Conversation
The launcher already preserved unfinished sandboxes, but replacement agents only got a generic merge hint and had to reconstruct the exact resume steps. This change makes codex-agent print a concrete takeover prompt and teaches new OpenSpec change workspaces to scaffold matching handoff/copy-prompt lines so a second agent can continue the same lane without inventing a new sandbox. Constraint: Must keep the existing finish pipeline and template/runtime script parity intact Rejected: Persist stale active-session records | would widen the VS Code active-session model without being necessary for the handoff path Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the codex-agent takeover prompt and init-change-workspace handoff copy aligned so manual and scaffolded rescue flows do not drift Tested: node --test --test-name-pattern "(codex-agent prints a takeover prompt when the sandbox is kept after an incomplete run|OpenSpec change workspace scaffold creates proposal/tasks/spec defaults|OpenSpec change workspace scaffold supports minimal T1 notes mode|critical runtime helper scripts stay in sync with templates)" test/install.test.js test/metadata.test.js; bash -n scripts/codex-agent.sh scripts/openspec/init-change-workspace.sh templates/scripts/codex-agent.sh templates/scripts/openspec/init-change-workspace.sh; openspec validate agent-codex-improve-usage-limit-takeover-handoff-2026-04-21-23-30 --type change --strict; openspec validate --specs Not-tested: Full remote PR merge from a real usage-limit interrupted session
NagyVikt
deleted the
agent/codex/improve-usage-limit-takeover-handoff-2026-04-21-23-30
branch
NagyVikt
added a commit
that referenced
this pull request
Apr 22, 2026
* Unblock the next Guardex npm publish after 7.0.15 was already taken (#239) npm rejected republishing 7.0.15, so this bump moves the package to 7.0.16, adds the matching README release note for the shipped Guardex changes, and updates the release integration test to follow the current package version instead of a stale literal. Constraint: npm will not publish over the already-taken 7.0.15 version Rejected: Leave README and release test expectations on 7.0.15 | publish metadata and release verification would drift Confidence: high Scope-risk: narrow Reversibility: clean Directive: When bumping a published version, keep README release notes and gx release expectations on the same current semver Tested: npm test (150/150); node --check bin/multiagent-safety.js; openspec validate agent-codex-release-guardex-7-0-16-2026-04-21-15-22 --type change --strict; openspec validate --specs; env npm_config_cache=/tmp/guardex-npm-cache npm pack --dry-run Not-tested: Live gh release creation against GitHub Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Bump next from 15.2.6 to 15.5.15 in /frontend (#229) Bumps [next](https://github.com/vercel/next.js) from 15.2.6 to 15.5.15. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.2.6...v15.5.15) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump qs and express in /frontend (#228) Bumps [qs](https://github.com/ljharb/qs) to 6.14.2 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `qs` from 6.13.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.2) Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Auto-finish: gx doctor repairs (#241) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Clarify how GitGuardex updates AGENTS contract docs (#242) README now explains the current setup/doctor behavior for repo guidance files. It makes the marker-managed AGENTS refresh explicit, shows that existing repo-owned text is preserved outside the managed block, and clarifies that root CLAUDE.md is left alone unless the repo chooses to symlink it to AGENTS. A small visual flow and before/after examples make the behavior easier to scan during setup decisions. Constraint: README wording needed to match the current ensureAgentsSnippet implementation and install regression tests Rejected: Describe root CLAUDE.md as auto-managed | inaccurate because setup installs .claude/commands/gitguardex.md instead Confidence: high Scope-risk: narrow Directive: Keep this section aligned with ensureAgentsSnippet semantics and AGENTS refresh tests when setup/doctor behavior changes Tested: npm test -- --test-name-pattern="setup refreshes existing managed AGENTS block by default|doctor refreshes existing managed AGENTS block by default" Not-tested: Mermaid and ASCII rendering differences across npm and GitHub surfaces Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Make doctor failures visually obvious in terminal output (#243) Doctor already prints compact actionable status lines, but fail and success output blend together during long recursive runs. This colors semantic doctor lines only and supports FORCE_COLOR so ANSI coverage can be verified deterministically. Constraint: Human-readable doctor output must remain plain in non-color terminals Rejected: Add a dedicated doctor color flag | FORCE_COLOR already covers explicit ANSI opt-in without expanding the CLI