sync(bfmono): test(gambit-core): make markdown execute-module test cwd-independent (+19 more) (bfmono@0520f200e)

This PR is an automated gambitmono sync of bfmono Gambit packages.

- Source: `packages/gambit/`
- Core: `packages/gambit-core/`
- bfmono rev: 0520f200e

Changes:
- 0520f200e test(gambit-core): make markdown execute-module test cwd-independent
- 2787fa905 fix(gambit-core): allow builtin snippet embeds in worker sandbox bootstrap
- bcc5481e1 fix(gambit): hide .gambit files from simulator build dropdown
- 4be03cc0a refactor(simulator-ui): remove recent changes control from Build tab
- 89b072a23 fix(simulator-ui): default ratings and flags pane to closed
- abc40ef2f fix(gambit): simplify serve defaults and allow plain markdown decks
- 142727dda fix(gambit): fail fast on legacy providers.fallback codex value
- 9616fbc81 test(gambit): add opt-in live compiled-cli codex integration test
- 17bfe24f4 test(gambit): add opt-in live codex CLI integration test
- 32ae5bb40 feat(gambit-core): pass through modelParams.verbosity to providers
- e619e071d test(gambit): add codex-cli routing and smoke coverage
- 564c68256 feat(gambit): cut over Codex provider namespace to codex-cli
- 1cfcc1c70 fix(gambit): restore deck-derived MCP tools and codex trace wiring
- ec34271da fix(gambit): remove codex debug logs and tidy runtime imports
- c751df678 fix(simulator-ui): stabilize build chat ordering and dedupe streamed assistant rows
- fadb06e44 fix(gambit): make codex resume turns incremental
- 38b54a9b7 feat(gambit-runtime): enrich trace diagnostics and reasoning capture
- c847ed42f feat(gambit-simulator): preserve run-addressed URLs across Test/Grade navigation
- 07f123e8f feat(gambit): adopt run-addressed workspace routes for test and grade
- 749970879 feat(gambit): map codex file_change events into tool traces

Do not edit this repo directly; make changes in bfmono and re-run the sync.

Author: bft-codebot

README.md

@@ -124,6 +124,23 @@ Tracing and state: 
 `--verbose` to print events\
 `--state <file>` to persist a session.
 
+### Worker sandbox defaults
+
+- Deck-executing CLI surfaces default to worker sandbox execution.
+- Use `--no-worker-sandbox` (or `--legacy-exec`) to force legacy in-process
+  execution.
+- `--worker-sandbox` explicitly forces worker execution on.
+- `--sandbox` / `--no-sandbox` are deprecated aliases.
+- `gambit.toml` equivalent:
+  ```toml
+  [execution]
+  worker_sandbox = false # same as --no-worker-sandbox
+  # legacy_exec = true    # equivalent rollback toggle
+  ```
+
+The npm launcher (`npx @bolt-foundry/gambit ...`) runs the Gambit CLI binary for
+your platform, so these defaults and flags apply there as well.
+
 ## Using the Simulator
 
 The simulator is the local Debug UI that streams runs and renders traces.

deno.jsonc

@@ -25,7 +25,7 @@
     "bundle:sim:sourcemap": "deno run -A scripts/bundle_simulator_ui.ts --sourcemap=external",
     "bundle:sim:web": "deno run -A scripts/bundle_simulator_ui.ts --platform=browser",
     "bundle:sim:web:sourcemap": "deno run -A scripts/bundle_simulator_ui.ts --platform=browser --sourcemap=external",
-    "serve:bot": "mkdir -p /tmp/gambit-bot-root && GAMBIT_BOT_ROOT=/tmp/gambit-bot-root deno run -A src/cli.ts serve src/decks/gambit-bot/PROMPT.md --bundle --port 8000",
+    "serve:bot": "mkdir -p /tmp/gambit-bot-root && GAMBIT_SIMULATOR_BUILD_BOT_ROOT=/tmp/gambit-bot-root GAMBIT_BOT_ROOT=/tmp/gambit-bot-root deno run -A src/cli.ts serve src/decks/gambit-bot/PROMPT.md --bundle --port 8000",
     "serve:bot:sandbox": "deno run -A scripts/serve_bot_sandbox.ts",
     "build_npm": "deno run -A scripts/build_npm.ts"
   },

