@codyswann/lisa 2.106.6 → 2.106.8

package/package.json

@@ -82,7 +82,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Universal governance: agents, skills, commands, hooks, and rules for all projects.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/scripts/automation-status-codex-adapter.mjs

@@ -13,6 +13,8 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
 
 import { compareAutomationFleet } from "./automation-status-contract-drift.mjs";
 
@@ -22,6 +24,7 @@ const RUN_FAILURE_PATTERN =
   /\b(failed|failure|errored|error|exception|crash(?:ed)?)\b/i;
 const NEGATED_FAILURE_PATTERN =
   /\b(no|without)\s+(?:recent\s+)?(?:fail(?:ure|ed)|errors?|exceptions?)\b/i;
+const execFileAsync = promisify(execFile);
 
 /**
  * @typedef {import("./automation-status-expected-fleet.mjs").resolveExpectedAutomationFleet extends (...args: any[]) => infer T ? T : never} ExpectedFleet
@@ -34,6 +37,10 @@ const NEGATED_FAILURE_PATTERN =
  *   readonly observedRRule?: string
  *   readonly observedCommand?: string
  *   readonly cwd?: string | null
+ *   readonly cwdHealth?: {
+ *     readonly status: "ok" | "missing" | "not_directory" | "not_git_work_tree" | "bare_git_repository" | "git_error"
+ *     readonly summary: string
+ *   }
  *   readonly createdAt?: number | null
  *   readonly updatedAt?: number | null
  *   readonly lastRunAt?: string | null
@@ -266,6 +273,8 @@ async function readCodexAutomation(automationDir) {
   const memoryContent = await fs.readFile(memoryPath, "utf8").catch(() => "");
   const memory = parseCodexAutomationMemory(memoryContent);
   const cwd = Array.isArray(automation.cwds) ? automation.cwds[0] : null;
+  const normalizedCwd = typeof cwd === "string" ? cwd : null;
+  const cwdHealth = await inspectAutomationCwd(normalizedCwd);
 
   return {
     automationId:
@@ -279,7 +288,8 @@ async function readCodexAutomation(automationDir) {
     observedCommand: deriveCodexObservedCommand(
       stringOrUndefined(automation.prompt)
     ),
-    cwd: typeof cwd === "string" ? cwd : null,
+    cwd: normalizedCwd,
+    cwdHealth,
     createdAt: numberOrNull(automation.created_at),
     updatedAt: numberOrNull(automation.updated_at),
     ...memory,
@@ -300,6 +310,9 @@ function createObservedStatusItem(input) {
   if (observed?.status) {
     observedDetails.push(`Scheduler status: ${observed.status}`);
   }
+  if (observed?.cwdHealth) {
+    observedDetails.push(`Cwd: ${observed.cwdHealth.summary}`);
+  }
   if (observed?.lastRunAt) {
     observedDetails.push(`Last run: ${observed.lastRunAt}`);
   } else if (observed) {
@@ -352,6 +365,15 @@ function classifyAutomationRunSignal(input) {
     };
   }
 
+  if (observed.cwdHealth && observed.cwdHealth.status !== "ok") {
+    return {
+      status: "FAILING",
+      summary: `scheduler cwd is invalid: ${observed.cwdHealth.summary}`,
+      remediation:
+        "Recreate the automation with `/lisa:setup-automations` so it uses a durable non-bare project checkout, then verify the cwd before the next run.",
+    };
+  }
+
   if (observed.lastRunFailed) {
     return {
       status: "FAILING",
@@ -390,6 +412,69 @@ function classifyAutomationRunSignal(input) {
   return null;
 }
 