surface Confidence: high Scope-risk: narrow Directive: Keep doctor status coloring scoped to semantic outcome lines; do not color every repair bullet without rechecking readability Tested: node --check bin/multiagent-safety.js; node --test --test-name-pattern "doctor" test/install.test.js; openspec validate agent-codex-doctor-status-colors-2026-04-21-15-58 --type change --strict; openspec validate --specs Not-tested: Full repo non-doctor test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Clarify how Guardex sandboxes get cleaned up (#244) The README still showed post-merge cleanup as optional and did not explain the case where one agent implements a change but another agent has to close the sandbox after a usage-limit stop. This aligns the daily workflow with the current finish flags, adds a direct worktree-removal escape hatch, and ties the OpenSpec collaboration checklist to real cleanup handoffs. Constraint: README should match the current agent-branch-finish --cleanup flow on main Rejected: Mention cleanup only in Known rough edges | did not tell users how to remove unwanted worktrees or why collaboration handoffs exist Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep README cleanup examples aligned with finish-script defaults and OpenSpec collaboration tasks Tested: git diff --check; npm test partial pass before hang in install.test.js Not-tested: Full npm test completion (hung in test/install.test.js hook-fail-task path) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep npm release verification green when the version is already live (#245) The current main branch already passes the release-path test suite, but workflow_dispatch and backfill release runs can still fail later on npm publish when the exact package version is already on the registry. This teaches the release workflow to detect that case and skip publish cleanly while leaving verification intact. Constraint: Existing published versions on npm are immutable and should not make healthy verification runs fail Constraint: Release verification must still run on every workflow invocation before publish decisions are made Rejected: Remove workflow_dispatch support | would block maintainer-side verification on current main Rejected: Skip npm publish unconditionally on manual runs | hides legitimate unpublished release failures Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the release workflow idempotent for already-published versions so GitHub release state can be backfilled without forcing a version bump Tested: npm test Tested: node --check bin/multiagent-safety.js Tested: npm pack --dry-run Tested: openspec validate agent-codex-make-release-workflow-idempotent-when-ve-2026-04-21-16-30 --type change --strict Tested: openspec validate --specs Not-tested: Live GitHub Actions workflow execution before merge Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Bring the README docs in line with current Guardex behavior (#246) The docs still showed the older AGENTS marker explanation and an outdated gx status illustration, so the README was refreshed to match the current CLI surface and the managed-block guidance the user asked to add. This keeps the changes confined to documentation: one richer README section, one updated terminal SVG, and the matching T1 note for the branch. Constraint: Keep the change docs-only and preserve the user-provided README wording for the AGENTS.md/CLAUDE.md section Rejected: Add the new AGENTS guidance as a second duplicate section | would leave conflicting docs in the same README Confidence: high Scope-risk: narrow Reversibility: clean Directive: Update the terminal-status SVG whenever gx command/service output materially changes so README screenshots do not drift Tested: git diff --check; rendered docs/images/workflow-gx-terminal-status.svg to /tmp/workflow-gx-terminal-status.png for visual review Not-tested: npm test (skipped because this is a docs/SVG-only change and the suite previously hung in test/install.test.js) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * new * new * Bump path-to-regexp from 0.1.12 to 0.1.13 in /frontend (#240) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 0.1.12 to 0.1.13. - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.12...v.0.1.13) --- updated-dependencies: - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Align downstream OpenSpec scaffolds with recodee bootstrap (#247) Sync the setup-managed change and plan helpers to the richer recodee versions and lock the new scaffold shape with install regressions. Constraint: gx setup should install the same OpenSpec helper behavior already used in recodee Rejected: Update only templates | runtime/template drift would break parity guarantees Rejected: Copy the recodee plan scaffold verbatim without fixes | unescaped backticks corrupted generated cleanup text Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep scripts/openspec and templates/scripts/openspec in lockstep with frontend mirrors and install tests Tested: node --test --test-name-pattern OpenSpec