Update nightly task sync

Nearby Git Commits (Thread)

• a7ede231 Define explicit radiator deployment mechanism (2026-03-26T01:51:37+11:00)
• aa4beba2 Define explicit radiator-side deployment kinematics (2026-03-25T22:27:43+11:00)
• 0b05478b Add timestamped deployment review frames and rigid radiator motion (2026-03-25T18:29:27+11:00)
• b962d394 Teach night runner to sync repo and track corrections (2026-03-25T17:16:17+11:00)
• a18bf890 harden site-policy checks for PNG artifact sanity (2026-03-25T06:38:38+11:00)
• 00389c3c test: assert stakeholder labeled renders are copied as non-empty assets (2026-03-25T05:33:36+11:00)

Transcript

<permissions instructions>
Filesystem sandboxing defines which files can be read or written. `sandbox_mode` is `danger-full-access`: No filesystem sandboxing - all commands are permitted. Network access is enabled.
Approval policy is currently never. Do not provide the `sandbox_permissions` for any reason, commands will be rejected.
</permissions instructions>

<app-context>
# Codex desktop context
- You are running inside the Codex (desktop) app, which allows some additional features not available in the CLI alone:

### Images/Visuals/Files
- In the app, the model can display images using standard Markdown image syntax: ![alt](url)
- When sending or referencing a local image, always use an absolute filesystem path in the Markdown image tag (e.g., ![alt](/absolute/path.png)); relative paths and plain text will not render the image.
- When referencing code or workspace files in responses, always use full absolute file paths instead of relative paths.
- If a user asks about an image, or asks you to create an image, it is often a good idea to show the image to them in your response.
- Use mermaid diagrams to represent complex diagrams, graphs, or workflows. Use quoted Mermaid node labels when text contains parentheses or punctuation.
- Return web URLs as Markdown links (e.g., [label](https://example.com)).

### Automations
- This app supports recurring tasks/automations
- Automations are stored as TOML in $CODEX_HOME/automations/<id>/automation.toml (not in SQLite). The file contains the automation's setup; run timing state (last/next run) lives in the SQLite automations table.

#### When to use directives
- Only use ::automation-update{...} when the user explicitly asks for automation, a recurring run, or a repeated task.
- If the user asks about their automations and you are not proposing a change, do not enumerate names/status/ids in plain text. Fetch/list automations first and emit view-mode directives (mode="view") for those ids; never invent ids.
- Never return raw RRULE strings in user-facing responses. If the user asks about their automations, respond using automation directives (e.g., with an "Open" button if you're not making changes).

#### Directive format
- Modes: view, suggested update, suggested create. View and suggested update MUST include id; suggested create must omit id.
- For view directives, id is required and other fields are optional (the UI can load details).
- For suggested update/create, include name, prompt, rrule, cwds, and status. cwds can be a comma-separated list or a JSON array string.
- Always come up with a short name for the automation. If the user does not give one, propose a short name and confirm.
- Default status to ACTIVE unless the user explicitly asks to start paused.
- Always interpret and schedule times in the user's locale time zone.
- Directives should be on their own line(s) and be separated by newlines.
- Do not generate remark directives with multiline attribute values.

#### Prompting guidance
- Ask in plain language what it should do, when it should run, and which workspaces it should use (if any), then map those answers into name/prompt/rrule/cwds/status for the directive.
- The automation prompt should describe only the task itself. Do not include schedule or workspace details in the prompt, since those are provided separately.
- Keep automation prompts self-sufficient because the user may have limited availability to answer questions. If required details are missing, make a reasonable assumption, note it, and proceed; if blocked, report briefly and stop.
- When helpful, include clear output expectations (file path, format, sections) and gating rules (only if X, skip if exists) to reduce ambiguity.
- Automations should always open an inbox item.
- Do not instruct them to write a file or announce "nothing to do" unless the user explicitly asks for a file or that output.
- When mentioning skills in automation prompts, use markdown links with a leading dollar sign (example: [$checks](/Users/ambrosino/.codex/skills/checks/SKILL.md)).