+async function inspectAutomationCwd(cwd) {
+  if (!cwd) {
+    return {
+      status: "missing",
+      summary: "no cwd configured",
+    };
+  }
+
+  const stat = await fs.stat(cwd).catch(error => {
+    if (error?.code === "ENOENT") {
+      return null;
+    }
+    throw error;
+  });
+
+  if (!stat) {
+    return {
+      status: "missing",
+      summary: `${cwd} does not exist`,
+    };
+  }
+
+  if (!stat.isDirectory()) {
+    return {
+      status: "not_directory",
+      summary: `${cwd} is not a directory`,
+    };
+  }
+
+  try {
+    const { stdout } = await execFileAsync(
+      "git",
+      ["-C", cwd, "rev-parse", "--is-inside-work-tree", "--is-bare-repository"],
+      { timeout: 5000 }
+    );
+    const [insideWorkTree, bareRepository] = stdout.trim().split(/\r?\n/);
+
+    if (insideWorkTree !== "true") {
+      return {
+        status: "not_git_work_tree",
+        summary: `${cwd} is not inside a Git work tree`,
+      };
+    }
+
+    if (bareRepository === "true") {
+      return {
+        status: "bare_git_repository",
+        summary: `${cwd} is configured as a bare Git repository`,
+      };
+    }
+
+    return {
+      status: "ok",
+      summary: `${cwd} is a valid Git work tree`,
+    };
+  } catch (error) {
+    return {
+      status: "git_error",
+      summary: `git could not inspect ${cwd}: ${String(error?.message ?? error)}`,
+    };
+  }
+}
+
 function resolveDefaultCodexAutomationsDir() {
   return path.join(
     process.env.CODEX_HOME ?? path.join(os.homedir(), ".codex"),

package/plugins/lisa/skills/setup-automations/SKILL.md

@@ -16,7 +16,12 @@ create them; invoke the runtime's automation tool with the spec below.
 - **Codex** → create Codex **automations** via the native automations mechanism (prefer the
   `automation_update` tool over hand-writing `~/.codex/automations/<id>/automation.toml`; the TOML is
   only its backing store). Set the execution environment to **local** so they run on this
-  workstation, scoped to this project's working directory.
+  workstation. Scope them to a durable project automation checkout, not a transient task worktree:
+  use `${CODEX_HOME:-~/.codex}/worktrees/<project>-automation-main` when available, create or refresh
+  that checkout from the project's `origin` remote if needed, and verify `git -C <cwd> rev-parse
+  --is-inside-work-tree --is-bare-repository` reports `true` then `false` before saving the
+  automation. Do not point recurring automations at hashed scratch worktrees or a checkout whose Git
+  metadata is broken.
 - **Claude** → use **`/schedule`** to create local recurring routines, one per automation below.
 - **Other runtimes** → use the runtime's native recurring-task mechanism. If the runtime has none,
   state that scheduling is unavailable and stop.
@@ -37,6 +42,11 @@ affect **only** the two exploratory automations.
 
 Each automation runs **one cycle** of a Lisa command and respects that command's confirmation policy
 (never ask before running; exit cleanly when the queue is idle; report the cycle summary).
+Before running the Lisa command, each automation must sync its checkout: fetch the default remote
+branch and rebase the current automation branch onto it (for the common GitHub case, `origin/main`).
+If the checkout is already on the default branch, fast-forward/rebase it to the remote default. If
+the rebase has conflicts or the working tree is dirty in a way the automation did not create, abort
+the rebase, leave queue state unchanged, and report the blocker instead of running on stale code.
 
 | Automation | Command it runs | Cadence |
 |---|---|---|
@@ -56,10 +66,10 @@ are written).
 
 **Naming + scope (so teardown is precise).** Name each automation with the stable prefix
 `lisa-auto-<project>-` (e.g. `lisa-auto-<project>-intake-tickets`), where `<project>` identifies this
-repo, and scope each to this project's working directory. This lets `/tear-down-automations` find and
-remove exactly this set and never touch other projects' automations or non-Lisa ones. Use a project
-identifier stable across runs and distinct from other repos (don't rely on a bare repo basename when
-it could collide; qualify it, e.g. with the owner).
+repo, and scope each Codex automation to the durable project automation checkout described above.
+This lets `/tear-down-automations` find and remove exactly this set and never touch other projects'
+automations or non-Lisa ones. Use a project identifier stable across runs and distinct from other
+repos (don't rely on a bare repo basename when it could collide; qualify it, e.g. with the owner).
 
 **Idempotent.** Re-running this skill updates the existing `lisa-auto-<project>-*` automations in
 place (same names) rather than creating duplicates.
@@ -71,6 +81,8 @@ place (same names) rather than creating duplicates.
   automation and note it — do not invent a command that doesn't exist.
 - If the runtime has no native scheduler, or the intake queues can't be resolved from config, stop
   and report what's missing rather than guessing.
+- For Codex, if the durable checkout cannot be created, fetched, or verified as a non-bare Git work
+  tree, stop and report the checkout problem instead of creating automations that will fail later.
 
