fix: restore agent mirror flexibility

[Coldaine]

User description

Implements (instead of redacting) a resilient agent-instruction mirror strategy and restores a usable Quick Start.

• Agent mirrors: best-effort hardlink -> symlink -> copy; default succeeds as long as contents match; optional --require-hardlink enforces strict mode.
• CI architecture doc: removes outdated 'self-hosted is THE build' snippet; keeps self-hosted hardware/display-only.
• README: restores quick start commands while keeping critical action plan as source of truth for current backend status.
• MasterDocumentationPlaybook: documents hardlink preferred but symlink/copy acceptable where needed.

Commands:

• Best-effort: ./scripts/ensure_agent_hardlinks.sh
• Strict: ./scripts/ensure_agent_hardlinks.sh --require-hardlink

---

PR Type

Enhancement, Bug fix

---

Description

• Implements resilient three-tier agent mirror strategy: hardlink → symlink → copy

• Adds --require-hardlink flag for strict mode; default allows symlink/copy fallbacks

• Restores Quick Start section to README with current backend status reference

• Updates documentation to reflect flexible mirroring approach across tools

• Removes outdated CI architecture claim about self-hosted being "THE build"

---

Diagram Walkthrough

flowchart LR
  A["Agent Mirror Request"] --> B{"Hardlink\nPossible?"}
  B -->|Yes| C["Create Hardlink"]
  B -->|No| D{"Symlink\nPossible?"}
  D -->|Yes| E["Create Symlink"]
  D -->|No| F["Copy Contents"]
  C --> G{"--require-hardlink\nSet?"}
  E --> G
  F --> G
  G -->|Yes| H{"Hardlinked?"}
  G -->|No| I["Success with Warning"]
  H -->|Yes| I
  H -->|No| J["Exit with Error"]

Loading

File Walkthrough

	Relevant files
Enhancement	ensure_agent_hardlinks.sh Add symlink fallback and strict mode flag                                scripts/ensure_agent_hardlinks.sh Implements three-tier fallback strategy: hardlink → symlink → copy Adds --require-hardlink flag to enforce strict hardlink-only mode Renames function from link_or_copy to link_or_symlink_or_copy for clarity Makes hardlink requirement conditional; defaults to best-effort with warnings Improves argument parsing with case statement supporting multiple flags +43/-10  install_git_hardlink_hooks.sh Support require-hardlink flag propagation                                scripts/install_git_hardlink_hooks.sh Updates argument parsing to support both --quiet and --require-hardlink flags Propagates --require-hardlink flag to ensure_agent_hardlinks.sh call Uses array-based argument passing for cleaner flag forwarding +18/-4
Documentation	README.md Restore Quick Start section with commands                                README.md Adds Quick Start section with basic commands for running app and TUI References critical-action-plan.md for current backend status details Includes common Rust development commands (check, fmt) Restores usable quick reference while keeping action plan as source of truth +22/-0    MasterDocumentationPlaybook.md Document flexible agent mirroring strategy                              docs/MasterDocumentationPlaybook.md Updates agent mirror documentation to reflect flexible approach Changes language from "hardlinked where possible" to "hardlink preferred; symlink/copy acceptable" Updates hierarchy description to acknowledge multiple mirroring strategies Clarifies that tool-specific files can use hardlink, symlink, or copy +3/-3      architecture.md Remove outdated self-hosted CI architecture claim                docs/dev/CI/architecture.md Removes outdated claim that self-hosted is "THE build, THE tests" Reframes self-hosted job as "Hardware/display-only tests" Removes redundant cargo build step from hardware job Clarifies actual purpose of self-hosted CI infrastructure +1/-4