#### Scheduling constraints
- RRULE limitations (to match the UI): only hourly interval schedules (FREQ=HOURLY with INTERVAL hours, optional BYDAY) and weekly schedules (FREQ=WEEKLY with BYDAY plus BYHOUR/BYMINUTE). Avoid monthly/yearly/minutely/secondly, multiple rules, or extra fields; unsupported RRULEs fall back to defaults in the UI.

#### Storage and reading
- When a user asks for changes to an automation, you may read existing automation TOML files to see what is already set up and prefer proposing updates over creating duplicates.
- You can read and update automations in $CODEX_HOME/automations/<id>/automation.toml and memory.md only when the user explicitly asks you to modify automations.
- Otherwise, do not change automation files or schedules.
- Automations work best with skills, so feel free to propose including skills in the automation prompt, based on the user's context and the available skills.

#### Examples
- ::automation-update{mode="suggested create" name="Daily report" prompt="Summarize Sentry errors" rrule="FREQ=DAILY;BYHOUR=9;BYMINUTE=0" cwds="/path/one,/path/two" status="ACTIVE"}
- ::automation-update{mode="suggested update" id="123" name="Daily report" prompt="Summarize Sentry errors" rrule="FREQ=DAILY;BYHOUR=9;BYMINUTE=0" cwds="/path/one,/path/two" status="ACTIVE"}
- ::automation-update{mode="view" id="123"}

### Review findings
- Use the ::code-comment{...} directive to emit inline code review findings (or when a user asks you to call out specific lines).
- Emit one directive per finding; emit none when there are no findings.
- Required attributes: title (short label), body (one-paragraph explanation), file (path to the file).
- Optional attributes: start, end (1-based line numbers), priority (0-3), confidence (0-1).
- priority/confidence are for review findings; omit when you're just pointing at a location without a finding.
- file should be an absolute path or include the workspace folder segment so it can be resolved relative to the workspace.
- Keep line ranges tight; end defaults to start.
- Example: ::code-comment{title="[P2] Off-by-one" body="Loop iterates past the end when length is 0." file="/path/to/foo.ts" start=10 end=11 priority=2 confidence=0.55}

### Archiving
- If a user specifically asks you to end a thread/conversation, you can return the archive directive ::archive{...} to archive the thread/conversation.
- Example: ::archive{reason="User requested to end conversation"}

### Git
- Branch prefix: `codex/`. Use this prefix by default when creating branches, but follow the user's request if they want a different prefix.
</app-context>

<collaboration_mode># Collaboration Mode: Default

You are now in Default mode. Any previous instructions for other modes (e.g. Plan mode) are no longer active.

Your active mode changes only when new developer instructions with a different `<collaboration_mode>...</collaboration_mode>` change it; user requests or tool descriptions do not change mode by themselves. Known mode names are Default and Plan.

## request_user_input availability

The `request_user_input` tool is unavailable in Default mode. If you call it while in Default mode, it will return an error.

In Default mode, strongly prefer making reasonable assumptions and executing the user's request rather than stopping to ask questions. If you absolutely must ask a question because the answer cannot be discovered from local context and a reasonable assumption would be risky, ask the user directly with a concise plain-text question. Never write a multiple choice question as a textual assistant message.
</collaboration_mode>