 ## Report
 

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "AWS CDK-specific Lisa plugin.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Expo and React Native-specific skills, agents, rules, and MCP servers.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Harper/Fabric-specific Lisa rules for TypeScript component apps.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "NestJS-specific skills and migration write-protection hooks.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Ruby on Rails-specific skills and hooks for RuboCop and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "TypeScript-specific hooks for formatting, linting, and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.106.6",
+  "version": "2.106.8",
   "description": "Distributable LLM Wiki kernel — ingest, query, lint, and maintain a git-native markdown knowledge base across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/skills/lisa-wiki-setup-automations/SKILL.md

@@ -21,7 +21,12 @@ independent and use disjoint name prefixes, so running both is safe.
 - **Codex** → create a Codex **automation** via the native automations mechanism (prefer the
   `automation_update` tool over hand-writing `~/.codex/automations/<id>/automation.toml`; the TOML is
   only its backing store). Set the execution environment to **local** so it runs on this
-  workstation, scoped to this project's working directory.
+  workstation. Scope it to a durable project automation checkout, not a transient task worktree: use
+  `${CODEX_HOME:-~/.codex}/worktrees/<project>-automation-main` when available, create or refresh
+  that checkout from the project's `origin` remote if needed, and verify `git -C <cwd> rev-parse
+  --is-inside-work-tree --is-bare-repository` reports `true` then `false` before saving the
+  automation. Do not point recurring automations at hashed scratch worktrees or a checkout whose Git
+  metadata is broken.
 - **Claude** → use **`/schedule`** to create a local recurring routine.
 - **Other runtimes** → use the runtime's native recurring-task mechanism. If the runtime has none,
   state that scheduling is unavailable and stop.
@@ -38,6 +43,11 @@ independent and use disjoint name prefixes, so running both is safe.
 The automation runs **one cycle** of the full wiki ingest and respects that command's own confirmation
 and commit/PR policy (never ask before running; run a full ingest across every enabled
 non-external-write source; commit/PR per the ingest skill's bookends; report the cycle summary).
+Before running the ingest, the automation must sync its checkout: fetch the default remote branch and
+rebase the current automation branch onto it (for the common GitHub case, `origin/main`). If the
+checkout is already on the default branch, fast-forward/rebase it to the remote default. If the
+rebase has conflicts or the working tree is dirty in a way the automation did not create, abort the
+rebase and report the blocker instead of ingesting from stale code.
 
 | Automation | Command it runs | Cadence |
 |---|---|---|
@@ -45,11 +55,12 @@ non-external-write source; commit/PR per the ingest skill's bookends; report the
 
 **Naming + scope (so teardown is precise).** Name the automation with the stable prefix
 `lisa-wiki-auto-<project>-` (i.e. `lisa-wiki-auto-<project>-ingest`), where `<project>` identifies
-this repo, and scope it to this project's working directory. This prefix is deliberately distinct
-from the base `lisa-auto-<project>-` set so `/lisa-wiki:tear-down-automations` removes exactly this
-automation and never touches the base automations or any other project's. Use a project identifier
-stable across runs and distinct from other repos (qualify it, e.g. with the owner — don't rely on a
-bare repo basename that could collide).
+this repo, and scope each Codex automation to the durable project automation checkout described
+above. This prefix is deliberately distinct from the base `lisa-auto-<project>-` set so
+`/lisa-wiki:tear-down-automations` removes exactly this automation and never touches the base
+automations or any other project's. Use a project identifier stable across runs and distinct from
+other repos (qualify it, e.g. with the owner — don't rely on a bare repo basename that could
+collide).
 
 **Idempotent.** Re-running this skill updates the existing `lisa-wiki-auto-<project>-ingest`
 automation in place (same name) rather than creating a duplicate.
@@ -60,6 +71,8 @@ automation in place (same name) rather than creating a duplicate.
   `wiki/lisa-wiki.config.json`. If there is no configured wiki, **stop and report** that the wiki
   must be set up first (run `/lisa-wiki:setup`); do not schedule ingest against a non-existent wiki.
 - If the runtime has no native scheduler, stop and report what's missing rather than guessing.
+- For Codex, if the durable checkout cannot be created, fetched, or verified as a non-bare Git work
+  tree, stop and report the checkout problem instead of creating an automation that will fail later.
 
