test(load): add Tier-2 CF-DO scoped writeback harness

[khaliqgant]

Summary

Adds a credential-gated Tier-2 CF-DO scoped writeback harness under test/load/.

The harness is the runnable 2A artifact for the team-spawn §7 load gate. It builds/runs the real relayfile-mount binary in poll mode against a provisioned CF-DO-backed Relayfile workspace, with N disjoint remote roots and N non-empty path-scoped member tokens.

Important gate label

This PR does not prove the full §7 N-load gate. It only lands the gated harness. §7 remains open until an operator-/lead-provisioned CF-DO workspace run produces evidence.

Absent credentials are loud and non-green: the harness writes JSON evidence with status: skipped, prints TIER2_HARNESS_SKIPPED, and exits 77.

What the harness records

• per-member path-scoped write-token scopes, rejecting broad/admin/empty scopes before the run
• real relayfile-mount bootstrap + writeback process outcomes
• in-scope edits that reach the remote workspace
• out-of-scope sentinels that do not reach the remote workspace
• observed status codes, Retry-After values, and mount-log pathology flags
• edge write-admission and WorkspaceDO-internal admission as separate evidence layers

Acceptance is failure-mode based: no #1602 pathology (500/object reset/context deadline). Graceful 429 workspace_busy with Retry-After is accepted at the effective stage-configured cap.

Verification

• npm run test:load:tier2-scoped-writeback:self-test
• RELAYFILE_TIER2_EVIDENCE=/tmp/relayfile-tier2-skip-evidence.json npm run test:load:tier2-scoped-writeback exits 77 and writes status: skipped
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• go test ./cmd/relayfile-mount

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Review limit reached

@khaliqgant, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 11 minutes and 5 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 64665ff2-c7a6-4e51-9d89-1220e86e9ef1

📥 Commits

Reviewing files that changed from the base of the PR and between 70b959a and d8dc717.

📒 Files selected for processing (3)

• package.json
• test/load/README.md
• test/load/tier2-cfdo-scoped-writeback.mjs

📝 Walkthrough

Walkthrough

This PR adds a new credential-gated tier-2 load test harness that executes CF-DO scoped writeback operations. It includes npm script entry points, complete documentation, and a 765-line Node.js CLI that validates per-member token scopes, orchestrates multi-phase mount operations, verifies filesystem visibility, detects pathology signals, and collects structured evidence with built-in self-test validation. Twenty trajectory compaction metadata records are also added.

