v1.31.1.0 fix wave: 3 community PRs (careful BSD sed, codex Step 0 rename, make-pdf setup ordering)

[garrytan]

Summary

Three small, well-scoped community fixes:

• Cross-platform fixes: /careful works on macOS again (BSD sed compatibility — \s → [[:space:]])
• Skill template hygiene: Codex skill Step 0 renamed to Step 0.4 to avoid collision with the platform-detect prelude
• /make-pdf setup ordering: SETUP block now runs immediately after the Preamble Bash instead of after the Telemetry footer

5 commits / 8 files / +64/-62 source lines (excluding generated SKILL.md regen).

Wave assembly

Triaged ~140 open community PRs. Final wave is 3 of an initial 14 candidates. Cuts:

• 8 PRs were already merged transitively in v1.30.0.0 (v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke #1391) but never auto-closed; closed with thank-you references
• 11 PRs deferred for focused standalone review (host adds, new skills, larger refactors), each closed with specific feedback
• 3 PRs rejected at adversarial review:
  • fix(token-registry): constant-time root-token comparison #1171 RagavRida — crypto.timingSafeEqual would throw on multi-byte UTF-8 tokens (caught by Codex outside-voice review during /ship gate; Buffer.from(token) defaults to UTF-8 so a 36-char ASCII length-match could pass, then throw on byte-length mismatch). Closed with feedback.
  • security: fail-closed gate when ML classifiers are inactive #1155, security: pass Haiku classifier prompt via stdin, not argv #1157 garagon — both CONFLICTING with current main; security: fail-closed gate when ML classifiers are inactive #1155 introduces a default behavior flip (fail-closed gate when classifiers inactive) that warrants a standalone threat-model writeup; security: pass Haiku classifier prompt via stdin, not argv #1157 strips env vars on the spawned classifier subprocess beyond the stated argv→stdin fix
• ~30 SKIP/STALE PRs closed (host duplicates, gregario version-slot collisions, voice/promo softeners, refactors, Gonzih cluster)

Test Coverage

All 3 wave PRs ship with their own regression tests:

• fix(careful): BSD sed compatibility for safe exception detection on macOS #1242 removes the detectSafeRmWorks() platform-conditional from test/hook-scripts.test.ts so both Linux and macOS exercise the same safe-rm assertions (no platform-bypass)
• fix(make-pdf): run setup before preamble footers #1393 adds make-pdf setup ordering describe block to test/gen-skill-docs.test.ts asserting SETUP appears between Preamble and Plan-Mode/Telemetry/workflow headings, with a single ## MAKE-PDF SETUP occurrence
• docs(codex): rename Step 0 to avoid collision with platform-detect prelude #1394 has no new tests (2-line rename, mechanical)

Pre-Landing Review

Codex review on the trimmed wave (post-#1171-drop): clean, no regressions.

"I did not find any concrete regressions in the diff against the specified merge base. The behavioral change in check-careful.sh fixes the macOS-safe rm exception path as intended, and the remaining edits are documentation/generator ordering updates without a clear functional break."

The earlier full codex review on the 4-commit wave (with #1171) flagged 1 P1 critical on browse/src/token-registry.ts:164-167:

"If a caller sends a bearer token whose JS string length matches rootToken but whose UTF-8 byte length differs (for example \"é\".repeat(36)), Buffer.from(token) and Buffer.from(rootToken) end up with different sizes and crypto.timingSafeEqual throws instead of returning false. Because isRootToken() is used in both the tunnel 403 path and normal token validation, those requests now error out rather than being cleanly rejected as unauthorized."

This is what drove the #1171 drop. Per D8-B strict cherry-pick rule: contributor PR lands as-is or gets rejected; we don't rewrite contributor work and re-attribute it.

Eval Results

Full paid eval suite (test:evals:all + test:e2e:all, ~$25) ran on the 4-commit collector:

• 145 pass, 39 skip, 9 fail in ~150 minutes
• All 9 failures in subsystems disjoint from this wave (autoplan, browser-skills, context-save, office-hours-builder/forcing, sidebar-css/url/navigate, multi-provider gemini benchmark) — almost certainly pre-existing on main, none touch the wave's 8 changed files
• Codex review pass on the fix(token-registry): constant-time root-token comparison #1171 file is what caught the bug; that's a value moment for the eval suite

Pre-existing test failures (not introduced by this wave)

3 golden-file tests fail on bun test:

• golden-file regression > Claude ship skill matches golden baseline
• golden-file regression > Codex ship skill matches golden baseline
• golden-file regression > Factory ship skill matches golden baseline

These regressed when v1.31.0.0 (#1390) updated the preamble template's plan-mode-handshake prose but didn't regenerate the per-host golden baselines. Verified pre-existing on origin/main. Separate fix needed; not blocking this wave.

TODOS

No TODO items completed in this PR.

Test plan

• bun test — full free suite passes (3 pre-existing golden-file failures, not caused by this wave)
• bun run gen:skill-docs — no drift after cherry-picks
• bun test test/hook-scripts.test.ts — 32 pass / 0 fail (covers fix(careful): BSD sed compatibility for safe exception detection on macOS #1242)
• bun test test/gen-skill-docs.test.ts — 380 pass / 0 fail (covers fix(make-pdf): run setup before preamble footers #1393, docs(codex): rename Step 0 to avoid collision with platform-detect prelude #1394)
• Full paid eval suite (test:evals:all + test:e2e:all) — passes on all wave-affected paths
• Codex pre-landing review on trimmed wave — clean, no regressions

🤖 Generated with Claude Code

---

^{Need help on this PR? Tag @codesmith with what you need.}

• Let Codesmith autofix CI failures and bot reviews

[github-actions]

E2E Evals: ✅ PASS

6/6 tests passed | $1.80 total cost | 12 parallel runners

Suite	Result	Status	Cost
e2e-browse	1/1	✅	$0.04
e2e-design	1/1	✅	$0.3
e2e-plan	1/1	✅	$0.61
e2e-review	1/1	✅	$0.53
llm-judge	1/1	✅	$0.02
e2e-design	1/1	✅	$0.3

---

12x ubicloud-standard-2 (Docker: pre-baked toolchain + deps) | wall clock ≈ slowest suite