 ## Report
 

package/plugins/src/base/scripts/automation-status-codex-adapter.mjs

@@ -13,6 +13,8 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
 
 import { compareAutomationFleet } from "./automation-status-contract-drift.mjs";
 
@@ -22,6 +24,7 @@ const RUN_FAILURE_PATTERN =
   /\b(failed|failure|errored|error|exception|crash(?:ed)?)\b/i;
 const NEGATED_FAILURE_PATTERN =
   /\b(no|without)\s+(?:recent\s+)?(?:fail(?:ure|ed)|errors?|exceptions?)\b/i;
+const execFileAsync = promisify(execFile);
 
 /**
  * @typedef {import("./automation-status-expected-fleet.mjs").resolveExpectedAutomationFleet extends (...args: any[]) => infer T ? T : never} ExpectedFleet
@@ -34,6 +37,10 @@ const NEGATED_FAILURE_PATTERN =
  *   readonly observedRRule?: string
  *   readonly observedCommand?: string
  *   readonly cwd?: string | null
+ *   readonly cwdHealth?: {
+ *     readonly status: "ok" | "missing" | "not_directory" | "not_git_work_tree" | "bare_git_repository" | "git_error"
+ *     readonly summary: string
+ *   }
  *   readonly createdAt?: number | null
  *   readonly updatedAt?: number | null
  *   readonly lastRunAt?: string | null
@@ -266,6 +273,8 @@ async function readCodexAutomation(automationDir) {
   const memoryContent = await fs.readFile(memoryPath, "utf8").catch(() => "");
   const memory = parseCodexAutomationMemory(memoryContent);
   const cwd = Array.isArray(automation.cwds) ? automation.cwds[0] : null;
+  const normalizedCwd = typeof cwd === "string" ? cwd : null;
+  const cwdHealth = await inspectAutomationCwd(normalizedCwd);
 
   return {
     automationId:
@@ -279,7 +288,8 @@ async function readCodexAutomation(automationDir) {
     observedCommand: deriveCodexObservedCommand(
       stringOrUndefined(automation.prompt)
     ),
-    cwd: typeof cwd === "string" ? cwd : null,
+    cwd: normalizedCwd,
+    cwdHealth,
     createdAt: numberOrNull(automation.created_at),
     updatedAt: numberOrNull(automation.updated_at),
     ...memory,
@@ -300,6 +310,9 @@ function createObservedStatusItem(input) {
   if (observed?.status) {
     observedDetails.push(`Scheduler status: ${observed.status}`);
   }
+  if (observed?.cwdHealth) {
+    observedDetails.push(`Cwd: ${observed.cwdHealth.summary}`);
+  }
   if (observed?.lastRunAt) {
     observedDetails.push(`Last run: ${observed.lastRunAt}`);
   } else if (observed) {
@@ -352,6 +365,15 @@ function classifyAutomationRunSignal(input) {
     };
   }
 
+  if (observed.cwdHealth && observed.cwdHealth.status !== "ok") {
+    return {
+      status: "FAILING",
+      summary: `scheduler cwd is invalid: ${observed.cwdHealth.summary}`,
+      remediation:
+        "Recreate the automation with `/lisa:setup-automations` so it uses a durable non-bare project checkout, then verify the cwd before the next run.",
+    };
+  }
+
   if (observed.lastRunFailed) {
     return {
       status: "FAILING",
@@ -390,6 +412,69 @@ function classifyAutomationRunSignal(input) {
   return null;
 }
 
