fix(generation): move master workflow payload into sidecars

scripts/evals/run-ricky-evals.mjs

@@ -338,26 +338,37 @@ function readGeneratedArtifactContent(stdout, workingDir) {
   const realWorkingDir = safeRealpath(workingDir);
   if (!realWorkingDir) return '';
   for (const artifactPath of artifactPaths) {
-    const fullPath = path.resolve(workingDir, artifactPath);
-    if (!existsSync(fullPath)) continue;
-    const realFullPath = safeRealpath(fullPath);
-    if (!realFullPath) continue;
-    if (realFullPath !== realWorkingDir && !realFullPath.startsWith(`${realWorkingDir}${path.sep}`)) {
-      continue;
-    }
-    try {
-      if (!statSync(realFullPath).isFile()) continue;
-    } catch {
-      continue;
+    for (const generatedPath of generatedArtifactAndSidecarPaths(artifactPath)) {
+      const fullPath = path.resolve(workingDir, generatedPath);
+      if (!existsSync(fullPath)) continue;
+      const realFullPath = safeRealpath(fullPath);
+      if (!realFullPath) continue;
+      if (realFullPath !== realWorkingDir && !realFullPath.startsWith(`${realWorkingDir}${path.sep}`)) {
+        continue;
+      }
+      try {
+        if (!statSync(realFullPath).isFile()) continue;
+      } catch {
+        continue;
+      }
+      sections.push([
+        `\n--- GENERATED ARTIFACT: ${generatedPath} ---`,
+        readFileSync(realFullPath, 'utf8'),
+      ].join('\n'));
     }
-    sections.push([
-      `\n--- GENERATED ARTIFACT: ${artifactPath} ---`,
-      readFileSync(realFullPath, 'utf8'),
-    ].join('\n'));
   }
   return sections.join('\n');
 }
 
+function generatedArtifactAndSidecarPaths(artifactPath) {
+  const paths = [artifactPath];
+  if (artifactPath.startsWith('workflows/generated/') && artifactPath.endsWith('.ts')) {
+    const stem = artifactPath.slice(0, -'.ts'.length);
+    paths.push(`${stem}.spec.md`, `${stem}.children.json`);
+  }
+  return paths;
+}
+
 function safeRealpath(value) {
   try {
     return realpathSync(value);

scripts/run-ricky-overnight.sh

@@ -1765,48 +1765,15 @@ repo_has_meaningful_delta() {
 }
 
 commit_if_clean_delta() {
+  # Auto-commit and auto-push directly to origin/main were disabled
+  # intentionally: this loop was shipping unreviewed changes straight to a
+  # shared branch (commits authored as "Miya"). Future progress capture
+  # belongs in a per-run branch + PR. Keep the function as a no-op so the
+  # callers don't need to change.
   local workflow_path="$1"
-  local push_output_file="$ARTIFACT_DIR/git-push.txt"
-  local ahead="0"
-  local behind="0"
-
-  if ! repo_has_meaningful_delta; then
-    log "no tracked/untracked repo delta after $workflow_path"
-    return 0
-  fi
-
-  validate_repo
-
-  local short
-  local head_advanced="false"
-  short="$(basename "$workflow_path" .ts)"
-  if repo_has_captured_head_delta; then
-    head_advanced="true"
-  fi
-
-  if meaningful_tracked_delta_exists || meaningful_untracked_delta_exists; then
-    git add -A ':!tmp/' ':!.workflow-artifacts/' ':!.trajectories/'
-    git commit -m "chore(overnight): capture $short progress" || true
-  elif [[ "$head_advanced" == "true" ]]; then
-    log "repo HEAD already advanced during $workflow_path; capturing committed state"
-  fi
-
-  : > "$push_output_file"
-  if ! git push origin main >"$push_output_file" 2>&1; then
-    cat "$push_output_file" >&2 || true
-    git fetch origin main:refs/remotes/origin/main >/dev/null 2>&1 || true
-    if git show-ref --verify --quiet refs/remotes/origin/main; then
-      read -r ahead behind < <(git rev-list --left-right --count HEAD...refs/remotes/origin/main)
-      log "push rejected after $workflow_path; local main diverged from origin/main (ahead=${ahead}, behind=${behind})"
-    else
-      log "push rejected after $workflow_path; unable to read refs/remotes/origin/main for divergence details"
-    fi
-    inspect_repo_changes
-    return 1
-  fi
-
-  git rev-parse HEAD > "$LAST_COMMIT_FILE"
+  log "auto-commit/auto-push disabled; skipping post-workflow capture for $workflow_path"
   inspect_repo_changes
+  return 0
 }
 
 workflow_hit_claude_rate_limit() {

src/local/entrypoint.ts

@@ -14,7 +14,7 @@ import type { ChildProcess } from 'node:child_process';
 import { spawn } from 'node:child_process';
 import { createHash, randomUUID } from 'node:crypto';
 import { createRequire } from 'node:module';
-import { delimiter, dirname, isAbsolute, join, resolve } from 'node:path';
+import { delimiter, dirname, isAbsolute, join, resolve, sep } from 'node:path';
 import { createInterface } from 'node:readline';
 import { pathToFileURL } from 'node:url';
 
@@ -924,6 +924,16 @@ function isNoSuchProcessError(error: unknown): boolean {
   return typeof error === 'object' && error !== null && 'code' in error && (error as { code?: unknown }).code === 'ESRCH';
 }
 
+function resolveRepoContainedOutputPath(cwd: string, outputPath: string): string | undefined {
+  if (isAbsolute(outputPath)) return undefined;
+
+  const root = resolve(cwd);
+  const resolved = resolve(root, outputPath);
+  if (resolved === root) return undefined;
+  if (!resolved.startsWith(`${root}${sep}`)) return undefined;
+  return resolved;
+}
+
 async function workflowSdkLoaderNodeOption(cwd: string): Promise<string | undefined> {
   const runtime = await resolveWorkflowSdkRuntime(cwd);
   if (!runtime) return undefined;
@@ -1199,6 +1209,21 @@ export function createLocalExecutor(options: LocalExecutorOptions = {}): LocalEx
 
         onProgress?.(`Writing workflow artifact to ${artifact.artifactPath}...`);
         await artifactWriter.writeArtifact(artifact.artifactPath, artifact.content, cwd);
+        // Sidecar files travel with the master workflow on disk so the
+        // generated TS can stay small (master-renderer pushes the spec text
+        // and child source map here to avoid argv-blow-out from spawn E2BIG).
+        if (artifact.sidecarFiles) {
+          for (const [sidecarPath, sidecarContent] of Object.entries(artifact.sidecarFiles)) {
+            const resolvedSidecarPath = resolveRepoContainedOutputPath(cwd, sidecarPath);
+            if (!resolvedSidecarPath) {
+              warnings.push(`Skipped unsafe workflow sidecar path outside invocation root: ${sidecarPath}`);
+              logs.push(`[local] skipped unsafe workflow sidecar: ${sidecarPath}`);
+              continue;
+            }
+            await artifactWriter.writeArtifact(resolvedSidecarPath, sidecarContent, cwd);
+            logs.push(`[local] wrote workflow sidecar: ${sidecarPath}`);
+          }
+        }
         if (options.persistGenerationMetadataArtifacts === true) {
           await writeGenerationMetadataArtifacts(generationResult, artifactWriter, cwd);
         }

