@pushpalsdev/cli 1.0.93 → 1.0.94

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushpalsdev/cli",
-  "version": "1.0.93",
+  "version": "1.0.94",
   "description": "PushPals terminal CLI for LocalBuddy -> RemoteBuddy orchestration",
   "license": "MIT",
   "repository": {

package/runtime/prompts/remotebuddy/remotebuddy_system_prompt.md

@@ -45,8 +45,8 @@ Execution policy:
   - `scope.read_anywhere` should default to `true` (do not set `false` unless user explicitly requested restrictive reading)
   - `scope.write_allowed` should default to `true`
   - `scope.write_globs` should be included as starting-point/relevance hints, not as hard write boundaries
-  - `scope.forbidden_globs` should be included only when specific paths must be blocked
-  - `scope.max_files_to_edit` should be included only when a cap is needed
+  - `scope.forbidden_globs` should be included only as review guardrail hints, not as hard write blockers
+  - `scope.max_files_to_edit` should be included only as a planning/review hint; WorkerPal write access is repo-sandbox-wide
 
 Quality gates:
 

package/runtime/sandbox/.pushpals-remotebuddy-fallback.js

@@ -4264,6 +4264,9 @@ var IDEATION_SYSTEM_PROMPT = loadPromptTemplate("remotebuddy/autonomy_ideation_s
 var SCORING_SYSTEM_PROMPT = loadPromptTemplate("remotebuddy/autonomy_scoring_system_prompt.md").trim();
 var PLANNING_SYSTEM_PROMPT = loadPromptTemplate("remotebuddy/autonomy_planning_system_prompt.md").trim();
 var IDEATION_TIMEOUT_RECOVERY_INSTRUCTION = "Previous ideation timed out before you returned JSON. For this round only, stay within the time budget: prioritize the top 1-3 highest-confidence candidates, keep reasoning brief, avoid exhaustive exploration, and return valid JSON as soon as possible.";
+var STARTUP_FAST_TICK_MAX_ATTEMPTS = 4;
+var STARTUP_FAST_TICK_MAX_DELAY_MS = 15000;
+var STARTUP_STALE_LOCK_AFTER_MS = 30000;
 var VISION_DOC_FNAME = "vision.md";
 var MAX_VISION_SECTION_CHARS = 1200;
 var DOCS_MIN_IMPACT_SIGNAL_FOR_NO_PENALTY = 0.45;
@@ -6100,6 +6103,92 @@ function buildEngineInspirationContext(params) {
     commit_history_hints: commitHistoryHints
   };
 }
+function compactIdeationText(value, maxChars) {
+  const text = asString2(value).trim();
+  if (text.length <= maxChars)
+    return text;
+  return `${text.slice(0, Math.max(0, maxChars - 1)).trimEnd()}...`;
+}
+function compactIdeationTextList(values, maxItems, maxChars) {
+  return values.slice(0, maxItems).map((value) => compactIdeationText(value, maxChars)).filter(Boolean);
+}
+function compactVisionContextForIdeationRetry(vision) {
+  const compactKeyItems = Object.fromEntries(Object.entries(vision.key_items).map(([key, value]) => [
+    key,
+    Array.isArray(value) ? compactIdeationTextList(value, 6, 260) : compactIdeationText(value, 260)
+  ]));
+  return {
+    one_sentence: compactIdeationText(vision.one_sentence, 360),
+    sections: vision.sections.slice(0, 4).map((section) => ({
+      number: section.number,
+      title: compactIdeationText(section.title, 160),
+      markdown: compactIdeationText(section.markdown, 500),
+      truncated: section.truncated || section.markdown.length > 500
+    })),
+    key_items: compactKeyItems,
+    section_numbers: vision.section_numbers.slice(0, 8),
+    truncated: vision.truncated
+  };
+}
+function compactEngineInspirationForIdeationRetry(context) {
+  return {
+    compiled_repo_objectives: context.compiled_repo_objectives.slice(0, 4).map((objective) => ({
+      id: objective.id,
+      title: objective.title,
+      weight: objective.weight,
+      section_ref: objective.section_ref,
+      category: objective.category,
+      success_criteria: compactIdeationTextList(objective.success_criteria, 3, 220),
+      validation_expectations: compactIdeationTextList(objective.validation_expectations, 3, 220)
+    })),
+    compiled_objectives: context.compiled_objectives.slice(0, 4).map((objective) => ({
+      id: objective.id,
+      title: compactIdeationText(objective.title, 220),
+      weight: objective.weight,
+      evidence: compactIdeationTextList(objective.evidence, 3, 220)
+    })),
+    opportunity_gaps: context.opportunity_gaps.slice(0, 4).map((gap) => ({
+      id: gap.id,
+      label: compactIdeationText(gap.label, 220),
+      score: gap.score,
+      evidence: compactIdeationTextList(gap.evidence, 3, 220)
+    })),
+    building_blocks: context.building_blocks.slice(0, 6).map((block) => ({
+      id: block.id,
+      algorithm: block.algorithm,
+      summary: compactIdeationText(block.summary, 260),
+      hypothesis: compactIdeationText(block.hypothesis, 260),
+      score: block.score,
+      objective_ids: block.objective_ids.slice(0, 3),
+      gap_ids: block.gap_ids.slice(0, 3),
+      candidate_shape: {
+        objective_type: block.candidate_shape.objective_type,
+        trigger_type: block.candidate_shape.trigger_type,
+        component_area: block.candidate_shape.component_area,
+        target_paths: block.candidate_shape.target_paths.slice(0, 4),
+        write_globs: block.candidate_shape.write_globs.slice(0, 4)
+      }
+    })),
+    source_patterns: context.source_patterns.slice(0, 4).map((pattern) => ({
+      id: pattern.id,
+      algorithm: pattern.algorithm,
+      summary: compactIdeationText(pattern.summary, 260),
+      tags: compactIdeationTextList(pattern.tags, 5, 80),
+      quality_score: pattern.quality_score,
+      freshness_score: pattern.freshness_score,
+      source_trust_score: pattern.source_trust_score
+    })),
+    commit_history_hints: context.commit_history_hints.slice(0, 4).map((hint) => ({
+      motif_id: hint.motif_id,
+      label: compactIdeationText(hint.label, 220),
+      count: hint.count,
+      signal: hint.signal,
+      objective_ids: hint.objective_ids.slice(0, 3),
+      gap_ids: hint.gap_ids.slice(0, 3),
+      sample_subjects: compactIdeationTextList(hint.sample_subjects, 3, 180)
+    }))
+  };
+}
 function selectVisionSectionRefs(sectionRefs) {
   const preferred = ["6", "7", "8", "4", "3", "0", "5"];
   const normalized = sectionRefs.map((value) => asString2(value)).filter(Boolean);
@@ -6199,7 +6288,7 @@ function buildRepoVisionFallbackCandidates(params) {
     const target = chooseRepoObjectiveTargetProfile(params.repoTargets ?? [], objective);
