davidlee
diff --git a/‎.spec-driver/backlog/issues/ISSUE-053-codex_preboot_context_not_loaded_via_agents_md_path_includes/ISSUE-053.md‎
Lines changed: 79 additions & 0 deletions b/‎.spec-driver/backlog/issues/ISSUE-053-codex_preboot_context_not_loaded_via_agents_md_path_includes/ISSUE-053.md‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎.spec-driver/backlog/issues/ISSUE-054-list_deltas_dumps_rich_traceback_when_a_phase_file_has_invalid_yaml_frontmatter/ISSUE-054.md‎
Lines changed: 51 additions & 0 deletions b/‎.spec-driver/backlog/issues/ISSUE-054-list_deltas_dumps_rich_traceback_when_a_phase_file_has_invalid_yaml_frontmatter/ISSUE-054.md‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎.spec-driver/deltas/DE-134-subagent_worktree_base_ref_alignment_and_compensation_defences/DE-134.md‎
Lines changed: 154 additions & 0 deletions b/‎.spec-driver/deltas/DE-134-subagent_worktree_base_ref_alignment_and_compensation_defences/DE-134.md‎
Lines changed: 154 additions & 0 deletions
@@ -0,0 +1,79 @@
+---
+id: ISSUE-053
+name: Codex preboot context not loaded via AGENTS.md @path includes
+created: "2026-04-26"
+updated: "2026-04-26"
+status: open
+kind: issue
+categories: []
+severity: p3
+impact: user
+---
+
+# Codex preboot context not loaded via AGENTS.md @path includes
+
+## Summary
+
+Codex sessions in this repo do not receive the generated spec-driver boot
+context at startup. The `# Spec-Driver Boot Context` heading is absent from
+the model's preloaded context, so `/boot` validation fails unless the agent
+explicitly reads the boot file.
+
+## Observed behaviour
+
+- Root `AGENTS.md` contains only two lines:
+  - `@.spec-driver/AGENTS.md`
+  - `@.spec-driver/agents/boot.md`
+- Reported from a sibling spec-driver repo: in a Codex session those
+  `@path` lines surfaced **literally** in model context rather than being
+  expanded into the referenced files' contents. Behaviour in this repo is
+  expected to match (same AGENTS shape) but has not been independently
+  reproduced here.
+- `.agents/spec-driver-boot.md` exists and contains the expected
+  `# Spec-Driver Boot Context` heading (generated via
+  `spec-driver admin preboot`), but it is not referenced from `AGENTS.md`,
+  so Codex never sees it.
+
+## Why this matters
+
+- The `/boot` skill instructs agents to validate by checking for the
+  `Spec-Driver Boot Context` heading and to print `BOOT ERROR !!!` when
+  missing. On Codex this validation will trip on every session.
+- Without the preboot bundle, agents start without doctrine, glossary,
+  workflow stance, accepted ADRs, required policies/standards, and routing
+  rules — the exact context the project relies on for correct routing.
+
+## Root cause hypothesis
+
+Codex AGENTS discovery (per public docs) reads `AGENTS.md` /
+`AGENTS.override.md` along the instruction chain, but does not document
+recursive `@path` include expansion. Claude Code expands `@path`; Codex
+appears not to. Adding more `@path` lines (e.g. `@.agents/spec-driver-boot.md`)
+will likely surface as literal text in Codex too.
+
+## Candidate fixes
+
+1. **Inline the preboot bundle** into a Codex-visible AGENTS file
+   (e.g. make `AGENTS.md` or `.spec-driver/AGENTS.md` contain the generated
+   boot context literally, regenerated by `spec-driver admin preboot`).
+2. **Codex-specific boot fallback**: have the `/boot` skill detect the
+   missing heading and explicitly read `.agents/spec-driver-boot.md` before
+   warning.
+3. **Harness-aware preboot output**: extend `spec-driver admin preboot` to
+   emit a Codex-compatible artefact (inlined AGENTS content) alongside the
+   existing symlink/file used by Claude Code.
+
+Option 1 is simplest but couples agent-harness ergonomics into a single
+file; option 3 keeps harness adapters explicit. Decide before scoping a
+delta.
+
+## References
+
+- `AGENTS.md` (root) — current `@path`-only contents
+- `.agents/spec-driver-boot.md` — generated preboot bundle
+- `.spec-driver/skills/boot/SKILL.md` — boot validation logic
+- `.spec-driver/agents/boot.md` — `/boot` invocation directive
+- Codex AGENTS docs: https://developers.openai.com/codex/guides/agents-md
+- Source: report from sibling spec-driver repo (memory
+  `mem.fact.codex.agents.preboot-include` in that repo); not yet
+  reproduced here.