---

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[qodo-free-for-open-source-projects]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴	Python code injection Description: Python code injection vulnerability through unsanitized file paths passed to inline Python script via sys.argv, allowing arbitrary code execution if $src or $dst contain malicious content. ensure_agent_hardlinks.sh [82-89] Referred Code rel="$(python - <<'PY' import os import sys src = sys.argv[1] dst = sys.argv[2] print(os.path.relpath(src, os.path.dirname(dst))) PY "$src" "$dst" 2>/dev/null || true)"
⚪	Unvalidated symlink creation Description: Symlink creation using computed relative path $rel without validation could enable symlink attacks, potentially allowing unauthorized file access or modification if an attacker controls the source path. ensure_agent_hardlinks.sh [92-92] Referred Code if ln -sf "$rel" "$dst" 2>/dev/null; then echo "warning: could not hardlink $dst; created symlink instead" >&2
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Missing Input Validation: The Python code embedded in the bash script (lines 82-89) does not validate or sanitize the src and dst arguments before using them in file operations, potentially allowing path traversal or injection attacks. Referred Code rel="$(python - <<'PY' import os import sys src = sys.argv[1] dst = sys.argv[2] print(os.path.relpath(src, os.path.dirname(dst))) PY "$src" "$dst" 2>/dev/null || true)" Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Swallowed relpath errors: The symlink fallback suppresses Python/relpath failures via 2>/dev/null || true and then silently proceeds to copy, losing actionable context (e.g., missing python, relpath computation error) needed for debugging. Referred Code local rel rel="$(python - <<'PY' import os import sys src = sys.argv[1] dst = sys.argv[2] print(os.path.relpath(src, os.path.dirname(dst))) PY "$src" "$dst" 2>/dev/null || true)" if [[ -n "$rel" ]]; then if ln -sf "$rel" "$dst" 2>/dev/null; then echo "warning: could not hardlink $dst; created symlink instead" >&2 return 0 fi fi # 3) Last resort: copy contents. cp -f "$src" "$dst" echo "warning: could not hardlink or symlink $dst; copied contents instead" >&2 Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No audit trail: The script performs filesystem mutation (link/symlink/copy/delete) without structured audit logging, and whether this is required for your compliance scope cannot be determined from the diff. Referred Code link_or_symlink_or_copy() { local dst="$1" # Remove symlinks explicitly; ln -f replaces regular files but not all symlinks reliably. if [[ -L "$dst" ]]; then rm -f "$dst" fi # 1) Prefer hardlink. if ln -f "$src" "$dst" 2>/dev/null; then return 0 fi # 2) Fallback to symlink (works across filesystems). local rel rel="$(python - <<'PY' import os import sys src = sys.argv[1] dst = sys.argv[2] print(os.path.relpath(src, os.path.dirname(dst))) ... (clipped 14 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-free-for-open-source-projects]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Replace Python with realpath for robustness Replace the embedded Python script for calculating relative paths with the realpath command to improve robustness and avoid Python version compatibility issues. scripts/ensure_agent_hardlinks.sh [82-89] -rel="$(python - <<'PY' -import os -import sys -src = sys.argv[1] -dst = sys.argv[2] -print(os.path.relpath(src, os.path.dirname(dst))) -PY -"$src" "$dst" 2>/dev/null || true)" +rel="$(realpath --relative-to="$(dirname "$dst")" "$src" 2>/dev/null || true)" Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a Python 2/3 compatibility issue and proposes a more robust, shell-native solution using realpath, which avoids the ambiguity of the system's python interpreter.	Medium
General	Simplify argument forwarding using parameter expansion Simplify the argument forwarding logic by using Bash parameter expansion (${variable:+value}) instead of an intermediate array. scripts/install_git_hardlink_hooks.sh [48-52] -ensure_args=() -if [[ "$quiet" -eq 1 ]]; then ensure_args+=(--quiet); fi -if [[ "$require_hardlink" -eq 1 ]]; then ensure_args+=(--require-hardlink); fi +"$repo_root/scripts/ensure_agent_hardlinks.sh" ${quiet:+--quiet} ${require_hardlink:+--require-hardlink} -"$repo_root/scripts/ensure_agent_hardlinks.sh" "${ensure_args[@]}" - Apply / Chat Suggestion importance[1-10]: 4 __ Why: The suggestion offers a more concise way to forward arguments using parameter expansion, which is a valid stylistic improvement, but the existing code is also clear and correct.	Low
More

