Worktree-copy leaks untracked files in .archon/ into committed PR via bundled-defaults regen

[leex279]

Summary

• What broke: When an Archon workflow runs, the worktree-copy step pulls untracked files from the source checkout into the new worktree. If any such file lands under .archon/workflows/defaults/ (or any path scanned by generate:bundled), the workflow's validation step regenerates packages/workflows/src/defaults/bundled-defaults.generated.ts to include it, and the workflow's commit/push step then commits both the leaked file and the regenerated bundle into the PR.
• When it started: Pre-existing — same class of issue as fix(workflows): stop sweeping scratch artifacts from every git add -A site #1506 (fix(workflows): stop sweeping scratch artifacts from every git add -A site), which fixed the git add -A sweeping path but did not address the worktree-copy + bundled-defaults regeneration vector.
• Severity: major — silently pollutes PRs with unrelated changes; reviewers may miss the leak; reverting requires manual cleanup.

Real-world repro

Hit during work on #1576 → the resulting PR #1577 included .archon/workflows/defaults/archon-feedback.yaml (+337 lines) and a corresponding bundled-defaults.generated.ts change, neither of which had any relationship to the actual fix (a one-line path-separator normalization in scripts/check-bundled-skill.ts). Cleanup commit: 4cebf054.

Steps to Reproduce

1. In your Archon source checkout, create an untracked file at .archon/workflows/defaults/<anything>.yaml. (Leave it untracked — do not stage or commit.) The user's case was a draft of a personal community-feedback workflow.
2. Run any Archon workflow that produces a PR (archon workflow run archon-fix-github-issue --branch ...).
3. When the workflow opens its PR, observe that the PR includes:
   • The untracked file you never staged (.archon/workflows/defaults/<anything>.yaml)
   • A change to packages/workflows/src/defaults/bundled-defaults.generated.ts adding an entry for it

Expected vs Actual

• Expected: The worktree starts from a clean checkout of the target branch. Untracked files in the source checkout do not propagate into the worktree, and definitely never get committed.
• Actual: Worktree-copy pulls the untracked file into the worktree → bun run generate:bundled (run as part of validation/self-fix) regenerates bundled-defaults.generated.ts to embed it → workflow commits both files → both end up in the PR with no warning.

Root Cause

Two-step leak:

1. packages/isolation/src/worktree-copy.ts copies untracked files from the source checkout into the new worktree (presumably as a "preserve in-progress work" feature).
2. scripts/generate-bundled-defaults.ts scans .archon/workflows/defaults/ and .archon/commands/defaults/ on disk; whatever it finds gets embedded into the generated bundle.

When the workflow's validation/self-fix loop runs bun run generate:bundled, the regenerated bundle picks up the leaked file. The workflow's commit step then git adds both the leaked file and the regenerated bundle.

User Flow

Maintainer source checkout              Archon workflow                    Worktree                       PR
─────────────────────────               ───────────────                    ────────                       ──
.archon/workflows/defaults/      ─copy─▶ worktree-copy.ts          ─────▶  same untracked file            
  my-scratch.yaml (untracked)            (preserves in-progress work)      now sits in worktree           
                                                                                                          
                                         self-fix runs                                                    
                                         bun run generate:bundled  ─────▶  regenerated                    
                                                                            bundled-defaults.generated.ts  
                                                                            (embeds my-scratch.yaml)      
                                                                                                          
                                         workflow commits + pushes ─────▶  [X] both files end up in PR ──▶ leaked into PR
                                                                            with no warning to maintainer

Environment

• Platform: CLI (archon workflow run archon-fix-github-issue)
• Database: SQLite (default)
• Running in worktree? Yes (worktree created by Archon)
• OS: Windows 11 — but this is OS-agnostic; the worktree-copy + bundled-defaults regen is the same on every platform.

Logs

Excerpt from the workflow run that produced PR #1577:

worktree_creating  branch: fix/issue-1576
worktree_created   path: ~/.archon/workspaces/dynamous/Archon/worktrees/archon/task-fix-issue-1576
...
[archon-self-fix-all] Started
... (regenerates bundled-defaults.generated.ts) ...
git add packages/workflows/src/defaults/bundled-defaults.generated.ts
git add .archon/workflows/defaults/archon-feedback.yaml   ← leak
git commit -m "..."
git push

Resulting PR file list (before cleanup):

.archon/workflows/defaults/archon-feedback.yaml         +337  -0
packages/workflows/src/defaults/bundled-defaults.generated.ts   +3   -2
... (the actual fix and unrelated review-driven changes) ...

