Conversation
When starting from a protected base branch that has local commits ahead of its start ref, agent-branch-start now carries those commits into the new sandbox branch and resets the protected branch back to the tracked base. Constraint: Keep protected base checkout clean without dropping local work Rejected: Leave ahead commits on protected branch and only stash file changes | still violates protected-branch hygiene for commit history Confidence: high Scope-risk: narrow Reversibility: clean Directive: Protected-branch transfer logic must preserve commit history before any reset operation Tested: bash -n scripts/agent-branch-start.sh Tested: node --test test/install.test.js --test-name-pattern agent-branch-start Not-tested: Full multiagent-safety test suite
NagyVikt
deleted the
agent/codex/odin-recodee-com-protected-main-gh006-fallback
branch
NagyVikt
added a commit
that referenced
this pull request
Apr 16, 2026
…123) When starting from a protected base branch that has local commits ahead of its start ref, agent-branch-start now carries those commits into the new sandbox branch and resets the protected branch back to the tracked base. Constraint: Keep protected base checkout clean without dropping local work Rejected: Leave ahead commits on protected branch and only stash file changes | still violates protected-branch hygiene for commit history Confidence: high Scope-risk: narrow Reversibility: clean Directive: Protected-branch transfer logic must preserve commit history before any reset operation Tested: bash -n scripts/agent-branch-start.sh Tested: node --test test/install.test.js --test-name-pattern agent-branch-start Not-tested: Full multiagent-safety test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
NagyVikt
added a commit
that referenced
this pull request
Apr 16, 2026
…#126) * Harden protected-branch defaults and bulk workflow diagnostics (#112) Default VS Code protected-branch writes to opt-in, tighten hook behavior, and extend CLI install/doctor workflow requirements so safety setup is deterministic across repos. Constraint: Base branch main is treated as read-only; changes were moved into an agent sandbox branch before publishing Rejected: Direct commit/push on main | violates multiagent branch guard policy Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep template hooks and installed .githooks behavior in sync when changing protected-branch policy Tested: node --test test/install.test.js Not-tested: node --test test/*.test.js (fails in unrelated test/fuzzing.test.js baseline) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Auto-run merged-branch cleanup after base-branch merges (#113) Add a managed post-merge hook that triggers Guardex cleanup when the checked-out branch matches the configured base branch (dev by default). This gives repo-local automatic pruning of merged agent worktrees/branches without requiring a long-running cleanup watcher. Constraint: Hook execution must work in repo-local installs without relying on a global gx binary in PATH Rejected: Keep cleanup only as manual/daemon command | does not react immediately after merge into base Confidence: high Scope-risk: narrow Directive: Keep post-merge cleanup gated to the active base branch and keep clean unmerged worktrees preserved by default Tested: node --check bin/multiagent-safety.js Tested: python3 -m py_compile scripts/agent-file-locks.py Tested: Manual temp-repo hook simulation (dev triggers cleanup; feature branch skips) Not-tested: Full node --test test/install.test.js behavioral suite in this sandbox (spawn-limited runner executes smoke path only) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Handle squash-merged PR branches in automated cleanup (#114) Extend cleanup with an optional merged-PR detection path so agent branches merged via squash can still be safely pruned. The post-merge hook now enables this mode, preserving clean unmerged worktrees while auto-removing branches confirmed as merged PR heads. Constraint: Existing branch ancestry checks miss squash merges because branch commits are not ancestors of base Rejected: Force-delete all clean agent branches on base merge | risks deleting active but unpushed work Confidence: high Scope-risk: moderate Directive: Keep PR-based branch deletion gated behind explicit include-pr-merged mode and clean-worktree checks Tested: node --check bin/multiagent-safety.js Tested: bash -n scripts/agent-worktree-prune.sh templates/githooks/post-merge .githooks/post-merge Tested: Manual post-merge hook simulation (flag wiring + non-base skip) Tested: Manual prune simulation with fake gh merged PR head (non-ancestor branch removed) Not-tested: Full node --test test/install.test.js behavioral suite in this sandbox (spawn-limited runner executes smoke path only) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Align branch-finish/codex-agent workflow messaging with current merge expectations (#115) Capture the current local musafety script and docs updates in an isolated branch so they can be merged through the protected main workflow. Constraint: User requested merging the currently edited multiagent-safety files Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep parent recodee from tracking nested multiagent-safety file content to avoid duplicate Source Control diffs Tested: npm test (2 passed, 1 failed: test/fuzzing.test.js) Not-tested: Additional CI