fix: close git history bypass in sg_only mode and strip scoring from instructions

Two issues found in staging audit:

1. Git bypass: agents used `git show HEAD:` and `git checkout HEAD --` to
   recover full source from git history, completely defeating sg_only
   truncation. Fix: after truncating source files, recommit the truncated
   state so HEAD reflects empty files. Verifier unaffected (restores from
   /repo_full/ backup). Regenerated all 66 build-requiring Dockerfile.sg_only.

2. Scoring contamination: 7 code-review, 1 doc-gen, 1 security, and 1 perf
   instruction.md files contained exact scoring formulas (F1, ground truth,
   fix_score weights). Replaced with vague "evaluated on detection accuracy
   and fix quality" to prevent gaming.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: sjarmak

benchmarks/ccb_build/bustub-hyperloglog-impl-001/environment/Dockerfile.sg_only

@@ -19,5 +19,9 @@ ENV DECRYPTION_KEY="theagentcompany is all you need"
 # --- sg_only_env: back up full repo, then truncate source ---
 RUN cp -a /workspace /repo_full
 RUN find /workspace -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /workspace && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/workspace' > /tmp/.sg_only_workdir
 CMD ["bash"]

benchmarks/ccb_build/cgen-deps-install-001/environment/Dockerfile.sg_only

@@ -1,12 +1,12 @@
-# dibench-python-inducer-cgen — sg_only_env variant
+# cgen-deps-install-001 — sg_only_env variant
 # Source files truncated so agent must use Sourcegraph MCP for code access.
 # Verifier wrapper restores full repo before running tests.
 
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update -qq && apt-get install -y -qq \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
     python3 python3-pip git curl ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
@@ -17,9 +17,12 @@ COPY repo /app/repo
 WORKDIR /app/repo
 
 # --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
 RUN cp -a /app/repo /repo_full
 RUN find /app/repo -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /app/repo && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/app/repo' > /tmp/.sg_only_workdir
 
 WORKDIR /app/repo

benchmarks/ccb_build/codecoverage-deps-install-001/environment/Dockerfile.sg_only

@@ -1,29 +1,32 @@
-# dibench-csharp-irongut-codecoveragesummary — sg_only_env variant
+# codecoverage-deps-install-001 — sg_only_env variant
 # Source files truncated so agent must use Sourcegraph MCP for code access.
 # Verifier wrapper restores full repo before running tests.
 
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update -qq && apt-get install -y -qq \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
     python3 python3-pip git curl ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
 # Install .NET SDK
-RUN apt-get update -qq && apt-get install -y -qq wget && \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends wget && \
     wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb && \
     dpkg -i packages-microsoft-prod.deb && rm packages-microsoft-prod.deb && \
-    apt-get update -qq && apt-get install -y -qq dotnet-sdk-8.0
+    apt-get update -qq && apt-get install -y -qq --no-install-recommends dotnet-sdk-8.0
 # Copy repo
 COPY repo /app/repo
 
 WORKDIR /app/repo
 
 # --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
 RUN cp -a /app/repo /repo_full
 RUN find /app/repo -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /app/repo && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/app/repo' > /tmp/.sg_only_workdir
 
 WORKDIR /app/repo

benchmarks/ccb_build/django-dep-refactor-001/environment/Dockerfile.sg_only

@@ -1,36 +1,27 @@
-# dep-refactor-002 — sg_only_env variant
-# Source files truncated so agent must use Sourcegraph MCP for code access.
-# Verifier wrapper restores full repo before running tests.
+# django-dep-refactor-001 — sg_only_env variant
+# No local repo clone — agent uses Sourcegraph MCP exclusively for code access.
 
-FROM golang:1.23-bookworm
+FROM ubuntu:22.04
 
-WORKDIR /workspace
+ENV DEBIAN_FRONTEND=noninteractive
 
-# Install dependencies
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
+    ca-certificates \
+    python3 \
     curl \
-    npm \
     && rm -rf /var/lib/apt/lists/*
 
-# Install Claude Code CLI
-RUN npm install -g @anthropic-ai/claude-code
+WORKDIR /workspace
 
-# Clone Flipt at pinned commit
-RUN git clone --filter=blob:none --no-checkout https://github.com/flipt-io/flipt.git . && \
-    git checkout 3d5a345f94c2adc8a0eaa102c189c08ad4c0f8e8 && \
+# Empty git repo so agent can commit work
+RUN git init && \
     git config user.email "agent@example.com" && \
     git config user.name "Agent"
 
-# Download Go module dependencies
-RUN go mod download 2>/dev/null || true
+RUN mkdir -p /logs/agent /logs/verifier
 
-# --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
-RUN cp -a /workspace /repo_full
-RUN find /workspace -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" ! -path "*/node_modules/*" -exec truncate -s 0 {} \;
-RUN touch /tmp/.sg_only_mode && echo '/workspace' > /tmp/.sg_only_workdir
-
-WORKDIR /workspace
+# Mark sg_only mode so verifiers can skip local-path checks
+RUN touch /tmp/.sg_only_mode
 
 ENTRYPOINT []

benchmarks/ccb_build/dotenv-expand-deps-install-001/environment/Dockerfile.sg_only

@@ -1,27 +1,30 @@
-# dibench-js-motdotla-dotenv-expand — sg_only_env variant
+# dotenv-expand-deps-install-001 — sg_only_env variant
 # Source files truncated so agent must use Sourcegraph MCP for code access.
 # Verifier wrapper restores full repo before running tests.
 