test/install.test.js; node --test test/metadata.test.js; node --check bin/multiagent-safety.js; openspec validate agent-codex-sync-recodee-openspec-bootstrap-into-gx-2026-04-21-17-20 --type change --strict; openspec validate --specs; git diff --check Not-tested: Full npm test suite Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Expose live Guardex sandbox sessions inside VS Code Source Control (#248) Guardex now writes repo-local active session presence from codex-agent, scaffolds a lightweight VS Code companion into target repos, and ships a local install helper so users can see running lanes with native loading~spin rows in the Source Control container. Constraint: VS Code strips custom SVG animation from sidebar surfaces, so the companion must use native animated codicons Constraint: Guardex setup scaffolds from templates, so the companion and helpers must ship through template mapping as well as the source repo Rejected: Webview-only sidebar clone | would miss the native Source Control container users already watch Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the companion consuming .omx/state/active-sessions and ignore dead PIDs before adding richer runtime signals Tested: node --check bin/multiagent-safety.js; node --check scripts/agent-session-state.js; node --check scripts/install-vscode-active-agents-extension.js; node --check templates/vscode/guardex-active-agents/extension.js; node --check templates/vscode/guardex-active-agents/session-schema.js; bash -n scripts/codex-agent.sh; bash -n templates/scripts/codex-agent.sh; node --test test/vscode-active-agents-session-state.test.js; temporary gx setup smoke; openspec validate agent-codex-vscode-active-agents-extension-2026-04-21-17-38 --type change --strict; openspec validate --specs; git diff --check Not-tested: Live activation inside an already-open VS Code window without a manual reload Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Enhance README with sidebar options and install section (#249) Added options for GitHub About sidebar description and installation instructions. * new * Clarify README problem and About copy surfaces (#250) Move the collision visual into The problem, move the Guardex workflow visual into Solution, and replace the three-option About copy dump with a single source file plus README pointer. This keeps the top of the README readable while preserving a copyable GitHub About description in-repo. Constraint: README needs one canonical GitHub About description instead of multiple alternatives Rejected: Keep all three About-copy options inline | adds noise and leaves no single source of truth Confidence: high Scope-risk: narrow Directive: Keep GitHub About copy in about_description.txt and mirror it from README instead of adding new inline variants Tested: git diff --check; openspec validate agent-codex-readme-about-description-2026-04-21-18-05 --type change --strict; openspec validate --specs (no items found) Not-tested: npm test times out after four passing subtests; npm run agent:safety:scan fails because gx status rejects --strict Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Restore Active Agents view registration in VS Code (#251) The Active Agents provider was missing getTreeItem, so VS Code crashed the SCM view during render even when session records were present. This restores the required provider method in the installable template bundle and locks the failure mode with a mocked extension-host regression test. Constraint: This branch installs the VS Code companion from templates/vscode/guardex-active-agents Rejected: Reordering installer source precedence | broader behavior change than needed for the reported crash Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the provider contract test aligned with any future extension activation refactors Tested: node --test test/vscode-active-agents-session-state.test.js Tested: openspec validate agent-codex-demo-vscode-active-agents-2026-04-21-18-04 --type change --strict Tested: openspec validate --specs Not-tested: Live VS Code extension host after window reload Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Protect README About copy with regression coverage (#252) Add one metadata test that locks the merged README problem/solution visual placement and ensures the README mirrors the canonical about_description.txt copy. This keeps the docs contract from drifting without adding broader test churn. Constraint: Follow-up must stay test-only and scoped to the merged README/about-description contract Rejected: Re-run the entire install.test.js suite to prove this docs change | unrelated long-running suite still times out without incremental output Confidence: high Scope-risk: narrow Directive: If the README About copy changes again, update about_description.txt first and keep this metadata test aligned with the same source Tested: node --test test/metadata.test.js; openspec validate agent-codex-readme-about-description-regression-test-2026-04-21-18-20 --type change --strict; openspec validate --specs; git diff --check Not-tested: full npm test aggregate run still contains a long-running install.test.js file that timed out during ad hoc verification Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Make Active Agents visible in SCM by default (#253) The companion could render session rows but it could not match the intended Source Control presentation because it never created a TreeView handle. This switches the SCM contribution to createTreeView so the header can expose a live badge and empty-state message, and marks the view visible by default on first install. Constraint: The fix must stay inside the installable VS Code companion surface Rejected: Show stale sessions to force a non-empty badge | would misrepresent inactive agents Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep header badge coverage aligned with any future view-container refactors Tested: node --test test/vscode-active-agents-session-state.test.js Tested: openspec validate agent-codex-vscode-active-agents-scm-badge-visibilit-2026-04-21-18-31 --type change --strict Tested: openspec validate --specs Not-tested: Live VS Code SCM rendering after manual window reload Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * new img * Update README.md (#254) * Update README.md (#255) * Update README.md (#256) * Align package metadata with the canonical Guardian T-Rex pitch (#257) README and about_description.txt already carried the approved product copy, but package.json still advertised the older generic description. This change brings npm metadata onto the same canonical line, restores the README About and Solution blocks required by the current metadata regression, and records the alignment in a matching OpenSpec delta. Constraint: Package metadata, README About copy, and about_description.txt must stay aligned Rejected: Update package.json only | left README/spec regressions red in this branch Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep package.json description, README About copy, and about_description.txt in lockstep Tested: node --test test/metadata.test.js; npm test; git diff --check; openspec validate agent-codex-align-guardian-t-rex-package-description-2026-04-21-18-46 --type change --strict; openspec validate --specs Not-tested: npm registry rendering of the longer package description Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Update README.md (#258) * Update README.md (#259) * Auto-finish: gx doctor repairs (#260) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Show live Guardex worktree activity in the VS Code SCM view (#261) The Active Agents companion already showed presence, but every row was hardcoded to thinking. This change derives live activity from each sandbox worktree so clean lanes stay thinking while dirty lanes surface working with changed-file counts and tooltip previews. Constraint: VS Code companion state remains repo-local and read-only; do not require a new runtime daemon. Rejected: Add a periodic activity writer protocol | unnecessary complexity for a read-only status hint. Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep activity inference resilient; if git inspection fails, fall back to thinking rather than dropping the session row. Tested: node --test test/vscode-active-agents-session-state.test.js Tested: openspec validate agent-codex-vscode-active-agents-worktree-status-2026-04-21-21-23 --type change --strict Tested: openspec validate --specs Not-tested: VS Code interactive rendering in a live editor window Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Align the published package name with the GitGuardex brand (#262) Rename package metadata and install/update surfaces to @imdeadpool/gitguardex while keeping gx preferred and guardex as a legacy alias. Refresh docs, tutorial assets, and OpenSpec scaffolding to point at the renamed package, and keep historical release notes tied to the package scope that was actually published at each version. Constraint: Existing gx and guardex entry points must keep working during the package-name transition Rejected: Drop the guardex bin alias now | would break existing shells and automation during the rename Rejected: Rewrite historical release entries to the new npm scope | inaccurate because older releases shipped as @imdeadpool/guardex Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep historical release-note package references aligned with the package name that was actually published at that version Tested: node --test --test-name-pattern "(self-update verifies on-disk version after @latest install and retries with pinned version when stale|self-update restarts into the installed CLI after a successful on-disk upgrade|status --json returns cli, services, and repo summary|prompt outputs AI setup instructions|prompt --exec outputs command-only checklist|deprecated copy-commands alias still works and warns)" test/install.test.js Tested: node --check bin/multiagent-safety.js Tested: npm pack --dry-run Tested: openspec validate agent-codex-rename-npm-package-to-gitguardex-everywh-2026-04-21-21-02 --type