environments Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep fuzzing test runnable when fast-check is not installed (#116) Make the fuzzing suite gracefully skip property checks when fast-check is unavailable so basic test runs do not fail on missing optional dependency. Constraint: Preserve fuzz assertions when fast-check exists while avoiding hard dependency failures Rejected: Add fast-check as mandatory dependency | increases install footprint for non-fuzz workflows Confidence: high Scope-risk: narrow Reversibility: clean Directive: Treat fast-check as optional in this test file unless explicitly promoted to required dependency Tested: node --test test/fuzzing.test.js Not-tested: full npm test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Preserve the agent planning workspace as a shareable OpenSpec artifact (#117) This branch had untracked plan-workspace files visible in Source Control but not published, which blocked handing off the exact plan state. Recording the scaffolded role docs/tasks keeps the branch reproducible for review and merge. Constraint: Keep branch-scoped OpenSpec workspace under openspec/plan without code-path changes Rejected: Dropping the untracked plan workspace | would lose the context currently queued for merge Confidence: high Scope-risk: narrow Reversibility: clean Directive: Preserve generated plan workspaces when user explicitly asks to publish the pending branch state Tested: git status --short confirms only plan workspace files staged/committed Not-tested: Runtime/unit test suites (docs-only change) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Default shadow cleanup bots to one-hour idle pruning (#118) This updates the cleanup daemon defaults so background branch cleanup only prunes idle agent branches after 60 minutes, and cleanup watch mode follows the same default. The agents cleanup process now also requests merged-PR detection so stale squash-merged branches can be cleaned from local and remote refs. Constraint: Preserve existing safety guardrails that avoid deleting active or dirty agent worktrees Rejected: Keep 10-minute idle default | too aggressive for active multi-agent sessions Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep idle-threshold defaults aligned between 'agents start' and 'cleanup --watch' paths Tested: npm test -- test/install.test.js Not-tested: end-to-end long-running daemon behavior over real multi-hour cycles Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep one-hour cleanup defaults without breaking existing prune scripts (#119) The cleanup daemon keeps the new 60-minute idle threshold, but no longer injects '--include-pr-merged' when launching repo cleanup loops. Existing repositories can run older prune scripts, so this preserves compatibility while retaining the requested idle-based shadow cleanup behavior. Constraint: Existing installed repos may still have prune scripts that do not accept newer flags Rejected: Keep forcing --include-pr-merged from agents daemon | breaks cleanup loops on repos with older script versions Confidence: high Scope-risk: narrow Reversibility: clean Directive: Add forward-compatible capability checks before daemon-only CLI flags are passed to repo scripts Tested: npm test -- test/install.test.js Not-tested: mixed-version daemon behavior with remote gh PR detection enabled Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Preserve OpenSpec review evidence for the fuzzing publish change (#120) * omx(team): auto-checkpoint worker-1 [1] * omx(team): auto-checkpoint worker-2 [2] * omx(team): auto-checkpoint worker-2 [2] * Capture verification evidence for the fuzzing publish lane Document the focused fuzzing and publish-path verification outcomes in the OpenSpec verifier workspace so the leader can close task 2 with concrete PASS/FAIL evidence. Constraint: Full npm test is currently blocked by an unrelated install-suite baseline failure (`withPackageJson` undefined in test/install.test.js) Confidence: high Scope-risk: narrow Tested: node --check test/fuzzing.test.js Tested: node --test test/fuzzing.test.js Tested: node --test test/metadata.test.js Tested: npx --yes eslint --no-config-lookup --rule 'no-undef:error' --rule 'no-unused-vars:error' --parser-options '{"ecmaVersion":"latest"}' --global require --global __dirname --global __filename --global process --global module --global exports test/fuzzing.test.js Tested: lsp_diagnostics test/fuzzing.test.js (0 diagnostics; no tsconfig) Not-tested: npm test remains red from pre-existing install-suite failures outside this task * Preserve OpenSpec review evidence for the fuzzing publish change The code change is already on main, so this lane records the review outcome, verification evidence, and residual risks in the plan workspace for leader handoff. Constraint: Keep plan checkpoint files as the source of truth for this team lane Rejected: Reopen the code change in this worker | task scope is documentation and review only Confidence: high Scope-risk: narrow Directive: Do not treat the repository as fully green until the unrelated withPackageJson regression in test/install.test.js is fixed Tested: node --test test/fuzzing.test.js Tested: npm test (fails with pre-existing withPackageJson is not defined) Tested: git diff --check Tested: openspec validate --specs --------- Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep optional fast-check self-check tolerant to silent child output The