fix(sdd-execute): bundle agent branch ref not HEAD in cargo-lock post-step

[norrietaylor]

Root cause

#153's Cargo.lock post-step regenerates the agent's git bundle with the wrong ref:

git bundle create "$AGENT_BUNDLE" "${base_sha}..HEAD"

A bundle built from ..HEAD records the tip as HEAD, not as a branch ref. gh-aw's safe_outputs applies the bundle by fetching refs/heads/<branch> from it, which is absent:

fatal: couldn't find remote ref refs/heads/sdd/16-krunkit-runner-lifecycle
✗ create_pull_request failed: Failed to apply bundle

Every Rust task PR whose patch touches a Cargo.toml (so the post-step fires) fails to materialize. Observed on gominimal/minspec-test task #16 (run 26556867070); tasks #14 and #17 predate #153 and were unaffected. The comment one line above the bug already states the correct form (<base>..<branch>).

Fix

-git bundle create "$AGENT_BUNDLE" "${base_sha}..HEAD"
+git bundle create "$AGENT_BUNDLE" "${base_sha}..${AGENT_BRANCH}"

$AGENT_BRANCH is the agent's branch (git rev-parse --abbrev-ref HEAD, captured in the detect step). Ranging to the branch name records refs/heads/<branch> in the bundle, which is exactly the ref gh-aw fetches. Applied to all three tier sources; locks regenerated with gh aw compile (pinned v0.74.3). The format-patch line is left on HEAD — patches carry commits, not ref names, so git am is unaffected.

Acceptance

• An sdd-execute run whose patch edits Cargo.toml opens its PR successfully (bundle applies, refs/heads/<branch> resolves).
• No change to runs that don't touch Cargo.toml (post-step still no-ops).

Non-goals

• Revisiting the patch-vs-bundle transport choice. Bundle is gh-aw's default; this restores its correct ref.

References

• Regressed in feat(sdd-execute): refresh Cargo.lock after Rust dependency edits #153
• Failing run: https://github.com/gominimal/minspec-test/actions/runs/26556867070

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8ff7351c-e900-48e9-822a-1e6f4209d2ab

📥 Commits

Reviewing files that changed from the base of the PR and between ebd7633 and d5040b4.

📒 Files selected for processing (6)

• .github/workflows/sdd-execute-haiku.lock.yml
• .github/workflows/sdd-execute-haiku.md
• .github/workflows/sdd-execute-opus.lock.yml
• .github/workflows/sdd-execute-opus.md
• .github/workflows/sdd-execute-sonnet.lock.yml
• .github/workflows/sdd-execute-sonnet.md

---

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes
  • Improved CI/CD workflow handling of agent patch artifacts by ensuring git bundle generation correctly references the intended branch, fixing potential issues with patch transport during workflow execution.

Walkthrough

Three agent execution workflows (sdd-execute-haiku, opus, sonnet) are regenerated with updated metadata identifiers from the gh-aw compilation tool, and a functional fix is applied: the post-agent Cargo.lock refresh step now uses ${AGENT_BRANCH} instead of HEAD when creating git bundles, aligning the bundle with the branch the agent actually operated on.

Changes

SDD Execute Workflow Updates

Layer / File(s)	Summary
Git Bundle Range Functional Fix .github/workflows/sdd-execute-haiku.lock.yml, .github/workflows/sdd-execute-haiku.md, .github/workflows/sdd-execute-opus.lock.yml, .github/workflows/sdd-execute-opus.md, .github/workflows/sdd-execute-sonnet.lock.yml, .github/workflows/sdd-execute-sonnet.md	All three execution workflows now regenerate git bundles using ${AGENT_BRANCH} as the commit range endpoint instead of the generic HEAD. This ensures the regenerated bundle transport matches the branch that the agent patch was generated against, rather than whatever HEAD points to at bundle creation time.
Workflow Metadata and Heredoc Regeneration .github/workflows/sdd-execute-haiku.lock.yml, .github/workflows/sdd-execute-opus.lock.yml, .github/workflows/sdd-execute-sonnet.lock.yml	Frontmatter hashes and internal heredoc delimiter identifiers across haiku, opus, and sonnet lock files are regenerated by the gh-aw code generation tool. Safe Outputs config heredoc markers, MCP gateway configuration markers, and prompt assembly boundaries are updated while preserving prompt content and workflow logic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• norrietaylor/spectacles#153: Introduces the Cargo.lock refresh and git bundle regeneration logic that this PR refines by aligning the bundle range to the actual agent branch instead of HEAD.

Poem

🐰 A bundle's voyage, once adrift on HEAD's whim,
Now sails by AGENT_BRANCH, steady and trim,
Three workflows aligned, their locks regen'd clean,
The branch that was built is the branch that's foreseen. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main functional fix: changing the git bundle reference from HEAD to AGENT_BRANCH in the cargo-lock post-step.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, providing root cause analysis, the specific fix, acceptance criteria, and references to justify the changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/sdd-execute-bundle-ref

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0