     const targetPaths = target?.target_paths ?? [objective.section_ref ? `vision.md` : "README.md"];
     const writeGlobs = target?.write_globs ?? targetPaths;
-    const componentArea = target?.component_area ?? (normalizeAutonomyComponentArea(pathDirname(targetPaths[0]) || targetPaths[0]) ?? "docs");
+    const componentArea = target?.component_area ?? normalizeAutonomyComponentArea(pathDirname(targetPaths[0]) || targetPaths[0]) ?? "docs";
     const triggerType = categoryTriggerType(objective.category, params.snapshotTopSignals);
     const signalIds = pickSignalIdsForTrigger(params.snapshotTopSignals, triggerType);
     const sectionRef = objective.section_ref || sectionRefs[0] || "";
@@ -6409,9 +6498,11 @@ class RemoteBuddyAutonomousEngine {
   cfg;
   runtimeEnabled = true;
   timer = null;
+  startupFastTickTimer = null;
   heartbeatTimer = null;
   inFlight = false;
   nextTickAtMs = 0;
+  startupFastTickAttemptsRemaining = 0;
   currentRunId = null;
   currentPhase = "idle";
   currentPhaseStartedAtMs = 0;
@@ -6441,6 +6532,8 @@ class RemoteBuddyAutonomousEngine {
     this.runtimeEnabled = Boolean(enabled);
     if (!this.runtimeEnabled) {
       this.nextTickAtMs = 0;
+      this.startupFastTickAttemptsRemaining = 0;
+      this.clearStartupFastTickTimer();
       if (!this.currentRunId) {
         this.lastOutcome = "skipped";
         this.lastDetail = "disabled_by_runtime_config";
@@ -6494,6 +6587,38 @@ class RemoteBuddyAutonomousEngine {
   lockStaleAfterMs() {
     return Math.max(this.phaseTimeoutMs("ideation") + 30000, this.cfg.heartbeatLogMs * 2, 120000);
   }
+  startupLockStaleAfterMs() {
+    return Math.min(this.lockStaleAfterMs(), Math.max(5000, Math.min(STARTUP_STALE_LOCK_AFTER_MS, Math.floor(this.cfg.tickIntervalMs / 4))));
+  }
+  lockStaleAfterMsForAcquire() {
+    return this.startupFastTickAttemptsRemaining > 0 ? this.startupLockStaleAfterMs() : this.lockStaleAfterMs();
+  }
+  startupFastTickDelayMs() {
+    return Math.max(1000, Math.min(STARTUP_FAST_TICK_MAX_DELAY_MS, Math.floor(this.cfg.tickIntervalMs / 10)));
+  }
+  clearStartupFastTickTimer() {
+    if (this.startupFastTickTimer) {
+      clearTimeout(this.startupFastTickTimer);
+      this.startupFastTickTimer = null;
+    }
+  }
+  scheduleStartupFastTick(reason) {
+    if (!this.runtimeEnabled || !this.timer || this.startupFastTickTimer)
+      return;
+    if (this.startupFastTickAttemptsRemaining <= 0)
+      return;
+    const delayMs = this.startupFastTickDelayMs();
+    this.startupFastTickAttemptsRemaining -= 1;
+    this.nextTickAtMs = Date.now() + delayMs;
+    console.log(`[RemoteBuddyAutonomousEngine] startup fast tick scheduled in ${delayMs}ms after ${reason} (remaining=${this.startupFastTickAttemptsRemaining}).`);
+    this.startupFastTickTimer = setTimeout(() => {
+      this.startupFastTickTimer = null;
+      if (!this.runtimeEnabled || !this.timer)
+        return;
+      this.nextTickAtMs = Date.now() + this.cfg.tickIntervalMs;
+      this.tick();
+    }, delayMs);
+  }
   cycleBudgetMs() {
     const ideationTimeoutMs = this.phaseTimeoutMs("ideation");
     const scoringTimeoutMs = this.phaseTimeoutMs("scoring");
@@ -6806,7 +6931,7 @@ class RemoteBuddyAutonomousEngine {
         sessionId: this.sessionId,
         runId,
         ttlMs,
-        staleAfterMs: this.lockStaleAfterMs()
+        staleAfterMs: this.lockStaleAfterMsForAcquire()
       })
     });
     if (res.ok)
@@ -7122,6 +7247,8 @@ ${JSON.stringify(input.messages ?? [])}`),
         outcomeDetail = lockResult.reason ? compactStatusDetail(`lock_not_acquired:${lockResult.reason}`) : "lock_not_acquired";
         return;
       }
+      this.startupFastTickAttemptsRemaining = 0;
+      this.clearStartupFastTickTimer();
       this.setPhase("prepare_worktree");
       const ready = await this.ensureAutonomyRepoReady(runId);
       if (!ready) {
@@ -7230,58 +7357,79 @@ ${JSON.stringify(input.messages ?? [])}`),
         return;
       }
       this.setPhase("ideation");
-      const ideationRecovery = this.consumeIdeationTimeoutRecovery();
-      if (ideationRecovery) {
-        console.warn(`[RemoteBuddyAutonomousEngine] tick ${runId}: applying one-shot ideation timeout recovery from ${ideationRecovery.previousRunId} after ${ideationRecovery.timeoutMs}ms timeout.`);
-      }
-      const ideationTopSignals = snapshot.top_signals.slice(0, ideationRecovery ? 10 : 16);
-      const ideationStateTraits = snapshot.state_traits.slice(0, ideationRecovery ? 14 : 24);
-      const ideationFeedbackPriors = snapshot.feedback_priors.slice(0, ideationRecovery ? 12 : 20);
-      const ideationEngineIdeaPriors = (snapshot.engine_idea_priors ?? []).slice(0, ideationRecovery ? 12 : 20);
-      const ideationOpenObjectives = snapshot.open_objectives.slice(0, ideationRecovery ? 12 : 20);
-      const ideationActiveCooldowns = snapshot.active_cooldowns.slice(0, ideationRecovery ? 12 : 20);
-      const ideationRepoTargets = repoTargets.slice(0, ideationRecovery ? 8 : repoTargets.length);
-      const ideationPhase = await this.llmPhase("ideation", runId, snapshot.snapshot_id, {
-        system: IDEATION_SYSTEM_PROMPT,
-        json: true,
-        maxTokens: ideationRecovery ? 1400 : 2800,
-        temperature: 0.2,
-        messages: [
-          ...ideationRecovery ? [
+      const buildIdeationInput = (ideationRecovery2, compactRetry) => {
+        const reduced = compactRetry || Boolean(ideationRecovery2);
+        const ideationTopSignals = snapshot.top_signals.slice(0, reduced ? 5 : 16);
+        const ideationStateTraits = snapshot.state_traits.slice(0, reduced ? 6 : 24);
+        const ideationFeedbackPriors = snapshot.feedback_priors.slice(0, reduced ? 4 : 20);
+        const ideationEngineIdeaPriors = (snapshot.engine_idea_priors ?? []).slice(0, reduced ? 4 : 20);
+        const ideationOpenObjectives = snapshot.open_objectives.slice(0, reduced ? 4 : 20);
+        const ideationActiveCooldowns = snapshot.active_cooldowns.slice(0, reduced ? 4 : 20);
+        const ideationRepoTargets = repoTargets.slice(0, reduced ? 4 : repoTargets.length);
+        return {
+          system: IDEATION_SYSTEM_PROMPT,
+          json: true,
+          maxTokens: reduced ? 900 : 2800,
+          temperature: 0.2,
+          messages: [
+            ...ideationRecovery2 ? [
+              {
+                role: "user",