change --strict Tested: openspec validate --specs Not-tested: full node --test test/install.test.js still hangs in an unrelated gx setup path in this repo Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Restore post-rename parity so branding CI stays green (#263) The package rename left one stale doctor-output assertion, README structure drift, and two runtime-template mismatches. This follow-up restores the canonical README anchors and keeps installed runtime scripts aligned with their templates so GitGuardex verifies cleanly after the rename. Constraint: Protected main requires agent branch plus PR finish flow Rejected: Revert the branding rename | the repo and published package already use GitGuardex Confidence: high Scope-risk: narrow Reversibility: clean Directive: When branding or log prefixes change, update runtime helpers and their templates together Tested: node --test --test-name-pattern "(doctor on protected main fails when sandbox PR is not merged|README keeps canonical About copy and problem-solution visuals aligned|critical runtime helper scripts stay in sync with templates)" test/install.test.js test/metadata.test.js; npm test; node --check bin/multiagent-safety.js; openspec validate agent-codex-rename-npm-package-to-gitguardex-everywh-2026-04-21-21-02 --type change --strict; openspec validate --specs Not-tested: Remote PR merge path Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Match the active-agents view to repo-scoped SCM grouping (#264) The VS Code companion was rendering a flat live-session list, which could not mirror the grouped Source Control layout operators expect. This change keeps repo context in the SCM-side tree, groups live lanes under ACTIVE AGENTS, surfaces repo-root changes beside them, and filters runtime presence files out of the change list while locking the behavior with focused tests. Constraint: Must stay within VS Code contributed tree-view APIs without mutating the built-in Git provider Rejected: Keep the flat active-agent list only | it still loses repo and change context Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep .omx/state/active-sessions presence files out of repo change rows; they are runtime signals, not operator-facing changes Tested: node --test test/vscode-active-agents-session-state.test.js Tested: openspec validate agent-codex-vscode-active-agents-scm-provider-layout-2026-04-21-23-22 --type change --strict Tested: openspec validate --specs Not-tested: Manual rendering inside a real VS Code window Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Make quota-hit agent takeovers copy-pasteable (#265) The launcher already preserved unfinished sandboxes, but replacement agents only got a generic merge hint and had to reconstruct the exact resume steps. This change makes codex-agent print a concrete takeover prompt and teaches new OpenSpec change workspaces to scaffold matching handoff/copy-prompt lines so a second agent can continue the same lane without inventing a new sandbox. Constraint: Must keep the existing finish pipeline and template/runtime script parity intact Rejected: Persist stale active-session records | would widen the VS Code active-session model without being necessary for the handoff path Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the codex-agent takeover prompt and init-change-workspace handoff copy aligned so manual and scaffolded rescue flows do not drift Tested: node --test --test-name-pattern "(codex-agent prints a takeover prompt when the sandbox is kept after an incomplete run|OpenSpec change workspace scaffold creates proposal/tasks/spec defaults|OpenSpec change workspace scaffold supports minimal T1 notes mode|critical runtime helper scripts stay in sync with templates)" test/install.test.js test/metadata.test.js; bash -n scripts/codex-agent.sh scripts/openspec/init-change-workspace.sh templates/scripts/codex-agent.sh templates/scripts/openspec/init-change-workspace.sh; openspec validate agent-codex-improve-usage-limit-takeover-handoff-2026-04-21-23-30 --type change --strict; openspec validate --specs Not-tested: Full remote PR merge from a real usage-limit interrupted session Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Restore the published npm package identity users already install (#266) Changing package.json from @imdeadpool/guardex to @imdeadpool/gitguardex created a separate npm package identity instead of renaming the existing registry entry. This restores the manifest, install/update copy, tutorial/docs assets, and regression tests to the package users can actually install today, and bumps the version so the next publish can succeed against the existing @imdeadpool/guardex release line. Constraint: npm package names are immutable registry identities; changing name publishes a different package Constraint: @imdeadpool/guardex@7.0.16 is already published on npm, so the revert must advance the version Rejected: Keep @imdeadpool/gitguardex and only tweak docs | npm view returns 404 so install and self-update guidance would still point at a non-existent