+async function inspectAutomationCwd(cwd) {
+  if (!cwd) {
+    return {
+      status: "missing",
+      summary: "no cwd configured",
+    };
+  }
+
+  const stat = await fs.stat(cwd).catch(error => {
+    if (error?.code === "ENOENT") {
+      return null;
+    }
+    throw error;
+  });
+
+  if (!stat) {
+    return {
+      status: "missing",
+      summary: `${cwd} does not exist`,
+    };
+  }
+
+  if (!stat.isDirectory()) {
+    return {
+      status: "not_directory",
+      summary: `${cwd} is not a directory`,
+    };
+  }
+
+  try {
+    const { stdout } = await execFileAsync(
+      "git",
+      ["-C", cwd, "rev-parse", "--is-inside-work-tree", "--is-bare-repository"],
+      { timeout: 5000 }
+    );
+    const [insideWorkTree, bareRepository] = stdout.trim().split(/\r?\n/);
+
+    if (insideWorkTree !== "true") {
+      return {
+        status: "not_git_work_tree",
+        summary: `${cwd} is not inside a Git work tree`,
+      };
+    }
+
+    if (bareRepository === "true") {
+      return {
+        status: "bare_git_repository",
+        summary: `${cwd} is configured as a bare Git repository`,
+      };
+    }
+
+    return {
+      status: "ok",
+      summary: `${cwd} is a valid Git work tree`,
+    };
+  } catch (error) {
+    return {
+      status: "git_error",
+      summary: `git could not inspect ${cwd}: ${String(error?.message ?? error)}`,
+    };
+  }
+}
+
 function resolveDefaultCodexAutomationsDir() {
   return path.join(
     process.env.CODEX_HOME ?? path.join(os.homedir(), ".codex"),

package/plugins/src/base/skills/setup-automations/SKILL.md

@@ -16,7 +16,12 @@ create them; invoke the runtime's automation tool with the spec below.
 - **Codex** → create Codex **automations** via the native automations mechanism (prefer the
   `automation_update` tool over hand-writing `~/.codex/automations/<id>/automation.toml`; the TOML is
   only its backing store). Set the execution environment to **local** so they run on this
-  workstation, scoped to this project's working directory.
+  workstation. Scope them to a durable project automation checkout, not a transient task worktree:
+  use `${CODEX_HOME:-~/.codex}/worktrees/<project>-automation-main` when available, create or refresh
+  that checkout from the project's `origin` remote if needed, and verify `git -C <cwd> rev-parse
+  --is-inside-work-tree --is-bare-repository` reports `true` then `false` before saving the
+  automation. Do not point recurring automations at hashed scratch worktrees or a checkout whose Git
+  metadata is broken.
 - **Claude** → use **`/schedule`** to create local recurring routines, one per automation below.
 - **Other runtimes** → use the runtime's native recurring-task mechanism. If the runtime has none,
   state that scheduling is unavailable and stop.
@@ -37,6 +42,11 @@ affect **only** the two exploratory automations.
 
 Each automation runs **one cycle** of a Lisa command and respects that command's confirmation policy
 (never ask before running; exit cleanly when the queue is idle; report the cycle summary).
+Before running the Lisa command, each automation must sync its checkout: fetch the default remote
+branch and rebase the current automation branch onto it (for the common GitHub case, `origin/main`).
+If the checkout is already on the default branch, fast-forward/rebase it to the remote default. If
+the rebase has conflicts or the working tree is dirty in a way the automation did not create, abort
+the rebase, leave queue state unchanged, and report the blocker instead of running on stale code.
 
 | Automation | Command it runs | Cadence |
 |---|---|---|
@@ -56,10 +66,10 @@ are written).
 
 **Naming + scope (so teardown is precise).** Name each automation with the stable prefix
 `lisa-auto-<project>-` (e.g. `lisa-auto-<project>-intake-tickets`), where `<project>` identifies this
-repo, and scope each to this project's working directory. This lets `/tear-down-automations` find and
-remove exactly this set and never touch other projects' automations or non-Lisa ones. Use a project
-identifier stable across runs and distinct from other repos (don't rely on a bare repo basename when
-it could collide; qualify it, e.g. with the owner).
+repo, and scope each Codex automation to the durable project automation checkout described above.
+This lets `/tear-down-automations` find and remove exactly this set and never touch other projects'
+automations or non-Lisa ones. Use a project identifier stable across runs and distinct from other
+repos (don't rely on a bare repo basename when it could collide; qualify it, e.g. with the owner).
 