+                content: `${IDEATION_TIMEOUT_RECOVERY_INSTRUCTION} Previous timed-out run: ${ideationRecovery2.previousRunId}. Timeout budget for this round: ${this.phaseTimeoutMs("ideation")}ms.`
+              }
+            ] : [],
             {
               role: "user",
-              content: `${IDEATION_TIMEOUT_RECOVERY_INSTRUCTION} Previous timed-out run: ${ideationRecovery.previousRunId}. Timeout budget for this round: ${this.phaseTimeoutMs("ideation")}ms.`
+              content: JSON.stringify({
+                snapshot: {
+                  snapshot_id: snapshot.snapshot_id,
+                  top_signals: ideationTopSignals,
+                  state_traits: ideationStateTraits,
+                  feedback_priors: ideationFeedbackPriors,
+                  engine_idea_priors: ideationEngineIdeaPriors,
+                  open_objectives: ideationOpenObjectives,
+                  active_cooldowns: ideationActiveCooldowns
+                },
+                vision: reduced ? compactVisionContextForIdeationRetry(visionContext) : visionContext,
+                repo_targets: ideationRepoTargets.map((target) => ({
+                  component_area: target.component_area,
+                  target_paths: target.target_paths,
+                  write_globs: target.write_globs,
+                  label: target.label,
+                  keywords: target.keywords.slice(0, reduced ? 4 : 8)
+                })),
+                engine_inspiration: reduced ? compactEngineInspirationForIdeationRetry(engineInspiration) : engineInspiration,
+                limits: {
+                  ideation_max_candidates: reduced ? Math.max(1, Math.min(3, this.cfg.ideationMaxCandidates)) : this.cfg.ideationMaxCandidates,
+                  min_confidence: this.cfg.minConfidence
+                }
+              }, null, reduced ? 0 : 2)
             }
-          ] : [],
-          {
-            role: "user",
-            content: JSON.stringify({
-              snapshot: {
-                snapshot_id: snapshot.snapshot_id,
-                top_signals: ideationTopSignals,
-                state_traits: ideationStateTraits,
-                feedback_priors: ideationFeedbackPriors,
-                engine_idea_priors: ideationEngineIdeaPriors,
-                open_objectives: ideationOpenObjectives,
-                active_cooldowns: ideationActiveCooldowns
-              },
-              vision: visionContext,
-              repo_targets: ideationRepoTargets.map((target) => ({
-                component_area: target.component_area,
-                target_paths: target.target_paths,
-                write_globs: target.write_globs,
-                label: target.label,
-                keywords: target.keywords.slice(0, 8)
-              })),
-              engine_inspiration: engineInspiration,
-              limits: {
-                ideation_max_candidates: this.cfg.ideationMaxCandidates,
-                min_confidence: this.cfg.minConfidence
-              }
-            }, null, 2)
-          }
-        ]
-      });
+          ]
+        };
+      };
+      let ideationRecovery = this.consumeIdeationTimeoutRecovery();
+      if (ideationRecovery) {
+        console.warn(`[RemoteBuddyAutonomousEngine] tick ${runId}: applying one-shot ideation timeout recovery from ${ideationRecovery.previousRunId} after ${ideationRecovery.timeoutMs}ms timeout.`);
+      }
+      let ideationPhase;
+      try {
+        ideationPhase = await this.llmPhase("ideation", runId, snapshot.snapshot_id, buildIdeationInput(ideationRecovery, Boolean(ideationRecovery)));
+      } catch (error) {
+        if (error instanceof Error && error.message === "autonomy ideation phase timeout" && !ideationRecovery) {
+          ideationRecovery = {
+            previousRunId: runId,
+            timedOutAt: new Date().toISOString(),
+            timeoutMs: this.phaseTimeoutMs("ideation")
+          };
+          this.pendingIdeationTimeoutRecovery = null;
+          console.warn(`[RemoteBuddyAutonomousEngine] tick ${runId}: ideation timed out; retrying once immediately with reduced context and budget-focused guidance.`);
+          ideationPhase = await this.llmPhase("ideation", runId, snapshot.snapshot_id, buildIdeationInput(ideationRecovery, true));
+          this.pendingIdeationTimeoutRecovery = null;
+        } else {
+          throw error;
+        }
+      }
       llmCalls.push(ideationPhase.llmCall);
       const ideationJson = ideationPhase.json;
       if (this.isSnapshotExpired(snapshot) || Date.now() > cycleDeadline) {
@@ -7907,6 +8055,9 @@ Scope:
         await this.releaseDispatchLock(runId);
       this.inFlight = false;
       this.markTickDone(outcome, outcomeDetail);
+      if (!lockAcquired && outcomeDetail.startsWith("lock_not_acquired")) {
+        this.scheduleStartupFastTick("dispatch lock contention");
+      }
     }
   }
   async enqueueFromAnalysis(instruction, autonomyCtx, originRequestId) {
@@ -7931,7 +8082,8 @@ Scope:
     if (!this.runtimeEnabled || this.timer)
       return;
     console.log(`[RemoteBuddyAutonomousEngine] Using dedicated autonomy worktree ${this.autonomyRepo} (remote=${this.gitRemote} integration=${this.integrationBranch} base=${this.baseBranch}).`);
-    this.nextTickAtMs = Date.now() + this.cfg.tickIntervalMs;
+    this.startupFastTickAttemptsRemaining = STARTUP_FAST_TICK_MAX_ATTEMPTS;
+    this.nextTickAtMs = Date.now();
     this.timer = setInterval(() => {
       this.nextTickAtMs = Date.now() + this.cfg.tickIntervalMs;
       this.tick();
@@ -7943,6 +8095,7 @@ Scope:
     this.tick();
   }
   stop() {
+    this.clearStartupFastTickTimer();
     if (this.timer) {
       clearInterval(this.timer);
       this.timer = null;
@@ -7951,6 +8104,7 @@ Scope:
       clearInterval(this.heartbeatTimer);
       this.heartbeatTimer = null;
     }
+    this.startupFastTickAttemptsRemaining = 0;
     this.nextTickAtMs = 0;
   }
 }
@@ -8281,7 +8435,7 @@ function buildExecutionGuidance(plan, targetPaths, requiredValidationSteps = [])
       lines.push(`- ${glob}`);
   }
   if (Array.isArray(plan.scope.forbidden_globs) && plan.scope.forbidden_globs.length > 0) {
-    lines.push("Forbidden globs:");
+    lines.push("Review guardrail hints:");
     for (const glob of plan.scope.forbidden_globs)
       lines.push(`- ${glob}`);
   }

