[Loosen CLI Worktree Contract] Allow proven execution checkout outside session cwd#296
Conversation
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull request overview
Loosens PAW’s Copilot CLI dedicated-worktree execution contract so workflows can safely operate on a proven execution checkout even when the session working directory remains in a different checkout (caller checkout immutability preserved).
Changes:
- Updates agent/skill contract wording to require proving the execution checkout (vs requiring the session to already be inside it).
- Updates documentation/spec to describe out-of-cwd CLI worktree execution while keeping the caller checkout immutable.
- Adds/updates integration + content-regression tests covering the positive out-of-cwd flow and the “cannot prove execution checkout” failure mode.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/integration/tests/workflows/worktree-bootstrap.test.ts | Adds regression coverage for out-of-cwd execution and “cannot prove execution checkout” failure behavior. |
| tests/integration/tests/skills/execution-contract-content.test.ts | Adds prompt-content assertions to prevent the old “must already be in checkout” wording from regressing. |
| src/test/suite/initializeWorkItem.test.ts | Updates extension-side tests to match new contract wording present in skill templates. |
| skills/paw-init/SKILL.md | Updates CLI worktree initialization contract to allow session cwd ≠ execution checkout (with proof requirement). |
| skills/paw-git-operations/SKILL.md | Updates shared git contract wording to allow session cwd ≠ execution checkout (with proof requirement). |
| agents/PAW.agent.md | Updates top-level agent execution-checkout rules to align with the new “proven checkout” contract. |
| docs/specification/implementation.md | Updates spec text describing CLI behavior for worktree mode. |
| docs/guide/workflow-modes.md | Updates user guide wording for Dedicated Worktree behavior in Copilot CLI. |
| - Do not assume a registry or automatic handoff into another checkout. | ||
| - Use `Execution Mode: worktree` only when this session already runs in the intended execution checkout. Prove this with `WorkflowContext.md`, `git worktree list`, and the current repo/branch/worktree state. | ||
| - If proof fails (wrong checkout, branch mismatch, missing metadata), STOP and tell the user to open the worktree and restart PAW there, or re-initialize in `current-checkout` mode. | ||
| - In worktree mode, prove the intended execution checkout with `WorkflowContext.md`, `git worktree list`, and the current repo/branch/worktree state before continuing. The session cwd may differ from the execution checkout when that checkout path is already known or can be derived safely. | ||
| - If proof fails (execution checkout unknown, branch mismatch, missing metadata), STOP and give recovery guidance: `git worktree list`, identify or reopen the execution checkout, or re-initialize in `current-checkout` mode. |
There was a problem hiding this comment.
The updated CLI worktree contract allows session cwd to differ, but it doesn’t explicitly state how git/file operations must be executed in the proven execution checkout when cwd is elsewhere. As written, “current repo/branch/worktree state” is ambiguous and can be misread as the caller checkout’s state, which risks mutations in the wrong checkout. Please clarify that when cwd differs, the agent must run git commands against the candidate execution checkout path (e.g., by changing directories or using path-scoped git commands) and must treat the caller checkout’s repo/branch state as non-authoritative for proof.
| - If `Execution Mode: worktree`, continue only when the intended execution checkout can be proven from `WorkflowContext.md` metadata plus the current repo/branch/worktree state. The session cwd may differ from the execution checkout, but the caller checkout must never be mutated. | ||
| - If the execution checkout is ambiguous or cannot be proven from this session, STOP and report recovery guidance instead of guessing. |
There was a problem hiding this comment.
This contract says the session cwd may differ from the execution checkout, but it doesn’t specify that all git operations must be performed in the proven execution checkout directory (not the session cwd). Without that explicit requirement, the “current repo/branch/worktree state” phrasing is ambiguous and can lead to running git commands in the caller checkout. Please tighten the wording to require path-scoped git operations (or an explicit cwd switch) whenever the session cwd isn’t the execution checkout.
| - If `Execution Mode: worktree`, continue only when the intended execution checkout can be proven from `WorkflowContext.md` metadata plus the current repo/branch/worktree state. The session cwd may differ from the execution checkout, but the caller checkout must never be mutated. | |
| - If the execution checkout is ambiguous or cannot be proven from this session, STOP and report recovery guidance instead of guessing. | |
| - If `Execution Mode: worktree`, continue only when the intended execution checkout directory can be proven from `WorkflowContext.md` metadata plus the repo/branch/worktree state **for that execution checkout**, not the caller checkout. The session cwd may differ from the execution checkout, but **all git operations MUST be performed in the proven execution checkout directory**, either by using path-scoped git commands (for example, `git -C <execution-checkout-path> …`) or by explicitly switching the process cwd to that directory. The caller checkout must never be mutated. | |
| - If the execution checkout directory is ambiguous or cannot be proven from this session, STOP and report recovery guidance instead of guessing; do not run git commands against the caller checkout as a fallback. |
| - All branch creation, checkout, pull, push, PR-prep, and artifact writes happen only in the proven execution checkout. | ||
| - In worktree mode, the caller checkout must never be mutated. |
There was a problem hiding this comment.
The new rule allows the session cwd to differ from the execution checkout, but the agent instructions don’t explicitly require that all bash/git commands be executed in the proven execution checkout when cwd is elsewhere. This omission makes the “current repo/branch/worktree state” proof step ambiguous and risks accidental mutations in the caller checkout. Please add a concrete requirement that all git mutations and artifact writes must be performed via the proven execution checkout path (not the session cwd).
| - All branch creation, checkout, pull, push, PR-prep, and artifact writes happen only in the proven execution checkout. | |
| - In worktree mode, the caller checkout must never be mutated. | |
| - All branch creation, checkout, pull, push, PR-prep, git mutations, and artifact writes MUST execute **using the proven execution checkout path as the working directory**, never the session cwd when it differs (e.g., set the tool `cwd` to the execution checkout or use `git -C <execution-checkout> ...` and path-qualified file writes). | |
| - In worktree mode, the caller checkout must never be mutated. Do not run mutating git or filesystem commands in the caller checkout or any directory other than the proven execution checkout. |
Tighten the PAW agent, paw-init, and paw-git-operations contracts so git operations and artifact writes run via the proven execution checkout path when the session cwd differs. Also extend the prompt-content regression test to pin the new wording. Ref: #296 (comment) Ref: #296 (comment) Ref: #296 (comment) Co-authored-by: Copilot <[email protected]>
Closes #295
Summary
Loosen the Copilot CLI dedicated-worktree contract so PAW can operate on a proven execution checkout even when the session cwd remains outside that directory.
Changes
Testing
Breaking Changes
None.
Artifacts
🐾 Generated with PAW