Conversation
Setup, install, and fix now follow the doctor-style sandbox path when they hit a protected main checkout. The visible base branch stays untouched while maintenance runs in a worktree, sandbox changes are auto-committed, and cleanup only happens after a safe no-op or completed finish flow. The regression file now pins setup, install, fix, and setup auto-finish behavior on protected main, and the active OpenSpec change records the continuation note plus verification progress. Constraint: Visible protected main checkouts must stay unchanged during repo bootstrap and repair flows Rejected: Keep hard-blocking setup/install/fix on protected main | it forces manual overrides before Guardex can bootstrap itself Confidence: high Scope-risk: moderate Directive: Do not reintroduce direct protected-main setup/install/fix writes without updating sandbox cleanup behavior and protected-main regressions together Tested: Direct Node repros for protected-main setup, install, fix, and setup auto-finish; node --check bin/multiagent-safety.js; openspec validate agent-codex-setup-protected-main-sandbox-2026-04-21-12-02 --type change --strict; openspec validate --specs; git diff --check Not-tested: Full npm test (timed out after 120s during node:test suite)
NagyVikt
deleted the
agent/codex/setup-protected-main-sandbox-2026-04-21-12-02
branch
NagyVikt
added a commit
that referenced
this pull request
Apr 21, 2026
…ge (#218) The change itself is already on main via PR #217, but its tasks checklist still looked incomplete. This follow-up updates the change artifact so the recorded state matches the merged PR, cleaned worktree/ref state, and post-merge verification that was rerun on main. Constraint: Keep the follow-up limited to the existing change artifact; do not reopen the behavioral change itself Rejected: Leave the tasks checklist stale after merge | it conflicts with the repo's OpenSpec completion contract Confidence: high Scope-risk: narrow Directive: When a guarded finish flow merges a change before the artifact checklist is updated, add a tiny follow-up rather than leaving completion evidence implicit Tested: openspec validate agent-codex-setup-protected-main-sandbox-2026-04-21-12-02 --type change --strict; git diff --check Not-tested: Full npm test (no code changed in this follow-up) Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated by scripts/agent-branch-finish.sh (PR flow).