Impact

• Affected workflows/commands: any workflow that opens a PR — archon-fix-github-issue, archon-feature-development, archon-idea-to-pr, archon-plan-to-pr, archon-ralph-dag, etc.
• Reproduction rate: Always — given an untracked file under .archon/{workflows,commands}/defaults/ in the source checkout.
• Workaround available?
  1. Maintainer hygiene — keep .archon/{workflows,commands}/defaults/ clean of untracked files; put draft workflows in .archon/workflows/ (project-scope, not defaults/) or ~/.archon/workflows/ (home-scope) instead.
  2. After-the-fact PR cleanup — git rm the leaked file, regenerate, commit, push.
• Data loss risk? No — but it puts user's in-progress work into a public PR, which can be a privacy/IP concern.

Suggested Fixes

A few possibilities, not mutually exclusive:

1. Don't copy untracked files into worktrees by default — or at least exclude .archon/{workflows,commands}/defaults/ from the copy set, since those paths are bundled-defaults territory and should never include local drafts.
2. Refuse to commit/push files that weren't part of the workflow's own changes — the workflow knows which files it edited; anything else getting auto-staged is suspicious.
3. Warn at workflow start if the source checkout has untracked files under .archon/{workflows,commands}/defaults/ — the user almost certainly didn't mean for those to be defaults/.
4. Lint defaults/ to require tracked status — generate:bundled could refuse to embed a file that's not tracked in git, surfacing the issue at validation time.

The cleanest fix is probably (1) combined with (4): worktree-copy should skip defaults/ subtrees, and generate:bundled should warn when it finds untracked files there.

Scope

• Package(s) likely involved: isolation (worktree-copy), workflows (bundled-defaults generation)
• Module: packages/isolation/src/worktree-copy.ts, scripts/generate-bundled-defaults.ts

Related

• fix(workflows): stop sweeping scratch artifacts from every git add -A site #1506 (prior partial fix in the same area)
• fix(scripts): normalize path separators in check-bundled-skill on Windows #1577 (PR where this leak surfaced)
• check:bundled-skill fails on Windows: path separator not normalized #1576 (the actual issue being fixed when the leak occurred)

[Wirasm]

Hey @leex279 — solid bug report, repro is clean and the root-cause analysis is right.

One reframing that sharpens the fix priority: .archon/workflows/defaults/ and .archon/commands/defaults/ are core-maintainer territory by design. They're the source of truth for what gets embedded into the binary via bundled-defaults.generated.ts. Regular users have two other locations for personal/draft work:

• .archon/workflows/ (project-scoped, repo-checked-in) — for project-specific automation
• ~/.archon/workflows/ (home-scoped, personal) — for cross-project drafts and personal helpers

So the architectural invariant is: anything in defaults/ must be tracked, full stop. End users have zero reason to put files there; maintainers shouldn't either, except as tracked work-in-progress on a feature branch.

That reframing reorders your four suggested fixes:

Suggestion	Effect
(4) generate:bundled refuses untracked files in defaults/	✅ Encodes the invariant. Single small change in one script. Loud build-time error at validation: "Untracked file in defaults/ — stage and commit, or move to .archon/workflows/".
(1) Skip defaults/ in worktree-copy	More invasive — a maintainer iterating on a YAML in defaults/ would lose unstaged work. With (4) in place, the worktree-copy behavior is no longer dangerous.
(3) Warn at workflow start	Useful diagnostic but doesn't prevent the leak.
(2) Block files outside workflow's edit scope	Hardest, biggest blast radius.

Recommend (4) as the primary fix. It runs at exactly the right point (validation) and surfaces a clear maintainer-actionable error before the leak can land in a PR.

A small docs addition is also worth bundling — the "defaults/ is maintainer-territory" rule isn't stated anywhere I could find. Suggested wording for the workflow authoring docs:

defaults/ directories under .archon/workflows/ and .archon/commands/ are reserved for workflows/commands shipped with Archon itself (embedded into the binary at build time). Project-scoped drafts go in .archon/workflows/ or .archon/commands/; home-scoped drafts go in ~/.archon/workflows/ or ~/.archon/commands/.

Confirmed by git log that nothing in our recent merges touched worktree-copy.ts, generate-bundled-defaults.ts, or bundled-defaults.generated.ts — so this isn't regression introduced yesterday, it's a long-standing class of issue (worktree-copy.ts has been there since #492; #1506 fixed only the git add -A vector, missing this one).