package/runtime/sandbox/apps/workerpals/src/backends/openai_codex/openai_codex_executor.py

@@ -10,7 +10,7 @@ from __future__ import annotations
 import json
 import os
 import re
-from shutil import which
+from shutil import rmtree, which
 import shlex
 import signal
 import subprocess
@@ -21,7 +21,7 @@ import time
 import traceback
 from dataclasses import dataclass
 from pathlib import Path
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, List, Optional, Tuple
 
 _SHARED_DIR = Path(__file__).resolve().parents[1] / "shared"
 if str(_SHARED_DIR) not in sys.path:
@@ -386,6 +386,87 @@ def _is_git_repo(repo: str) -> bool:
         return False
 
 
+def _codex_project_config_roots(repo: str, env: Dict[str, str]) -> List[Path]:
+    roots: List[Path] = []
+    seen: set[str] = set()
+
+    def add(raw: object) -> None:
+        text = str(raw or "").strip()
+        if not text:
+            return
+        try:
+            path = Path(text).resolve()
+        except Exception:
+            return
+        key = str(path)
+        if key in seen:
+            return
+        seen.add(key)
+        roots.append(path)
+
+    add(repo)
+    try:
+        proc = subprocess.run(
+            ["git", "rev-parse", "--show-toplevel"],
+            cwd=repo,
+            capture_output=True,
+            text=True,
+            timeout=10,
+            check=False,
+        )
+        if proc.returncode == 0:
+            add((proc.stdout or "").strip())
+    except Exception:
+        pass
+
+    for key in (
+        "PUSHPALS_REPO_ROOT_OVERRIDE",
+        "PUSHPALS_PROJECT_ROOT_OVERRIDE",
+        "PUSHPALS_ASSIGNED_REPO_ROOT",
+        "PUSHPALS_REPO_PATH",
+    ):
+        add(env.get(key))
+    return roots
+
+
+def _mask_repo_local_codex_files(repo: str, env: Dict[str, str]) -> List[Tuple[Path, Path]]:
+    masked: List[Tuple[Path, Path]] = []
+    for root in _codex_project_config_roots(repo, env):
+        codex_path = root / ".codex"
+        if not os.path.lexists(codex_path):
+            continue
+        if codex_path.is_dir():
+            continue
+        backup = root / f".codex.pushpals-masked-{os.getpid()}-{len(masked)}"
+        suffix = 0
+        while os.path.lexists(backup):
+            suffix += 1
+            backup = root / f".codex.pushpals-masked-{os.getpid()}-{len(masked)}-{suffix}"
+        try:
+            os.replace(codex_path, backup)
+            masked.append((codex_path, backup))
+            log.info(
+                f"Temporarily masked repo-local .codex file so Codex CLI can use CODEX_HOME: {codex_path}"
+            )
+        except Exception as exc:
+            log.warning(f"Failed to mask repo-local .codex file {codex_path}: {exc}")
+    return masked
+
+
+def _restore_repo_local_codex_files(masked: List[Tuple[Path, Path]]) -> None:
+    for codex_path, backup in reversed(masked):
+        try:
+            if os.path.lexists(codex_path):
+                if codex_path.is_dir() and not codex_path.is_symlink():
+                    rmtree(codex_path)
+                else:
+                    codex_path.unlink()
+            if os.path.lexists(backup):
+                os.replace(backup, codex_path)
+        except Exception as exc:
+            log.warning(f"Failed to restore repo-local .codex file {codex_path}: {exc}")
+
+
 def _resolve_codex_command_prefix(config: OpenAICodexRuntimeConfig) -> List[str]:
     override_json = config.codex_bin_json
     if override_json:
@@ -698,7 +779,7 @@ def _summarize_json_event(obj: Dict[str, Any]) -> str:
         event_type = "event"
     # Skip noisy streaming deltas unless they contain meaningful text fragments.
     delta_like = event_type.endswith(".delta") or event_type.endswith("_delta")
-    # Reasoning/thinking events are always surfaced — they show the model's reasoning process.
+    # Reasoning/thinking events are always surfaced because they show the model's reasoning process.
     reasoning_like = _contains_reasoning_marker(event_type) or _event_contains_reasoning(obj)
 
     tool_name = ""
@@ -1487,7 +1568,11 @@ def _run_codex_task(
             env.pop("OPENAI_API_KEY", None)
             env.pop("OPENAI_BASE_URL", None)
             env.pop("OPENAI_API_BASE", None)
-            login_status = _run_codex_login_status(codex_cmd_prefix, repo, env)
+            codex_project_mask = _mask_repo_local_codex_files(repo, env)
+            try:
+                login_status = _run_codex_login_status(codex_cmd_prefix, repo, env)
+            finally:
+                _restore_repo_local_codex_files(codex_project_mask)
             if not login_status.get("ok"):
                 detail = (
                     str(login_status.get("stderr") or "").strip()
@@ -1554,148 +1639,152 @@ def _run_codex_task(
         if communicate_timeout_s:
             log.debug(f"communicate timeout: {communicate_timeout_s}s")
 