docs/external/reference/cli.md

@@ -11,15 +11,15 @@ How to run Gambit, the agent harness framework, locally and observe runs.
   - Command help: `deno run -A src/cli.ts help <command>` (or
     `deno run -A src/cli.ts <command> -h`).
 - Run once:
-  `deno run -A src/cli.ts run <deck> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose]`
+  `deno run -A src/cli.ts run <deck> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]`
 - Check models: `deno run -A src/cli.ts check <deck>`
 - REPL: `deno run -A src/cli.ts repl <deck>` (defaults to
   `src/decks/gambit-assistant.deck.md` in a local checkout). Streams by default
   and keeps state in memory for the session.
 - Test bot (CLI):
-  `deno run -A src/cli.ts test-bot <root-deck> --test-deck <persona-deck> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck> ...] [--trace <file>] [--responses] [--verbose]`
+  `deno run -A src/cli.ts test-bot <root-deck> --test-deck <persona-deck> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck> ...] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]`
 - Grade (CLI):
-  `deno run -A src/cli.ts grade <grader-deck> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose]`
+  `deno run -A src/cli.ts grade <grader-deck> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]`
 - Export bundle (CLI):
   `deno run -A src/cli.ts export [<deck>] --state <file> --out <bundle.tar.gz>`
 - Debug UI: `deno run -A src/cli.ts serve <deck> --port 8000` then open
@@ -46,6 +46,15 @@ How to run Gambit, the agent harness framework, locally and observe runs.
 - `GAMBIT_RESPONSES_MODE=1`: env alternative to `--responses` for runtime/state.
 - `GAMBIT_OPENROUTER_RESPONSES=1`: route OpenRouter calls through the Responses
   API (experimental; chat remains the default path).
+- Worker execution defaults on for deck-executing surfaces. Use
+  `--no-worker-sandbox` (or `--legacy-exec`) to roll back to legacy in-process
+  execution. `--sandbox/--no-sandbox` still work as deprecated aliases.
+- `gambit.toml` config equivalent:
+  ```toml
+  [execution]
+  worker_sandbox = false # same as --no-worker-sandbox
+  # legacy_exec = true    # equivalent rollback toggle
+  ```
 
 ## State and tracing
 

docs/external/reference/cli/commands/bot.md

@@ -1,12 +1,17 @@
 +++
 command = "bot"
 summary = "Run the Gambit bot assistant"
-usage = "gambit bot [<dir>] [--bot-root <dir>] [--model <id>] [--model-force <id>] [--responses] [--verbose]"
+usage = "gambit bot [<dir>] [--bot-root <dir>] [--model <id>] [--model-force <id>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--bot-root <dir>        Allowed folder for bot file writes (defaults to workspace.decks if set; overrides <dir>)",
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
   "--responses             Run runtime/state in Responses mode",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

docs/external/reference/cli/commands/grade.md

@@ -1,14 +1,19 @@
 +++
 command = "grade"
 summary = "Grade a saved state file"
-usage = "gambit grade <grader-deck.(ts|md)> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose]"
+usage = "gambit grade <grader-deck.(ts|md)> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--grader <path>         Grader deck path (overrides positional)",
   "--state <file>          Load/persist state",
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
   "--trace <file>          Write trace events to file (JSONL)",
   "--responses             Run runtime/state in Responses mode",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

docs/external/reference/cli/commands/repl.md

@@ -1,14 +1,25 @@
 +++
 command = "repl"
 summary = "Start an interactive REPL"
-usage = "gambit repl <deck.(ts|md)> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--responses] [--verbose]"
+usage = "gambit repl <deck.(ts|md)> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--responses] [--verbose] [-A|--allow-all|--allow-<kind>] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--context <json|string> Context payload (seeds gambit_context; legacy --init still works)",
   "--message <json|string> Initial user message (sent before assistant speaks)",
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
   "--responses             Run runtime/state in Responses mode",
   "--verbose               Print trace events to console",
+  "-A, --allow-all         Allow all session permissions (read/write/run/net/env)",
+  "--allow-read[=<paths>]  Session read override (all when value omitted)",
+  "--allow-write[=<paths>] Session write override (all when value omitted)",
+  "--allow-run[=<entries>] Session run override (all when value omitted)",
+  "--allow-net[=<hosts>]   Session net override (all when value omitted)",
+  "--allow-env[=<names>]   Session env override (all when value omitted)",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
 ]
 +++
 

docs/external/reference/cli/commands/run.md

@@ -1,7 +1,7 @@
 +++
 command = "run"
 summary = "Run a deck once"
-usage = "gambit run [<deck.(ts|md)>] [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose]"
+usage = "gambit run [<deck.(ts|md)>] [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose] [-A|--allow-all|--allow-<kind>] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--context <json|string> Context payload (seeds gambit_context; legacy --init still works)",
   "--message <json|string> Initial user message (sent before assistant speaks)",
@@ -12,6 +12,17 @@ flags = [
   "--stream                Enable streaming responses",
   "--responses             Run runtime/state in Responses mode",
   "--verbose               Print trace events to console",
+  "-A, --allow-all         Allow all session permissions (read/write/run/net/env)",
+  "--allow-read[=<paths>]  Session read override (all when value omitted)",
+  "--allow-write[=<paths>] Session write override (all when value omitted)",
+  "--allow-run[=<entries>] Session run override (all when value omitted)",
+  "--allow-net[=<hosts>]   Session net override (all when value omitted)",
+  "--allow-env[=<names>]   Session env override (all when value omitted)",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
 ]
 +++
 

