test/hardening: robustify Bob cwd-hash + cover codex/pwd-fallback locators

Follow-ups from an adversarial review of the Bob provenance work:
- audit_recall._bob_session_id now also tries $PWD (which preserves the
  symlinked path the user cd'd through) alongside os.getcwd() (resolved), so a
  symlinked workspace can't silently miss the chat dir and fall back to minting.
- Add the missing native-Codex transcript locator test (had none).
- Add a Bob $PWD-fallback test (getcwd hash empty, only $PWD hash matches).

Gate green, 272 passed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: illeatmyhat

platform-integrations/bob/evolve-lite/lib/evolve-lite/audit_recall.py

@@ -43,14 +43,19 @@ def _bob_session_id() -> str | None:
     if not os.environ.get("BOBSHELL_CLI"):
         return None
     try:
-        project_hash = hashlib.sha256(os.getcwd().encode()).hexdigest()
-        chats = Path.home() / ".bob" / "tmp" / project_hash / "chats"
-        files = sorted(
-            chats.glob("session-*.json"),
-            key=lambda p: p.stat().st_mtime,
-            reverse=True,
-        )
-        for chat in files:
+        # Bob hashes the project path it was launched in. os.getcwd() returns
+        # the resolved (symlink-free) path, but Bob may have captured the
+        # symlinked path the user cd'd through; $PWD preserves that. Try both
+        # candidate hashes and pick the newest chat across them.
+        chats = []
+        seen_paths: set[str] = set()
+        for raw in (os.getcwd(), os.environ.get("PWD")):
+            if not raw or raw in seen_paths:
+                continue
+            seen_paths.add(raw)
+            project_hash = hashlib.sha256(raw.encode()).hexdigest()
+            chats.extend((Path.home() / ".bob" / "tmp" / project_hash / "chats").glob("session-*.json"))
+        for chat in sorted(chats, key=lambda p: p.stat().st_mtime, reverse=True):
             try:
                 sid = json.loads(chat.read_text(encoding="utf-8")).get("sessionId")
             except (OSError, json.JSONDecodeError):

platform-integrations/claude/plugins/evolve-lite/lib/evolve-lite/audit_recall.py

@@ -43,14 +43,19 @@ def _bob_session_id() -> str | None:
     if not os.environ.get("BOBSHELL_CLI"):
         return None
     try:
-        project_hash = hashlib.sha256(os.getcwd().encode()).hexdigest()
-        chats = Path.home() / ".bob" / "tmp" / project_hash / "chats"
-        files = sorted(
-            chats.glob("session-*.json"),
-            key=lambda p: p.stat().st_mtime,
-            reverse=True,
-        )
-        for chat in files:
+        # Bob hashes the project path it was launched in. os.getcwd() returns
+        # the resolved (symlink-free) path, but Bob may have captured the
+        # symlinked path the user cd'd through; $PWD preserves that. Try both
+        # candidate hashes and pick the newest chat across them.
+        chats = []
+        seen_paths: set[str] = set()
+        for raw in (os.getcwd(), os.environ.get("PWD")):
+            if not raw or raw in seen_paths:
+                continue
+            seen_paths.add(raw)
+            project_hash = hashlib.sha256(raw.encode()).hexdigest()
+            chats.extend((Path.home() / ".bob" / "tmp" / project_hash / "chats").glob("session-*.json"))
+        for chat in sorted(chats, key=lambda p: p.stat().st_mtime, reverse=True):
             try:
                 sid = json.loads(chat.read_text(encoding="utf-8")).get("sessionId")
             except (OSError, json.JSONDecodeError):

platform-integrations/claw-code/plugins/evolve-lite/lib/evolve-lite/audit_recall.py

@@ -43,14 +43,19 @@ def _bob_session_id() -> str | None:
     if not os.environ.get("BOBSHELL_CLI"):
         return None
     try:
-        project_hash = hashlib.sha256(os.getcwd().encode()).hexdigest()
-        chats = Path.home() / ".bob" / "tmp" / project_hash / "chats"
-        files = sorted(
-            chats.glob("session-*.json"),
-            key=lambda p: p.stat().st_mtime,
-            reverse=True,
-        )
-        for chat in files:
+        # Bob hashes the project path it was launched in. os.getcwd() returns
+        # the resolved (symlink-free) path, but Bob may have captured the
+        # symlinked path the user cd'd through; $PWD preserves that. Try both
+        # candidate hashes and pick the newest chat across them.
+        chats = []
+        seen_paths: set[str] = set()
+        for raw in (os.getcwd(), os.environ.get("PWD")):
+            if not raw or raw in seen_paths:
+                continue
+            seen_paths.add(raw)
+            project_hash = hashlib.sha256(raw.encode()).hexdigest()
+            chats.extend((Path.home() / ".bob" / "tmp" / project_hash / "chats").glob("session-*.json"))
+        for chat in sorted(chats, key=lambda p: p.stat().st_mtime, reverse=True):
             try:
                 sid = json.loads(chat.read_text(encoding="utf-8")).get("sessionId")
             except (OSError, json.JSONDecodeError):

