@imdeadpool/guardex 5.0.17 → 6.0.1

package/README.md

@@ -349,11 +349,11 @@ openspec update
 ### OpenSpec in agent sub-branches
 
 - `scripts/codex-agent.sh` enforces OpenSpec workspaces before it launches Codex in each sandbox branch/worktree.
-- `scripts/agent-branch-start.sh` can scaffold both `openspec/changes/<agent-branch-slug>/` and `openspec/plan/<agent-branch-slug>/` when you set `MUSAFETY_OPENSPEC_AUTO_INIT=true`.
-- Set `MUSAFETY_OPENSPEC_AUTO_INIT=false` (default for `agent-branch-start`) to skip branch-start auto-bootstrap.
-- Set `MUSAFETY_OPENSPEC_PLAN_SLUG=<kebab-case-slug>` to force a specific plan workspace name.
-- Set `MUSAFETY_OPENSPEC_CHANGE_SLUG=<kebab-case-slug>` to force a specific change workspace name.
-- Set `MUSAFETY_OPENSPEC_CAPABILITY_SLUG=<kebab-case-slug>` to override the default capability folder used for `spec.md` scaffolding.
+- `scripts/agent-branch-start.sh` can scaffold both `openspec/changes/<agent-branch-slug>/` and `openspec/plan/<agent-branch-slug>/` when you set `GUARDEX_OPENSPEC_AUTO_INIT=true`.
+- Set `GUARDEX_OPENSPEC_AUTO_INIT=false` (default for `agent-branch-start`) to skip branch-start auto-bootstrap.
+- Set `GUARDEX_OPENSPEC_PLAN_SLUG=<kebab-case-slug>` to force a specific plan workspace name.
+- Set `GUARDEX_OPENSPEC_CHANGE_SLUG=<kebab-case-slug>` to force a specific change workspace name.
+- Set `GUARDEX_OPENSPEC_CAPABILITY_SLUG=<kebab-case-slug>` to override the default capability folder used for `spec.md` scaffolding.
 
 ## Security and maintenance posture
 
@@ -372,6 +372,14 @@ npm pack --dry-run
 
 ## Release notes
 
+### v6.0.0
+
+- **Breaking** — removed the legacy `musafety` bin alias and all `MUSAFETY_*` environment variables. Callers must migrate to the `guardex` / `gx` bins and the `GUARDEX_*` env-var surface.
+- **Breaking** — bootstrap manifest filename changed from `musafety-bootstrap-manifest.json` to `guardex-bootstrap-manifest.json`; existing sandbox worktrees must be pruned + re-bootstrapped (or have their manifest manually renamed).
+- Rebranded all remaining `musafety` / `Musafety` / `MUSAFETY` codename tokens to `guardex` / `Guardex` / `GUARDEX` across scripts, templates, hooks, tests, and docs.
+- The descriptive phrase `multiagent-safety` (including `bin/multiagent-safety.js` and `templates/AGENTS.multiagent-safety.md`) is preserved intentionally — only the short codename changed.
+- Bumped package version from `5.0.17` to `6.0.0` for the next npm publish.
+
 ### v5.0.17
 
 - Bumped package version from `5.0.16` to `5.0.17` for the next npm publish.
@@ -417,7 +425,7 @@ npm pack --dry-run
 
 ### v5.0.9
 
-- Enforced OpenSpec workspace bootstrap for sandbox agent execution: `scripts/codex-agent.sh` now initializes `openspec/plan/<agent-branch-slug>/` before launching Codex, and `scripts/agent-branch-start.sh` supports `MUSAFETY_OPENSPEC_AUTO_INIT` plus `MUSAFETY_OPENSPEC_PLAN_SLUG`.
+- Enforced OpenSpec workspace bootstrap for sandbox agent execution: `scripts/codex-agent.sh` now initializes `openspec/plan/<agent-branch-slug>/` before launching Codex, and `scripts/agent-branch-start.sh` supports `GUARDEX_OPENSPEC_AUTO_INIT` plus `GUARDEX_OPENSPEC_PLAN_SLUG`.
 - Tightened doctor auto-finish correctness: sandbox finish now waits for merge and exits non-zero if the PR closes without merge, so repair flows are not reported as complete when policy blocks merge.
 - Updated package version from `5.0.8` to `5.0.9` for the next npm publish.
 