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Use realpath for relative paths Replace the Python script for relative path calculation with a call to realpath --relative-to to remove the Python dependency and simplify the code. scripts/ensure_agent_hardlinks.sh [82-89] -rel="$(python - <<'PY' -import os -import sys -src = sys.argv[1] -dst = sys.argv[2] -print(os.path.relpath(src, os.path.dirname(dst))) -PY -"$src" "$dst" 2>/dev/null || true)" +rel="$(realpath --relative-to="$(dirname "$dst")" "$src" 2>/dev/null || echo "$src")" Apply / Chat Suggestion importance[1-10]: 6 __ Why: This suggestion correctly identifies an opportunity to replace a Python dependency with a more standard and efficient shell utility (realpath), improving the script's portability and simplicity.	Low
	Remove redundant and less specific warning Remove the redundant warning about a file not being hardlinked, as more specific warnings are already issued during the fallback process. scripts/ensure_agent_hardlinks.sh [130-138] -if ! is_hardlinked_pair "$src" "$dst"; then - if [[ "$require_hardlink" -eq 1 ]]; then +if [[ "$require_hardlink" -eq 1 ]]; then + if ! is_hardlinked_pair "$src" "$dst"; then echo "error: $dst is not hardlinked to $src (same contents, different inode)" >&2 echo "hint: ensure both files are on the same filesystem; rerun scripts/ensure_agent_hardlinks.sh" >&2 exit 2 fi - - echo "warning: $dst is not hardlinked to $src (content matches)" >&2 fi Apply / Chat Suggestion importance[1-10]: 5 __ Why: This is a valid suggestion that improves the script's output by removing a redundant and less specific warning message, as the fallback logic already provides more detailed context.	Low
More

[Copilot]

Pull request overview

This PR implements a resilient agent-instruction mirror strategy with a three-tier fallback mechanism (hardlink → symlink → copy) to handle cross-filesystem scenarios, while restoring Quick Start documentation and aligning CI architecture docs with current practice.

Key Changes:

• Adds --require-hardlink flag for strict mode (fails if hardlink not possible) vs. best-effort mode (accepts symlink/copy if content matches)
• Implements Python-based relative path calculation for symlink fallback when hardlinks fail
• Restores Quick Start commands to README while deferring to critical-action-plan.md for backend status details

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
scripts/ensure_agent_hardlinks.sh	Renames link_or_copy() to link_or_symlink_or_copy() with three-tier fallback; adds --require-hardlink flag for conditional hardlink enforcement
scripts/install_git_hardlink_hooks.sh	Extends argument parsing to support --require-hardlink and passes flags through to ensure_agent_hardlinks.sh via array
docs/dev/CI/architecture.md	Updates self-hosted runner comment to clarify it's for hardware/display tests only, removes outdated build step
docs/MasterDocumentationPlaybook.md	Updates agent mirror documentation to reflect "hardlink preferred; symlink/copy acceptable" policy
README.md	Restores Quick Start section with just run/tui commands and file-scoped Cargo commands for local feedback

[Copilot]

The Python heredoc is missing the arguments to the Python interpreter. The command should pass arguments to the Python script, but line 89 starts with "$src" "$dst" which will be interpreted as shell commands rather than arguments to Python.

The Python script expects sys.argv[1] and sys.argv[2], but these won't be available. This should be:

rel="$(python - "$src" "$dst" <<'PY'

This ensures the arguments are passed to Python correctly.

Suggested change

	rel="$(python - <<'PY'
	import os
	import sys
	src = sys.argv[1]
	dst = sys.argv[2]
	print(os.path.relpath(src, os.path.dirname(dst)))
	PY
	"$src" "$dst" 2>/dev/null || true)"
	rel="$(
	python - "$src" "$dst" <<'PY' 2>/dev/null
	import os
	import sys
	src = sys.argv[1]
	dst = sys.argv[2]
	print(os.path.relpath(src, os.path.dirname(dst)))
	PY
	)" || true

[Copilot]

The array expansion "${ensure_args[@]}" will fail with an "unbound variable" error when the array is empty due to set -euo pipefail. When neither --quiet nor --require-hardlink is set, ensure_args will be empty, and accessing it with @ will trigger the error.

Use this pattern instead:

"$repo_root/scripts/ensure_agent_hardlinks.sh" ${ensure_args[@]+"${ensure_args[@]}"}

This safely expands to nothing when the array is empty.

Suggested change

	"$repo_root/scripts/ensure_agent_hardlinks.sh" "${ensure_args[@]}"
	"$repo_root/scripts/ensure_agent_hardlinks.sh" ${ensure_args[@]+"${ensure_args[@]}"}

[Copilot]

The warning message for symlink fallback (line 93) writes to stderr, but the successful hardlink case (line 76) doesn't produce any output. However, the final "AGENTS mirrors hardlinked" message (lines 148-150) may be misleading when symlinks or copies are used instead.

Consider checking if symlinks or copies were used and adjusting the final message accordingly, or emit warnings through the say() function so they respect the --quiet flag. Currently, fallback warnings always appear even with --quiet, which may be unintended.