You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make protected-main doctor completion actually clear stale-lock warnings (#41)
Sandbox doctor runs repaired lock state in a worktree, but base main kept stale lock entries and stayed degraded. This change syncs the repaired lock registry back to the protected workspace and tightens completion language from 'musafe' to 'safe'.
Constraint: Protected main must stay read-only for direct maintenance writes
Rejected: Force in-place doctor writes on main | violates protected-base workflow
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep doctor JSON output machine-readable when adding new completion metadata
Tested: node --check bin/multiagent-safety.js; node --test test/metadata.test.js; manual doctor->scan on /home/deadpool/Documents/multiagent-safety
Not-tested: full npm test (existing file-level failures in test/install.test.js and test/fuzzing.test.js)
Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
Copy file name to clipboardExpand all lines: AGENTS.md
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -92,9 +92,14 @@ OMX runtime state typically lives under `.omx/`:
92
92
- For git isolation, each agent must start on a dedicated branch via `scripts/agent-branch-start.sh "<task-or-plan>" "<agent-name>"`.
93
93
- Do not implement changes directly on `main` or other base branches; all edits must happen on dedicated agent branches/worktrees.
94
94
- If the current local branch already contains accidental edits, move them to an agent branch/worktree first, then continue implementation.
95
-
- Agent completion defaults to `scripts/codex-agent.sh`, which auto-finishes the branch (auto-commit changed files, push/create PR, attempt merge, clean branch/worktree, and pull the local base branch after merge).
96
-
- If codex-agent auto-finish cannot complete, run `scripts/agent-branch-finish.sh --branch "<agent-branch>" --via-pr` and keep the branch open until checks/review pass.
95
+
- Treat the base branch (`main` or the user's current local base branch) as read-only while the agent branch is active.
96
+
- Agent completion defaults to `scripts/codex-agent.sh`, which auto-finishes the branch (auto-commit changed files, push/create PR, attempt merge, and pull the local base branch after merge).
97
+
- Auto-finish keeps the sandbox branch/worktree by default so conflict follow-ups and audits stay reproducible.
98
+
- Use explicit cleanup when done: `gx cleanup --branch "<agent-branch>"` (or `gx cleanup` for all merged agent branches).
99
+
- If codex-agent auto-finish cannot complete, immediately run `scripts/agent-branch-finish.sh --branch "<agent-branch>" --via-pr` and keep the branch open until checks/review pass.
97
100
- If merge/rebase conflicts block auto-finish, run a conflict-resolution review pass in that sandbox branch, then rerun `agent-branch-finish.sh --via-pr` until merged.
101
+
- Completion is not valid until these are true: commit exists on the agent branch, branch is pushed to `origin`, and PR/merge status is produced by `agent-branch-finish.sh` or `codex-agent`.
102
+
- Per-message loop is mandatory: for every new user message/task, start a fresh agent branch/worktree, claim ownership locks, implement and verify, finish via PR/merge cleanup, then repeat for the next message/task.
Copy file name to clipboardExpand all lines: README.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -292,6 +292,7 @@ and asks `[y/N]` whether to update immediately (default is `N`).
292
292
- Non-interactive setup: skips global installs by default; use `--yes-global-install` to force.
293
293
- In already-initialized repos, `setup` / `install` / `fix` block writes on protected `main` by default; start an agent branch first. Use `--allow-protected-base-write` only for emergency in-place maintenance.
294
294
-`gx doctor` on protected `main` auto-starts an isolated `agent/gx/...-gx-doctor` worktree branch and applies repairs there.
295
+
It also syncs repaired `.omx/state/agent-file-locks.json` back to your protected workspace so stale-lock warnings clear immediately.
295
296
-`gx setup` and `gx doctor` always refresh `.githooks/pre-commit` from templates, so Codex sub-branch enforcement stays repaired.
296
297
-`scripts/codex-agent.sh` now auto-runs finish automation after a Codex session when `origin` exists:
297
298
auto-commit changed files, run PR/merge automation, and keep merged agent branches/worktrees by default.
Copy file name to clipboardExpand all lines: templates/AGENTS.multiagent-safety.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,7 @@
16
16
- Use explicit cleanup when done: `gx cleanup --branch "<agent-branch>"` (or `gx cleanup` for all merged agent branches).
17
17
- If codex-agent auto-finish cannot complete, immediately run `scripts/agent-branch-finish.sh --branch "<agent-branch>" --via-pr` and keep the branch open until checks/review pass.
18
18
- If merge/rebase conflicts block auto-finish, run a conflict-resolution review pass in that sandbox branch, then rerun `agent-branch-finish.sh --via-pr` until merged.
19
+
- Completion is not valid until these are true: commit exists on the agent branch, branch is pushed to `origin`, and PR/merge status is produced by `agent-branch-finish.sh` or `codex-agent`.
19
20
- Per-message loop is mandatory: for every new user message/task, start a fresh agent branch/worktree, claim ownership locks, implement and verify, finish via PR/merge cleanup, then repeat for the next message/task.
0 commit comments