package/bin/multiagent-safety.js

@@ -9,14 +9,14 @@ const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
 
 const TOOL_NAME = 'guardex';
 const SHORT_TOOL_NAME = 'gx';
-const LEGACY_NAMES = ['musafety', 'multiagent-safety'];
+const LEGACY_NAMES = ['guardex', 'multiagent-safety'];
 const OPENSPEC_PACKAGE = '@fission-ai/openspec';
 const GLOBAL_TOOLCHAIN_PACKAGES = [
   'oh-my-codex',
   OPENSPEC_PACKAGE,
   '@imdeadpool/codex-account-switcher',
 ];
-const GH_BIN = process.env.MUSAFETY_GH_BIN || 'gh';
+const GH_BIN = process.env.GUARDEX_GH_BIN || 'gh';
 const REQUIRED_SYSTEM_TOOLS = [
   {
     name: 'gh',
@@ -26,11 +26,11 @@ const REQUIRED_SYSTEM_TOOLS = [
   },
 ];
 const MAINTAINER_RELEASE_REPO = path.resolve(
-  process.env.MUSAFETY_RELEASE_REPO || '/tmp/multiagent-safety',
+  process.env.GUARDEX_RELEASE_REPO || '/tmp/multiagent-safety',
 );
-const NPM_BIN = process.env.MUSAFETY_NPM_BIN || 'npm';
-const OPENSPEC_BIN = process.env.MUSAFETY_OPENSPEC_BIN || 'openspec';
-const SCORECARD_BIN = process.env.MUSAFETY_SCORECARD_BIN || 'scorecard';
+const NPM_BIN = process.env.GUARDEX_NPM_BIN || 'npm';
+const OPENSPEC_BIN = process.env.GUARDEX_OPENSPEC_BIN || 'openspec';
+const SCORECARD_BIN = process.env.GUARDEX_SCORECARD_BIN || 'scorecard';
 const GIT_PROTECTED_BRANCHES_KEY = 'multiagent.protectedBranches';
 const GIT_BASE_BRANCH_KEY = 'multiagent.baseBranch';
 const GIT_SYNC_STRATEGY_KEY = 'multiagent.sync.strategy';
@@ -1405,7 +1405,7 @@ function finishDoctorSandboxBranch(blocked, metadata) {
       note: 'origin remote missing; skipped auto-finish',
     };
   }
-  const explicitGhBin = Boolean(String(process.env.MUSAFETY_GH_BIN || '').trim());
+  const explicitGhBin = Boolean(String(process.env.GUARDEX_GH_BIN || '').trim());
   if (!explicitGhBin && !originRemoteLooksLikeGithub(blocked.repoRoot)) {
     return {
       status: 'skipped',
@@ -1413,7 +1413,7 @@ function finishDoctorSandboxBranch(blocked, metadata) {
     };
   }
 
-  const ghBin = process.env.MUSAFETY_GH_BIN || 'gh';
+  const ghBin = process.env.GUARDEX_GH_BIN || 'gh';
   if (!isCommandAvailable(ghBin)) {
     return {
       status: 'skipped',
@@ -1429,7 +1429,7 @@ function finishDoctorSandboxBranch(blocked, metadata) {
     };
   }
 
-  const rawWaitTimeoutSeconds = Number.parseInt(process.env.MUSAFETY_FINISH_WAIT_TIMEOUT_SECONDS || '1800', 10);
+  const rawWaitTimeoutSeconds = Number.parseInt(process.env.GUARDEX_FINISH_WAIT_TIMEOUT_SECONDS || '1800', 10);
   const waitTimeoutSeconds =
     Number.isFinite(rawWaitTimeoutSeconds) && rawWaitTimeoutSeconds >= 30 ? rawWaitTimeoutSeconds : 1800;
   const finishTimeoutMs = Math.max(180_000, (waitTimeoutSeconds + 60) * 1000);
@@ -2170,15 +2170,15 @@ function autoFinishReadyAgentBranches(repoRoot, options = {}) {
     return summary;
   }
 
