diff --git a/AGENTS-WORKFLOW.md b/AGENTS-WORKFLOW.md index c33f46749..ef37b0073 100644 --- a/AGENTS-WORKFLOW.md +++ b/AGENTS-WORKFLOW.md @@ -164,6 +164,8 @@ This moves the tag to HEAD, pushes, rebuilds the GitHub release, updates the Hom - NEVER say "ready to push when you are" - YOU must push - If push fails, resolve and retry until it succeeds - NEVER leave a foreign branch-attached worktree without a recorded disposition +- Keep the canonical root clean and attached to `main`. +- Run `bash scripts/check-worktree-disposition.sh` before push and session close. - If `bd dolt push` says no remote is configured, do not treat that as a session failure. Record it as unavailable, then continue with the mandatory Git push. See [bd server-mode tracker closeout](docs/runbooks/bd-server-mode-closeout.md). diff --git a/evals/agentops-core/fixtures/security-toolchain-governance-smoke.sh b/evals/agentops-core/fixtures/security-toolchain-governance-smoke.sh index 1a2e9e669..dd3026bdd 100755 --- a/evals/agentops-core/fixtures/security-toolchain-governance-smoke.sh +++ b/evals/agentops-core/fixtures/security-toolchain-governance-smoke.sh @@ -275,7 +275,6 @@ job_start = workflow.index(" security-toolchain-gate:") job_end = workflow.index("\n skill-integrity:", job_start) job = workflow[job_start:job_end] required_job_bits = [ - "continue-on-error: true", "./scripts/security-gate.sh --mode quick", "uses: actions/upload-artifact@", "if: always()", diff --git a/evals/agentops-core/hook-manifest-runtime-contracts.json b/evals/agentops-core/hook-manifest-runtime-contracts.json index 56d572d94..6842a49de 100644 --- a/evals/agentops-core/hook-manifest-runtime-contracts.json +++ b/evals/agentops-core/hook-manifest-runtime-contracts.json @@ -116,7 +116,7 @@ "timeout_seconds": 60, "inputs": { "cwd": "../..", - "shell": "jq -e '[.. | .command? // empty] as $cmds | ($cmds | length == 43) and ($cmds | map(capture(\"(?