Changes

Tier-2 CF-DO Scoped Writeback Load Test Harness

Layer / File(s)	Summary
CLI entry points and test infrastructure package.json, test/load/README.md, test/load/tier2-cfdo-scoped-writeback.mjs	npm scripts test:load:tier2-scoped-writeback and test:load:tier2-scoped-writeback:self-test invoke the harness. README documents credential gating, environment variables, and acceptance criteria. CLI parses arguments, gates execution on credentials, runs harness or writes skipped evidence, and exits with appropriate status.
Configuration and credential validation test/load/tier2-cfdo-scoped-writeback.mjs	Environment variables are parsed for URLs, credentials, and tuning parameters. Missing Tier-2 credentials are detected with helpful hints. Token JWT claims are decoded from RelayAuth API responses. Normalized runtime configuration is built with URLs, members, timeouts, and evidence path.
API client and evidence infrastructure test/load/tier2-cfdo-scoped-writeback.mjs	Generic requestJSON helper issues HTTP requests with Bearer tokens, JSON body handling, timeout via AbortController, and structured failure reporting. Evidence scaffolding defines schema and status metadata. Path token minting validates per-member write scopes against remote root assignments, rejecting broad or admin scopes.
Mount execution and process orchestration test/load/tier2-cfdo-scoped-writeback.mjs	relayfile-mount binary is built via go build in temp workspace. Child processes are spawned with merged environment, SIGTERM/SIGKILL timeout enforcement, and stdout/stderr capture. Mount operations execute with detailed arguments and analyze output for HTTP status codes and pathology signals (workspace_busy, retry-after, context deadline, HTTP 5xx). Pathology detection fails harness on #1602-class signals.
Result verification and admission probes test/load/tier2-cfdo-scoped-writeback.mjs	Remote workspace content is seeded under per-member scoped roots. Local member directories are prepared with README seeds and out-of-scope sentinels. Expected writeback files are verified to exist on remote with exact content. Out-of-scope sentinels are confirmed unreachable. Direct admission probes post foreground writes and collect response metadata (status, retryAfter, code, reason).
Full harness orchestration and evidence collection test/load/tier2-cfdo-scoped-writeback.mjs	Orchestrates end-to-end execution: creates temp workroot, constructs member operations, builds evidence payload, builds mount binary, prepares local and remote roots, mints per-member path tokens, executes bootstrap and writeback mount phases with 429 grace checks, verifies visibility, runs admission probe, aggregates observations into final evidence, marks failed status on pathology, and ensures temp cleanup.
Evidence redaction and self-test validation test/load/tier2-cfdo-scoped-writeback.mjs	Captured stdout/stderr are truncated and redacted to remove bearer tokens and relay token strings. Self-test validates scope acceptance/rejection, token-scope enforcement, environment integer parsing, missing-credential hints, output redaction, and expected command failures.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 A load test harness hops into the warren,
With tokens and mounts, no credentials to borrow-in,
Scoped writes cascade through workspace terrain,
Pathology detected before it causes pain,
Evidence gathered, redacted with care—
Self-tests affirm: the harness is fair!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding a Tier-2 CF-DO scoped writeback harness test under test/load/, which is the primary focus of the PR.
Description check	✅ Passed	The description is directly related to the changeset, providing clear context about the credential-gated harness, its purpose for the §7 load gate, what it records, and verification steps.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/tier2-cfdo-scoped-writeback-harness

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Relayfile Eval Review

Run: .relayfile/evals/runs/2026-06-01T03-50-56-004Z-HEAD-provider
Mode: provider
Git SHA: 3bcc0bf

Passed: 4 | Needs human: 0 | Reviewable: 0 | Missing output: 0 | Failed: 0 | Skipped: 0

Human Review Cases

No reviewable human-review cases captured Relayfile output.

[cubic-dev-ai]

No issues found across 3 files

_{Re-trigger cubic}

[agent-relay-bot]

Reviewed and fixed PR #228 locally.

Changes made:

• Tightened test/load/tier2-cfdo-scoped-writeback.mjs scope validation so member tokens reject extra broad, manage, or wrong-root write scopes.
• Made the harness self-test independent of ambient tier-2 credentials.
• Fixed SDK Vitest self-import resolution in packages/sdk/typescript/vitest.config.ts so clean-checkout tests do not require prebuilt dist.

Validation run:

• npm run test:load:tier2-scoped-writeback:self-test passed.
• Same self-test with fake credential env passed.
• node --check test/load/tier2-cfdo-scoped-writeback.mjs passed.
• npm run test --workspace=packages/sdk/typescript passed.
• npm test passed through JS/TS workspaces, then stopped at go test ./... because go is not installed in this container.
• Real tier-2 load probe still exits 77 with skipped evidence when credentials are absent, as designed.

[agent-relay-bot]

⚠️ pr-reviewer push failed (exit 128) — fixes were not applied to the PR. The notes below are advisory and were not pushed.

Reviewed and fixed PR #228 locally.

Changes made:

• Tightened test/load/tier2-cfdo-scoped-writeback.mjs scope validation so member tokens reject extra broad, manage, or wrong-root write scopes.
• Made the harness self-test independent of ambient tier-2 credentials.
• Fixed SDK Vitest self-import resolution in packages/sdk/typescript/vitest.config.ts so clean-checkout tests do not require prebuilt dist.