-        proc = subprocess.Popen(
-            cmd,
-            cwd=repo,
-            env=env,
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-            stdin=subprocess.PIPE,
-            text=True,
-            encoding="utf-8",
-            errors="replace",
-        )
-        _ACTIVE_CHILD = proc
-        started_at = time.monotonic()
-        progress_interval_s = _resolve_progress_log_interval_seconds(runtime_config)
-
-        stdout_chunks: List[str] = []
-        stderr_chunks: List[str] = []
-        stdout_trace_state = _empty_codex_trace()
-        trace_lock = threading.Lock()
-        last_activity_at = {"ts": started_at}
-        wrapper_rejection_state: Dict[str, Any] = {"count": 0, "commands": []}
-
-        def _drain_stdout() -> None:
-            stream = proc.stdout
-            if stream is None:
-                return
-            try:
-                for chunk in iter(stream.readline, ""):
-                    if chunk == "":
-                        break
-                    stdout_chunks.append(chunk)
-                    line = chunk.strip()
-                    if not line:
-                        continue
-                    with trace_lock:
-                        last_activity_at["ts"] = time.monotonic()
-                        _record_live_codex_stdout_line(line, use_json, stdout_trace_state)
-            except Exception:
-                pass
-            finally:
+        codex_project_mask = _mask_repo_local_codex_files(repo, env)
+        try:
+            proc = subprocess.Popen(
+                cmd,
+                cwd=repo,
+                env=env,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                stdin=subprocess.PIPE,
+                text=True,
+                encoding="utf-8",
+                errors="replace",
+            )
+            _ACTIVE_CHILD = proc
+            started_at = time.monotonic()
+            progress_interval_s = _resolve_progress_log_interval_seconds(runtime_config)
+
+            stdout_chunks: List[str] = []
+            stderr_chunks: List[str] = []
+            stdout_trace_state = _empty_codex_trace()
+            trace_lock = threading.Lock()
+            last_activity_at = {"ts": started_at}
+            wrapper_rejection_state: Dict[str, Any] = {"count": 0, "commands": []}
+
+            def _drain_stdout() -> None:
+                stream = proc.stdout
+                if stream is None:
+                    return
                 try:
-                    stream.close()
+                    for chunk in iter(stream.readline, ""):
+                        if chunk == "":
+                            break
+                        stdout_chunks.append(chunk)
+                        line = chunk.strip()
+                        if not line:
+                            continue
+                        with trace_lock:
+                            last_activity_at["ts"] = time.monotonic()
+                            _record_live_codex_stdout_line(line, use_json, stdout_trace_state)
                 except Exception:
                     pass
-
-        def _drain_stderr() -> None:
-            stream = proc.stderr
-            if stream is None:
-                return
-            try:
-                for chunk in iter(stream.readline, ""):
-                    if chunk == "":
-                        break
-                    stderr_chunks.append(chunk)
-                    rejected_commands = _collect_disallowed_shell_wrapper_rejections(chunk)
-                    if rejected_commands:
-                        with trace_lock:
-                            wrapper_rejection_state["count"] = to_int(
-                                wrapper_rejection_state.get("count"), 0
-                            ) + len(rejected_commands)
-                            tracked = wrapper_rejection_state.get("commands")
-                            if not isinstance(tracked, list):
-                                tracked = []
-                            for command in rejected_commands:
-                                lowered = command.lower()
-                                if any(str(item).lower() == lowered for item in tracked):
-                                    continue
-                                tracked.append(command)
-                            wrapper_rejection_state["commands"] = tracked[:6]
-            except Exception:
-                pass
-            finally:
+                finally:
+                    try:
+                        stream.close()
+                    except Exception:
+                        pass
+
+            def _drain_stderr() -> None:
+                stream = proc.stderr
+                if stream is None:
+                    return
                 try:
-                    stream.close()
+                    for chunk in iter(stream.readline, ""):
+                        if chunk == "":
+                            break
+                        stderr_chunks.append(chunk)
+                        rejected_commands = _collect_disallowed_shell_wrapper_rejections(chunk)
+                        if rejected_commands:
+                            with trace_lock:
+                                wrapper_rejection_state["count"] = to_int(
+                                    wrapper_rejection_state.get("count"), 0
+                                ) + len(rejected_commands)
+                                tracked = wrapper_rejection_state.get("commands")
+                                if not isinstance(tracked, list):
+                                    tracked = []
+                                for command in rejected_commands:
+                                    lowered = command.lower()
+                                    if any(str(item).lower() == lowered for item in tracked):
+                                        continue
+                                    tracked.append(command)
+                                wrapper_rejection_state["commands"] = tracked[:6]
+                except Exception:
+                    pass
+                finally:
+                    try:
+                        stream.close()
+                    except Exception:
+                        pass
+
+            stdout_thread = threading.Thread(target=_drain_stdout, daemon=True)
+            stderr_thread = threading.Thread(target=_drain_stderr, daemon=True)
+            stdout_thread.start()
+            stderr_thread.start()
+
+            if proc.stdin is not None:
+                try:
+                    proc.stdin.write(prompt)
+                    proc.stdin.close()
                 except Exception:
                     pass
 
-        stdout_thread = threading.Thread(target=_drain_stdout, daemon=True)
-        stderr_thread = threading.Thread(target=_drain_stderr, daemon=True)
-        stdout_thread.start()
-        stderr_thread.start()
-
-        if proc.stdin is not None:
-            try:
-                proc.stdin.write(prompt)
-                proc.stdin.close()
-            except Exception:
-                pass
-
-        deadline = (
-            started_at + float(communicate_timeout_s)
-            if communicate_timeout_s and communicate_timeout_s > 0
-            else None
-        )
-        next_progress_at = started_at + float(progress_interval_s)
-        timed_out = False
-        command_policy_rejection_loop = False
-
-        while proc.poll() is None:
-            now = time.monotonic()
-            if deadline is not None and now >= deadline:
-                timed_out = True
-                _terminate_active_child()
-                break
+            deadline = (
+                started_at + float(communicate_timeout_s)
+                if communicate_timeout_s and communicate_timeout_s > 0
+                else None
+            )
+            next_progress_at = started_at + float(progress_interval_s)
+            timed_out = False
+            command_policy_rejection_loop = False
 
-            with trace_lock:
-                wrapper_rejections = to_int(wrapper_rejection_state.get("count"), 0)
-            if wrapper_rejections >= 3:
-                command_policy_rejection_loop = True
-                _terminate_active_child()
-                break
+            while proc.poll() is None:
+                now = time.monotonic()
+                if deadline is not None and now >= deadline:
+                    timed_out = True
+                    _terminate_active_child()
+                    break
 
-            if now >= next_progress_at:
-                elapsed = int(max(0.0, now - started_at))
                 with trace_lock:
-                    last_event = float(last_activity_at.get("ts", started_at))
-                    valid_json = to_int(stdout_trace_state.get("valid_json"), 0)
-                    total_lines = to_int(stdout_trace_state.get("line_count"), 0)
-                idle_for = int(max(0.0, now - last_event))
-                if use_json:
-                    log.info(
-                        f"codex exec still running ({elapsed}s elapsed, json_events={valid_json}, idle={idle_for}s)"
-                    )
-                else:
-                    log.info(
-                        f"codex exec still running ({elapsed}s elapsed, stdout_lines={total_lines}, idle={idle_for}s)"
-                    )
-                next_progress_at = now + float(progress_interval_s)
+                    wrapper_rejections = to_int(wrapper_rejection_state.get("count"), 0)
+                if wrapper_rejections >= 3:
+                    command_policy_rejection_loop = True
+                    _terminate_active_child()
+                    break
+
+                if now >= next_progress_at:
+                    elapsed = int(max(0.0, now - started_at))
+                    with trace_lock:
+                        last_event = float(last_activity_at.get("ts", started_at))
+                        valid_json = to_int(stdout_trace_state.get("valid_json"), 0)
+                        total_lines = to_int(stdout_trace_state.get("line_count"), 0)
+                    idle_for = int(max(0.0, now - last_event))
+                    if use_json:
+                        log.info(
+                            f"codex exec still running ({elapsed}s elapsed, json_events={valid_json}, idle={idle_for}s)"
+                        )
+                    else:
+                        log.info(
+                            f"codex exec still running ({elapsed}s elapsed, stdout_lines={total_lines}, idle={idle_for}s)"
+                        )
+                    next_progress_at = now + float(progress_interval_s)
 