@@ -0,0 +1,51 @@
+---
+id: ISSUE-054
+name: list deltas dumps Rich traceback when a phase file has invalid YAML frontmatter
+created: "2026-05-01"
+updated: "2026-05-01"
+status: open
+kind: issue
+categories: []
+severity: p3
+impact: user
+---
+
+# list deltas dumps Rich traceback when a phase file has invalid YAML frontmatter
+
+## Symptom
+
+`spec-driver list deltas` (and likely siblings) crashes with a full Rich
+traceback when any phase file under a delta has a YAML parse error in its
+frontmatter. The user-facing output is a stack trace ending in
+`yaml.scanner.ScannerError: mapping values are not allowed in this context`
+with no indication of which file or line is at fault.
+
+## Root cause
+
+`load_change_artifact` (`supekku/scripts/lib/changes/artifacts.py:180`) wraps
+the per-phase-file `load_markdown_file` call in
+`except (ValueError, OSError)`. PyYAML raises `yaml.YAMLError` (e.g.
+`ScannerError`), which is not a subclass of either, so the parse error
+escapes the per-file guard.
+
+The surrounding `ChangeRegistry.collect()` catch
+(`supekku/scripts/lib/changes/registry.py:84-87`) is also `except ValueError`,
+so the YAML error propagates all the way out to the CLI handler and is
+rendered as a traceback rather than a friendly message.
+
+The same pattern likely affects sibling loaders (specs, decisions,
+backlog) wherever `load_markdown_file` is called inside `except ValueError`.
+
+## Expected
+
+- A clear, actionable message identifying the offending file and ideally the
+  line/column of the YAML error (consistent with PROD-010.FR-010).
+- The command should skip the bad file and continue listing the rest, or fail
+  fast with a clear error — but never dump a Python traceback.
+
+## Repro
+
+1. Edit any `.spec-driver/deltas/DE-XXX/phases/phase-0N.md` so its frontmatter
+   contains a YAML parse error (e.g. an unquoted colon inside a value).
+2. Run `spec-driver list deltas`.
+3. Observe Rich traceback instead of a friendly diagnostic.
@@ -0,0 +1,154 @@
+---
+id: DE-134
+slug: subagent_worktree_base_ref_alignment_and_compensation_defences
+name: Delta - Subagent worktree base-ref alignment and compensation defences
+created: "2026-04-26"
+updated: "2026-04-26"
+status: draft
+kind: delta
+aliases: []
+relations:
+  - type: relates_to
+    target: DE-132
+  - type: relates_to
+    target: DE-133
+context_inputs:
+  - type: brief
+    ref: ./brief.md
+    summary: "Source brief — three-layer defence for subagent worktree isolation (stale-fork + silent-compensation)."
+  - type: reference
+    ref: supekku/agents/dispatch-worker.md
+    summary: "Existing managed subagent that uses isolation: worktree."
+  - type: reference
+    ref: supekku/claude.settings.json
+    summary: "Hook registration template installed to .claude/settings.json."
+  - type: reference
+    ref: supekku/claude.hooks/
+    summary: "Source for installable hook scripts (currently startup.sh, artifact_event.py)."
+applies_to:
+  specs: []
+  requirements: []
+---
+
+# DE-134 – Subagent worktree base-ref alignment and compensation defences
+
+```yaml supekku:delta.relationships@v1
+schema: supekku.delta.relationships
+version: 1
+delta: DE-134
+revision_links:
+  introduces: []
+  supersedes: []
+specs:
+  primary: []
+  collaborators: []
+requirements:
+  implements: []
+  updates: []
+  verifies: []
+phases: []
+```
+
+## 1. Summary & Context
+
+- **Source brief**: [brief.md](./brief.md) — three-layer defence for subagent worktree isolation.
+- **Implementation Plan**: [IP-134](./IP-134.md)
+- **Design Revision**: [DR-134](./DR-134.md)
+- **Change Drivers**: Empirical incident in a sibling spec-driver project where a `isolation: worktree` subagent forked from `origin/main` (38 commits behind the supervisor's local `main`), then silently compensated by re-staging files from elsewhere. Result: a branch unmergeable against trunk and only diagnosable by inspecting the diff base.
+- **Related deltas**: DE-132 (sub-agent orchestration / `/dispatch`), DE-133 (installer support for `.claude/agents/`). This delta extends the same surface — managed subagent definitions, installer-managed Claude config, and harness hook scripts.
