FE-881: Cook agent loads the target repo's sandbox-scoped skills

[kostandinang]

Stack Context

Stacks on FE-864 (#224). A refinement of cook-codebase-mode + the cook-time grounding direction (D160-K intact -- this is run-time, not the emitter). FE-881.

What?

• cookResourceLoader(sandboxDir, agentDir, systemPrompt) -- points pi's discovery at the repo's .agents/skills / .claude/skills (deduped by realpath, since brunch-style repos symlink the two), then filters the result to paths under the sandbox via sandboxScopedSkills. pi's default discovery scans <cwd>/<config>/skills + <agentDir>/skills, not the Agent-Skills dirs, so the explicit additionalSkillPaths are required.
• sandboxScopedSkills(skills, sandboxDir) -- pure filter: keeps only skills whose path resolves under the sandbox; drops global, sibling-slice, and prefix-lookalike paths.
• The catalog reaches the model through pi's custom-prompt path (formatSkillsForPrompt, gated on the read tool -- every cook action has it), so the task-prompt override does not suppress it.

Why?

Brownfield cook builds on the user's repo, so the agent should see that repo's own skills and conventions. buildSessionOptions previously stripped all skills for hermeticity. This narrows the guarantee from "no skills" to "no skills from outside the repo" -- the cook agent gains the target codebase's configured skills while the developer's machine-global pi config still never leaks in.

Behavior / scope

• Greenfield worktrees have no .agents/skills, so skills resolve empty and greenfield behavior is unchanged (protecting invariant).
• Deferred follow-ons (separate slices): loading the repo's AGENTS.md/CLAUDE.md conventions; a project-trust gate for repo-authored skills.

Tests

npm run verify green (2060 passed, 2 skipped, build OK). New unit test pins sandboxScopedSkills (under / sibling / prefix-lookalike / global); new fs-integration test pins cookResourceLoader discovering the repo's .agents/skills and excluding an agentDir (global) skill.

[kostandinang]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• FE-881: Cook agent loads the target repo's sandbox-scoped skills #227 👈 (View in Graphite)
• FE-883: Orchestrator operational improvements (serve reliability + Opus 4.8) #224
• FE-878: Brunch serve — one-shot plan-then-cook capstone #222
• FE-877: Brownfield promotion — commit the cook result onto cook/<runId> #221
• FE-876: Integration oracle — reachability gate + grounding seam #220
• FE-875: App runtime probe — boot, probe, classify #219
• FE-872: Install-failure classification — infra-vs-test split #218
• FE-871: Brunch toolchain detection — detect + plan-emitter wiring #214
• FE-867: Agent extension host — dual-mode pi-harness contract #213
• FE-864: Orchestrator improvements umbrella — brownfield feature delivery from spec #212 : 1 other dependent PR (#223 )
• FE-843: Expand cook toolchain profiles, selected at plan time #198
• FE-841: Embed pi as an in-process SDK to drop the external pi CLI dependency #194 : 1 other dependent PR (#211 )
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cursor]

PR Summary

Medium Risk
Changes cook agent context (repo skills) and slice status events that drive the UI and retry net—behavior shifts for brownfield runs and failed evaluations, though tests cover the new paths.

Overview
FE-881 — sandbox-scoped skills for brownfield cook: Replaces the “no skills” session loader with cookResourceLoader / sandboxScopedSkills, discovering .agents/skills and .claude/skills (deduped by realpath), filtering to paths under the worktree, and excluding global agentDir skills. Greenfield worktrees without those dirs stay unchanged.

Slice lifecycle / Petri net alignment: evaluate-done no longer emits terminal failed on NEEDS WORK—only passed when done—so the net can route to needs-more via reports. The run-tests handler drops an extra failed slice event on non-exhaustion retries. runVerification leaves failureKind undefined when there are zero targets.

CLI / presenter / platform: Promotion errors emit cook-done with ok: false and a reason before exit. The brigade plate phase only advances on lines matching ✓ promoted, not generic “promoted” text. Activity heartbeats respect the 56-character cap including the ellipsis. Windows directory symlinks in copyMissingTopLevelEntries use junctions. app-probe.test.ts removes a duplicated hung-probe describe block.

^{Reviewed by Cursor Bugbot for commit d598bb0. Bugbot is set up for automated code reviews on this repo. Configure here.}