-            time.sleep(1.0)
+                time.sleep(1.0)
 
-        try:
-            proc.wait(timeout=5)
-        except Exception:
             try:
-                proc.kill()
                 proc.wait(timeout=5)
             except Exception:
-                pass
+                try:
+                    proc.kill()
+                    proc.wait(timeout=5)
+                except Exception:
+                    pass
 
-        stdout_thread.join(timeout=2)
-        stderr_thread.join(timeout=2)
+            stdout_thread.join(timeout=2)
+            stderr_thread.join(timeout=2)
+        finally:
+            _restore_repo_local_codex_files(codex_project_mask)
 
         return_code = proc.returncode
         _ACTIVE_CHILD = None

package/runtime/sandbox/apps/workerpals/src/backends/openai_codex/test_openai_codex_runtime_config.py

@@ -33,7 +33,9 @@ from openai_codex_executor import (
     _detect_codex_workaround_signal,
     _extract_usage_counts,
     _load_prompt_template,
+    _mask_repo_local_codex_files,
     _repo_root_for_prompt_loading,
+    _restore_repo_local_codex_files,
     _resolve_codex_command_prefix,
     _unwrap_shell_wrapper_command,
     _usage_from_trace_or_estimate,
@@ -80,6 +82,61 @@ class OpenAICodexRuntimeConfigTests(unittest.TestCase):
         self.assertEqual(cfg.reasoning_effort, "xhigh")
         self.assertFalse(cfg.json_output)
 
+    def test_masks_and_restores_repo_local_codex_file(self) -> None:
+        with tempfile.TemporaryDirectory(prefix="pushpals-codex-mask-") as root:
+            repo = Path(root) / "repo"
+            repo.mkdir()
+            codex_file = repo / ".codex"
+            codex_file.write_text("tracked repo sentinel\n", encoding="utf-8")
+
+            masked = _mask_repo_local_codex_files(str(repo), {})
+            try:
+                self.assertFalse(codex_file.exists())
+                self.assertEqual(len(masked), 1)
+                self.assertTrue(masked[0][1].exists())
+            finally:
+                _restore_repo_local_codex_files(masked)
+
+            self.assertEqual(codex_file.read_text(encoding="utf-8"), "tracked repo sentinel\n")
+
+    def test_masks_project_root_override_codex_file_for_worktree_runs(self) -> None:
+        with tempfile.TemporaryDirectory(prefix="pushpals-codex-mask-root-") as root:
+            project_root = Path(root) / "project"
+            worktree = project_root / ".worktrees" / "job-123"
+            worktree.mkdir(parents=True)
+            root_codex_file = project_root / ".codex"
+            worktree_codex_file = worktree / ".codex"
+            root_codex_file.write_text("root sentinel\n", encoding="utf-8")
+            worktree_codex_file.write_text("worktree sentinel\n", encoding="utf-8")
+
+            masked = _mask_repo_local_codex_files(
+                str(worktree),
+                {"PUSHPALS_REPO_ROOT_OVERRIDE": str(project_root)},
+            )
+            try:
+                self.assertFalse(root_codex_file.exists())
+                self.assertFalse(worktree_codex_file.exists())
+                self.assertEqual(len(masked), 2)
+            finally:
+                _restore_repo_local_codex_files(masked)
+
+            self.assertEqual(root_codex_file.read_text(encoding="utf-8"), "root sentinel\n")
+            self.assertEqual(worktree_codex_file.read_text(encoding="utf-8"), "worktree sentinel\n")
+
+    def test_does_not_mask_repo_local_codex_directory(self) -> None:
+        with tempfile.TemporaryDirectory(prefix="pushpals-codex-mask-dir-") as root:
+            repo = Path(root) / "repo"
+            codex_dir = repo / ".codex"
+            codex_dir.mkdir(parents=True)
+            (codex_dir / "config.toml").write_text("[hooks]\n", encoding="utf-8")
+
+            masked = _mask_repo_local_codex_files(str(repo), {})
+            try:
+                self.assertEqual(masked, [])
+                self.assertTrue((codex_dir / "config.toml").exists())
+            finally:
+                _restore_repo_local_codex_files(masked)
+
     def test_reasoning_effort_defaults_to_extra_high_for_default_gpt_5_5(self) -> None:
         cfg = OpenAICodexRuntimeConfig.from_sources(
             SettingsResolver(env={}, config_loader=lambda: {}),

package/runtime/sandbox/apps/workerpals/src/execute_job.ts

@@ -3,10 +3,9 @@
  * Used by both the host Worker (direct mode) and the Docker job runner.
  */
 
-import { existsSync, readFileSync, rmSync, unlinkSync } from "fs";
+import { existsSync, lstatSync, readFileSync, renameSync, rmSync, unlinkSync } from "fs";
 import { resolve } from "path";
 import {
-  deriveAutonomyComponentArea,
   buildGitCommitArgs as buildSourceControlGitCommitArgs,
   explicitSourceControlCommitIdentityFromEnv,
   loadPromptTemplate,
@@ -15,11 +14,9 @@ import {
   extractVisionKeyItems,
   formatToolRequirement,
   matchesGlob,
-  normalizeAutonomyComponentArea,
   normalizeTargetPath,
   requirementsForValidationCommand,
   sanitizeSourceControlIdentityField,
-  type AutonomyComponentArea,
   type SourceControlCommitIdentity,
   type ToolRequirement,
 } from "shared";
@@ -388,13 +385,6 @@ export function shouldEnqueueNoChangeReviewCompletion(
   return extractReviewFixContext(params) == null;
 }
 
-function reviewAgentAllowsMultiRootScope(value: unknown): boolean {
-  const normalized = String(value ?? "")
-    .trim()
-    .toLowerCase();
-  return normalized === "review_fix" || normalized === "merge_conflict";
-}
-
 export function deriveQualityGatePolicy(
   params: Record<string, unknown> | null | undefined,
   runtimeConfig: WorkerpalsRuntimeConfig = DEFAULT_CONFIG,
@@ -1655,7 +1645,7 @@ async function runDeterministicQualityGate(
   if (scopedValidationFailure === "outside_task_scope") {
     onLog?.(
       "stderr",
-      "[ValidationGate] Required validation failures appear outside the task write scope; treating them as publish blockers, not repair instructions.",
+      "[ValidationGate] Required validation failures appear outside the task target/relevance hints; treating them as publish blockers, not repair instructions.",
     );
   }
 
@@ -2176,6 +2166,12 @@ export type WorkerGitCommitIdentity = SourceControlCommitIdentity;
 
 export const explicitWorkerCommitIdentityFromEnv = explicitSourceControlCommitIdentityFromEnv;
 