Happy to take this as the next experimental-fix candidate if no one else picks it up.

[leex279]

🔍 Investigation: Worktree-copy leaks untracked files via bundled-defaults regen

Type: BUG

Assessment

Metric	Value	Reasoning
Severity	HIGH	Silently pollutes PRs with files the maintainer never staged; workaround requires manual PR cleanup
Complexity	LOW	Single script file to change + two small docs additions
Confidence	HIGH	Root cause fully traced: collectFiles() calls readdir() with no git-status check; fix is a targeted addition before it runs

---

Problem Statement

scripts/generate-bundled-defaults.ts scans .archon/commands/defaults/ and .archon/workflows/defaults/ using plain readdir() — which returns ALL files, tracked and untracked alike. When a workflow runs in a worktree (which inherits untracked files via worktree-copy.ts), a user's draft file under defaults/ gets embedded into bundled-defaults.generated.ts during validation/self-fix, and both get committed into the PR with no warning.

---

Root Cause Analysis

WHY: Untracked file appears in PR
↓ BECAUSE: Workflow commits the file + regenerated bundled-defaults.generated.ts
  Evidence: PR #1577 included archon-feedback.yaml +337 unrelated to the fix

↓ BECAUSE: bun run generate:bundled embeds the untracked file
  Evidence: scripts/generate-bundled-defaults.ts:56 — `const entries = await readdir(dir);`
            No git status check — reads ALL files in defaults/

↓ ROOT CAUSE: collectFiles() at lines 55-92 has no check for git-tracked status
  Fix: add assertNoUntrackedFiles() called before collectFiles() in main()

---

Implementation Plan (option 4 only, per @Wirasm)

Step	File	Change
1	scripts/generate-bundled-defaults.ts	Add assertNoUntrackedFiles() using git ls-files --others --exclude-standard <dir>; call before collectFiles() in both write and --check modes
2	packages/docs-web/src/content/docs/guides/authoring-workflows.md	Add callout: defaults/ is maintainer-territory
3	packages/docs-web/src/content/docs/guides/authoring-commands.md	Same callout for commands

📋 Detailed Implementation

Step 1 — scripts/generate-bundled-defaults.ts

Add after the existing imports (lines 25-26):

import { execFile as execFileCb } from 'child_process';
import { promisify } from 'util';

const execFile = promisify(execFileCb);

Add new function after ensureDir() (line 53):

async function assertNoUntrackedFiles(dir: string, label: string): Promise<void> {
  let stdout: string;
  try {
    ({ stdout } = await execFile('git', ['ls-files', '--others', '--exclude-standard', dir], {
      cwd: REPO_ROOT,
    }));
  } catch {
    // If git is unavailable (unlikely for a dev script), skip the check.
    return;
  }
  const untracked = stdout.trim().split('\n').filter(Boolean);
  if (untracked.length > 0) {
    const list = untracked.map(f => `  ${f}`).join('\n');
    throw new Error(
      `${label} contains untracked files that would be embedded into the binary bundle:\n${list}\n\n` +
        `Untracked file in defaults/ — stage and commit (git add + git commit),\n` +
        `or move to .archon/workflows/ (project-scope) or ~/.archon/workflows/ (home-scope).`,
    );
  }
}

Insert in main() after ensureDir calls and before collectFiles calls:

await Promise.all([
  assertNoUntrackedFiles(COMMANDS_DIR, 'Commands defaults (.archon/commands/defaults/)'),
  assertNoUntrackedFiles(WORKFLOWS_DIR, 'Workflows defaults (.archon/workflows/defaults/)'),
]);

Step 2 — authoring-workflows.md

After the existing "Using defaults as templates" callout (line 43), add:

> **`defaults/` is maintainer-territory:** `.archon/workflows/defaults/` and `.archon/commands/defaults/` are reserved for workflows/commands shipped with Archon itself — they are embedded into the binary at build time and every file there must be committed in git. For your own drafts use `.archon/workflows/` (project-scoped) or `~/.archon/workflows/` (home-scoped). Running `bun run generate:bundled` (or `bun run validate`) will exit with an error if it finds untracked files in `defaults/`.

Step 3 — authoring-commands.md

After line 29, add before the existing CLI vs Server callout:

> **`defaults/` is maintainer-territory:** `.archon/commands/defaults/` is reserved for commands shipped with Archon itself (embedded into the binary at build time). For your own commands use `.archon/commands/` (project-scoped) or `~/.archon/commands/` (home-scoped). Every file under `defaults/` must be committed in git — `bun run validate` will error if untracked files are found there.

