Skip to content

Allow gx setup to refresh protected main through a sandbox#212

Merged
NagyVikt merged 1 commit into
mainfrom
agent/codex/setup-protected-main-sandbox-2026-04-21-12-08
Apr 21, 2026
Merged

Allow gx setup to refresh protected main through a sandbox#212
NagyVikt merged 1 commit into
mainfrom
agent/codex/setup-protected-main-sandbox-2026-04-21-12-08

Conversation

@NagyVikt

Copy link
Copy Markdown
Collaborator

Automated by scripts/agent-branch-finish.sh (PR flow).

Initialized protected main repos should be able to rerun setup without falling back to an unsafe in-place write or a hard stop. This reuses the protected-branch sandbox path for setup, syncs the managed bootstrap outputs back into the base checkout, and prunes the temporary sandbox afterward.

Constraint: The visible protected base checkout must remain on main during setup refreshes.
Rejected: Keep setup hard-blocked on protected main | prevents the safe refresh path users expect after bootstrap.
Rejected: Require --allow-protected-base-write for routine setup refreshes | weakens the protected-base workflow for managed bootstrap files.
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep sandbox target resolution repo-local and prune the temporary sandbox branch/worktree after syncing the managed setup outputs back to the base checkout.
Tested: node --check bin/multiagent-safety.js; node --test --test-name-pattern="setup .*protected main" test/install.test.js; openspec validate agent-codex-setup-protected-main-sandbox-2026-04-21-12-20 --type change --strict; openspec validate --specs (no items found).
Not-tested: Full test/install.test.js suite; broader setup/doctor command matrix outside the protected-main refresh path.
@NagyVikt NagyVikt merged commit 0426c7f into main Apr 21, 2026
@NagyVikt NagyVikt deleted the agent/codex/setup-protected-main-sandbox-2026-04-21-12-08 branch April 21, 2026 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant