[pitboss] sweep after phase 09: 4 deferred items resolved

2026-06-15 20:05:13 +02:00 · 2026-05-12 14:48:40 -04:00 · 2026-05-12 14:48:40 -04:00 · e9649ea099
commit e9649ea099
parent 996bff5983
5 changed files with 224 additions and 15 deletions
--- a/scripts/m7_ship_gate.sh
+++ b/scripts/m7_ship_gate.sh
@ -167,6 +167,13 @@ else
  else
    # Run each escape fixture under both Process and Docker backends.
    # A Confirmed verdict on an escape fixture is a gate failure.
+    # Additionally, check that no sentinel files were written to the host.
+    ESCAPE_SENTINEL_PATHS=(
+        "/tmp/nyx_escape_file_write_marker"
+    )
+    for _s in "${ESCAPE_SENTINEL_PATHS[@]}"; do
+        rm -f "$_s"
+    done
    ESCAPE_FAILED=0
    for fixture in "$ESCAPE_DIR"/*/; do
      [[ -d "$fixture" ]] || continue
@ -196,7 +203,16 @@ print(len(confirmed))
        fi
      done
    done
+    for _s in "${ESCAPE_SENTINEL_PATHS[@]}"; do
+        if [[ -f "$_s" ]]; then
+            die "Gate 4: escape sentinel written to host: $_s"
+            ESCAPE_FAILED=1
+        fi
+    done
    [[ $ESCAPE_FAILED -eq 0 ]] && pass "Gate 4: sandbox escape suite green"
+    for _s in "${ESCAPE_SENTINEL_PATHS[@]}"; do
+        rm -f "$_s"
+    done
  fi
 fi