 **Idempotent.** Re-running this skill updates the existing `lisa-auto-<project>-*` automations in
 place (same names) rather than creating duplicates.
@@ -71,6 +81,8 @@ place (same names) rather than creating duplicates.
   automation and note it — do not invent a command that doesn't exist.
 - If the runtime has no native scheduler, or the intake queues can't be resolved from config, stop
   and report what's missing rather than guessing.
+- For Codex, if the durable checkout cannot be created, fetched, or verified as a non-bare Git work
+  tree, stop and report the checkout problem instead of creating automations that will fail later.
 
 ## Report
 

package/plugins/src/wiki/skills/lisa-wiki-setup-automations/SKILL.md

@@ -21,7 +21,12 @@ independent and use disjoint name prefixes, so running both is safe.
 - **Codex** → create a Codex **automation** via the native automations mechanism (prefer the
   `automation_update` tool over hand-writing `~/.codex/automations/<id>/automation.toml`; the TOML is
   only its backing store). Set the execution environment to **local** so it runs on this
-  workstation, scoped to this project's working directory.
+  workstation. Scope it to a durable project automation checkout, not a transient task worktree: use
+  `${CODEX_HOME:-~/.codex}/worktrees/<project>-automation-main` when available, create or refresh
+  that checkout from the project's `origin` remote if needed, and verify `git -C <cwd> rev-parse
+  --is-inside-work-tree --is-bare-repository` reports `true` then `false` before saving the
+  automation. Do not point recurring automations at hashed scratch worktrees or a checkout whose Git
+  metadata is broken.
 - **Claude** → use **`/schedule`** to create a local recurring routine.
 - **Other runtimes** → use the runtime's native recurring-task mechanism. If the runtime has none,
   state that scheduling is unavailable and stop.
@@ -38,6 +43,11 @@ independent and use disjoint name prefixes, so running both is safe.
 The automation runs **one cycle** of the full wiki ingest and respects that command's own confirmation
 and commit/PR policy (never ask before running; run a full ingest across every enabled
 non-external-write source; commit/PR per the ingest skill's bookends; report the cycle summary).
+Before running the ingest, the automation must sync its checkout: fetch the default remote branch and
+rebase the current automation branch onto it (for the common GitHub case, `origin/main`). If the
+checkout is already on the default branch, fast-forward/rebase it to the remote default. If the
+rebase has conflicts or the working tree is dirty in a way the automation did not create, abort the
+rebase and report the blocker instead of ingesting from stale code.
 
 | Automation | Command it runs | Cadence |
 |---|---|---|
@@ -45,11 +55,12 @@ non-external-write source; commit/PR per the ingest skill's bookends; report the
 
 **Naming + scope (so teardown is precise).** Name the automation with the stable prefix
 `lisa-wiki-auto-<project>-` (i.e. `lisa-wiki-auto-<project>-ingest`), where `<project>` identifies
-this repo, and scope it to this project's working directory. This prefix is deliberately distinct
-from the base `lisa-auto-<project>-` set so `/lisa-wiki:tear-down-automations` removes exactly this
-automation and never touches the base automations or any other project's. Use a project identifier
-stable across runs and distinct from other repos (qualify it, e.g. with the owner — don't rely on a
-bare repo basename that could collide).
+this repo, and scope each Codex automation to the durable project automation checkout described
+above. This prefix is deliberately distinct from the base `lisa-auto-<project>-` set so
+`/lisa-wiki:tear-down-automations` removes exactly this automation and never touches the base
+automations or any other project's. Use a project identifier stable across runs and distinct from
+other repos (qualify it, e.g. with the owner — don't rely on a bare repo basename that could
+collide).
 
 **Idempotent.** Re-running this skill updates the existing `lisa-wiki-auto-<project>-ingest`
 automation in place (same name) rather than creating a duplicate.
@@ -60,6 +71,8 @@ automation in place (same name) rather than creating a duplicate.
   `wiki/lisa-wiki.config.json`. If there is no configured wiki, **stop and report** that the wiki
   must be set up first (run `/lisa-wiki:setup`); do not schedule ingest against a non-existent wiki.
 - If the runtime has no native scheduler, stop and report what's missing rather than guessing.
+- For Codex, if the durable checkout cannot be created, fetched, or verified as a non-bare Git work
+  tree, stop and report the checkout problem instead of creating an automation that will fail later.
 
 ## Report