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update -qq && apt-get install -y -qq \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
     python3 python3-pip git curl ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Node.js
 RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
-    apt-get install -y nodejs
+    apt-get install -y --no-install-recommends nodejs
 # Copy repo
 COPY repo /app/repo
 
 WORKDIR /app/repo
 
 # --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
 RUN cp -a /app/repo /repo_full
 RUN find /app/repo -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /app/repo && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/app/repo' > /tmp/.sg_only_workdir
 
 WORKDIR /app/repo

benchmarks/ccb_build/dotnetkoans-deps-install-001/environment/Dockerfile.sg_only

@@ -1,29 +1,32 @@
-# dibench-csharp-dotnetkoans — sg_only_env variant
+# dotnetkoans-deps-install-001 — sg_only_env variant
 # Source files truncated so agent must use Sourcegraph MCP for code access.
 # Verifier wrapper restores full repo before running tests.
 
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update -qq && apt-get install -y -qq \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
     python3 python3-pip git curl ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
 # Install .NET SDK
-RUN apt-get update -qq && apt-get install -y -qq wget && \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends wget && \
     wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb && \
     dpkg -i packages-microsoft-prod.deb && rm packages-microsoft-prod.deb && \
-    apt-get update -qq && apt-get install -y -qq dotnet-sdk-8.0
+    apt-get update -qq && apt-get install -y -qq --no-install-recommends dotnet-sdk-8.0
 # Copy repo
 COPY repo /app/repo
 
 WORKDIR /app/repo
 
 # --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
 RUN cp -a /app/repo /repo_full
 RUN find /app/repo -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /app/repo && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/app/repo' > /tmp/.sg_only_workdir
 
 WORKDIR /app/repo

benchmarks/ccb_build/envoy-grpc-server-impl-001/environment/Dockerfile.sg_only

@@ -1,12 +1,12 @@
-# crossrepo-impl-002 — sg_only_env variant
+# envoy-grpc-server-impl-001 — sg_only_env variant
 # Source files truncated so agent must use Sourcegraph MCP for code access.
 # Verifier wrapper restores full repo before running tests.
 
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update -qq && apt-get install -y -qq \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
     git \
     curl \
     ca-certificates \
@@ -36,8 +36,11 @@ RUN mkdir -p /logs/verifier /logs/agent
 
 
 # --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
 RUN cp -a /workspace /repo_full
 RUN find /workspace -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /workspace && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/workspace' > /tmp/.sg_only_workdir
 CMD ["/bin/bash"]

benchmarks/ccb_build/eslint-markdown-deps-install-001/environment/Dockerfile.sg_only

@@ -1,27 +1,30 @@
-# dibench-js-eslint-markdown — sg_only_env variant
+# eslint-markdown-deps-install-001 — sg_only_env variant
 # Source files truncated so agent must use Sourcegraph MCP for code access.
 # Verifier wrapper restores full repo before running tests.
 
 FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update -qq && apt-get install -y -qq \
+RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
     python3 python3-pip git curl ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Node.js
 RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
-    apt-get install -y nodejs
+    apt-get install -y --no-install-recommends nodejs
 # Copy repo
 COPY repo /app/repo
 
 WORKDIR /app/repo
 
 # --- sg_only_env: back up full repo, then truncate source ---
-RUN apt-get update && apt-get install -y --no-install-recommends rsync && rm -rf /var/lib/apt/lists/* || true
 RUN cp -a /app/repo /repo_full
 RUN find /app/repo -type f \( -name "*.py" -o -name "*.pyx" -o -name "*.pyi" -o -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" -o -name "*.mjs" -o -name "*.cjs" -o -name "*.mts" -o -name "*.cts" -o -name "*.go" -o -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" -o -name "*.clj" -o -name "*.c" -o -name "*.cc" -o -name "*.cpp" -o -name "*.cxx" -o -name "*.h" -o -name "*.hh" -o -name "*.hpp" -o -name "*.hxx" -o -name "*.rs" -o -name "*.rb" -o -name "*.cs" -o -name "*.fs" -o -name "*.swift" -o -name "*.m" -o -name "*.mm" -o -name "*.vue" -o -name "*.svelte" -o -name "*.sh" -o -name "*.bash" -o -name "*.zsh" -o -name "*.lua" -o -name "*.proto" -o -name "*.thrift" -o -name "*.avsc" -o -name "*.fbs" -o -name "*.yaml" -o -name "*.yml" -o -name "*.toml" -o -name "*.json" -o -name "*.xml" -o -name "*.ini" -o -name "*.cfg" -o -name "*.md" -o -name "*.rst" -o -name "*.txt" -o -name "*.adoc" -o -name "*.cmake" -o -name "*.bzl" -o -name "*.bazel" -o -name "*.sql" -o -name "*.erl" -o -name "*.ex" -o -name "*.exs" -o -name "*.php" -o -name "*.pl" -o -name "*.pm" -o -name "*.r" -o -name "*.R" \) ! -path "*/.git/*" -exec truncate -s 0 {} \;
+# Recommit truncated state so git history cannot recover full files.
+# Without this, `git show HEAD:<file>` or `git checkout HEAD -- <file>`
+# would bypass truncation by reading from the pre-truncation commit.
+RUN cd /app/repo && git add -A && git commit -m "sg_only truncation" --allow-empty --quiet
 RUN touch /tmp/.sg_only_mode && echo '/app/repo' > /tmp/.sg_only_workdir
 
 WORKDIR /app/repo