Codex pre-push hard-gate catches semantic bugs typecheck + curl smoke miss
During R-Plan Wave 7 push (commit c96c4b0), the Codex hard-gate review caught 4 substantive bugs that local TypeScript typecheck + curl HTTP smoke had passed cleanly:
- Empty L2 phases invisible —
phasesByIdwas only populated inside the activity loop, so a freshly-added phase with no tasks would be omitted fromgetProjectOutline, breaking the “+Add phase → +Add task” flow. - Activity-code uniqueness broken — the sequence generator scanned
wbs_nodes.codewhile inserting intoactivities.code; every quick-add got${prefix}-01and would collide on the second insert. - Stale CPM after quick-add —
quickAddTaskinserted activities directly withoutrecomputeProjectCpmInTx, leaving the Advanced view’s critical-path/float/Gantt frozen until the next manual recompute. - Misleading link copy — “advanced create flow” link routed to a project list, not the create form.
Why typecheck + curl missed all 4: TypeScript only proves type-soundness, not semantic correctness. Curl smoke shows initial render but doesn’t exercise edit flows against fresh state. The bugs only surface in real-user flows OR adversarial cross-model review.
Operational rule: For commits touching new server actions OR cross-cutting UI defaults, Codex hard-gate findings are load-bearing pre-push verification. Never bypass via hard_gate_failure_action=log_and_alert. Resolve every CRITICAL inline before retry. Plan for 1-3 real bugs in the iteration cycle for non-trivial code.
Hook pattern uncovered + fixed same-session: gate was reviewing the WRONG repo when commands started with cd /target/repo && git push origin main — hook fires in parent shell’s cwd. Fixed /root/.claude/hooks/codex-pre-pr-gate.py to extract cd target → pass as cwd= to gate subprocess; also extracts git push <remote> <branch> (skipping flags) → passes --base so gate diffs the about-to-push state. 15-case test suite at /root/.claude/hooks/test_codex_pre_pr_gate.py locks behavior.
Generalizes to every R-* product: assume Codex will catch real bugs when you’ve changed >3 files OR added new server actions OR swapped UI defaults.