-  if (String(process.env.MUSAFETY_DOCTOR_SANDBOX || '') === '1') {
+  if (String(process.env.GUARDEX_DOCTOR_SANDBOX || '') === '1') {
     summary.enabled = false;
     summary.details.push('Skipped auto-finish sweep inside doctor sandbox pass.');
     return summary;
   }
 
-  if (String(process.env.MUSAFETY_SKIP_AUTO_FINISH_READY_BRANCHES || '') === '1') {
+  if (String(process.env.GUARDEX_SKIP_AUTO_FINISH_READY_BRANCHES || '') === '1') {
     summary.enabled = false;
-    summary.details.push('Skipped auto-finish sweep (MUSAFETY_SKIP_AUTO_FINISH_READY_BRANCHES=1).');
+    summary.details.push('Skipped auto-finish sweep (GUARDEX_SKIP_AUTO_FINISH_READY_BRANCHES=1).');
     return summary;
   }
 
@@ -2201,14 +2201,14 @@ function autoFinishReadyAgentBranches(repoRoot, options = {}) {
     summary.details.push('Skipped auto-finish sweep (origin remote missing).');
     return summary;
   }
-  const explicitGhBin = Boolean(String(process.env.MUSAFETY_GH_BIN || '').trim());
+  const explicitGhBin = Boolean(String(process.env.GUARDEX_GH_BIN || '').trim());
   if (!explicitGhBin && !originRemoteLooksLikeGithub(repoRoot)) {
     summary.enabled = false;
     summary.details.push('Skipped auto-finish sweep (origin remote is not GitHub).');
     return summary;
   }
 
-  const ghBin = process.env.MUSAFETY_GH_BIN || 'gh';
+  const ghBin = process.env.GUARDEX_GH_BIN || 'gh';
   if (run(ghBin, ['--version']).status !== 0) {
     summary.enabled = false;
     summary.details.push(`Skipped auto-finish sweep (${ghBin} not available).`);
@@ -3151,12 +3151,12 @@ function parseNpmVersionOutput(stdout) {
   }
 }
 
-function checkForMusafetyUpdate() {
-  if (envFlagEnabled('MUSAFETY_SKIP_UPDATE_CHECK')) {
+function checkForGuardexUpdate() {
+  if (envFlagEnabled('GUARDEX_SKIP_UPDATE_CHECK')) {
     return { checked: false, reason: 'disabled' };
   }
 
-  const forceCheck = envFlagEnabled('MUSAFETY_FORCE_UPDATE_CHECK');
+  const forceCheck = envFlagEnabled('GUARDEX_FORCE_UPDATE_CHECK');
   if (!forceCheck && !isInteractiveTerminal()) {
     return { checked: false, reason: 'non-interactive' };
   }
@@ -3188,14 +3188,14 @@ function printUpdateAvailableBanner(current, latest) {
 }
 
 function maybeSelfUpdateBeforeStatus() {
-  const check = checkForMusafetyUpdate();
+  const check = checkForGuardexUpdate();
   if (!check.checked || !check.updateAvailable) {
     return;
   }
 
   printUpdateAvailableBanner(check.current, check.latest);
 
-  const autoApproval = parseAutoApproval('MUSAFETY_AUTO_UPDATE_APPROVAL');
+  const autoApproval = parseAutoApproval('GUARDEX_AUTO_UPDATE_APPROVAL');
   const interactive = isInteractiveTerminal();
 
   if (!interactive && autoApproval == null) {
@@ -3224,11 +3224,11 @@ function maybeSelfUpdateBeforeStatus() {
 }
 
 function checkForOpenSpecPackageUpdate() {
-  if (envFlagEnabled('MUSAFETY_SKIP_OPENSPEC_UPDATE_CHECK')) {
+  if (envFlagEnabled('GUARDEX_SKIP_OPENSPEC_UPDATE_CHECK')) {
     return { checked: false, reason: 'disabled' };
   }
 
-  const forceCheck = envFlagEnabled('MUSAFETY_FORCE_OPENSPEC_UPDATE_CHECK');
+  const forceCheck = envFlagEnabled('GUARDEX_FORCE_OPENSPEC_UPDATE_CHECK');
   if (!forceCheck && !isInteractiveTerminal()) {
     return { checked: false, reason: 'non-interactive' };
   }
@@ -3278,7 +3278,7 @@ function maybeOpenSpecUpdateBeforeStatus() {
 
   printOpenSpecUpdateAvailableBanner(check.current, check.latest);
 
