fix(workflows): make archon-adversarial-dev sed replacement macOS-safe based on #1155

[LaplaceYoung]

Summary

Fixes the archon-adversarial-dev init-workspace step for macOS BSD sed compatibility.

Issue #1103 reports that sed -i fails on macOS because BSD sed requires a backup extension, while GNU sed accepts bare -i.

This PR replaces the non-portable in-place edit with a portable temp-file pattern:

• before: sed -i s/.../.../ file
• after: sed s/.../.../ file > file.tmp && mv file.tmp file

Changes

• .archon/workflows/defaults/archon-adversarial-dev.yaml
  • Updated init-workspace to write state.json via temp file (state.json.tmp) and atomic move.
• packages/workflows/src/defaults/bundled-defaults.test.ts
  • Added regression test to assert the workflow uses portable temp-file sed and does not use bare sed -i for this replacement.

Validation

• bun test packages/workflows/src/defaults/bundled-defaults.test.ts

Closes #1103

Summary by CodeRabbit

• Chores
  • Enhanced workflow file handling for improved reliability and portability.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR replaces an in-place sed operation (sed -i) with a safer two-step process: writing substituted JSON to a temporary file and atomically replacing the original. A corresponding test validates this portable sed invocation without the -i flag.

Changes

Cohort / File(s)	Summary
Workflow sed portability fix .archon/workflows/defaults/archon-adversarial-dev.yaml	Replaced sed -i in-place edit with temp file write ($ARTIFACTS/state.json.tmp) followed by atomic mv for better portability across different sed implementations.
Test validation packages/workflows/src/defaults/bundled-defaults.test.ts	Added new test case verifying the archon-adversarial-dev workflow's init-workspace uses portable two-step sed pattern (temp file + mv) instead of sed -i.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• archon-adversarial-dev: init-workspace 'sed -i' fails on macOS BSD sed #1103: This PR directly addresses the macOS/BSD sed -i portability issue by implementing the temp-file-plus-atomic-move approach to ensure cross-platform compatibility.

Poem

🐰 A sed so portable, no dash-i in sight,
Temp files and atoms make everything right,
From BSD to Linux, the workflow runs free,
Safer and swifter, as portable can be! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers the problem, solution, and file changes, but omits several required template sections including validation evidence (commands/test results), security impact, compatibility assessment, human verification, side effects/blast radius, and rollback plan.	Complete the missing required sections: add validation evidence (test output), security/compatibility/side-effects assessments, human verification details, and rollback instructions.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: fixing macOS sed compatibility in archon-adversarial-dev by replacing in-place sed with a portable temp-file pattern.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/workflows/src/defaults/bundled-defaults.test.ts (1)

129-129: Broaden the guard so in-place sed cannot slip in behind other flags.

Line 129 only catches sed -i when -i immediately follows sed; sed -E -i ... or sed --in-place ... would still pass.

🧪 Proposed test hardening

-      expect(content).not.toMatch(/\bsed\s+-i(?:\s*(?:''|\"\"|\S+))?\b/);
+      expect(content).not.toMatch(/\bsed\b[^\n]*\s(?:-i\S*|--in-place(?:=\S*)?)(?:\s|$)/);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/workflows/src/defaults/bundled-defaults.test.ts` at line 129, The
current test assertion using expect(content).not.toMatch(...) only catches sed
when -i directly follows sed; update the regex in the
expect(content).not.toMatch call so it matches sed invocations that include -i
or --in-place anywhere in the argument list (e.g. "sed -E -i", "sed --in-place",
or "sed -i -E"); specifically, broaden the pattern to look for \b sed \b
followed later on the same command line by either \b-i\b or \b--in-place\b
(allowing intervening flags/whitespace), then keep the existing
in-place-argument handling for ''/""/file arguments.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.archon/workflows/defaults/archon-adversarial-dev.yaml:
- Around line 104-106: The sed->mv temp-file replacement can fail silently;
update the block that creates STATE_TMP and moves it to ARTIFACTS/state.json to
check errors: run sed and test its exit status before proceeding, verify the
temp file exists and is non-empty, and only then mv (or use an atomic rename)
while checking mv's exit status; on any failure, remove the temp file, emit a
non-zero exit via exit 1 and log an error. Specifically modify the section that
defines STATE_TMP and invokes sed/mv to add explicit checks for the sed return
code, file existence/size for STATE_TMP, and the mv return code so success echo
is only reached when all steps succeed.

---

Nitpick comments:
In `@packages/workflows/src/defaults/bundled-defaults.test.ts`:
- Line 129: The current test assertion using expect(content).not.toMatch(...)
only catches sed when -i directly follows sed; update the regex in the
expect(content).not.toMatch call so it matches sed invocations that include -i
or --in-place anywhere in the argument list (e.g. "sed -E -i", "sed --in-place",
or "sed -i -E"); specifically, broaden the pattern to look for \b sed \b
followed later on the same command line by either \b-i\b or \b--in-place\b
(allowing intervening flags/whitespace), then keep the existing
in-place-argument handling for ''/""/file arguments.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7a0bfb0b-967d-4124-90ec-1e5e3e642f33

📥 Commits

Reviewing files that changed from the base of the PR and between 7ea3214 and 8e4b866.

📒 Files selected for processing (2)

• .archon/workflows/defaults/archon-adversarial-dev.yaml
• packages/workflows/src/defaults/bundled-defaults.test.ts

[Wirasm]

Closing as duplicate of #1155 — the original PR from @LaplaceYoung. I merged dev into #1155 and regenerated bundled-defaults.generated.ts, so that PR is now green and ready to merge. Thanks for the backup attempt though!