+
+## 2. Motivation
+
+Two coupled failure modes in worktree-isolated subagents:
+
+1. **Stale fork**: Claude Code's `isolation: worktree` does not reliably fork from the supervisor's HEAD. Empirically observed forking from a tracking ref (e.g. `origin/main`) instead. The subagent then operates in a tree missing all in-flight supervisor work.
+2. **Silent compensation**: When the worktree state contradicts the delegation prompt (missing files, missing commits), subagents have been observed reconstructing state by copying files from outside the worktree. The resulting branch looks plausible in isolation but is unmergeable against trunk because its diff baseline is wrong.
+
+Loud failure is recoverable; silent compensation is not. The defence must be three-layer (pre-spawn alignment, in-prompt refusal, handback verification) because no single layer covers all paths.
+
+## 3. Scope & Objectives
+
+- **Primary Outcomes**:
+  - **Layer 1 — pre-spawn alignment**: a `SubagentStart` hook script that aligns a worktree-isolated subagent's working tree to the supervisor's HEAD (or a documented project-level override).
+  - **Layer 2 — compensation refusal**: a shared subagent prompt fragment that instructs worktree-isolated subagents to stop and report rather than reconstruct missing state. Inherited by `dispatch-worker` (and any future managed subagent declaring `isolation: worktree`) without per-file edits.
+  - **Layer 3 — handback verification**: a `SubagentStop` hook script that runs a merge-base sanity check against the captured base ref, scans for the compensation signature (added files identical to base-ref state), and writes incidents to a project-local log.
+  - **Installer support**: `spec-driver install` sources both new hook scripts from `supekku/claude.hooks/` and registers them in the installed `.claude/settings.json`. Per-agent log/state directory is created (or auto-created on first run).
+  - **Documentation**: `supekku/claude.hooks/README.md` (or equivalent) documents the parent-HEAD-vs-trunk policy choice and the project-level + per-subagent override mechanisms.
+- **Operational Constraints**:
+  - Source-of-truth changes belong in `supekku/`. The `.spec-driver/` installation is regenerated by `spec-driver install` and must not be hand-edited.
+  - Hooks must no-op cleanly for non-isolated subagents; existing dispatch flow must remain functional.
+  - No persistent per-agent state files after subagent completion.
+- **Dependencies**:
+  - DE-133 lands installer-managed `.claude/agents/` sync. DE-134 extends installer-managed scope to `.claude/hooks/` entries that are *added* by this delta and to the `SubagentStart` / `SubagentStop` keys in the settings template.
+
+## 4. Out of Scope
+
+- Path enforcement during subagent execution (separate brief if needed).
+- Read sandboxing.
+- Replacing Claude Code's worktree creation entirely.
+- Process or network isolation.
+- Automatic resolution of stale-fork incidents — the supervisor diagnoses, the hook only surfaces.
+- Generic hook framework refactor — extend the existing `supekku/claude.hooks/` pattern rather than redesigning it.
+
+## 5. Approach Overview
+
+- **System Touchpoints**:
+  - `supekku/claude.hooks/` — two new scripts (working names `align-worktree-to-parent.sh`, `verify-worktree-base.sh`).
+  - `supekku/claude.settings.json` — register `SubagentStart` and `SubagentStop` hook entries.
+  - `supekku/agents/dispatch-worker.md` — adopt the shared compensation-refusal directive.
+  - `supekku/templates/agents/` (or a new shared snippet location) — single-source compensation-refusal directive that managed subagents reference.
+  - `supekku/scripts/` — installer changes if `_install_claude_config` / `_install_agents` need to learn about new hook files or new state-dir conventions.
+- **Key Changes**:
+  1. Author both hook scripts under `supekku/claude.hooks/`. Resolve hook input shape (parent CWD, agent_id, worktree path) by capturing real `SubagentStart` / `SubagentStop` invocations — see DR open question 1.
+  2. Extend `supekku/claude.settings.json` with the two new hook entries. Confirm the settings installer copies/merges this file correctly into per-project `.claude/settings.json`.
+  3. Add the compensation-refusal directive as a single-source fragment, included by `dispatch-worker.md` (and any future worktree-isolated managed subagent) without copy-paste.
+  4. Document parent-HEAD-vs-trunk policy and the override surface (`.claude/agent-base-ref` project-level, per-subagent frontmatter opt-out) in a README under `supekku/claude.hooks/`.
+  5. Confirm installer behaviour for the new hook script files and the runtime state directory (`.claude/state/agent-base-ref/`, `.claude/state/worktree-incidents.log`).
+- **Migration / Rollout Notes**: Existing installs pick up the new hooks on next `spec-driver install`. No data migration required. New state directory is created on first subagent spawn.