-  const autoApproval = parseAutoApproval('MUSAFETY_AUTO_OPENSPEC_UPDATE_APPROVAL');
+  const autoApproval = parseAutoApproval('GUARDEX_AUTO_OPENSPEC_UPDATE_APPROVAL');
   const interactive = isInteractiveTerminal();
 
   if (!interactive && autoApproval == null) {

package/package.json

@@ -1,16 +1,17 @@
 {
   "name": "@imdeadpool/guardex",
-  "version": "5.0.17",
+  "version": "6.0.1",
   "description": "GuardeX: the Guardian T-Rex for your repo, with hardened multi-agent git guardrails.",
   "license": "MIT",
   "preferGlobal": true,
   "bin": {
     "guardex": "bin/multiagent-safety.js",
     "gx": "bin/multiagent-safety.js",
-    "musafety": "bin/multiagent-safety.js",
     "multiagent-safety": "bin/multiagent-safety.js"
   },
   "scripts": {
+    "prepack": "node pack-helpers/dereference-templates.mjs",
+    "postpack": "git checkout -- templates",
     "test": "node --test test/*.test.js",
     "agent:codex": "bash ./scripts/codex-agent.sh",
     "agent:branch:start": "bash ./scripts/agent-branch-start.sh",

package/templates/AGENTS.multiagent-safety.md

@@ -57,7 +57,7 @@ openspec/plan/<agent-branch-slug>/
 ```
 
 For manual `scripts/agent-branch-start.sh` usage, enable auto-bootstrap with
-`MUSAFETY_OPENSPEC_AUTO_INIT=true` or scaffold manually before implementation:
+`GUARDEX_OPENSPEC_AUTO_INIT=true` or scaffold manually before implementation:
 
 ```bash
 bash scripts/openspec/init-change-workspace.sh "<change-slug>" "<capability-slug>"

package/templates/githooks/post-merge

@@ -1,43 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-if [[ "${MUSAFETY_DISABLE_POST_MERGE_CLEANUP:-0}" == "1" ]]; then
-  exit 0
+# Auto-sync agent worktrees when the base branch is updated in this worktree.
+if [[ -x "scripts/agent-sync-on-base-update.sh" ]]; then
+  bash scripts/agent-sync-on-base-update.sh --quiet || true
 fi
-
-repo_root="$(git rev-parse --show-toplevel 2>/dev/null || true)"
-if [[ -z "$repo_root" ]]; then
-  exit 0
-fi
-
-branch="$(git -C "$repo_root" rev-parse --abbrev-ref HEAD 2>/dev/null || true)"
-if [[ -z "$branch" || "$branch" == "HEAD" ]]; then
-  exit 0
-fi
-
-base_branch="${MUSAFETY_BASE_BRANCH:-$(git -C "$repo_root" config --get multiagent.baseBranch || true)}"
-if [[ -z "$base_branch" ]]; then
-  base_branch="dev"
-fi
-
-if [[ "$branch" != "$base_branch" ]]; then
-  exit 0
-fi
-
-cli_path="$repo_root/bin/multiagent-safety.js"
-if [[ ! -f "$cli_path" ]]; then
-  exit 0
-fi
-
-node_bin="${MUSAFETY_NODE_BIN:-node}"
-if ! command -v "$node_bin" >/dev/null 2>&1; then
-  exit 0
-fi
-
-"$node_bin" "$cli_path" cleanup \
-  --target "$repo_root" \
-  --base "$base_branch" \
-  --include-pr-merged \
-  --keep-clean-worktrees >/dev/null 2>&1 || true
-
-exit 0

