okstra 0.91.0 → 0.91.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "okstra",
3
- "version": "0.91.0",
3
+ "version": "0.91.1",
4
4
  "description": "Multi-agent cross-verification orchestrator runtime + Claude Code skills.",
5
5
  "license": "MIT",
6
6
  "author": "devonshin",
@@ -1,5 +1,5 @@
1
1
  {
2
- "package": "0.91.0",
3
- "builtAt": "2026-06-18T06:40:45.488Z",
2
+ "package": "0.91.1",
3
+ "builtAt": "2026-06-18T06:51:56.885Z",
4
4
  "repoRoot": "/home/runner/work/okstra/okstra"
5
5
  }
@@ -36,12 +36,12 @@ The fourth argument is **mandatory for implementation phase** and optional other
36
36
 
37
37
  The wrapper internally runs:
38
38
  ```bash
39
- codex exec -C "<project-root>" [--add-dir "<worktree-path>"] --model "<model>" --sandbox workspace-write - < "<prompt-path>" 2>/dev/null
39
+ codex exec -C "<project-root>" [--add-dir "<worktree-path>"] --model "<model>" --sandbox workspace-write -c approval_policy=never - < "<prompt-path>" 2>/dev/null
40
40
  ```
41
41
 
42
42
  The wrapper exists because Claude Code's Bash permission matcher rejects simple-prefix matches when the command contains stdin/stderr redirects. Calling `codex exec ... < <path> 2>/dev/null` directly triggers a permission prompt every dispatch even when `Bash(codex exec:*)` is allowlisted. The wrapper folds the redirects inside, so the harness sees a single non-redirect command that matches `Bash($HOME/.okstra/bin/okstra-codex-exec.sh:*)`.
43
43
 
44
- **Do NOT use** non-existent flags like `-q` or `-a never`. **Do NOT** invoke `codex exec ... < ... 2>/dev/null` directly — always go through the wrapper.
44
+ **Do NOT use** the non-existent `-q` flag. The approval policy MUST be set with `-c approval_policy=never` (the `-a`/`--ask-for-approval` flag is NOT accepted by `codex exec` — it errors with `unexpected argument '-a'`); without `approval_policy=never` codex runs under the default `on-request` policy and, having no TTY to answer an approval prompt, ends the turn in a few seconds with exit 0 and no result file. **Do NOT** invoke `codex exec ... < ... 2>/dev/null` directly — always go through the wrapper.
45
45
 
46
46
  ## Execution Rules
47
47
 
@@ -77,7 +77,7 @@ The wrapper exists because Claude Code's Bash permission matcher rejects simple-
77
77
  ```bash
78
78
  $HOME/.okstra/bin/okstra-codex-exec.sh "<absolute-project-root>" "<assigned-model-execution-value>" "<absolute-prompt-history-path>" "<absolute-worktree-path>" "<pane-role>"
79
79
  ```
80
- Call `Bash` with `run_in_background: true`. Capture the returned `bash_id` (a.k.a. `shell_id`). Pass the positional arguments verbatim — do NOT use environment variables, `cd`, `&&` chains, or pipes from `cat`. Substitute the literal extracted Project Root, model execution value, prompt-history path, and worktree path, plus the `**Pane role:**` value (`executor` / `verifier`, or `worker` when the line is absent). The fourth argument is **mandatory for implementation phase** (extract from `EXECUTOR_WORKTREE_PATH` in the lead prompt's run context or the `**Worktree:**` / `cwd for every mutating command:` line) and **may be omitted only for non-implementation analysis phases** that do not mutate the worktree. The wrapper handles `-C`, `--add-dir`, `--model`, `--sandbox workspace-write`, the stdin redirect from the prompt file, and stderr suppression internally. Calling `codex exec` directly (without the wrapper) is an error in this skill: the redirect tokens disqualify the prefix match against `Bash(codex exec:*)` and produce a permission prompt every dispatch.
80
+ Call `Bash` with `run_in_background: true`. Capture the returned `bash_id` (a.k.a. `shell_id`). Pass the positional arguments verbatim — do NOT use environment variables, `cd`, `&&` chains, or pipes from `cat`. Substitute the literal extracted Project Root, model execution value, prompt-history path, and worktree path, plus the `**Pane role:**` value (`executor` / `verifier`, or `worker` when the line is absent). The fourth argument is **mandatory for implementation phase** (extract from `EXECUTOR_WORKTREE_PATH` in the lead prompt's run context or the `**Worktree:**` / `cwd for every mutating command:` line) and **may be omitted only for non-implementation analysis phases** that do not mutate the worktree. The wrapper handles `-C`, `--add-dir`, `--model`, `--sandbox workspace-write`, `-c approval_policy=never` (non-interactive: never block on an approval prompt the TTY-less dispatch cannot answer), the stdin redirect from the prompt file, and stderr suppression internally. Calling `codex exec` directly (without the wrapper) is an error in this skill: the redirect tokens disqualify the prefix match against `Bash(codex exec:*)` and produce a permission prompt every dispatch.
81
81
 
82
82
  **Poll loop (BashOutput-only, 30-minute cap):**
83
83
  - Record `start_ts` at dispatch time via a single `Bash` call: `date +%s` (output captured).
@@ -296,7 +296,19 @@ fi
296
296
  # stderr: appended to the live log only — mirrors the prior `2>/dev/null`
297
297
  # contract of keeping the wrapper's stderr stream clean.
298
298
  # exit: codex's own exit code is preserved by `wait`.
299
- codex exec -C "$project_root" ${extra_args[@]+"${extra_args[@]}"} --model "$model" --sandbox workspace-write - \
299
+ #
300
+ # approval_policy=never: this wrapper runs codex fully non-interactively — stdin
301
+ # is the prompt file (EOF after it) and stdout/stderr are pipes (process
302
+ # substitution), not a TTY. Under codex's default `on-request` policy the agent
303
+ # BLOCKS on an approval prompt the instant it wants to act outside the
304
+ # workspace-write sandbox (e.g. read a sibling repo the prompt references); with
305
+ # no TTY to answer, codex ends the turn after a few seconds with exit 0 and NO
306
+ # model output — the silent empty-result failure this wrapper otherwise reports
307
+ # as a spurious success. `never` returns sandbox-escalation failures to the
308
+ # model instead of prompting, so the turn proceeds. The sandbox stays
309
+ # `workspace-write`: this removes the approval gate, not the sandbox. It is the
310
+ # codex-side equivalent of the antigravity wrapper's `--dangerously-skip-permissions`.
311
+ codex exec -C "$project_root" ${extra_args[@]+"${extra_args[@]}"} --model "$model" --sandbox workspace-write -c approval_policy=never - \
300
312
  < "$prompt_path" \
301
313
  2>> "$log_path" \
302
314
  > >(tee -a "$log_path") &