Validation run:

• npm run test:load:tier2-scoped-writeback:self-test passed.
• Same self-test with fake credential env passed.
• node --check test/load/tier2-cfdo-scoped-writeback.mjs passed.
• npm run test --workspace=packages/sdk/typescript passed.
• npm test passed through JS/TS workspaces, then stopped at go test ./... because go is not installed in this container.
• Real tier-2 load probe still exits 77 with skipped evidence when credentials are absent, as designed.

[agent-relay-bot]

⚠️ pr-reviewer push failed (exit 128) — fixes were not applied to the PR. The notes below are advisory and were not pushed.

Reviewed and fixed PR #228 locally.

Changes made:

• Tightened test/load/tier2-cfdo-scoped-writeback.mjs scope validation so member tokens reject extra broad, manage, or wrong-root write scopes.
• Made the harness self-test independent of ambient tier-2 credentials.
• Fixed SDK Vitest self-import resolution in packages/sdk/typescript/vitest.config.ts so clean-checkout tests do not require prebuilt dist.

Validation run:

• npm run test:load:tier2-scoped-writeback:self-test passed.
• Same self-test with fake credential env passed.
• node --check test/load/tier2-cfdo-scoped-writeback.mjs passed.
• npm run test --workspace=packages/sdk/typescript passed.
• npm test passed through JS/TS workspaces, then stopped at go test ./... because go is not installed in this container.
• Real tier-2 load probe still exits 77 with skipped evidence when credentials are absent, as designed.

[agent-relay-bot]

✅ pr-reviewer applied fixes — committed and pushed 70b959a to this PR. The notes below describe what changed.

Reviewed PR #228 and fixed harness robustness issues:

• Added bounded API fetches via RELAYFILE_TIER2_API_TIMEOUT_MS.
• Made spawned command failures resolve cleanly so missing go/mount build failures produce evidence instead of crashing.
• Tightened integer env parsing and added self-test coverage.
• Documented the new API timeout knob.

Validation run locally:

• npm run test:load:tier2-scoped-writeback:self-test
• skipped-credentials path exits 77 with evidence
• fake credential failure path writes failed evidence for missing go
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• scripts/check-contract-surface.sh
• npm run test --workspace=packages/core
• npm run build --workspace=packages/sdk/typescript
• npm run test --workspace=packages/sdk/typescript
• npm run test --workspace=packages/local-mount
• npm run test --workspace=@relayfile/file-observer
• SDK/local-mount typechecks

Could not run Go tests because go is not installed in this environment.

[agent-relay-bot]

✅ pr-reviewer applied fixes — committed and pushed 70b959a to this PR. The notes below describe what changed.

Reviewed PR #228 and fixed harness robustness issues:

• Added bounded API fetches via RELAYFILE_TIER2_API_TIMEOUT_MS.
• Made spawned command failures resolve cleanly so missing go/mount build failures produce evidence instead of crashing.
• Tightened integer env parsing and added self-test coverage.
• Documented the new API timeout knob.

Validation run locally:

• npm run test:load:tier2-scoped-writeback:self-test
• skipped-credentials path exits 77 with evidence
• fake credential failure path writes failed evidence for missing go
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• scripts/check-contract-surface.sh
• npm run test --workspace=packages/core
• npm run build --workspace=packages/sdk/typescript
• npm run test --workspace=packages/sdk/typescript
• npm run test --workspace=packages/local-mount
• npm run test --workspace=@relayfile/file-observer
• SDK/local-mount typechecks

Could not run Go tests because go is not installed in this environment.

[agent-relay-bot]

Reviewed PR #228 and fixed the issues found locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-path mapping, kept mount state outside the scoped subtree, tightened token scope validation, and made self-test env-independent.
• packages/sdk/typescript/vitest.config.ts: added a source alias for @relayfile/sdk so tests do not require prebuilt dist.

Validation run:

• npm run test:load:tier2-scoped-writeback:self-test
• same self-test with fake tier-2 credential env
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• npm run test --workspace=packages/sdk/typescript
• npm run typecheck --workspace=packages/sdk/typescript
• npm test passed JS/TS workspaces, then stopped at go test ./... because go is not installed in this container.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #228 and fixed the issues found locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-path mapping, kept mount state outside the scoped subtree, tightened token scope validation, and made self-test env-independent.
• packages/sdk/typescript/vitest.config.ts: added a source alias for @relayfile/sdk so tests do not require prebuilt dist.

Validation run:

• npm run test:load:tier2-scoped-writeback:self-test
• same self-test with fake tier-2 credential env
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• npm run test --workspace=packages/sdk/typescript
• npm run typecheck --workspace=packages/sdk/typescript
• npm test passed JS/TS workspaces, then stopped at go test ./... because go is not installed in this container.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #228 and fixed the issues found locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-path mapping, kept mount state outside the scoped subtree, tightened token scope validation, and made self-test env-independent.
• packages/sdk/typescript/vitest.config.ts: added a source alias for @relayfile/sdk so tests do not require prebuilt dist.

Validation run:

• npm run test:load:tier2-scoped-writeback:self-test
• same self-test with fake tier-2 credential env
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• npm run test --workspace=packages/sdk/typescript
• npm run typecheck --workspace=packages/sdk/typescript
• npm test passed JS/TS workspaces, then stopped at go test ./... because go is not installed in this container.

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/load/tier2-cfdo-scoped-writeback.mjs`:
- Around line 636-649: The test populates evidence.mounts,
evidence.remoteVisibility, and evidence.admissionProbe only inside the
success-only tail (before setting evidence.status = "passed"), so any earlier
failure returns without the harness-preserved mount/output evidence; fix by
moving the population of evidence.mounts (using [...initialMounts,
...writebackMounts].map(redactMountResult)), evidence.remoteVisibility
(visibilityChecks) and evidence.admissionProbe into the common/earlier failure
path so they are always set before any early return, and persist/save the
evidence object (before you set evidence.status = "passed" or in the shared
finally/error handler) so failures also include these fields; ensure the summary
computation (observed429, observedRetryAfter via admissionProbe.responses and
mount observations, observed500, observedContextDeadline, observedObjectReset)
remains correct by referencing admissionProbe.responses and evidence.mounts
after they are populated.
- Around line 629-633: The current logic treats any 429 anywhere (observed429)
as exculpatory for all failed writebacks; change this to validate 429 evidence
per failedWriteback: iterate over failedWriteback and for each mount check
mount.observations.saw429 or a corresponding admissionProbe.responses entry tied
to that mount (e.g. response.status === 429 and response.target/member matches
the mount) and collect only mounts that failed without per-mount 429 evidence;
if that filtered list is non-empty throw the Error (use failedWriteback,
writebackMounts, observed429 only as references to replace the aggregate check
with a per-mount check against admissionProbe.responses).
- Around line 717-719: The test calls missingCredentialReasons(), which reads
the real process.env and causes flakiness when Tier-2 env vars are present;
modify the test to stash the current process.env values for RELAYFILE_TIER2_RUN
and RELAYFILE_TIER2_WORKSPACE_TOKEN, ensure those keys are deleted (or set to
undefined) before calling missingCredentialReasons(), run the two asserts that
expect "RELAYFILE_TIER2_RUN=1" and "RELAYFILE_TIER2_WORKSPACE_TOKEN" to be
present in the returned array, and finally restore the original env values (or
the original process.env entries) after the assertion to avoid side effects;
locate the change around the lines calling missingCredentialReasons() and the
two assert(...) calls.
- Around line 113-138: The current validation allows path-scoped "manage" grants
(e.g. "relayfile:fs:manage:/team/.../*") because isBroadOrAdminScope only checks
the exact "relayfile:fs:manage:/*" token; update the validation to reject any
"manage" grant regardless of path. Modify isBroadOrAdminScope (referenced by
validateMemberWriteScopes) to treat scopes that include a ":manage" segment as
broad/admin (e.g., add a check like value.includes(":manage") or match the
":manage" segment via regex) so any manage grant (path-scoped or global) causes
validateMemberWriteScopes to throw. Ensure existing checks for "fs:manage",
admin segments (":admin"), and wildcard patterns (":*:") remain.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 3904c48a-886f-49af-8317-c8787ba9ca50

📥 Commits

Reviewing files that changed from the base of the PR and between 1386546 and 70b959a.