package/templates/githooks/pre-commit

@@ -9,6 +9,12 @@ if [[ -z "$branch" ]]; then
   exit 0
 fi
 
+git_dir="$(git rev-parse --git-dir 2>/dev/null || true)"
+is_linked_worktree=0
+if [[ -n "$git_dir" && "$git_dir" == *"/worktrees/"* ]]; then
+  is_linked_worktree=1
+fi
+
 if [[ "${ALLOW_COMMIT_ON_PROTECTED_BRANCH:-0}" == "1" ]]; then
   exit 0
 fi
@@ -24,11 +30,11 @@ if [[ -n "${CODEX_THREAD_ID:-}" || -n "${OMX_SESSION_ID:-}" || "${CODEX_CI:-0}"
 fi
 
 is_vscode_git_context=0
-if [[ -n "${VSCODE_GIT_IPC_HANDLE:-}" || -n "${VSCODE_GIT_ASKPASS_NODE:-}" || -n "${VSCODE_IPC_HOOK_CLI:-}" ]]; then
+if [[ -n "${VSCODE_GIT_IPC_HANDLE:-}" || -n "${VSCODE_GIT_ASKPASS_NODE:-}" || -n "${VSCODE_IPC_HOOK_CLI:-}" || "${TERM_PROGRAM:-}" == "vscode" ]]; then
   is_vscode_git_context=1
 fi
 
-allow_vscode_protected_raw="${MUSAFETY_ALLOW_VSCODE_PROTECTED_BRANCH_WRITES:-$(git config --get multiagent.allowVscodeProtectedBranchWrites || true)}"
+allow_vscode_protected_raw="${GUARDEX_ALLOW_VSCODE_PROTECTED_BRANCH_WRITES:-$(git config --get multiagent.allowVscodeProtectedBranchWrites || true)}"
 if [[ -z "$allow_vscode_protected_raw" ]]; then
   allow_vscode_protected_raw="false"
 fi
@@ -41,7 +47,7 @@ case "$allow_vscode_protected" in
   *) allow_vscode_protected_branch_writes=0 ;;
 esac
 
-protected_branches_raw="${MUSAFETY_PROTECTED_BRANCHES:-$(git config --get multiagent.protectedBranches || true)}"
+protected_branches_raw="${GUARDEX_PROTECTED_BRANCHES:-$(git config --get multiagent.protectedBranches || true)}"
 if [[ -z "$protected_branches_raw" ]]; then
   protected_branches_raw="dev main master"
 fi
@@ -55,7 +61,7 @@ for protected_branch in $protected_branches_raw; do
   fi
 done
 
-codex_require_agent_branch_raw="${MUSAFETY_CODEX_REQUIRE_AGENT_BRANCH:-$(git config --get multiagent.codexRequireAgentBranch || true)}"
+codex_require_agent_branch_raw="${GUARDEX_CODEX_REQUIRE_AGENT_BRANCH:-$(git config --get multiagent.codexRequireAgentBranch || true)}"
 if [[ -z "$codex_require_agent_branch_raw" ]]; then
   codex_require_agent_branch_raw="true"
 fi
@@ -68,6 +74,163 @@ case "$codex_require_agent_branch" in
   *) should_require_codex_agent_branch=1 ;;
 esac
 
