Harden Daily SPDD rotation cache persistence and fail fast on unwritable cache-memory (#35359)

Copilot · web-flow · commit a3abc75cc6ae · 2026-05-27T20:07:20.000-07:00
diff --git a/.github/workflows/daily-spdd-spec-planner.md b/.github/workflows/daily-spdd-spec-planner.md
@@ -93,7 +93,9 @@ Use cache-memory at `/tmp/gh-aw/cache-memory/spdd-daily/rotation.json` to rotate
 - Track `last_index`, `last_files`, `last_run`
 - Process up to 5 files per run
 - Continue from next file on the next run
-- If cache is missing, initialize from the start of the sorted file list
+- Run a write preflight in `/tmp/gh-aw/cache-memory/spdd-daily/` and treat any permission/write failure as a setup error (do not continue)
+- If reading `rotation.json` returns a miss, confirm the file is truly absent before initializing from index 0
+- If `rotation.json` exists but cannot be read/written, do not reinitialize; report the setup error so existing rotation state is preserved
 - Persist rotation state using the `write` tool at that exact path (do not use shell write commands for cache updates)
 
 ### SPDD Evaluation Rules
diff --git a/actions/setup/sh/setup_cache_memory_git.sh b/actions/setup/sh/setup_cache_memory_git.sh
@@ -28,6 +28,40 @@ INTEGRITY="${GH_AW_MIN_INTEGRITY:-none}"
 # All integrity levels in descending order (highest first)
 LEVELS=("merged" "approved" "unapproved" "none")
 
+ensure_writable_dir() {
+  local dir="$1"
+  local purpose="$2"
+  local probe_file=""
+  local mkdir_err
+  local chmod_err
+  local write_err
+  mkdir_err="$(mktemp /tmp/gh-aw-cache-mkdir-err.XXXXXX)"
+  chmod_err="$(mktemp /tmp/gh-aw-cache-chmod-err.XXXXXX)"
+  write_err="$(mktemp /tmp/gh-aw-cache-write-err.XXXXXX)"
+
+  if ! mkdir -p "$dir" 2>"$mkdir_err"; then
+    echo "ERROR: cache-memory setup error: failed to create ${purpose} (${dir})" >&2
+    cat "$mkdir_err" >&2 || true
+    rm -f "$mkdir_err" "$chmod_err" "$write_err" 2>/dev/null || true
+    exit 1
+  fi
+
+  if ! chmod u+rwx "$dir" 2>"$chmod_err"; then
+    echo "ERROR: cache-memory setup error: ${purpose} is not writable (${dir})" >&2
+    cat "$chmod_err" >&2 || true
+    rm -f "$mkdir_err" "$chmod_err" "$write_err" 2>/dev/null || true
+    exit 1
+  fi
+
+  if ! probe_file="$(mktemp "${dir}/gh-aw-write-check.XXXXXX" 2>"$write_err")"; then
+    echo "ERROR: cache-memory setup error: ${purpose} is not writable (${dir})" >&2
+    cat "$write_err" >&2 || true
+    rm -f "$mkdir_err" "$chmod_err" "$write_err" 2>/dev/null || true
+    exit 1
+  fi
+  rm -f "$probe_file" "$mkdir_err" "$chmod_err" "$write_err" 2>/dev/null || true
+}
+
 initialize_cache_memory_git_repo() {
   # No git repo yet — either a fresh cache or a legacy flat-file cache.
   # Initialize a git repository with an empty baseline commit on the highest-trust
@@ -262,3 +296,9 @@ if [ "$IS_CACHE_HIT" = "true" ]; then
     "$_run_id" "$_timestamp" "$_post_file_count" > "cache-hit-history.json"
   echo "Cache hit history updated (run: $_run_id, files: $_post_file_count)"
 fi
+
+# Preflight write checks for known cache-memory paths required by daily planners.
+# Fail fast here so agent runs do not continue after a hidden permission problem.
+ensure_writable_dir "$CACHE_DIR" "cache-memory root directory"
+ensure_writable_dir "${CACHE_DIR}/spdd-daily" "Daily SPDD rotation cache directory"
+echo "Cache memory preflight write checks passed"
diff --git a/actions/setup/sh/setup_cache_memory_git_test.sh b/actions/setup/sh/setup_cache_memory_git_test.sh
@@ -249,6 +249,24 @@ assert "integrity branch exists after recovery" \
   "git -C '${D}' rev-parse --verify none >/dev/null 2>&1"
 echo ""
 
+# ── Test 14: Daily SPDD rotation directory preflight is created and writable ──
+echo "Test 14: Daily SPDD rotation cache directory is writable"
+D="${WORKSPACE}/test14"
+make_cache_dir "${D}" "data.json"
+set +e
+OUTPUT="$(run_script "${D}" none)"
+EXIT_CODE=$?
+set -e
+assert "preflight exits successfully" \
+  "[ '${EXIT_CODE}' -eq 0 ]"
+assert "spdd-daily directory created" \
+  "[ -d '${D}/spdd-daily' ]"
+assert "spdd-daily directory writable" \
+  "[ -w '${D}/spdd-daily' ]"
+assert "preflight success message logged" \
+  "printf '%s' \"${OUTPUT}\" | grep -q 'Cache memory preflight write checks passed'"
+echo ""
+
 # ── Summary ──────────────────────────────────────────────────────────────────
 echo "Tests passed: ${TESTS_PASSED}"
 echo "Tests failed: ${TESTS_FAILED}"