src/product/generation/master-workflow-renderer.ts

@@ -182,6 +182,16 @@ export function renderMasterExecutionWorkflow(input: RenderMasterWorkflowInput):
   const gates = buildMasterGates(artifactsDir, plan, input.spec);
   const skillApplicationEvidence = buildMasterSkillEvidence(input.skills);
   const toolSelections = buildMasterToolSelections(plan);
+  // Sidecars travel with the generated workflow on disk. Embedding the spec
+  // and the child-source map inline ballooned the master workflow past
+  // ARG_MAX (spawn E2BIG) every time `materialize-child-workflows` ran; the
+  // sidecars push that payload off of argv entirely.
+  const artifactPathNoExt = artifactPath.replace(/\.ts$/, '');
+  const specSidecarPath = `${artifactPathNoExt}.spec.md`;
+  const childrenSidecarPath = `${artifactPathNoExt}.children.json`;
+  const childSources = Object.fromEntries(
+    plan.children.map((child) => [child.workflowFilePath, childWorkflowSource(child, input.spec, specSidecarPath)]),
+  );
   const content = renderMasterSource({
     spec: input.spec,
     pattern: input.pattern,
@@ -191,6 +201,9 @@ export function renderMasterExecutionWorkflow(input: RenderMasterWorkflowInput):
     plan,
     skills: input.skills,
     skillApplicationEvidence,
+    childSources,
+    specSidecarPath,
+    childrenSidecarPath,
   });
 
   return {
@@ -210,6 +223,10 @@ export function renderMasterExecutionWorkflow(input: RenderMasterWorkflowInput):
       skillMatches: input.skills.matches,
       toolSelections,
       artifactsDir,
+      sidecarFiles: {
+        [specSidecarPath]: input.spec.description,
+        [childrenSidecarPath]: `${JSON.stringify(childSources, null, 2)}\n`,
+      },
     },
   };
 }
@@ -240,10 +257,10 @@ function renderMasterSource(input: {
   plan: MasterExecutionPlan;
   skills: SkillContext;
   skillApplicationEvidence: SkillApplicationEvidence[];
+  childSources: Record<string, string>;
+  specSidecarPath: string;
+  childrenSidecarPath: string;
 }): string {
-  const childSources = Object.fromEntries(
-    input.plan.children.map((child) => [child.workflowFilePath, childWorkflowSource(child, input.spec)]),
-  );
   const planJson = JSON.stringify(input.plan, null, 2);
   const skillMatchesJson = JSON.stringify(input.skills.matches, null, 2);
   const skillBoundaryJson = JSON.stringify({
@@ -253,11 +270,14 @@ function renderMasterSource(input: {
     loadedSkills: input.skills.applicableSkillNames,
     applicationEvidence: input.skillApplicationEvidence,
   }, null, 2);
+  // Read the child source map from disk at runtime instead of inlining the
+  // JSON into this shell command. Inlining once N children deep produced a
+  // multi-megabyte argv element and triggered `spawn E2BIG`.
   const materializeCommand = [
     'node --input-type=module <<\'NODE\'',
-    'import { mkdirSync, writeFileSync } from \'node:fs\';',
+    'import { mkdirSync, writeFileSync, readFileSync } from \'node:fs\';',
     'import { dirname } from \'node:path\';',
-    `const childSources = ${JSON.stringify(childSources, null, 2)};`,
+    `const childSources = JSON.parse(readFileSync(${literal(input.childrenSidecarPath)}, 'utf8'));`,
     'for (const [filePath, source] of Object.entries(childSources)) {',
     '  mkdirSync(dirname(filePath), { recursive: true });',
     '  writeFileSync(filePath, source, \'utf8\');',
@@ -330,6 +350,12 @@ function renderMasterSource(input: {
     'echo RICKY_MASTER_FINAL_VALIDATION_READY',
   ];
 
+  // The master workflow's `.description()` is sent to runtime agents as
+  // context. Inlining the full spec text here meant every agent invocation
+  // carried ~100KB+ of markdown that the agents did not need (the spec lives
+  // on disk at specSidecarPath and child slices `cp` it locally). The short
+  // ref keeps the description small without losing the pointer.
+  const masterDescription = `${firstHeadingOrSummary(input.spec.description)} (full spec on disk at ${input.specSidecarPath}; child workflows read it from there).`;
   return `${[
     "import { workflow } from '@agent-relay/sdk/workflows';",
     '',
@@ -339,7 +365,7 @@ function renderMasterSource(input: {
     '',
     'async function main() {',
     `  const result = await workflow(${literal(input.workflowId)})`,
-    `    .description(${literal(input.spec.description)})`,
+    `    .description(${literal(masterDescription)})`,
     `    .pattern(${literal(input.pattern.pattern)})`,
     `    .channel(${literal(input.channel)})`,
     '    .maxConcurrency(4)',
@@ -471,7 +497,7 @@ function renderChildRunStep(child: ChildWorkflowPlan): string[] {
   ];
 }
 
-export function childWorkflowSource(child: ChildWorkflowPlan, spec: NormalizedWorkflowSpec): string {
+export function childWorkflowSource(child: ChildWorkflowPlan, spec: NormalizedWorkflowSpec, specSidecarPath?: string): string {
   const artifactsDir = child.signoffArtifactPath.replace(/\/signoff\.md$/, '');
   const validationCommand = child.validationCommands[0] ?? 'npm run typecheck';
   const targetScope = child.targetFiles.length > 0 ? child.targetFiles.join(' ') : 'NO_TARGET_FILES_DECLARED';
@@ -515,7 +541,14 @@ export function childWorkflowSource(child: ChildWorkflowPlan, spec: NormalizedWo
     `      command: ${literal([
       'set -e',
       `mkdir -p ${shellQuote(artifactsDir)}`,
-      `printf '%s\\n' ${shellQuote(spec.description)} > ${shellQuote(`${artifactsDir}/normalized-spec.txt`)}`,
+      // Copy the spec from its sidecar file rather than embedding it via
+      // `printf '%s\\n' '<huge spec text>'`. The embedded form pushed every
+      // child's prepare-context heredoc to ~100KB and made the materialize
+      // step's argv multi-megabyte. When the sidecar path isn't known
+      // (legacy call sites), fall back to a no-op so this child still runs.
+      specSidecarPath
+        ? `cp ${shellQuote(specSidecarPath)} ${shellQuote(`${artifactsDir}/normalized-spec.txt`)}`
+        : `: > ${shellQuote(`${artifactsDir}/normalized-spec.txt`)}`,
       `printf '%s\\n' ${shellQuote(targetScope)} > ${shellQuote(`${artifactsDir}/target-files.txt`)}`,
       // Snapshot the worktree's dirty set BEFORE this child touches anything.
       // The master executor runs every child in the SAME checkout, so by the
@@ -899,6 +932,58 @@ function literal(value: string | string[]): string {
   return JSON.stringify(value);
 }
 
+function firstHeadingOrSummary(specText: string): string {
+  const candidate = firstMarkdownHeadingOrParagraph(specText)
+    ?? specText.split('\n').find((line) => line.trim().length > 0)?.trim()
+    ?? 'Ricky master workflow';
+  return candidate.length > 200 ? `${candidate.slice(0, 197)}...` : candidate;
+}
+
+function firstMarkdownHeadingOrParagraph(specText: string): string | undefined {
+  let root: Nodes;
+  try {
+    root = fromMarkdown(specText);
+  } catch {
+    return undefined;
+  }
+
+  let fallback: string | undefined;
+  const visit = (node: Nodes): string | undefined => {
+    if (node.type === 'heading' && 'depth' in node && (node.depth === 1 || node.depth === 2)) {
+      const text = markdownNodeText(node);
+      if (text) return text;
+    }
+
+    if (!fallback && (node.type === 'paragraph' || node.type === 'text')) {
+      fallback = markdownNodeText(node);
+    }
+
+    if ('children' in node) {
+      for (const child of node.children) {
+        const found = visit(child);
+        if (found) return found;
+      }
+    }
+
+    return undefined;
+  };
+
+  return visit(root) ?? fallback;
+}
+
+function markdownNodeText(node: Nodes): string | undefined {
+  if ('value' in node && typeof node.value === 'string') {
+    return node.value.replace(/\s+/g, ' ').trim() || undefined;
+  }
+  if (!('children' in node)) return undefined;
+  const text = node.children
+    .map((child) => markdownNodeText(child) ?? '')
+    .join(' ')
+    .replace(/\s+/g, ' ')
+    .trim();
+  return text || undefined;
+}
+
 function templateLiteral(value: string): string {
   return `\`${value.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${')}\``;
 }