+sanitize_slug() {
+  local raw="$1"
+  local fallback="${2:-task}"
+  local slug
+  slug="$(printf '%s' "$raw" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g; s/^-+//; s/-+$//; s/-{2,}/-/g')"
+  if [[ -z "$slug" ]]; then
+    slug="$fallback"
+  fi
+  printf '%s' "$slug"
+}
+
+resolve_agent_branch_base() {
+  local branch_name="$1"
+  git config --get "branch.${branch_name}.guardexBase" || true
+}
+
+is_helper_agent_branch() {
+  local branch_name="$1"
+  local base_branch=""
+  base_branch="$(resolve_agent_branch_base "$branch_name")"
+  [[ "$base_branch" == agent/* ]]
+}
+
+ensure_agent_branch_openspec_workspace() {
+  local branch_name="$1"
+  local change_slug change_dir specs_dir capability_slug branch_base
+  local missing_workspace=0
+  local openspec_script="scripts/openspec/init-change-workspace.sh"
+
+  branch_base="$(git config --get "branch.${branch_name}.guardexBase" || true)"
+  if [[ "$branch_base" == agent/* ]]; then
+    echo "[agent-openspec-guard] Skipping OpenSpec change workspace bootstrap for helper branch '${branch_name}' (base '${branch_base}')."
+    return 0
+  fi
+
+  change_slug="$(sanitize_slug "${branch_name//\//-}" "change")"
+  change_dir="openspec/changes/${change_slug}"
+  specs_dir="${change_dir}/specs"
+
+  if [[ ! -f "${change_dir}/.openspec.yaml" || ! -f "${change_dir}/proposal.md" || ! -f "${change_dir}/tasks.md" ]]; then
+    missing_workspace=1
+  elif [[ ! -d "$specs_dir" ]] || ! find "$specs_dir" -mindepth 2 -maxdepth 2 -type f -name spec.md | grep -q .; then
+    missing_workspace=1
+  fi
+
+  if [[ "$missing_workspace" -ne 1 ]]; then
+    return 0
+  fi
+
+  if [[ ! -f "$openspec_script" ]]; then
+    cat >&2 <<MSG
+[agent-openspec-guard] Missing OpenSpec change workspace for '${branch_name}'.
+Expected path:
+  ${change_dir}
+Cannot auto-initialize because '${openspec_script}' is missing.
+Run:
+  gx setup --target "$(git rev-parse --show-toplevel)"
+  bash scripts/openspec/init-change-workspace.sh "${change_slug}" "<capability-slug>"
+MSG
+    exit 1
+  fi
+
+  if [[ ! -x "$openspec_script" ]]; then
+    chmod +x "$openspec_script" 2>/dev/null || true
+  fi
+
+  capability_slug="$(sanitize_slug "${branch_name##*/}" "general-behavior")"
+  init_output=""
+  if ! init_output="$(bash "$openspec_script" "$change_slug" "$capability_slug" 2>&1)"; then
+    printf '%s\n' "$init_output" >&2
+    cat >&2 <<MSG
+[agent-openspec-guard] OpenSpec auto-init failed for '${branch_name}'.
+Run manually:
+  bash scripts/openspec/init-change-workspace.sh "${change_slug}" "${capability_slug}"
+MSG
+    exit 1
+  fi
+
+  if [[ -n "$init_output" ]]; then
+    printf '%s\n' "$init_output"
+  fi
+
+  git add "$change_dir"
+
+  if [[ -x scripts/agent-file-locks.py ]]; then
+    staged_openspec="$(git diff --cached --name-only -- "$change_dir" | sed '/^$/d' || true)"
+    if [[ -n "$staged_openspec" ]]; then
+      mapfile -t openspec_files < <(printf '%s\n' "$staged_openspec")
+      python3 scripts/agent-file-locks.py claim --branch "$branch_name" "${openspec_files[@]}" >/dev/null 2>&1 || true
+    fi
+  fi
+
+  echo "[agent-openspec-guard] Bootstrapped OpenSpec change workspace: ${change_dir}"
+}
+
+should_auto_reroute_protected_branch() {
+  local raw="${GUARDEX_AUTO_REROUTE_PROTECTED_BRANCH:-$(git config --get multiagent.autoRerouteProtectedBranch || true)}"
+  local lowered=""
+  if [[ -z "$raw" ]]; then
+    raw="true"
+  fi
+  lowered="$(printf '%s' "$raw" | tr '[:upper:]' '[:lower:]')"
+  case "$lowered" in
+    1|true|yes|on) return 0 ;;
+    *) return 1 ;;
+  esac
+}
+
+auto_reroute_protected_branch_commit() {
+  local branch_name="$1"
+  local starter_script="scripts/agent-branch-start.sh"
+  local task_name="${GUARDEX_AUTO_REROUTE_TASK_NAME:-protected-branch-commit-reroute}"
+  local agent_name="${GUARDEX_AUTO_REROUTE_AGENT_NAME:-auto-reroute}"
+  local changed_paths=""
+  local start_output=""
+  local start_status=0
+  local new_branch=""
+  local worktree_path=""
+
+  changed_paths="$({
+    git diff --name-only
+    git diff --cached --name-only
+    git ls-files --others --exclude-standard
+  } | sed '/^$/d' | sort -u)"
+
+  if [[ -z "$changed_paths" ]]; then
+    return 1
+  fi
+
+  if [[ ! -x "$starter_script" ]]; then
+    return 1
+  fi
+
+  set +e
+  start_output="$(bash "$starter_script" "$task_name" "$agent_name" "$branch_name" 2>&1)"
+  start_status=$?
+  set -e
+
+  if [[ "$start_status" -ne 0 ]]; then
+    printf '%s\n' "$start_output" >&2
+    return 1
+  fi
+
+  new_branch="$(printf '%s\n' "$start_output" | sed -n 's/^\[agent-branch-start\] Created branch: //p' | tail -n 1)"
+  worktree_path="$(printf '%s\n' "$start_output" | sed -n 's/^\[agent-branch-start\] Worktree: //p' | tail -n 1)"
+
+  printf '%s\n' "$start_output" >&2
+  cat >&2 <<MSG
+[agent-branch-guard] Protected-branch commit rerouted automatically.
+Changes from '${branch_name}' were moved to:
+  branch: ${new_branch:-<see output>}
+  worktree: ${worktree_path:-<see output>}
+Continue work and commit from that agent worktree.
+MSG
+  return 0
+}
+
 is_codex_managed_only_commit_on_protected=0
 if [[ "$is_codex_session" == "1" && "$is_protected_branch" == "1" ]]; then
   deleted_paths="$(git diff --cached --name-only --diff-filter=D)"
@@ -86,7 +249,7 @@ if [[ "$is_codex_session" == "1" && "$is_protected_branch" == "1" ]]; then
   fi
 fi
 