---

Edge Cases Covered

Case	Behavior
Staged but uncommitted file	git ls-files --others does NOT report staged files — staged-but-uncommitted passes ✅
Git not in PATH	Wrapped in try/catch; skips check gracefully (dev machine without git can't build Archon anyway)
CI clean tree	--others returns nothing; check passes with no overhead ✅
Windows path separators	git ls-files uses forward slashes on all platforms; no normalization needed

---

Validation

# Reproduce the leak scenario:
touch .archon/workflows/defaults/test-leak.yaml
bun run generate:bundled   # → exit 1 with "Untracked file in defaults/" message
bun run validate           # → fails at check:bundled with same error

# Verify staged files are allowed:
git add .archon/workflows/defaults/test-leak.yaml
bun run generate:bundled   # → succeeds

# Cleanup:
git rm --cached .archon/workflows/defaults/test-leak.yaml
rm .archon/workflows/defaults/test-leak.yaml
bun run validate           # → passes cleanly

---

Next Step

To implement: /implement-issue 1578

---

Investigated by Claude • 2026-05-06

[leex279]

✅ Issue Resolution Report

PR: #1592 (#1592)
Status: COMPLETE
Workflow ID: a0cdc0974daf2e0a72ca76182bb82bf5

---

Summary

Added a pre-flight untracked-file guard to scripts/generate-bundled-defaults.ts (option 4 as directed). The function assertNoUntrackedFiles() runs git ls-files --others --exclude-standard against each defaults directory before embedding. If any untracked files are found it exits code 1 with a clear, maintainer-actionable error:

Untracked file in defaults/ — stage and commit (git add + git commit),
or move to .archon/workflows/ (project-scope) or ~/.archon/workflows/ (home-scope).

The guard fires in both write mode (bun run generate:bundled) and check mode (bun run validate / CI), so the leak is blocked before any commit can happen.

---

Changes Made

File	Change
scripts/generate-bundled-defaults.ts	Added assertNoUntrackedFiles() guard; narrowed broad catch {} to ENOENT-only (consistent with existing pattern in same file)
scripts/check-bundled-skill.ts	Fixed Windows path separator bug (.replaceAll('\', '/')) discovered during validation
packages/workflows/src/defaults/bundled-defaults.generated.ts	Regenerated (was stale)
packages/docs-web/.../authoring-workflows.md	Added callout: defaults/ is maintainer-territory
packages/docs-web/.../authoring-commands.md	Added callout: defaults/ is maintainer-territory

---

Validation

Check	Result
check:bundled	✅ Pass (36 commands, 20 workflows)
check:bundled-skill	✅ Pass
Type check	✅ Pass
Lint	✅ Pass (0 errors, 0 warnings)
Format	✅ Pass
Tests	⚠️ 4 pre-existing failures in @archon/workflows (home-scoped discovery + Windows Bun output format — confirmed pre-existing on main, not caused by this fix)

---

Review & Self-Fix

A consolidated review found 1 CRITICAL finding (generated bundle/source YAML mismatch — worktree.enabled: false stripping) and 3 LOW findings. All were addressed:

• CRITICAL: Resolved by re-running bun run generate:bundled and committing the correct output.
• LOW (broad catch): Narrowed to ENOENT-only per "fail fast" principle and existing pattern in the same file (9bfe9fcd).
• 2 LOWs (tests): Deferred — see follow-up suggestions below.

---

Unaddressed Items

Finding	Severity	Reason
No unit test for assertNoUntrackedFiles error path	LOW	Dev script; CI happy path covered by bun run validate. Requires temp git repo fixture.
No snapshot test for Windows path normalization	LOW	Trivial one-liner; Windows CI would catch any regression.

---

Suggested Follow-up Issues

1. Add unit test for assertNoUntrackedFiles error path (P3) — verify the guard exits non-zero with the correct message when an untracked file exists in defaults/. Requires a temp git repo fixture in the test.
2. Fix pre-existing @archon/workflows test isolation failures (P3) — 3 DAG loader tests fail on any dev machine with extra files in ~/.archon/workflows/; 1 script node test is platform-specific. Confirmed pre-existing on main.

---

Resolved by Archon workflow a0cdc0974daf2e0a72ca76182bb82bf5

[Wirasm]

@$leex279 potentially related to PR #1577.

[Wirasm]

@$leex279 potentially related to PR #1592.

[Wirasm]

@$leex279 potentially related to PR #1599.