platform-integrations/codex/plugins/evolve-lite/lib/evolve-lite/audit_recall.py

@@ -43,14 +43,19 @@ def _bob_session_id() -> str | None:
     if not os.environ.get("BOBSHELL_CLI"):
         return None
     try:
-        project_hash = hashlib.sha256(os.getcwd().encode()).hexdigest()
-        chats = Path.home() / ".bob" / "tmp" / project_hash / "chats"
-        files = sorted(
-            chats.glob("session-*.json"),
-            key=lambda p: p.stat().st_mtime,
-            reverse=True,
-        )
-        for chat in files:
+        # Bob hashes the project path it was launched in. os.getcwd() returns
+        # the resolved (symlink-free) path, but Bob may have captured the
+        # symlinked path the user cd'd through; $PWD preserves that. Try both
+        # candidate hashes and pick the newest chat across them.
+        chats = []
+        seen_paths: set[str] = set()
+        for raw in (os.getcwd(), os.environ.get("PWD")):
+            if not raw or raw in seen_paths:
+                continue
+            seen_paths.add(raw)
+            project_hash = hashlib.sha256(raw.encode()).hexdigest()
+            chats.extend((Path.home() / ".bob" / "tmp" / project_hash / "chats").glob("session-*.json"))
+        for chat in sorted(chats, key=lambda p: p.stat().st_mtime, reverse=True):
             try:
                 sid = json.loads(chat.read_text(encoding="utf-8")).get("sessionId")
             except (OSError, json.JSONDecodeError):

plugin-source/lib/audit_recall.py

@@ -43,14 +43,19 @@ def _bob_session_id() -> str | None:
     if not os.environ.get("BOBSHELL_CLI"):
         return None
     try:
-        project_hash = hashlib.sha256(os.getcwd().encode()).hexdigest()
-        chats = Path.home() / ".bob" / "tmp" / project_hash / "chats"
-        files = sorted(
-            chats.glob("session-*.json"),
-            key=lambda p: p.stat().st_mtime,
-            reverse=True,
-        )
-        for chat in files:
+        # Bob hashes the project path it was launched in. os.getcwd() returns
+        # the resolved (symlink-free) path, but Bob may have captured the
+        # symlinked path the user cd'd through; $PWD preserves that. Try both
+        # candidate hashes and pick the newest chat across them.
+        chats = []
+        seen_paths: set[str] = set()
+        for raw in (os.getcwd(), os.environ.get("PWD")):
+            if not raw or raw in seen_paths:
+                continue
+            seen_paths.add(raw)
+            project_hash = hashlib.sha256(raw.encode()).hexdigest()
+            chats.extend((Path.home() / ".bob" / "tmp" / project_hash / "chats").glob("session-*.json"))
+        for chat in sorted(chats, key=lambda p: p.stat().st_mtime, reverse=True):
             try:
                 sid = json.loads(chat.read_text(encoding="utf-8")).get("sessionId")
             except (OSError, json.JSONDecodeError):

tests/platform_integrations/test_audit_recall.py

@@ -180,3 +180,28 @@ def test_env_session_id_beats_bob_lookup(self, tmp_path):
 
         rows = _read_rows(proj / ".evolve" / "audit.log")
         assert rows[0]["session_id"] == "codex-wins"
+
+    def test_bob_recovers_via_pwd_when_getcwd_differs(self, tmp_path):
+        """If Bob captured a symlinked path (preserved in $PWD) that differs from
+        os.getcwd()'s resolved path, the $PWD-based hash still finds the chat —
+        even though nothing is seeded under sha256(os.getcwd())."""
+        import hashlib
+
+        home = tmp_path / "home"
+        proj = tmp_path / "proj"
+        proj.mkdir()
+        symlink_path = "/some/symlinked/workspace"  # what $PWD would carry
+        sid = "d6484b2c-24f4-474c-8f43-36544e2dbcd8"
+        chats = home / ".bob" / "tmp" / hashlib.sha256(symlink_path.encode()).hexdigest() / "chats"
+        chats.mkdir(parents=True)
+        (chats / "session-2026-06-10T21-12-d6484b2c.json").write_text(json.dumps({"sessionId": sid}), encoding="utf-8")
+
+        result = _run(
+            proj,
+            ["project/baz"],
+            {"BOBSHELL_CLI": "1", "PWD": symlink_path, "HOME": str(home), "USERPROFILE": str(home)},
+        )
+
+        rows = _read_rows(proj / ".evolve" / "audit.log")
+        assert rows[0]["session_id"] == sid
+        assert "evolve-session:" not in result.stdout

tests/platform_integrations/test_provenance.py

@@ -118,6 +118,30 @@ def test_locates_native_claude_transcript(self, tmp_path):
         assert "missing" not in cand
 
 
+class TestCandidatesCodexTranscript:
+    """Codex writes ~/.codex/sessions/<Y>/<M>/<D>/rollout-<ts>-<sid>.jsonl; the
+    locator finds it by a recursive glob on the thread id."""
+
+    def test_locates_native_codex_transcript(self, tmp_path):
+        home = tmp_path / "home"
+        evolve_dir = tmp_path / "proj" / ".evolve"
+        evolve_dir.mkdir(parents=True)
+        sid = "019eb34f-f827-7311-b775-b749ae4fae72"
+        write_audit(evolve_dir, [{"event": "recall", "session_id": sid, "entities": ["project/baz"]}])
+        write_entity(evolve_dir, "project/baz", body="baz guidance")
+        rollout = home / ".codex" / "sessions" / "2026" / "06" / "10" / f"rollout-2026-06-10T12-00-{sid}.jsonl"
+        rollout.parent.mkdir(parents=True)
+        rollout.write_text('{"x":1}\n', encoding="utf-8")
+
+        result = run_provenance("candidates", evolve_dir=evolve_dir, home=home)
+        assert result.returncode == 0, result.stderr
+        candidates = parse_jsonl(result.stdout)
+        assert len(candidates) == 1
+        assert candidates[0]["entity_id"] == "project/baz"
+        assert candidates[0]["trajectory_path"] == str(rollout)
+        assert "missing" not in candidates[0]
+
+
 class TestCandidatesBobTranscript:
     """Bob writes ~/.bob/tmp/<projecthash>/chats/session-<ts>-<sid8>.json with a
     real ``sessionId`` field; the locator matches the chat file by that id."""