📒 Files selected for processing (23)

• .trajectories/completed/2026-04/traj_7x9nltybo08h.compaction.json
• .trajectories/completed/2026-04/traj_82lywlk9dcnc.compaction.json
• .trajectories/completed/2026-04/traj_cdist8i8vdmd.compaction.json
• .trajectories/completed/2026-04/traj_dmoc4slub7ox.compaction.json
• .trajectories/completed/2026-04/traj_em3hvzpg1xmx.compaction.json
• .trajectories/completed/2026-04/traj_i1f02867dkxn.compaction.json
• .trajectories/completed/2026-04/traj_iuzm83ogm43k.compaction.json
• .trajectories/completed/2026-04/traj_nixaonkglri1.compaction.json
• .trajectories/completed/2026-04/traj_qi3qmy5oveab.compaction.json
• .trajectories/completed/2026-04/traj_wez7rl7pkfpn.compaction.json
• .trajectories/completed/2026-05/traj_6fjv0fnvrc5e.compaction.json
• .trajectories/completed/2026-05/traj_6lyjg41p6a28.compaction.json
• .trajectories/completed/2026-05/traj_9khc36ax639i.compaction.json
• .trajectories/completed/2026-05/traj_a6rfc30zag40.compaction.json
• .trajectories/completed/2026-05/traj_ailh4waboewf.compaction.json
• .trajectories/completed/2026-05/traj_d3drzvodqpn7.compaction.json
• .trajectories/completed/2026-05/traj_hyqnsfininh5.compaction.json
• .trajectories/completed/2026-05/traj_v1un6n66y38i.compaction.json
• .trajectories/completed/2026-05/traj_xf18gkmtr3ib.compaction.json
• .trajectories/completed/2026-05/traj_z2klijcrwqed.compaction.json
• package.json
• test/load/README.md
• test/load/tier2-cfdo-scoped-writeback.mjs

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #228 and fixed the issues found locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-root mapping, moved mount state outside the scoped subtree, added API request timeouts, made spawn failures produce evidence, tightened integer env parsing, and expanded self-test coverage.
• test/load/README.md: documented RELAYFILE_TIER2_API_TIMEOUT_MS.
• packages/sdk/typescript/vitest.config.ts: aliases @relayfile/sdk to source during tests so clean checkouts do not require prebuilt dist.

Validated:

• Harness self-test, skip path, fake credential failure evidence path
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• scripts/check-contract-surface.sh
• SDK tests/typecheck/build
• Core, local-mount, and file-observer tests
• Local-mount typecheck

Could not run Go tests or Go vet locally because go is not installed in this container.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #228 and fixed the issues found locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-root mapping, moved mount state outside the scoped subtree, added API request timeouts, made spawn failures produce evidence, tightened integer env parsing, and expanded self-test coverage.
• test/load/README.md: documented RELAYFILE_TIER2_API_TIMEOUT_MS.
• packages/sdk/typescript/vitest.config.ts: aliases @relayfile/sdk to source during tests so clean checkouts do not require prebuilt dist.

Validated:

• Harness self-test, skip path, fake credential failure evidence path
• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• scripts/check-contract-surface.sh
• SDK tests/typecheck/build
• Core, local-mount, and file-observer tests
• Local-mount typecheck

Could not run Go tests or Go vet locally because go is not installed in this container.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed and fixed PR #228 locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-root mapping, moved state outside scoped subtree, preserved failure evidence earlier, tied 429 grace handling to the affected member, tightened broad/manage scope rejection.
• packages/sdk/typescript/vitest.config.ts: added source alias so SDK tests pass on clean checkouts without built dist.
• packages/local-mount/src/mount-reflink.test.ts: removed flaky debounce dependence while still verifying reflink copy behavior.