+async function unstageSandboxArtifactPaths(
+  repo: string,
+): Promise<{ ok: boolean; stdout: string; stderr: string }> {
+  return git(repo, ["reset", "-q", "--", ...SANDBOX_STAGE_ARTIFACT_PATHS]);
+}
+
 async function resolveGitConfigValue(repo: string, key: string): Promise<string> {
   const value = await git(repo, ["config", "--get", key]);
   return value.ok ? sanitizeSourceControlIdentityField(value.stdout) : "";
@@ -2292,19 +2288,21 @@ export async function createJobCommit(
         console.warn(
           `[WorkerPals] Stage target invalid/missing for ${job.kind}; retrying with fallback "git add -A".`,
         );
-        result = await git(repo, [
-          "add",
-          "-A",
-          "--",
-          ".",
-          ":(exclude)workspace/**",
-          ":(exclude)outputs/**",
-        ]);
+        result = await git(repo, ["add", "-A"]);
       }
       if (!result.ok) {
         return { ok: false, error: `Failed to stage changes: ${result.stderr || result.stdout}` };
       }
     }
+    if (job.kind === "task.execute") {
+      const unstageArtifacts = await unstageSandboxArtifactPaths(repo);
+      if (!unstageArtifacts.ok) {
+        return {
+          ok: false,
+          error: `Failed to unstage sandbox artifact paths: ${unstageArtifacts.stderr || unstageArtifacts.stdout}`,
+        };
+      }
+    }
 
     // Check if there are changes to commit
     result = await git(repo, ["diff", "--cached", "--quiet"]);
@@ -2504,16 +2502,7 @@ function buildStageTargets(kind: string, params?: Record<string, unknown>): stri
 
 export function buildStageCommand(kind: string, params?: Record<string, unknown>): string[] | null {
   if (kind === "task.execute") {
-    return [
-      "add",
-      "-A",
-      "--",
-      ".",
-      ":(exclude)workspace/**",
-      ":(exclude)outputs/**",
-      ":(exclude).codex",
-      ":(exclude).codex/**",
-    ];
+    return ["add", "-A"];
   }
   const targets = buildStageTargets(kind, params);
   if (targets.length === 0) {
@@ -3058,25 +3047,11 @@ export async function resumePreparedMergeConflictRebase(
           "stdout",
           `[MergeConflict] Stage target invalid/missing for ${kind}; retrying with fallback "git add -A".`,
         );
-        stageResult = await git(repo, [
-          "add",
-          "-A",
-          "--",
-          ".",
-          ":(exclude)workspace/**",
-          ":(exclude)outputs/**",
-        ]);
+        stageResult = await git(repo, ["add", "-A"]);
       }
     }
   } else {
-    stageResult = await git(repo, [
-      "add",
-      "-A",
-      "--",
-      ".",
-      ":(exclude)workspace/**",
-      ":(exclude)outputs/**",
-    ]);
+    stageResult = await git(repo, ["add", "-A"]);
   }
   if (!stageResult.ok) {
     return {
@@ -3086,6 +3061,15 @@ export async function resumePreparedMergeConflictRebase(
         combinedGitOutput(stageResult),
     };
   }
+  const unstageArtifacts = await unstageSandboxArtifactPaths(repo);
+  if (!unstageArtifacts.ok) {
+    return {
+      ok: false,
+      error:
+        "Failed to unstage sandbox artifact paths before continuing rebase: " +
+        combinedGitOutput(unstageArtifacts),
+    };
+  }
 
   let rebaseContinue = await git(repo, ["-c", "core.editor=true", "rebase", "--continue"]);
   let continueOutput = combinedGitOutput(rebaseContinue);
@@ -3235,19 +3219,19 @@ async function createMergeConflictJobCommit(
       console.warn(
         `[WorkerPals] Stage target invalid/missing for merge-conflict job ${job.id}; retrying with fallback "git add -A".`,
       );
-      result = await git(repo, [
-        "add",
-        "-A",
-        "--",
-        ".",
-        ":(exclude)workspace/**",
-        ":(exclude)outputs/**",
-      ]);
+      result = await git(repo, ["add", "-A"]);
     }
     if (!result.ok) {
       return { ok: false, error: `Failed to stage merge-conflict changes: ${result.stderr || result.stdout}` };
     }
   }
+  const unstageArtifacts = await unstageSandboxArtifactPaths(repo);
+  if (!unstageArtifacts.ok) {
+    return {
+      ok: false,
+      error: `Failed to unstage sandbox artifact paths: ${unstageArtifacts.stderr || unstageArtifacts.stdout}`,
+    };
+  }
 
   const cachedDiffQuiet = await git(repo, ["diff", "--cached", "--quiet"]);
   let headSha = await currentRefSha(repo, "HEAD");
@@ -3610,6 +3594,85 @@ export function shouldUseCodexCliForExecutor(executor: string): boolean {
   return executor.trim().toLowerCase() === "openai_codex";
 }
 
+type MaskedRepoLocalCodexFile = {
+  codexPath: string;
+  backupPath: string;
+};
+
+function codexProjectConfigRoots(repo: string, env: Record<string, string>): string[] {
+  const roots: string[] = [];
+  const seen = new Set<string>();
+  const add = (raw: unknown) => {
+    const text = String(raw ?? "").trim();
+    if (!text) return;
+    const root = resolve(text);
+    const key = root.toLowerCase();
+    if (seen.has(key)) return;
+    seen.add(key);
+    roots.push(root);
+  };
+  add(repo);
+  for (const key of [
+    "PUSHPALS_REPO_ROOT_OVERRIDE",
+    "PUSHPALS_PROJECT_ROOT_OVERRIDE",
+    "PUSHPALS_ASSIGNED_REPO_ROOT",
+    "PUSHPALS_REPO_PATH",
+  ]) {
+    add(env[key]);
+  }
+  return roots;
+}
+
+function maskRepoLocalCodexFilesForCodexCli(
+  repo: string,
+  env: Record<string, string>,
+): MaskedRepoLocalCodexFile[] {
+  const masked: MaskedRepoLocalCodexFile[] = [];
+  for (const root of codexProjectConfigRoots(repo, env)) {
+    const codexPath = resolve(root, ".codex");
+    if (!existsSync(codexPath)) continue;
+    try {
+      if (lstatSync(codexPath).isDirectory()) continue;
+      let backupPath = resolve(root, `.codex.pushpals-masked-${process.pid}-${masked.length}`);
+      let suffix = 0;
+      while (existsSync(backupPath)) {
+        suffix += 1;
+        backupPath = resolve(
+          root,
+          `.codex.pushpals-masked-${process.pid}-${masked.length}-${suffix}`,
+        );
+      }
+      renameSync(codexPath, backupPath);
+      masked.push({ codexPath, backupPath });
+      console.warn(
+        `[WorkerPals] Temporarily masked repo-local .codex file so Codex CLI can use CODEX_HOME: ${codexPath}`,
+      );
+    } catch (error) {
+      console.warn(
+        `[WorkerPals] Failed to mask repo-local .codex file ${codexPath}: ${String(error)}`,
+      );
+    }
+  }
+  return masked;
+}
+
+function restoreRepoLocalCodexFilesForCodexCli(masked: MaskedRepoLocalCodexFile[]): void {
+  for (const entry of [...masked].reverse()) {
+    try {
+      if (existsSync(entry.codexPath)) {
+        rmSync(entry.codexPath, { recursive: true, force: true });
+      }
+      if (existsSync(entry.backupPath)) {
+        renameSync(entry.backupPath, entry.codexPath);
+      }
+    } catch (error) {
+      console.warn(
+        `[WorkerPals] Failed to restore repo-local .codex file ${entry.codexPath}: ${String(error)}`,
+      );
+    }
+  }
+}
+
 function normalizeCodexReasoningEffort(
   value: unknown,
   model = "",
@@ -3720,11 +3783,13 @@ async function generateCommitMessageFromDiffViaCodex(
   if (model) cmd.push("-m", model);
   cmd.push("-");
 