package Confidence: high Scope-risk: moderate Reversibility: clean Directive: Do not change package.json.name again without confirming the target package exists on npm and the next version is publishable Tested: node --test --test-name-pattern "(default invocation checks for update and can auto-approve latest install|self-update verifies on-disk version after @latest install and retries with pinned version when stale|self-update restarts into the installed CLI after a successful on-disk upgrade|status --json returns cli, services, and repo summary|prompt outputs AI setup instructions|prompt --exec outputs command-only checklist|deprecated copy-commands alias still works and warns)" test/install.test.js; node --check bin/multiagent-safety.js; npm pack --dry-run; openspec validate agent-codex-restore-guardex-npm-package-name-2026-04-22-00-02 --type change --strict; openspec validate --specs; npm test Not-tested: live npm publish; live GitHub release flow Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Move installed guard workflows to CLI-owned shims (#267) Setup and doctor now keep thin repo-local dispatch shims while package-owned assets handle hooks, finish flows, migrations, and OpenSpec scaffolding. This also aligns the prompt/test surfaces with the gx-first workflow and restores inherited CLI dispatch for doctor and hook child processes. Constraint: Installed repos must keep protected-branch repair and hook compatibility while copied workflow logic moves into the package Rejected: Keep repo-local workflow copies | doctor drift remains the steady state Confidence: high Scope-risk: broad Directive: Repo hooks and scripts are compatibility shims; change package-owned assets first and keep shim dispatch aligned Tested: node --check bin/multiagent-safety.js Tested: node --test test/install.test.js Tested: openspec validate agent-codex-cli-owned-install-surface-2026-04-21-23-09 --type change --strict Tested: openspec validate --specs Not-tested: Live GitHub PR or merge against a real GitHub remote beyond fake-gh harnesses Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Ship the CLI-owned install surface on a fresh npm version (#268) The CLI-owned install surface needs a publishable package version and README release entry, and the scaffold regressions need to assert the same gx-owned surface that setup now installs. This bumps the package to 7.0.18, records the release note, keeps runtime OpenSpec scaffolds aligned with packaged templates, and updates merge workflow tests so hook shims exercise the source CLI instead of an older global gx binary. Constraint: npm publish cannot reuse 7.0.17 Constraint: setup no longer injects Guardex-managed agent:* package scripts into consumer repos Rejected: Leave scaffold parity failures as unrelated baseline drift | the packaged release surface includes those templates and full verification would stay red Confidence: high Scope-risk: moderate Directive: Keep generated repo shims and packaged templates behaviorally aligned when changing CLI-owned workflow wording Tested: node --check bin/multiagent-safety.js Tested: bash -n scripts/openspec/init-plan-workspace.sh Tested: bash -n scripts/openspec/init-change-workspace.sh Tested: npm pack --dry-run Tested: openspec validate --specs Tested: npm test (165/165 pass) Not-tested: live npm publish Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep small Guardex tasks on caveman-only routing by default (#269) Guardex installs a managed AGENTS block into downstream repos, but it did not tell agents when to stay lightweight versus when to escalate into OMX orchestration. This change adds a task-size routing clause to the managed template so small asks stay direct and caveman-only while larger cross-cutting work still has an explicit OMX path. Constraint: Guardex owns the managed AGENTS block, so the durable fix must live in the template and setup/doctor refresh coverage rather than repo-local docs only Rejected: Add a second Guardex-side runtime classifier | would duplicate OMX task-size heuristics and drift from the existing advisory detector Confidence: high Scope-risk: narrow Directive: Keep the managed Guardex AGENTS routing aligned with OMX task-size guidance when heavy-mode keywords or lightweight escape hatches change Tested: targeted install AGENTS refresh tests Tested: openspec change validation strict Not-tested: fresh downstream repo end-to-end after rerunning gx setup or gx doctor Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Make working VS Code agent lanes visible at a glance (#270) The Active Agents view already exposed per-row activity, but active edit lanes still blended into a flat list. This groups sessions into WORKING NOW vs THINKING, adds repo/header working counts, and keeps docs/tests aligned. Constraint: Keep the existing active-session JSON contract and SCM companion surface intact Rejected: Add a separate top-level working-lanes view | would duplicate the existing Source Control companion Confidence: high Scope-risk: narrow Directive: Keep