+
+## 6. Verification Strategy
+
+- **VT**:
+  - Unit-style coverage for the hook scripts via shellcheck plus a small harness that feeds synthetic hook input JSON and asserts side-effects (worktree HEAD match, exit code, state file presence/absence).
+  - Installer test confirming new hook files land in the installed workspace and `.claude/settings.json` registers the hook entries.
+- **VA**:
+  - Controlled `/dispatch` run where the supervisor is several commits ahead of the tracking ref; confirm subagent worktree HEAD matches supervisor and `worktree-incidents.log` is empty.
+  - Adversarial run where a delegation prompt mentions a file the subagent is not given; confirm the subagent reports rather than fabricates, and the SubagentStop hook flags the run if compensation occurs.
+- **VH**: User attestation that the integration into a real delta pass works end-to-end without disrupting `/dispatch` ergonomics.
+- **Acceptance Criteria** (from brief):
+  - Worktree-isolated subagent starts at supervisor's HEAD-at-delegation regardless of Claude Code's default resolution.
+  - Subagent whose worktree state contradicts its delegation prompt stops and reports rather than compensating.
+  - Stale or different-ancestry merge-base at handback is surfaced before the supervisor accepts the result.
+  - Compensation signature (added files identical to base-ref state) is detected and flagged.
+  - Subagents without `isolation: worktree` are unaffected — hooks no-op cleanly.
+  - Project-level base-ref override via `.claude/agent-base-ref`.
+  - Per-subagent opt-out via documented frontmatter flag.
+  - No per-agent state files persist after completion.
+  - Incidents accumulate in `.claude/state/worktree-incidents.log` for pattern review.
+  - Subagent template/generator update is single-source; existing definitions inherit without per-file edits.
+  - `supekku/claude.hooks/README.md` documents the design and override surface.
+
+## 7. Risks & Mitigations
+
+- **Risk**: Hook input shape (especially how to retrieve parent session CWD from `SubagentStart`) is undocumented and may vary across Claude Code releases. – _Likelihood_: medium – _Impact_: medium – _Mitigation_: Capture real invocations during DR work; fall back to deriving parent CWD from `.git/worktrees/{name}/gitdir` or `git worktree list --porcelain` run from inside the worktree.
+- **Risk**: `git reset --hard` in a worktree could destroy uncommitted state if Claude Code has already populated the worktree with WIP. – _Likelihood_: low – _Impact_: high – _Mitigation_: Hook checks for clean tree before reset; aborts loudly otherwise. Per-subagent opt-out covers any legitimate WIP-carry case.
+- **Risk**: Compensation-signature scan produces false positives when a subagent legitimately re-introduces a file deleted on a sibling branch. – _Likelihood_: medium – _Impact_: low – _Mitigation_: Default to warn-only output; surface signal without blocking. Tunable threshold deferred to later if needed.
+- **Risk**: Installer-managed settings merge clobbers user-customised hook entries. – _Likelihood_: medium – _Impact_: medium – _Mitigation_: Verify installer's existing settings-handling semantics; document install-time behaviour in DR.
+- **Risk**: Single-source directive mechanism does not yet exist for subagent prompts; introducing one risks scope creep into a generic templating concern. – _Likelihood_: medium – _Impact_: low – _Mitigation_: Choose the simplest viable mechanism (e.g. a referenced skill or an installer-time include) and resist building a generic engine.
+
+## 8. Follow-ups & Tracking
+
+- **Future Phases / Deltas**:
+  - Path-enforcement layer for subagent execution (separate brief).
+  - Consider extending merge-base verification to all worker-produced branches, not only worktree-isolated ones.
+- **Backlog Items**: To be created if scope splits during DR refinement.
+- **Open Decisions / Questions** (carried into DR-134):
+  1. Confirm exact JSON shape of `SubagentStart` / `SubagentStop` hook inputs and the reliable way to retrieve the parent session's working directory.
+  2. Confirm Claude Code's actual base-ref resolution rule for `isolation: worktree`.
+  3. Decide whether stale-fork warnings hard-block via SubagentStop exit code, or warn-only. Default: warn-only.
+  4. Decide precedence between `.claude/agent-base-ref` (project) and per-subagent frontmatter override. Default: per-subagent wins, project config is the framework default.
+
+## 9. Implementation Notes
+
+- All source-of-truth edits land in `supekku/`. The `.spec-driver/` installed copy is regenerated via `spec-driver install` and must not be edited directly.
+- Manual end-to-end verification requires a `/dispatch` invocation against a deliberately-stale tracking ref to exercise Layer 1 + Layer 3 in concert.