Canonicalize absolute shell path operands before comparing them with the workspace root so symlink-expanded reads cannot be downgraded under workspace-write enforcement. Also resolves local clippy findings in the touched tools crate so targeted linting can run cleanly.\n\nConstraint: Task 1 scope is workspace/path scope enforcement only; do not mutate .omx/ultragoal.\nRejected: Editing shared path-scope regression tests | worker-3 owns that test coverage and the current tests already prove the contract.\nConfidence: high\nScope-risk: narrow\nDirective: Keep shell/file permission classification canonical-path based before permitting workspace-write execution.\nTested: ../scripts/fmt.sh --check; cargo test -p tools --test path_scope_enforcement -- --nocapture; cargo test -p tools given_workspace_write_enforcer_when_bash -- --nocapture; cargo check -p tools; cargo clippy -p tools --all-targets --no-deps -- -D warnings\nNot-tested: Full workspace clippy still has known unrelated runtime crate warnings outside this task scope.
Constraint: G003 worker outputs added config and startup evidence fields that must compile under focused runtime validation before leader push.
Rejected: pushing auto-checkpoints without leader validation | integrated tests initially failed to compile due missing imports and stale StartupEvidenceBundle fixtures.
Confidence: high
Scope-risk: narrow
Directive: When extending StartupEvidenceBundle, update all in-crate fixtures in the same change.
Tested: git diff --check; cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p runtime trusted_roots -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime startup -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime worker_boot -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo check --manifest-path rust/Cargo.toml --workspace
Not-tested: full cargo test --workspace remains deferred during active G003 team work.
Co-authored-by: OmX <omx@oh-my-codex.dev>
Constraint: User explicitly requested all roadmap PRs be merged when correct and mapped into the Ultragoal backlog when not immediately mergeable.
Rejected: leaving the PR inventory as ignored OMX-only state | roadmap merge obligations need a tracked handoff for later G011/G012 gates.
Confidence: high
Scope-risk: narrow
Directive: Refresh this intake after each roadmap PR merge batch and regenerate the CC2 board if ROADMAP.md changes.
Tested: gh pr list --state open --search roadmap in:title --json number,title,author,mergeable,isDraft,statusCheckRollup,headRefName,baseRefName,updatedAt,url --limit 200
Not-tested: individual PR mergeability was not forced in this intake commit.
Co-authored-by: OmX <omx@oh-my-codex.dev>
Worker-3's path-scope regression showed outside read_file paths were blocked by the workspace wrapper after dispatch instead of by the permission enforcer. File, glob, and grep tools now classify path scope before dispatch and require danger-full-access for paths that resolve outside the current workspace.
Constraint: G002-alpha-security requires permission-mode event/status visibility for blocked file and shell paths
Rejected: relying only on runtime wrapper errors | it hides the active permission-mode denial contract from callers
Confidence: high
Scope-risk: narrow
Directive: keep path-sensitive tool permission classification aligned with workspace wrapper resolution
Tested: cargo test -p tools --test path_scope_enforcement --manifest-path rust/Cargo.toml --quiet; cargo test -p tools given_workspace_write_enforcer_when_bash --manifest-path rust/Cargo.toml --quiet; cargo check --manifest-path rust/Cargo.toml --workspace; cargo fmt --all --manifest-path rust/Cargo.toml -- --check
Not-tested: full workspace test suite after this small permission-classification follow-up
Co-authored-by: OmX <omx@oh-my-codex.dev>
Constraint: G002-alpha-security requires direct file-tool escapes to fail before reads while accepting the canonical runtime error text.
Rejected: weakening the test to accept successful reads | the verified behavior denies the escape and only the assertion vocabulary was stale.
Confidence: high
Scope-risk: narrow
Directive: Keep path-scope tests asserting denial semantics, not a single legacy wording.
Tested: cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools --test path_scope_enforcement -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime workspace_ -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract -- --nocapture; python3 -m pytest tests/test_security_scope.py -q; cargo check --manifest-path rust/Cargo.toml --workspace; git diff --check
Not-tested: full cargo test --workspace due known unrelated session_lifecycle_prefers_running_process_over_idle_shell failure.
Co-authored-by: OmX <omx@oh-my-codex.dev>
The G002 security gate caught that PowerShell path classification still treated Windows absolute paths as workspace-relative on POSIX, so workspace scope now rejects those tokens before permission downgrades.
Constraint: G002-alpha-security requires workspace/path scope across Windows path cases as well as direct paths, symlinks, globbing, shell expansion, and worktrees.
Rejected: Relying on PathBuf::is_absolute for Windows syntax on POSIX | it treats C:\ and UNC-like tokens as relative and weakens permission classification.
Confidence: high
Scope-risk: narrow
Directive: Keep bash and PowerShell path classifiers aligned whenever new shell syntax is admitted.
Tested: cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools --test path_scope_enforcement -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime workspace_ -- --nocapture; python3 -m pytest tests/test_security_scope.py -q; cargo check --manifest-path rust/Cargo.toml --workspace.
Not-tested: Full cargo test --workspace still has existing unrelated rusty-claude-cli session lifecycle failure reported by workers.
Co-authored-by: OmX <omx@oh-my-codex.dev>
Constraint: Task 5 is reporting/map ownership only; worker-1 owns implementation changes and shared security/path tests.\nRejected: Editing runtime enforcement failures from this lane | shared implementation/test ownership belongs to other workers unless re-scoped.\nConfidence: high\nScope-risk: narrow\nDirective: Keep this artifact synchronized with exact verification output before leader aggregation.\nTested: python3 scripts/validate_cc2_board.py --board .omx/cc2/board.json; python3 .omx/cc2/validate_issue_parity_intake.py .omx/cc2/issue-parity-intake.json; scripts/fmt.sh --check; cargo check --workspace; targeted runtime permission/path tests; mock parity harness.\nNot-tested: Full clippy and cargo test --workspace are not green due pre-existing/shared runtime/CLI failures documented in the artifact.
The Ultragoal now has an explicit repository-operations gate so final completion cannot rely only on roadmap implementation while correct PRs or resolvable issues remain unhandled.
Constraint: The user explicitly added that all PRs should be merged and all issues resolved when they are correct and resolvable.
Rejected: Treating the existing roadmap board as sufficient | it did not require per-PR and per-issue final triage evidence.
Confidence: high
Scope-risk: narrow
Directive: Refresh GitHub PR and issue snapshots at the final gate; do not merge unsafe or incorrect PRs merely to reduce counts.
Tested: gh auth status; gh pr list --state open --limit 200 captured 50 records; gh issue list --state open --limit 1000 captured 1000 records.
Not-tested: Full PR/issue triage is deferred to the dedicated gate and later streams.
Co-authored-by: OmX <omx@oh-my-codex.dev>
The canonical Stream 0 board must be machine-checkable before Ultragoal can checkpoint G001, so the generated board and validation wrapper now share the same rich board schema and Markdown renderer.
Constraint: G001 requires .omx/cc2/board.json and .omx/cc2/board.md to prove all frozen ROADMAP.md headings and ordered actions are mapped.
Rejected: Relying on worker-reported validation alone | leader-side validation found schema drift between the status-only and lifecycle_status board entrypoints.
Confidence: high
Scope-risk: narrow
Directive: Keep scripts/generate_cc2_board.py, scripts/validate_cc2_board.py, scripts/cc2_board.py, and .omx/cc2/render_board_md.py aligned on board schema changes.
Tested: python3 scripts/generate_cc2_board.py; python3 scripts/validate_cc2_board.py; python3 scripts/cc2_board.py validate; python3 .omx/cc2/validate_issue_parity_intake.py; python3 .omx/cc2/render_board_md.py .omx/cc2/board.json .omx/cc2/board.md --check; python3 -m py_compile scripts/generate_cc2_board.py scripts/validate_cc2_board.py scripts/cc2_board.py .omx/cc2/validate_issue_parity_intake.py .omx/cc2/render_board_md.py; cargo check --manifest-path rust/Cargo.toml --workspace.
Not-tested: Full cargo test workspace has unrelated existing failures reported by workers in session lifecycle/permission-mode tests.
Co-authored-by: OmX <omx@oh-my-codex.dev>
Derive the board from ROADMAP.md heading anchors and record the required local research and adaptive-plan sources as immutable manifest metadata. Add a validation command that fails if any ROADMAP heading lacks a board item or required lifecycle fields.
Constraint: Workers must not mutate .omx/ultragoal; board outputs live under .omx/cc2 and source research is read-only.
Rejected: Hand-maintained board rows | too easy to leave ROADMAP headings unmapped and hard to validate.
