
- adapters/shared/specwright-state-paths.mjs:254-279
- core/protocols/context.md:8-17
- .specwright/research/non-interactive-skills-20260319.md:17-23
Problem:
Specwright defaults runtime state and work artifacts to Git-admin paths under .git/specwright, but Claude Code protects .git writes even in bypass-style modes. Routine session, continuation, stage-report, and work-artifact writes therefore collide with the primary adapter's protected-path model and hide useful state from the visible project tree.
Recommendation:
Preserve the logical root split and worktree-safety invariants, but add an adapter-aware default or migration path for Claude Code that keeps human-facing work artifacts and closeout digests in a project-visible non-protected root. sw-init / sw-guard should offer that choice explicitly up front rather than requiring users to discover config.git.workArtifacts after the friction appears.
Added: 2026-04-20 | Source: sw-audit | Work: audit-2026-04-20
Audit finding: F36 (BLOCKER)
Location:
Problem:
Specwright defaults runtime state and work artifacts to Git-admin paths under
.git/specwright, but Claude Code protects.gitwrites even in bypass-style modes. Routine session, continuation, stage-report, and work-artifact writes therefore collide with the primary adapter's protected-path model and hide useful state from the visible project tree.Recommendation:
Preserve the logical root split and worktree-safety invariants, but add an adapter-aware default or migration path for Claude Code that keeps human-facing work artifacts and closeout digests in a project-visible non-protected root.
sw-init/sw-guardshould offer that choice explicitly up front rather than requiring users to discoverconfig.git.workArtifactsafter the friction appears.