0.4.0 — multi-repo discard, zombie sweep, base-branch detect, deltas

[wenqingyu]

Summary

Closes a batch of operational potholes surfaced by ~50 real spawns across multi-repo workspaces. Most changes are defaults that empirical evidence has already validated; a few are bug fixes for things the test suite never caught because they only manifest across process restarts or in repos with non-main defaults.

Fixed

• discard failed in multi-repo workspaces. Ran git -C <orchestrator-default-repo> instead of the per-spawn repo_root override. In HQ-style workspaces where the orchestrator's launch cwd isn't itself a git repo, this exited with fatal: not a git repository. Fix: persist repo_root on the agent record and recreate a per-record Worktrees instance for discard/merge/cancel --force.
• Stale "running" zombies after process crashes. Records lingered in state.json indefinitely (some lasted days). Fix: Registry.load() sweeps running/queued records into failed with error.kind = "zombie".
• Stale baseline against origin/<base_ref>. Long-lived servers branched off whatever the local ref pointed at when the worktree was created. Fix: best-effort git fetch origin <base_ref> --quiet before worktree add.
• base_ref defaulted to main even in master-default repos. ~40% of real-world repos use master; spawns died with fatal: invalid reference: main. Fix: probe origin/HEAD → main → master → develop.

Added

• Implementer default sandbox is now danger-full-access. workspace-write silently dropped .git/worktrees/*.lock writes for ~15-20% of spawns even with the 0.3.7 canonicalized writable_roots workaround. The agent is already isolated to a throwaway worktree branch, so danger-full-access is the smaller blast radius. Override via [roles.implementer] sandbox = "workspace-write" in magic-codex.toml.
• Rust no-fmt guardrail. When the worktree contains a Cargo.toml, the orchestrator prepends a hard "DO NOT run cargo fmt" rule to developer_instructions. Empirical: zero churn on Rust spawns since this landed (was ~20-30 unrelated files churned per spawn).
• error.retry_at and error.retry_after_seconds parsed from "try again at HH:MM" / "retry after Ns" rate-limit messages, resolved to absolute UTC. Callers can sleep precisely instead of polling.
• AgentRecord.delta — branch / commit_sha / diff_stat / commits_ahead captured post-completion, surfaced separately on status and result so callers don't parse the (truncated) prose last_output.
• AgentRecord.repo_root — persisted at spawn time. Absent on records created before 0.4.0; those fall back to the orchestrator's default repoRoot.
• .magic-codex/ auto-added to repo .gitignore on first worktree-bearing spawn.

Internal

• classifyError(message, stderrTail) preserved for legacy callers; new classifyErrorDetailed(...) returns { kind, retry_at?, retry_after_seconds? }.
• AgentErrorKind gains "zombie".
• Worktrees gains ensureGitignore() and detectDefaultBranch() (best-effort, never throw).

Test plan

• npm run typecheck — clean
• npm test — 103 tests passing (was 88), stable across 3 consecutive runs
• npm run build — plugin/dist/index.js rebuilt
• Manual: spawn into a master-default repo without base_ref and confirm worktree branches off master
• Manual: spawn into a multi-repo workspace, confirm discard succeeds without fatal: not a git repository
• Manual: induce a process crash mid-spawn, restart, confirm the orphaned record shows failed/kind=zombie instead of phantom running

🤖 Generated with Claude Code