-if [[ "$should_require_codex_agent_branch" == "1" && "${MUSAFETY_ALLOW_CODEX_ON_NON_AGENT:-0}" != "1" ]]; then
+if [[ "$should_require_codex_agent_branch" == "1" && "${GUARDEX_ALLOW_CODEX_ON_NON_AGENT:-0}" != "1" ]]; then
   if [[ "$is_codex_session" == "1" && "$branch" != agent/* ]]; then
     if [[ "$is_protected_branch" == "1" ]]; then
       if [[ "$is_codex_managed_only_commit_on_protected" == "1" ]]; then
@@ -103,7 +266,7 @@ Or manually:
 Then commit from the created agent/* branch.
 
 Temporary bypass (not recommended):
-  MUSAFETY_ALLOW_CODEX_ON_NON_AGENT=1 git commit ...
+  GUARDEX_ALLOW_CODEX_ON_NON_AGENT=1 git commit ...
 MSG
       exit 1
     fi
@@ -115,7 +278,7 @@ Use isolated branch/worktree first:
 Then commit from the created agent/* branch.
 
 Temporary bypass (not recommended):
-  MUSAFETY_ALLOW_CODEX_ON_NON_AGENT=1 git commit ...
+  GUARDEX_ALLOW_CODEX_ON_NON_AGENT=1 git commit ...
 Disable this rule for a repo (not recommended):
   git config multiagent.codexRequireAgentBranch false
 MSG
@@ -123,17 +286,32 @@ MSG
   fi
 fi
 
-if [[ "$is_protected_branch" == "1" ]]; then
-  if [[ "$is_codex_session" != "1" && "$is_vscode_git_context" == "1" ]]; then
-    if [[ "$allow_vscode_protected_branch_writes" == "1" ]]; then
-      exit 0
-    fi
+if [[ "$is_codex_session" == "1" && "$branch" == agent/* ]]; then
+  if [[ "$is_linked_worktree" != "1" && "${GUARDEX_ALLOW_CODEX_ON_PRIMARY_WORKTREE:-0}" != "1" ]]; then
+    cat >&2 <<'MSG'
+[codex-worktree-guard] Codex agent commits are blocked from the primary checkout.
+Use a linked agent worktree for agent/* branches:
+  bash scripts/agent-branch-start.sh "<task-or-plan>" "<agent-name>"
+Then commit from the printed worktree path.
+
+Temporary bypass (not recommended):
+  GUARDEX_ALLOW_CODEX_ON_PRIMARY_WORKTREE=1 git commit ...
+MSG
+    exit 1
   fi
+fi
 
-  if [[ "$is_unborn_branch" == "1" && "$is_codex_session" != "1" ]]; then
+if [[ "$is_protected_branch" == "1" ]]; then
+  if [[ "$is_codex_session" != "1" && "$is_vscode_git_context" == "1" && "$allow_vscode_protected_branch_writes" == "1" ]]; then
     exit 0
   fi
 