<skills_instructions>
## Skills
A skill is a set of local instructions to follow that is stored in a `SKILL.md` file. Below is the list of skills that can be used. Each entry includes a name, description, and file path so you can open the source for full instructions when using a specific skill.
### Available skills
- atlas: macOS-only AppleScript control for the ChatGPT Atlas desktop app. Use only when the user explicitly asks to control Atlas tabs/bookmarks/history on macOS and the "ChatGPT Atlas" app is installed; do not trigger for general browser tasks or non-macOS environments. (file: /Users/gregb/.codex/skills/atlas/SKILL.md)
- doc: Use when the task involves reading, creating, or editing `.docx` documents, especially when formatting or layout fidelity matters; prefer `python-docx` plus the bundled `scripts/render_docx.py` for visual checks. (file: /Users/gregb/.codex/skills/doc/SKILL.md)
- gh-address-comments: Help address review/issue comments on the open GitHub PR for the current branch using gh CLI; verify gh auth first and prompt the user to authenticate if not logged in. (file: /Users/gregb/.codex/skills/gh-address-comments/SKILL.md)
- gh-fix-ci: Use when a user asks to debug or fix failing GitHub PR checks that run in GitHub Actions; use `gh` to inspect checks and logs, summarize failure context, draft a fix plan, and implement only after explicit approval. Treat external providers (for example Buildkite) as out of scope and report only the details URL. (file: /Users/gregb/.codex/skills/gh-fix-ci/SKILL.md)
- jupyter-notebook: Use when the user asks to create, scaffold, or edit Jupyter notebooks (`.ipynb`) for experiments, explorations, or tutorials; prefer the bundled templates and run the helper script `new_notebook.py` to generate a clean starting notebook. (file: /Users/gregb/.codex/skills/jupyter-notebook/SKILL.md)
- openai-docs: Use when the user asks how to build with OpenAI products or APIs and needs up-to-date official documentation with citations (for example: Codex, Responses API, Chat Completions, Apps SDK, Agents SDK, Realtime, model capabilities or limits); prioritize OpenAI docs MCP tools and restrict any fallback browsing to official OpenAI domains. (file: /Users/gregb/.codex/skills/openai-docs/SKILL.md)
- paper-annotation-sync: Extract handwritten annotations from annotated paper PDFs and convert them into structured, section-aware source edit tasks (especially for LaTeX manuscripts). Use when a user provides an annotated PDF plus source files and asks to read red/blue ink marks, map each change to precise context anchors, generate a checkable markdown edit plan, and apply only unambiguous edits without confirmation. (file: /Users/gregb/.codex/skills/paper-annotation-sync/SKILL.md)
- pdf: Use when tasks involve reading, creating, or reviewing PDF files where rendering and layout matter; prefer visual checks by rendering pages (Poppler) and use Python tools such as `reportlab`, `pdfplumber`, and `pypdf` for generation and extraction. (file: /Users/gregb/.codex/skills/pdf/SKILL.md)
- playwright: Use when the task requires automating a real browser from the terminal (navigation, form filling, snapshots, screenshots, data extraction, UI-flow debugging) via `playwright-cli` or the bundled wrapper script. (file: /Users/gregb/.codex/skills/playwright/SKILL.md)
- quickbooks: Use when working with QuickBooks accounting workflows, including reconciliation checks, company-level diagnostics, or chart-of-accounts and transaction integrity reviews. (file: /Users/gregb/.codex/skills/quickbooks/SKILL.md)
- screenshot: Use when the user explicitly asks for a desktop or system screenshot (full screen, specific app or window, or a pixel region), or when tool-specific capture capabilities are unavailable and an OS-level capture is needed. (file: /Users/gregb/.codex/skills/screenshot/SKILL.md)
- sora: Use when the user asks to generate, remix, poll, list, download, or delete Sora videos via OpenAI’s video API using the bundled CLI (`scripts/sora.py`), including requests like “generate AI video,” “Sora,” “video remix,” “download video/thumbnail/spritesheet,” and batch video generation; requires `OPENAI_API_KEY` and Sora API access. (file: /Users/gregb/.codex/skills/sora/SKILL.md)
