From 95968b3eb4de1ae83ec5edf63fcef1831526fcf9 Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Mon, 18 May 2026 21:13:15 -0700 Subject: [PATCH] test(codex): pin filesystem-boundary preservation across all codex review surfaces (#1503, #1522) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit #1503 reported that the bare codex review --base path stripped the filesystem boundary instruction, letting Codex spend tokens reading .claude/skills/ and agents/. #1522 proposed adding a skill-path detector that switched to the custom-instructions route when the diff touched skill files. After C10 (#1209) restructured codex review to always carry the boundary in the prompt (the prompt+--base argv conflict forced the restructure), the skill-path detector becomes redundant — every default call already preserves the boundary. This commit pins the post-#1209 invariant with a test that fails the build if any future refactor strips the boundary from codex/SKILL.md, review/SKILL.md, or ship/SKILL.md. Closes #1503 by regression test. #1522 (@genisis0x) is superseded by #1209 (the prompt rewrite covers its safety concern); credit retained in CHANGELOG. Co-Authored-By: Claude Opus 4.7 (1M context) --- test/skill-validation.test.ts | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/test/skill-validation.test.ts b/test/skill-validation.test.ts index b3282272c..ed3c32611 100644 --- a/test/skill-validation.test.ts +++ b/test/skill-validation.test.ts @@ -1429,6 +1429,21 @@ describe('Codex skill', () => { } }); + test('codex review prompts always carry the filesystem boundary (#1503/#1522 regression)', () => { + // Pre-#1209, the bare `codex review --base` path stripped the filesystem + // boundary instruction, letting Codex spend tokens reading skill files. + // #1209's prompt rewrite restored the boundary by routing every default + // call through a prompt. Pin both halves so a future refactor can't + // regress: (a) the boundary line must appear, (b) the call must be + // through `codex review ""` not bare `codex review --base`. + const boundaryLine = + 'Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/'; + for (const rel of ['codex/SKILL.md', 'review/SKILL.md', 'ship/SKILL.md']) { + const content = fs.readFileSync(path.join(ROOT, rel), 'utf-8'); + expect(content).toContain(boundaryLine); + } + }); + test('/review persists a review-log entry for ship readiness', () => { const content = fs.readFileSync(path.join(ROOT, 'review', 'SKILL.md'), 'utf-8'); expect(content).toContain('"skill":"review"');