WORKING NOW ahead of THINKING so actively editing lanes stay scan-first in the tree Tested: node --check templates/vscode/guardex-active-agents/extension.js; node --test test/vscode-active-agents-session-state.test.js; openspec validate agent-codex-vscode-working-agents-groups-2026-04-22-09-05 --type change --strict; openspec validate --specs Not-tested: npm test stopped after early passing output in this environment and did not complete Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Stop repo-local workflow shims from defining Guardex command surface (#271) Guardex already runs branch, lock, review, and cleanup flows from gx, but repo installs still taught and depended on scripts/ workflow shims. This change shrinks the required repo footprint to hook shims plus repo-local state, removes CLI checks that required repo-local workflow scripts, and updates shipped docs, AGENTS guidance, skill references, and lock/review helper output around the zero-copy surface. Constraint: Existing repos may still carry legacy workflow scripts during migration; direct gx commands must keep working without weakening branch and lock guardrails Rejected: Keep thin repo-local workflow shims as permanent entrypoints | still leaves a second command surface and drift noise Confidence: high Scope-risk: moderate Directive: Keep repo-local workflow commands optional compatibility only; install, doctor, status, and skills should teach gx subcommands first Tested: node --check bin/multiagent-safety.js; node --test test/install.test.js Not-tested: test/metadata.test.js parity gate for non-targeted local runtime/template sync Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Record merged zero-copy closeout evidence (#272) The zero-copy install-surface change already merged via PR #271, but the follow-up OpenSpec tasks file still showed cleanup unchecked. This commit marks cleanup complete and records the merged PR, commit, and local cleanup evidence so the change log matches repo state. Constraint: OpenSpec cleanup bookkeeping must match merged branch state before the change is considered closed Rejected: Leave tasks.md stale | hides verified merge completion and keeps false cleanup debt Confidence: high Scope-risk: narrow Reversibility: clean Directive: Use evidence-only follow-up branches only to repair stale bookkeeping; do not reopen implementation scope without a new change Tested: openspec validate agent-codex-zero-copy-cli-install-surface-2026-04-22-01-28 --type change --strict; openspec validate --specs Not-tested: No runtime or CLI behavior changed Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Allow targeted managed-file force rewrites during setup and doctor (#273) Setup/doctor/install/fix now treat managed relative paths that follow --force as targeted rewrite selectors instead of unknown args. The overwrite-conflict message now teaches both targeted and full-surface recovery, and the install regressions lock doctor/setup behavior for the review-bot shim and cr.yml template. Constraint: Existing bare --force must keep whole-surface rewrite behavior Rejected: Add a separate single-file repair command | heavier UX than extending the existing recovery path Confidence: high Scope-risk: moderate Directive: Keep targeted selectors limited to explicit managed paths with dedicated rewrite helpers; do not widen them to arbitrary repo files Tested: node --check bin/multiagent-safety.js; node --test --test-name-pattern "(doctor --force <managed-path>|setup --force <managed-path>|setup conflict message teaches)" test/install.test.js; openspec validate agent-codex-fix-doctor-setup-force-conflict-ux-2026-04-22-08-58 --type change --strict; openspec validate --specs Not-tested: PR merge/cleanup flow on origin/main Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Unblock the next Guardex npm publish (#274) This bumps @imdeadpool/guardex from 7.0.18 to 7.0.19 and records the shipped post-7.0.18 changes in the README release history and OpenSpec release artifact. No runtime behavior changed in this branch; the package metadata now matches the next publishable version the user requested. Constraint: Release metadata and README release history must move together for gitguardex version bumps Rejected: Version bump without README/OpenSpec update | would drift release state again Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep README release notes aligned with package.json and package-lock.json on every npm version bump Tested: node --check bin/multiagent-safety.js Tested: npm pack --dry-run Tested: openspec validate agent-codex-release-guardex-7-0-19-2026-04-22-10-27 --type change --strict Tested: openspec validate --specs Not-tested: node --test test/metadata.test.js still fails on the pre-existing helper-template parity mismatch already red on current main Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Auto-finish: gx doctor repairs (#275) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Auto-finish: gx doctor repairs (#276) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Keep