fuzzing self-check was asserting that a warning string must be emitted from a child process. In this environment the child run can validly produce no output while still proving the optional dependency path is non-fatal, which made the suite flaky/failing. Accept either empty output or the warning text, while still rejecting raw module-not-found leakage. Constraint: Team execution integrated commit #120 where this assertion became strict Rejected: Remove the self-check entirely | would drop regression coverage for optional dependency behavior Confidence: high Scope-risk: narrow Directive: Preserve empty-output acceptance unless child-process logging is explicitly standardized Tested: node --test test/fuzzing.test.js; node --test test/metadata.test.js; npm test; openspec validate --specs Not-tested: Cross-platform child-process output behavior outside Linux * Enable cleanup max-branches limit forwarding (#122) Allow gx cleanup to accept --max-branches and pass it through to branch pruning with strict validation and clearer watch logging. Constraint: Must stay backward compatible with existing cleanup defaults Rejected: Hardcode a fixed branch limit | removes operator control over cleanup window Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep parseCleanupArgs and cleanup arg forwarding in sync for future cleanup options Tested: node --check bin/multiagent-safety.js; npm test Not-tested: Manual long-running cleanup watch against large real repositories Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Move protected-branch local commits into sandbox branch before reset (#123) When starting from a protected base branch that has local commits ahead of its start ref, agent-branch-start now carries those commits into the new sandbox branch and resets the protected branch back to the tracked base. Constraint: Keep protected base checkout clean without dropping local work Rejected: Leave ahead commits on protected branch and only stash file changes | still violates protected-branch hygiene for commit history Confidence: high Scope-risk: narrow Reversibility: clean Directive: Protected-branch transfer logic must preserve commit history before any reset operation Tested: bash -n scripts/agent-branch-start.sh Tested: node --test test/install.test.js --test-name-pattern agent-branch-start Not-tested: Full multiagent-safety test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep healthy review bots running during agents restart (#124) previously terminated both review and cleanup bots whenever either bot was missing. That caused unnecessary review-bot churn and avoidable blind windows.\n\nThis change reuses already-running bot processes, starts only missing ones, and preserves previous intervals/idle settings when reusing state. A regression test now covers the partial-restart scenario (review alive, cleanup missing). Constraint: Existing state files may include stale or partially missing bot processes\nRejected: Always stop and relaunch both bots | creates avoidable review downtime\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep partial-restart reuse semantics unless a deliberate full-restart mode is added\nTested: npm test\nNot-tested: Long-running real-world bot churn across many restart cycles Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Prevent Codex agent commits from primary checkout on agent/* branches The pre-commit template now detects whether the current checkout is a linked worktree and blocks Codex-session commits on agent/* when running from the primary checkout. This keeps sandbox isolation enforceable even when users accidentally switch the main checkout to an agent branch. Constraint: Agent branch work must stay in linked worktrees per repository guardrail policy Rejected: Rely on docs-only guidance without hook enforcement | too easy to bypass accidentally Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep this guard aligned with runtime skill-guard logic so branch/edit and commit protections stay consistent Tested: bash -n templates/githooks/pre-commit Not-tested: End-to-end commit attempt matrix across all shell/IDE contexts --------- Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
NagyVikt
added a commit
that referenced
this pull request
Apr 21, 2026
…ation branch (#238) * Advance guardex to 5.0.13 for the next publish slot (#110) After syncing this agent branch onto current origin/dev, 5.0.12 was already present on the base. This change bumps package metadata to 5.0.13 and adds the matching release note entry so the branch remains one patch ahead for publication. Constraint: Finish flow must target dev via PR merge Rejected: Reuse 5.0.12 bump commit | already present on base after sync Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep package.json/package-lock.json and README release notes in lockstep on version bumps Tested: npm test (100/100); node --check bin/multiagent-safety.js; npm pack --dry-run; node bin/multiagent-safety.js --version Not-tested: npm publish Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Capture OpenSpec plan workspace so branch finish can publish and merge to dev (#111) The branch had a complete plan workspace scaffold in the agent worktree but none of those files were committed, which blocked PR/merge completion for this task. This commit records the OpenSpec plan artifacts for the branch so finish flow can push, open/update PR, and merge cleanly. Constraint: User requested end-to-end PR + merge from this exact plan branch Rejected: Create a new branch for the same files | would break requested branch continuity Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep plan-workspace scaffolds committed on agent branches before running branch-finish Tested: git status clean after commit in branch worktree Not-tested: CI checks (to be validated by PR merge flow) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Prevent Codex agent commits from primary checkout on agent/* branches (#126) * Harden protected-branch defaults and bulk workflow diagnostics (#112) Default VS Code protected-branch writes to opt-in, tighten hook behavior, and extend CLI install/doctor workflow requirements so safety setup is deterministic across repos. Constraint: Base branch main is treated as read-only; changes were moved into an agent sandbox branch before publishing Rejected: Direct commit/push on main | violates multiagent branch guard policy Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep template hooks and installed .githooks behavior in sync when changing protected-branch policy Tested: node --test test/install.test.js Not-tested: node --test test/*.test.js (fails in unrelated test/fuzzing.test.js baseline) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Auto-run merged-branch cleanup after base-branch merges (#113) Add a managed post-merge hook that triggers Guardex cleanup when the checked-out branch matches the configured base branch (dev by default). This gives repo-local automatic pruning of merged agent worktrees/branches without requiring a long-running cleanup watcher. Constraint: Hook execution must work in repo-local installs without relying on a global gx binary in PATH Rejected: Keep cleanup only as manual/daemon command | does not react immediately after merge into base Confidence: high Scope-risk: narrow Directive: Keep post-merge cleanup gated to the active base branch and keep clean unmerged worktrees preserved by default Tested: node --check bin/multiagent-safety.js Tested: python3 -m py_compile scripts/agent-file-locks.py Tested: Manual temp-repo hook simulation (dev triggers cleanup; feature branch skips) Not-tested: Full node --test test/install.test.js behavioral suite in this sandbox (spawn-limited runner executes smoke path only) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Handle squash-merged PR branches in automated cleanup (#114) Extend cleanup with an optional merged-PR detection path so agent branches merged via squash can still be safely pruned. The post-merge hook now enables this mode, preserving clean unmerged worktrees while auto-removing branches confirmed as merged PR heads. Constraint: Existing branch ancestry checks miss squash merges because branch commits are not ancestors of base Rejected: Force-delete all clean agent branches on base merge | risks deleting active but unpushed work Confidence: high Scope-risk: moderate Directive: Keep PR-based branch deletion gated behind explicit include-pr-merged mode and clean-worktree checks Tested: node --check bin/multiagent-safety.js Tested: bash -n scripts/agent-worktree-prune.sh templates/githooks/post-merge .githooks/post-merge Tested: Manual post-merge hook simulation (flag wiring + non-base skip) Tested: Manual prune simulation with fake gh merged PR head (non-ancestor branch removed) Not-tested: Full node --test test/install.test.js behavioral suite in this sandbox (spawn-limited runner executes smoke path only) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Align branch-finish/codex-agent workflow messaging with current merge expectations (#115) Capture the current local musafety script and docs updates in an isolated branch so they can be merged through the protected main workflow. Constraint: User requested merging the currently edited multiagent-safety files Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep parent recodee from tracking nested multiagent-safety file content to avoid duplicate Source Control diffs Tested: npm test (2 passed, 1 failed: test/fuzzing.test.js) Not-tested: Additional CI environments Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep fuzzing test runnable when fast-check is not installed (#116) Make the fuzzing suite gracefully skip property checks when fast-check is unavailable so basic test runs do not fail on missing optional dependency. Constraint: Preserve fuzz assertions when fast-check exists while avoiding hard dependency failures Rejected: Add fast-check as mandatory dependency | increases install footprint for non-fuzz workflows Confidence: high Scope-risk: narrow Reversibility: clean Directive: Treat fast-check as optional in this test file unless explicitly promoted to required dependency Tested: node --test test/fuzzing.test.js Not-tested: full npm test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Preserve the agent planning workspace as a shareable OpenSpec artifact (#117) This branch had untracked plan-workspace files visible in Source Control but not published, which blocked handing off the exact plan state. Recording the scaffolded role docs/tasks keeps the branch reproducible for review and merge. Constraint: Keep branch-scoped OpenSpec workspace under openspec/plan without code-path changes Rejected: Dropping the untracked plan workspace | would lose the context currently queued for merge Confidence: high Scope-risk: narrow Reversibility: clean Directive: Preserve generated plan workspaces when user explicitly asks to publish the pending branch state Tested: git status --short confirms only plan workspace files staged/committed Not-tested: Runtime/unit test suites (docs-only change) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Default shadow cleanup bots to one-hour idle pruning (#118) This updates the cleanup daemon defaults so background branch cleanup only prunes idle agent branches after 60 minutes, and cleanup watch mode follows the same default. The agents cleanup process now also requests merged-PR detection so stale squash-merged branches can be cleaned from local and remote refs. Constraint: Preserve existing safety guardrails that avoid deleting active or dirty agent worktrees Rejected: Keep 10-minute idle default | too aggressive for active multi-agent sessions Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep idle-threshold defaults aligned between 'agents start' and 'cleanup --watch' paths Tested: npm test -- test/install.test.js Not-tested: end-to-end long-running daemon behavior over real multi-hour cycles Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep one-hour cleanup defaults without breaking existing prune scripts (#119) The cleanup daemon keeps the new 60-minute idle threshold, but no longer injects '--include-pr-merged' when launching repo cleanup loops. Existing repositories can run older prune scripts, so this preserves compatibility while retaining the requested idle-based shadow cleanup behavior. Constraint: Existing installed repos may still have prune scripts that do not accept newer flags Rejected: Keep forcing --include-pr-merged from agents daemon | breaks cleanup loops on repos with older script versions Confidence: high Scope-risk: narrow Reversibility: clean Directive: Add forward-compatible capability checks before daemon-only CLI flags are passed to repo scripts Tested: npm test -- test/install.test.js Not-tested: mixed-version daemon behavior with remote gh PR detection enabled Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Preserve OpenSpec review evidence for the fuzzing publish change (#120) * omx(team): auto-checkpoint worker-1 [1] * omx(team): auto-checkpoint worker-2 [2] * omx(team): auto-checkpoint worker-2 [2] * Capture verification evidence for the fuzzing publish lane Document the focused fuzzing and publish-path verification outcomes in the OpenSpec verifier workspace so the leader can close task 2 with concrete PASS/FAIL evidence. Constraint: Full npm test is currently blocked by an unrelated install-suite baseline failure (`withPackageJson` undefined in test/install.test.js) Confidence: high Scope-risk: narrow Tested: node --check test/fuzzing.test.js Tested: node --test test/fuzzing.test.js Tested: node --test test/metadata.test.js Tested: npx --yes eslint --no-config-lookup --rule 'no-undef:error' --rule 'no-unused-vars:error' --parser-options '{"ecmaVersion":"latest"}' --global require --global __dirname --global __filename --global process --global module --global exports test/fuzzing.test.js Tested: lsp_diagnostics test/fuzzing.test.js (0 diagnostics; no tsconfig) Not-tested: npm test remains red from pre-existing install-suite failures outside this task * Preserve OpenSpec review evidence for the fuzzing publish change The code change is already on main, so this lane records the review outcome, verification evidence, and residual risks in the plan workspace for leader handoff. Constraint: Keep plan checkpoint files as the source of truth for this team lane Rejected: Reopen the code change in this worker | task scope is documentation and review only Confidence: high Scope-risk: narrow Directive: Do not treat the repository as fully green until the unrelated withPackageJson regression in test/install.test.js is fixed Tested: node --test test/fuzzing.test.js Tested: npm test (fails with pre-existing withPackageJson is not defined) Tested: git diff --check Tested: openspec validate --specs --------- Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep optional fast-check self-check tolerant to silent child output The fuzzing self-check was asserting that a warning string must be emitted from a child process. In this environment the child run can validly produce no output while still proving the optional dependency path is non-fatal, which made the suite flaky/failing. Accept either empty output or the warning text, while still rejecting raw module-not-found leakage. Constraint: Team execution integrated commit #120 where this assertion became strict Rejected: Remove the self-check entirely | would drop regression coverage for optional dependency behavior Confidence: high Scope-risk: narrow Directive: Preserve empty-output acceptance unless child-process logging is explicitly standardized Tested: node --test test/fuzzing.test.js; node --test test/metadata.test.js; npm test; openspec validate --specs Not-tested: Cross-platform child-process output behavior outside Linux * Enable cleanup max-branches limit forwarding (#122) Allow gx cleanup to accept --max-branches and pass it through to branch pruning with strict validation and clearer watch logging. Constraint: Must stay backward compatible with existing cleanup defaults Rejected: Hardcode a fixed branch limit | removes operator control over cleanup window Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep parseCleanupArgs and cleanup