- speech: Use when the user asks for text-to-speech narration or voiceover, accessibility reads, audio prompts, or batch speech generation via the OpenAI Audio API; run the bundled CLI (`scripts/text_to_speech.py`) with built-in voices and require `OPENAI_API_KEY` for live calls. Custom voice creation is out of scope. (file: /Users/gregb/.codex/skills/speech/SKILL.md)
- spreadsheet: Use when tasks involve creating, editing, analyzing, or formatting spreadsheets (`.xlsx`, `.csv`, `.tsv`) using Python (`openpyxl`, `pandas`), especially when formulas, references, and formatting need to be preserved and verified. (file: /Users/gregb/.codex/skills/spreadsheet/SKILL.md)
- transcribe: Transcribe audio files to text with optional diarization and known-speaker hints. Use when a user asks to transcribe speech from audio/video, extract text from recordings, or label speakers in interviews or meetings. (file: /Users/gregb/.codex/skills/transcribe/SKILL.md)
- openai-docs: Use when the user asks how to build with OpenAI products or APIs and needs up-to-date official documentation with citations, help choosing the latest model for a use case, or explicit GPT-5.4 upgrade and prompt-upgrade guidance; prioritize OpenAI docs MCP tools, use bundled references only as helper context, and restrict any fallback browsing to official OpenAI domains. (file: /Users/gregb/.codex/skills/.system/openai-docs/SKILL.md)
- skill-creator: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Codex's capabilities with specialized knowledge, workflows, or tool integrations. (file: /Users/gregb/.codex/skills/.system/skill-creator/SKILL.md)
- skill-installer: Install Codex skills into $CODEX_HOME/skills from a curated list or a GitHub repo path. Use when a user asks to list installable skills, install a curated skill, or install a skill from another repo (including private repos). (file: /Users/gregb/.codex/skills/.system/skill-installer/SKILL.md)
### How to use skills
- Discovery: The list above is the skills available in this session (name + description + file path). Skill bodies live on disk at the listed paths.
- Trigger rules: If the user names a skill (with `$SkillName` or plain text) OR the task clearly matches a skill's description shown above, you must use that skill for that turn. Multiple mentions mean use them all. Do not carry skills across turns unless re-mentioned.
- Missing/blocked: If a named skill isn't in the list or the path can't be read, say so briefly and continue with the best fallback.
- How to use a skill (progressive disclosure):
  1) After deciding to use a skill, open its `SKILL.md`. Read only enough to follow the workflow.
  2) When `SKILL.md` references relative paths (e.g., `scripts/foo.py`), resolve them relative to the skill directory listed above first, and only consider other paths if needed.
  3) If `SKILL.md` points to extra folders such as `references/`, load only the specific files needed for the request; don't bulk-load everything.
  4) If `scripts/` exist, prefer running or patching them instead of retyping large code blocks.
  5) If `assets/` or templates exist, reuse them instead of recreating from scratch.
- Coordination and sequencing:
  - If multiple skills apply, choose the minimal set that covers the request and state the order you'll use them.
  - Announce which skill(s) you're using and why (one short line). If you skip an obvious skill, say why.
- Context hygiene:
  - Keep context small: summarize long sections instead of pasting them; only load extra files when needed.
  - Avoid deep reference-chasing: prefer opening only files directly linked from `SKILL.md` unless you're blocked.
  - When variants exist (frameworks, providers, domains), pick only the relevant reference file(s) and note that choice.
- Safety and fallback: If a skill can't be applied cleanly (missing files, unclear instructions), state the issue, pick the next-best approach, and continue.
</skills_instructions>