gx doctor from treating manual conflict cleanup as repo failure (#277) Recoverable auto-finish rebase and merge conflicts mean the repo is safe but the branch still needs a human conflict-resolution step. Doctor now reports those rows as actionable skips, keeps the compact summary honest, and preserves verbose tail text for the operator. Constraint: Doctor should not look unsafe when only manual branch cleanup remains Rejected: Keep recoverable rebase conflicts under failed count | it makes safe repos read as broken Confidence: high Scope-risk: narrow Reversibility: clean Directive: Manual conflict detection is text-pattern based; update it if finish-script conflict wording changes Tested: node --check bin/multiagent-safety.js Tested: node --test --test-name-pattern "doctor" test/install.test.js Tested: openspec validate agent-codex-doctor-auto-finish-manual-conflict-2026-04-22-10-42 --type change --strict Tested: openspec validate --specs Not-tested: npm test remains red on pre-existing metadata parity assertion for scripts/agent-branch-start.sh vs templates/scripts/agent-branch-start.sh Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Record the merged doctor fix as complete in its OpenSpec task log (#278) The behavior fix already merged, but its change record still showed the completion section unchecked. This follow-up only updates the existing task log so the OpenSpec artifact matches the actual PR, merge commit, and cleanup state. Constraint: Keep the follow-up scoped to the existing change record only Rejected: Leave the merged change with stale completion state | it keeps the execution record inaccurate Confidence: high Scope-risk: narrow Reversibility: clean Directive: When finish/cleanup evidence is only known after merge, record it in the merged change rather than leaving unchecked completion tasks behind Tested: openspec validate agent-codex-doctor-auto-finish-manual-conflict-2026-04-22-10-42 --type change --strict Not-tested: No code-path tests run; docs-only OpenSpec completion update Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> * Make extracted Guardex CLI seams executable and publishable The branch already moved the Guardex CLI into src/**, but the extracted scaffold and git seams were still incomplete and the thin entrypoint/package regressions were only half-switched. This wires the runtime through the extracted scaffold, hooks, toolchain, and finish modules, restores the helper export contract that src/cli/main.js depends on, ships src/** in the published package, and locks the modular entrypoint with focused metadata and command-route regressions. Constraint: The thin bin entrypoint must preserve the existing gx command surface for installed CLIs Constraint: The existing agent branch already carried partial refactor state in bin/src/scripts, so the fix had to resume that lane instead of restarting from dev Rejected: Re-expand logic back into bin/multiagent-safety.js | would undo the modularization goal Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep future CLI refactors moving behavior into src/** and verify module export contracts before thinning the bin entrypoint Tested: node --check bin/multiagent-safety.js; find src -type f -name '*.js' -exec node --check {} +; node -e "require('./src/cli/main'); console.log('cli-main-ok')"; node bin/multiagent-safety.js --version; node --test test/metadata.test.js; node --test --test-name-pattern "thin entrypoint still routes hook install through the extracted hooks module|thin entrypoint routes finish --all --dry-run through the extracted finish module" test/install.test.js; npm pack --dry-run; openspec validate agent-codex-decompose-cli-monolith-2026-04-22-11-06 --type change --strict; openspec validate --specs Not-tested: Full test/install.test.js bundle (long-running background path; replaced with targeted command-route coverage) * Keep the thin Guardex entrypoint executable Rewriting bin/multiagent-safety.js into a tiny bootstrap reset its file mode to 0644, which would break direct repo usage even though the modular runtime itself was correct. This restores the executable bit and adds a metadata regression so future entrypoint rewrites keep the bin file runnable. Constraint: The published and repo-local CLI entrypoint must remain directly executable after the modularization rewrite Rejected: Rely on npm install behavior alone | does not protect direct repo execution or future pack regressions Confidence: high Scope-risk: narrow Reversibility: clean Directive: When rewriting files under bin/, preserve the existing executable mode and add an assertion if the rewrite path can reset it Tested: node --test --test-name-pattern "thin CLI entrypoint delegates to src/cli runtime" test/metadata.test.js; ./bin/multiagent-safety.js --version Not-tested: Full metadata and install suites re-run after the mode-only fix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: NagyVikt <nagy.viktordp@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated by scripts/agent-branch-finish.sh (PR flow).