arg forwarding in sync for future cleanup options Tested: node --check bin/multiagent-safety.js; npm test Not-tested: Manual long-running cleanup watch against large real repositories Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Move protected-branch local commits into sandbox branch before reset (#123) When starting from a protected base branch that has local commits ahead of its start ref, agent-branch-start now carries those commits into the new sandbox branch and resets the protected branch back to the tracked base. Constraint: Keep protected base checkout clean without dropping local work Rejected: Leave ahead commits on protected branch and only stash file changes | still violates protected-branch hygiene for commit history Confidence: high Scope-risk: narrow Reversibility: clean Directive: Protected-branch transfer logic must preserve commit history before any reset operation Tested: bash -n scripts/agent-branch-start.sh Tested: node --test test/install.test.js --test-name-pattern agent-branch-start Not-tested: Full multiagent-safety test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep healthy review bots running during agents restart (#124) previously terminated both review and cleanup bots whenever either bot was missing. That caused unnecessary review-bot churn and avoidable blind windows.\n\nThis change reuses already-running bot processes, starts only missing ones, and preserves previous intervals/idle settings when reusing state. A regression test now covers the partial-restart scenario (review alive, cleanup missing). Constraint: Existing state files may include stale or partially missing bot processes\nRejected: Always stop and relaunch both bots | creates avoidable review downtime\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep partial-restart reuse semantics unless a deliberate full-restart mode is added\nTested: npm test\nNot-tested: Long-running real-world bot churn across many restart cycles Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Prevent Codex agent commits from primary checkout on agent/* branches The pre-commit template now detects whether the current checkout is a linked worktree and blocks Codex-session commits on agent/* when running from the primary checkout. This keeps sandbox isolation enforceable even when users accidentally switch the main checkout to an agent branch. Constraint: Agent branch work must stay in linked worktrees per repository guardrail policy Rejected: Rely on docs-only guidance without hook enforcement | too easy to bypass accidentally Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep this guard aligned with runtime skill-guard logic so branch/edit and commit protections stay consistent Tested: bash -n templates/githooks/pre-commit Not-tested: End-to-end commit attempt matrix across all shell/IDE contexts --------- Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Enforce OpenSpec bootstrap defaults without sandbox helper drift (#129) Manual agent branch starts now scaffold OpenSpec change+plan workspaces by default, and OpenSpec helper execution resolves from worktree/repo/template paths instead of copying helper scripts into sandbox branches.\n\nThis keeps spec-driven behavior consistent even when the base branch is legacy and missing helper files, while avoiding noisy untracked helper-file diffs in active agent branches. Constraint: Existing dev/legacy branches may not include OpenSpec helper scripts\nRejected: Copy helper scripts into sandbox worktrees | pollutes branch diffs and obscures task changes\nConfidence: high\nScope-risk: moderate\nDirective: Keep manual agent branch starts OpenSpec-first by default; only disable with MUSAFETY_OPENSPEC_AUTO_INIT=false for explicit exceptions\nTested: bash -n scripts/agent-branch-start.sh scripts/codex-agent.sh templates/scripts/agent-branch-start.sh templates/scripts/codex-agent.sh\nTested: node --test test/install.test.js\nTested: node --test test/metadata.test.js\nTested: npm test\nNot-tested: codex-agent end-to-end PR/merge flow against live GitHub remotes Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Let codex-agent finish local-origin test lanes safely (#236) Local bare-path origins used by the install tests should not force PR-surface assumptions. This keeps the local-origin-aware autofinish gating in both codex-agent script copies and seeds local git identity in shared install helpers. Constraint: Install tests use local-path origin remotes and ad hoc nested repos Constraint: Explicit GUARDEX_GH_BIN overrides must still keep the PR-based autofinish path available Rejected: Skip autofinish entirely for local-path origins | breaks the guarded test-sandbox finish path Confidence: medium Scope-risk: narrow Reversibility: clean Directive: Keep scripts/codex-agent.sh and templates/scripts/codex-agent.sh aligned when changing autofinish gating Tested: openspec validate agent-codex-fix-codex-agent-autofinish-and-nested-gi-2026-04-21-13-28 --type change --strict Tested: openspec validate --specs Tested: node --test test/install.test.js (suite still hits unrelated withPackageJson baseline failure after the new seedCommit case passes) Not-tested: Clean full install suite after the unrelated withPackageJson helper regression is fixed Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> --------- Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated by scripts/agent-branch-finish.sh (PR flow).