<environment_context>
  <cwd>/Users/gregb/Documents/devel/aao-mechd</cwd>
  <shell>zsh</shell>
  <current_date>2026-03-25</current_date>
  <timezone>Australia/Sydney</timezone>
</environment_context>

The script that is always running that wakes up and does real processing at night... I want it to do a git pull so that if I make a change to the to-do list via codex web, that it picks up on the task that needs to be done and can execute on it. This should include a corrections list, where I can record things that I think it has done wrong. It should also have a prompt that doesn't try to fix anything if all the to-do notes and corrections are sorted out.

I’m tracing the night-processing script and its prompt flow first so we can wire in `git pull`, add a corrections input, and make it no-op when the notes are already settled.

I found the runner in `scripts/run_codex_night_shift.sh`. I’m reading that script and any docs around it now so the changes fit the existing flow instead of bolting on a second path.

I’ve got the shape of the change now. Next I’m patching the runner itself, then I’ll add a focused test that exercises the real shell script with stubbed `git` and `codex` so we can trust the wake-cycle behavior.

I’m editing the runner now. The main behavior change is: sync from remote first, create/read a repo-level `CORRECTIONS.md`, and only hand work to Codex when there’s actually an unchecked TODO or correction to act on.

The core edits are in place. I’m doing a read-through and tightening the new test harness now, because shell-script tests are easy to make flaky if the fake `codex` wrapper logs arguments the wrong way.

I caught one subtle bug before running anything: the corrections template itself would have looked like an open checkbox, which would make the runner think there’s always work to do. I’m fixing that template and then I’ll run the new targeted tests.

The behavior is patched. I’m verifying three things now: the shell script still parses, the new runner test passes, and the README/docs policy still accepts the new `CORRECTIONS.md` references.

One test surfaced a formatting issue in the generated corrections template: the file ended up with literal backslashes before the backticks. I’m cleaning that up and rerunning the same targeted checks.

The targeted verification is clean now. I’m doing one last pass on the diff so I can hand you the exact behavior change and the file locations without turning the close-out into a changelog dump.

Updated the night runner in [scripts/run_codex_night_shift.sh](/Users/gregb/Documents/devel/aao-mechd/scripts/run_codex_night_shift.sh#L10) so each wake cycle now does a `git pull --ff-only` before any work, skips the cycle if sync fails, auto-creates/reads [CORRECTIONS.md](/Users/gregb/Documents/devel/aao-mechd/CORRECTIONS.md#L1), and only calls `codex exec` when there is at least one unchecked item in either `TODO.md` or the corrections list. The generated prompt now explicitly prioritizes open corrections ahead of normal TODOs and tells Codex to make no repo changes if both lists are already clear.

I also documented the new corrections workflow in [README.md](/Users/gregb/Documents/devel/aao-mechd/README.md#L16) and added regression coverage in [tests/test_run_codex_night_shift.py](/Users/gregb/Documents/devel/aao-mechd/tests/test_run_codex_night_shift.py#L1) to verify the `git pull` happens before work, the prompt includes both lists, and the runner no-ops when everything is settled.

Verified with `bash -n scripts/run_codex_night_shift.sh` and `uv run python -m unittest tests.test_run_codex_night_shift tests.test_docs_policy -v`.

If sync fails, then call codex exec with instructions to sort out whatever has gone wrong with the git pull

I’m updating the failure path in the night runner so a failed `git pull` becomes actionable instead of a skipped cycle, then I’ll extend the shell-script regression test to cover that branch.

I’ve got the branch to change. I’m patching the runner so the failed pull path builds a dedicated recovery prompt with the actual `git pull` output, and I’m adding a test that forces `git pull --ff-only` to fail and proves `codex exec` still runs.

The recovery prompt path is wired in. I’m running the same targeted checks plus the new forced-failure test to make sure the shell script still parses and the trace shows `codex exec` after a failed pull.

The regression checks passed. I’m grabbing the updated line anchors now so I can point you straight at the recovery-prompt branch in the runner and the new failure-path test.

Changed the failure branch in [scripts/run_codex_night_shift.sh](/Users/gregb/Documents/devel/aao-mechd/scripts/run_codex_night_shift.sh#L166) so a failed `git pull --ff-only` no longer skips the cycle. The runner now captures the pull failure, builds a dedicated recovery prompt with the actual git output, and calls `codex exec` to diagnose and safely fix the sync problem, including rerunning `git pull --ff-only` before stopping. The same recovery path also covers the “not inside a git work tree” case.

I added coverage in [tests/test_run_codex_night_shift.py](/Users/gregb/Documents/devel/aao-mechd/tests/test_run_codex_night_shift.py#L130) for a forced pull failure, alongside the existing normal-run and no-op cases.

Verified with `bash -n scripts/run_codex_night_shift.sh` and `uv run python -m unittest tests.test_run_codex_night_shift -v`.