docs/external/reference/cli/commands/serve.md

@@ -1,7 +1,7 @@
 +++
 command = "serve"
 summary = "Run the debug UI server"
-usage = "gambit serve [<deck.(ts|md)>] [--model <id>] [--model-force <id>] [--port <n>] [--responses] [--verbose] [--watch] [--no-bundle] [--no-sourcemap]"
+usage = "gambit serve [<deck.(ts|md)>] [--model <id>] [--model-force <id>] [--port <n>] [--responses] [--verbose] [--watch] [--no-bundle] [--no-sourcemap] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
@@ -13,12 +13,16 @@ flags = [
   "--sourcemap             Generate external source maps (serve; default in dev)",
   "--no-sourcemap          Disable source map generation (serve)",
   "--platform <platform>   Bundle target platform: deno (default) or web (browser)",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++
 
 Starts the debug UI server (default at `http://localhost:8000/`).
 
-If no deck path is provided, Gambit creates a new workspace scaffold (root
-`PROMPT.md`, `INTENT.md`, plus default scenario/grader decks) and opens the
-simulator UI in workspace onboarding mode.
+If no deck path is provided, Gambit uses `./PROMPT.md`. If `./PROMPT.md` does
+not exist, Gambit creates a minimal `PROMPT.md` and serves it.

docs/external/reference/cli/commands/test-bot.md

@@ -1,7 +1,7 @@
 +++
 command = "test-bot"
 summary = "Run a persona/test-bot loop"
-usage = "gambit test-bot <root-deck.(ts|md)> --test-deck <persona-deck.(ts|md)> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck.(ts|md)> ...] [--trace <file>] [--responses] [--verbose]"
+usage = "gambit test-bot <root-deck.(ts|md)> --test-deck <persona-deck.(ts|md)> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck.(ts|md)> ...] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--test-deck <path>      Persona/test deck path",
   "--grade <path>          Grader deck path (repeatable)",
@@ -14,6 +14,11 @@ flags = [
   "--model-force <id>      Override model id",
   "--trace <file>          Write trace events to file (JSONL)",
   "--responses             Run runtime/state in Responses mode",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

packages/gambit-core/README.md

@@ -112,6 +112,14 @@ export default defineCard({
 });
 ```
 
+For built-in Gambit schemas in TypeScript/compute decks, use canonical module
+subpaths:
+
+```
+import contextSchema from "@bolt-foundry/gambit-core/schemas/scenarios/plain_chat_input_optional.zod.ts";
+import responseSchema from "@bolt-foundry/gambit-core/schemas/scenarios/plain_chat_output.zod.ts";
+```
+
 ## Running decks programmatically
 
 The runtime loads the deck (Markdown or TS) and steps through each pass. Provide
@@ -145,14 +153,33 @@ When the deck defines `run`/`execute`, the runtime hands you an
 [`ExecutionContext`](src/types.ts) with:
 
 - `ctx.input`: validated input (narrowable when you type the schema).
-- `ctx.spawnAndWait({ path, input })`: call another deck and await the result.
+- `ctx.initialUserMessage`: current turn user message when provided by caller.
+- `ctx.getSessionMeta(key)`: read persisted run/session metadata.
+- `ctx.setSessionMeta(key, value)`: persist metadata for later turns.
+- `ctx.appendMessage({ role, content })`: append chat transcript messages from
+  execute decks.
+- `ctx.spawnAndWait({ path, input, initialUserMessage? })`: call another deck
+  and await the result; user message is inherited by default unless overridden.
 - `ctx.return(payload)`: respond early without running guards again.
 - `ctx.fail({ message, code?, details? })`: aborts the run (throws).
 - `ctx.log(...)`: emit structured trace entries for observability.
 
 Pass `guardrails`, `initialUserMessage`, `modelOverride`, and
 `allowRootStringInput` to `runDeck` when scripting custom runtimes.
 
+### Worker sandbox behavior in `runDeck`
+
+`gambit-core` keeps worker sandboxing opt-in:
+
+- `runDeck` enables worker sandboxing only when `workerSandbox: true` is passed.
+- You can also opt in via `GAMBIT_DECK_WORKER_SANDBOX=1` (or `true` / `yes`).
+- If neither is set, `runDeck` executes without worker sandboxing by default.
+
+Why this is opt-in: `@bolt-foundry/gambit-core` is intended to run in multiple
+hosts (Node, Bun, Deno). Worker sandboxing relies on Deno-specific worker
+permission controls, so host apps must opt in when they run in an environment
+that supports it.
+
 ## Loading Markdown decks and cards
 
 Markdown files use front matter for metadata, with the body becoming the prompt.