+  const env = buildWorkerSandboxWritableEnv(repo);
+  const codexMask = maskRepoLocalCodexFilesForCodexCli(repo, env);
   try {
     const stdinText = `${prompt.systemPrompt}\n\n${prompt.userMessage}`;
     const proc = Bun.spawn(cmd, {
       cwd: repo,
-      env: buildWorkerSandboxWritableEnv(repo),
+      env,
       stdout: "pipe",
       stderr: "pipe",
       stdin: new Blob([stdinText]),
@@ -3759,6 +3824,7 @@ async function generateCommitMessageFromDiffViaCodex(
   } catch {
     return null;
   } finally {
+    restoreRepoLocalCodexFilesForCodexCli(codexMask);
     try {
       unlinkSync(tmpOutputPath);
     } catch {
@@ -3938,9 +4004,7 @@ function hasInvalidRepoPathHint(values: string[]): boolean {
   return values.some((entry) => normalizeStagePath(entry) === null);
 }
 
-function asAutonomyComponentArea(value: unknown): AutonomyComponentArea | null {
-  return normalizeAutonomyComponentArea(value);
-}
+const SANDBOX_STAGE_ARTIFACT_PATHS = ["workspace", "outputs", ".codex"];
 
 function taskExecuteOrigin(params: Record<string, unknown>): "autonomy" | "user" {
   const explicit = String(params.origin ?? "")
@@ -3961,20 +4025,11 @@ export function collectWriteScopeIssuesFromChangedPaths(
   changedPaths: string[],
   planning: TaskExecutePlanning,
 ): string[] {
-  const normalizedChangedPaths = changedPaths
-    .map((entry) => normalizeStagePath(entry))
-    .filter((entry): entry is string => Boolean(entry) && entry !== ".");
-  if (normalizedChangedPaths.length === 0) return [];
-
-  const forbidden = toStringArray(planning.scope.forbiddenGlobs ?? []);
-  const issues: string[] = [];
-  const forbiddenTouched = normalizedChangedPaths.filter((path) =>
-    forbidden.some((glob) => matchesGlob(path, glob)),
-  );
-  if (forbiddenTouched.length > 0) {
-    issues.push(`modified paths matching forbiddenGlobs: ${forbiddenTouched.join(", ")}`);
-  }
-  return issues;
+  void changedPaths;
+  void planning;
+  // WorkerPals run in isolated worktrees and may write anywhere in that repo sandbox.
+  // Scope hints guide planning/review, but they are not hard write privileges.
+  return [];
 }
 
 function sanitizeTaskExecutePlanningPathHints(value: unknown): unknown {
@@ -4096,37 +4151,6 @@ function validateTaskExecutePlanning(
         message: "task.execute planning.targetPaths must contain literal repo-relative paths",
       };
     }
-    const normalizedWriteGlobs = isStringArray(scope.writeGlobs)
-      ? toStringArray(scope.writeGlobs)
-      : [];
-    const allowMultiRootAutonomyScope =
-      origin === "autonomy" &&
-      reviewAgentAllowsMultiRootScope(options?.reviewAgentResolutionType);
-    if (origin === "autonomy") {
-      const declaredComponentArea = asAutonomyComponentArea(options?.autonomyComponentArea);
-      if (!allowMultiRootAutonomyScope && declaredComponentArea) {
-        const inferredComponentArea = deriveAutonomyComponentArea(
-          normalizedTargetPaths,
-          normalizedWriteGlobs,
-        );
-        if (inferredComponentArea && declaredComponentArea !== inferredComponentArea) {
-          return {
-            ok: false,
-            message: "task.execute planning.targetPaths do not match autonomy componentArea",
-          };
-        }
-      }
-    } else if (normalizedWriteGlobs.length > 0) {
-      const uncoveredPaths = normalizedTargetPaths.filter(
-        (targetPath) => !normalizedWriteGlobs.some((glob) => matchesGlob(targetPath, glob)),
-      );
-      if (uncoveredPaths.length > 0) {
-        return {
-          ok: false,
-          message: `task.execute planning.targetPaths must be covered by planning.scope.writeGlobs: ${uncoveredPaths.join(", ")}`,
-        };
-      }
-    }
   }
 
   if (planning.discovery !== undefined) {
@@ -4353,10 +4377,12 @@ async function runCodexCriticReview(
     "-",
   ];
 
+  const env = buildWorkerSandboxWritableEnv(repo);
+  const codexMask = maskRepoLocalCodexFilesForCodexCli(repo, env);
   try {
     const proc = Bun.spawn(cmd, {
       cwd: repo,
-      env: buildWorkerSandboxWritableEnv(repo),
+      env,
       stdout: "pipe",
       stderr: "pipe",
       stdin: new Blob([criticInstruction]),
@@ -4436,6 +4462,13 @@ async function runCodexCriticReview(
   } catch (err) {
     onLog?.("stderr", `[CriticGate] Codex error: ${toSingleLine(err, 220)} (skipping).`);
     return null;
+  } finally {
+    restoreRepoLocalCodexFilesForCodexCli(codexMask);
+    try {
+      unlinkSync(tmpOutputPath);
+    } catch {
+      /* ignore */
+    }
   }
 }
 
@@ -4750,7 +4783,7 @@ export async function executeJob(
           [
             result.stderr ?? "",
             validationOutsideTaskScope
-              ? "Validation failures appear outside the task write scope and are treated as pre-existing repo blockers."
+              ? "Validation failures appear outside the task target/relevance hints and are treated as pre-existing repo blockers."
               : "",
             ...quality.validationRuns.flatMap((run) => [run.stdout, run.stderr]).filter(Boolean),
           ]