+  if should_auto_reroute_protected_branch; then
+    if auto_reroute_protected_branch_commit "$branch"; then
+      exit 1
+    fi
+  fi
+
   git_dir="$(git rev-parse --git-dir)"
   if [[ -f "$git_dir/MERGE_HEAD" ]]; then
     exit 0
@@ -145,8 +323,10 @@ Use an agent branch first:
   bash scripts/agent-branch-start.sh "<task-or-plan>" "<agent-name>"
 After finishing work:
   bash scripts/agent-branch-finish.sh
+Auto-reroute can be disabled (not recommended):
+  GUARDEX_AUTO_REROUTE_PROTECTED_BRANCH=0 git commit ...
 
-Optional repo opt-in for VS Code protected-branch commits:
+Optional repo override for manual VS Code protected-branch commits:
   git config multiagent.allowVscodeProtectedBranchWrites true
 
 Temporary bypass (not recommended):
@@ -155,26 +335,12 @@ MSG
   exit 1
 fi
 
-if [[ "$is_agent_context" == "1" && "$branch" != agent/* ]]; then
-  cat >&2 <<'MSG'
-[agent-branch-guard] Agent commits must run on dedicated agent/* branches.
-Start an agent branch first:
-  bash scripts/agent-branch-start.sh "<task-or-plan>" "<agent-name>"
-Then commit on that branch.
-
-Temporary bypass (not recommended):
-  ALLOW_COMMIT_ON_PROTECTED_BRANCH=1 git commit ...
-MSG
-  exit 1
-fi
-
 if [[ "$branch" == agent/* ]]; then
-  if [[ "${MUSAFETY_AUTOCLAIM_STAGED_LOCKS:-1}" == "1" ]]; then
-    while IFS= read -r staged_file; do
-      [[ -z "$staged_file" ]] && continue
-      [[ "$staged_file" == ".omx/state/agent-file-locks.json" ]] && continue
-      python3 scripts/agent-file-locks.py claim --branch "$branch" "$staged_file" >/dev/null 2>&1 || true
-    done < <(git diff --cached --name-only --diff-filter=ACMRDTUXB)
+  if is_helper_agent_branch "$branch"; then
+    helper_base="$(resolve_agent_branch_base "$branch")"
+    echo "[agent-openspec-guard] Skipping OpenSpec change workspace bootstrap for helper branch '${branch}' (base '${helper_base}')."
+  else
+    ensure_agent_branch_openspec_workspace "$branch"
   fi
 
   if ! python3 scripts/agent-file-locks.py validate --branch "$branch" --staged; then

package/templates/githooks/pre-push

@@ -10,7 +10,7 @@ if [[ -n "${VSCODE_GIT_IPC_HANDLE:-}" || -n "${VSCODE_GIT_ASKPASS_NODE:-}" || -n
   is_vscode_git_context=1
 fi
 
-allow_vscode_protected_raw="${MUSAFETY_ALLOW_VSCODE_PROTECTED_BRANCH_WRITES:-$(git config --get multiagent.allowVscodeProtectedBranchWrites || true)}"
+allow_vscode_protected_raw="${GUARDEX_ALLOW_VSCODE_PROTECTED_BRANCH_WRITES:-$(git config --get multiagent.allowVscodeProtectedBranchWrites || true)}"
 if [[ -z "$allow_vscode_protected_raw" ]]; then
   allow_vscode_protected_raw="false"
 fi
@@ -28,7 +28,7 @@ if [[ -n "${CODEX_THREAD_ID:-}" || -n "${OMX_SESSION_ID:-}" || "${CODEX_CI:-0}"
   is_codex_session=1
 fi
 
-protected_branches_raw="${MUSAFETY_PROTECTED_BRANCHES:-$(git config --get multiagent.protectedBranches || true)}"
+protected_branches_raw="${GUARDEX_PROTECTED_BRANCHES:-$(git config --get multiagent.protectedBranches || true)}"
 if [[ -z "$protected_branches_raw" ]]; then
   protected_branches_raw="dev main master"
 fi