Local validation passed:

• Tier-2 harness syntax, self-test, skip evidence, fake failure evidence
• scripts/check-contract-surface.sh
• SDK tests/typecheck/build
• local-mount tests/typecheck/build
• file-observer tests

Could not run Go validation because go is not installed in this container (go: command not found).

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed and fixed PR #228 locally.

Changed:

• test/load/tier2-cfdo-scoped-writeback.mjs: fixed scoped mount local-root mapping, moved state outside scoped subtree, preserved failure evidence earlier, tied 429 grace handling to the affected member, tightened broad/manage scope rejection.
• packages/sdk/typescript/vitest.config.ts: added source alias so SDK tests pass on clean checkouts without built dist.
• packages/local-mount/src/mount-reflink.test.ts: removed flaky debounce dependence while still verifying reflink copy behavior.

Local validation passed:

• Tier-2 harness syntax, self-test, skip evidence, fake failure evidence
• scripts/check-contract-surface.sh
• SDK tests/typecheck/build
• local-mount tests/typecheck/build
• file-observer tests

Could not run Go validation because go is not installed in this container (go: command not found).

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Implemented fixes from the PR review pass:

• Fixed Tier-2 harness scoped mount layout so writes land where relayfile-mount actually syncs non-root remote paths.
• Moved mount state outside the scoped subtree and passed path tokens through env instead of argv.
• Preserved failure evidence, tightened per-member 429 handling, and strengthened broad/admin scope rejection.
• Fixed SDK clean-checkout Vitest resolution by aliasing @relayfile/sdk to source.

Validated locally:

• Harness syntax, self-test, skip evidence, fake failure evidence
• scripts/check-contract-surface.sh
• Core, SDK, local-mount, and file-observer tests
• SDK typecheck/build, local-mount typecheck/build, core build

Could not run Go tests/build because go is not installed in this container.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Implemented fixes from the PR review pass:

• Fixed Tier-2 harness scoped mount layout so writes land where relayfile-mount actually syncs non-root remote paths.
• Moved mount state outside the scoped subtree and passed path tokens through env instead of argv.
• Preserved failure evidence, tightened per-member 429 handling, and strengthened broad/admin scope rejection.
• Fixed SDK clean-checkout Vitest resolution by aliasing @relayfile/sdk to source.

Validated locally:

• Harness syntax, self-test, skip evidence, fake failure evidence
• scripts/check-contract-surface.sh
• Core, SDK, local-mount, and file-observer tests
• SDK typecheck/build, local-mount typecheck/build, core build

Could not run Go tests/build because go is not installed in this container.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #228 and fixed two harness issues in test/load/tier2-cfdo-scoped-writeback.mjs:

• Corrected the mount layout: non-root --remote-path mounts write under <local-dir>/<remote-path>, so the harness now passes a parent mount root and writes probe files into the derived scoped local root.
• Tightened token validation to require exact path-scoped read and write grants, and updated the README evidence wording.

Verified:

• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• npm run test:load:tier2-scoped-writeback:self-test
• npm run test:load:tier2-scoped-writeback exits 77 with skipped evidence when credentials are absent, as intended.

Could not run Go tests because go is not installed in this environment.

[agent-relay-bot]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #228 and fixed two harness issues in test/load/tier2-cfdo-scoped-writeback.mjs:

• Corrected the mount layout: non-root --remote-path mounts write under <local-dir>/<remote-path>, so the harness now passes a parent mount root and writes probe files into the derived scoped local root.
• Tightened token validation to require exact path-scoped read and write grants, and updated the README evidence wording.

Verified:

• node --check test/load/tier2-cfdo-scoped-writeback.mjs
• npm run test:load:tier2-scoped-writeback:self-test
• npm run test:load:tier2-scoped-writeback exits 77 with skipped evidence when credentials are absent, as intended.

Could not run Go tests because go is not installed in this environment.