Confidence: high
Scope-risk: narrow
Directive: Regenerate with scripts/cc2_board.py after ROADMAP.md changes, then run the validate command before checkpointing G001.
Tested: python3 -m py_compile scripts/cc2_board.py; python3 scripts/cc2_board.py validate; cargo check --workspace; cargo fmt --all -- --check
Not-tested: cargo test --workspace has unrelated failing rusty-claude-cli lifecycle assertion tests::session_lifecycle_prefers_running_process_over_idle_shell.
Render the canonical CC2 board into a human-readable review artifact while preserving worker-1's generated schema as the source of truth.\n\nConstraint: leader owns Ultragoal state; .omx/ultragoal was not mutated.\nRejected: hand-editing board.md without a renderer | it would make coverage drift harder to validate.\nConfidence: high\nScope-risk: narrow\nDirective: regenerate board.md with .omx/cc2/render_board_md.py after board.json changes.\nTested: python3 .omx/cc2/render_board_md.py .omx/cc2/board.json .omx/cc2/board.md --check; python3 -m py_compile .omx/cc2/render_board_md.py; cargo check --workspace; cargo test --workspace (fails one unrelated lifecycle test).\nNot-tested: cargo test --workspace is not fully green because tests::session_lifecycle_prefers_running_process_over_idle_shell fails persistently in rusty-claude-cli without touching Rust sources.
Constraint: Task 3 scope is limited to G001 issue/parity intake and must not mutate .omx/ultragoal
Rejected: Editing canonical board.json directly | worker-1 owns Task 2 canonical board output and coordination requires a mergeable fragment
Confidence: high
Scope-risk: narrow
Directive: Integrate these rows into .omx/cc2/board.json and board.md without reclassifying the frozen evidence unless the source snapshot changes
Tested: python3 .omx/cc2/validate_issue_parity_intake.py; python3 -m py_compile .omx/cc2/validate_issue_parity_intake.py; python3 -m json.tool .omx/cc2/issue-parity-intake.json; cargo check --manifest-path rust/Cargo.toml --workspace
Not-tested: cargo test --manifest-path rust/Cargo.toml --workspace has 2 pre-existing/environmental failures in rusty-claude-cli tests unrelated to .omx/cc2 intake files
Pinpoint: 'enabled:true, supported:false' is semantic nonsense.
'filesystem_active:true allowed_mounts:[]' contradicts 'workspace-only'.
'active:false filesystem_active:true' has no documented aggregation rule.
Renaming 'enabled' to 'requested' and exposing 'active_components:[]'
would surface real isolation state to automation.
Pinpoint: claw --no-such-flag --output-format json writes the JSON
envelope to stderr (115 bytes) while stdout is 0 bytes. Same for
missing_credentials, session_load_failed, invalid_model_syntax —
all 4 error kinds tested put JSON on stderr. Breaks the standard
'output=$(cmd --output-format json)' pattern. Every major CLI
(kubectl/gh/aws/jq/terraform -json) puts JSON on stdout regardless
of success/failure. Sibling: deprecation warnings precede the JSON
envelope on stderr, breaking 'tail -1 | jq' parsing.
Pinpoint: status emits 3x deprecation warnings, doctor 2x, mcp 2x,
version 0x. Each duplicate is byte-identical (same file/line/field).
Config-load pipeline is fanned out across commands without a cache.
15 redundant disk reads in worst case. Real warnings drowned out by
copies. Count fluctuates between HEADs (3 at 6c0c305a, 4 at d7dbe951,
3 at 5a4cc506) — no architectural fix landed.
Pinpoint: .claw/skills/wrong-name/SKILL.md with frontmatter name:
actually-different-name silently loads as the frontmatter name. Users
referencing by dir name get skill_not_found while skills list shows
the frontmatter name. Siblings: subdir without SKILL.md silently
skipped; loose .md at skills root dropped; no --scope filter for
workspace vs user merge.
Pinpoint: claw --resume latest from / hits 'Read-only file system'
(OS error 30) — only saved by root being read-only. From /tmp or
$HOME, silently creates .claw/sessions/<fingerprint>/ droppings.
Exit code 0 on the read-only-FS error. Stale /tmp/.claw from 13:31
dogfood still present at 21:30 (10 hours, 6+ HEADs later) — #435's
deferred-creation fix hasn't landed. The broad-cwd guard only covers
shorthand prompt path, not resume/status/doctor.
