sync(bfmono): fix(gambit): stabilize workspace test reset and log workspace bot roots (+19 more) (bfmono@f7bccb07f)

This PR is an automated gambitmono sync of bfmono Gambit packages.

- Source: `packages/gambit/`
- Core: `packages/gambit-core/`
- bfmono rev: f7bccb07f

Changes:
- 8fe4fb52e fix(gambit): stabilize workspace test reset and log workspace bot roots
- a0406602d chore(gambit): remove ollama model fallback from gambit-bot decks
- d37a89cb3 fix(gambit): stabilize workspace tab routing and grading diagnostics
- aad9515bc feat(gambit): cut over test and grade to workspace root context
- 16394aa3f feat(gambit): move simulator routing to /workspaces
- 7017bbb2b fix(gambit-ui): stop grade tab from dropping workspace id
- acd73ce42 fix(gambit): separate workspace state dir and fail simulator on invalid workspace state
- af6ff55c8 fix(gambit): require explicit workspaceId in API routes
- 2a5896703 docs(gambit): clarify worker sandbox defaults for CLI and core
- 60bcfd54b fix(gambit-core): harden worker bridge and sandboxed orchestration
- 550a858e0 fix(gambit-core): deny symlink-mediated run.path execution
- 259a15030 feat(gambit-core): publish canonical schema subpath exports
- dfc85a562 fix(gambit-core): harden runtime trust boundaries and schema import guards
- 2967fb893 test(gambit): align sandbox assertion + extend runtime coverage
- b746e6453 fix(gambit-core): honor directory permission scopes
- 2dcd5f19d fix(gambit-core): include orchestration worker in bootstrap reads
- 52d54d3c7 fix(gambit-core): constrain inspect worker bootstrap reads
- a4b617849 fix(gambit-core): tighten worker bootstrap reads and child deadlines
- 9b8b6fa96 fix(gambit-core): harden worker bootstrap import parsing
- 3966dcbb8 fix(gambit-core): preserve nested sandboxing in orchestration worker

Do not edit this repo directly; make changes in bfmono and re-run the sync.

Author: bft-codebot

README.md

@@ -124,6 +124,23 @@ Tracing and state: 
 `--verbose` to print events\
 `--state <file>` to persist a session.
 
+### Worker sandbox defaults
+
+- Deck-executing CLI surfaces default to worker sandbox execution.
+- Use `--no-worker-sandbox` (or `--legacy-exec`) to force legacy in-process
+  execution.
+- `--worker-sandbox` explicitly forces worker execution on.
+- `--sandbox` / `--no-sandbox` are deprecated aliases.
+- `gambit.toml` equivalent:
+  ```toml
+  [execution]
+  worker_sandbox = false # same as --no-worker-sandbox
+  # legacy_exec = true    # equivalent rollback toggle
+  ```
+
+The npm launcher (`npx @bolt-foundry/gambit ...`) runs the Gambit CLI binary for
+your platform, so these defaults and flags apply there as well.
+
 ## Using the Simulator
 
 The simulator is the local Debug UI that streams runs and renders traces.

docs/external/reference/cli.md

@@ -11,15 +11,15 @@ How to run Gambit, the agent harness framework, locally and observe runs.
   - Command help: `deno run -A src/cli.ts help <command>` (or
     `deno run -A src/cli.ts <command> -h`).
 - Run once:
-  `deno run -A src/cli.ts run <deck> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose]`
+  `deno run -A src/cli.ts run <deck> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]`
 - Check models: `deno run -A src/cli.ts check <deck>`
 - REPL: `deno run -A src/cli.ts repl <deck>` (defaults to
   `src/decks/gambit-assistant.deck.md` in a local checkout). Streams by default
   and keeps state in memory for the session.
 - Test bot (CLI):
-  `deno run -A src/cli.ts test-bot <root-deck> --test-deck <persona-deck> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck> ...] [--trace <file>] [--responses] [--verbose]`
+  `deno run -A src/cli.ts test-bot <root-deck> --test-deck <persona-deck> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck> ...] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]`
 - Grade (CLI):
-  `deno run -A src/cli.ts grade <grader-deck> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose]`
+  `deno run -A src/cli.ts grade <grader-deck> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]`
 - Export bundle (CLI):
   `deno run -A src/cli.ts export [<deck>] --state <file> --out <bundle.tar.gz>`
 - Debug UI: `deno run -A src/cli.ts serve <deck> --port 8000` then open
@@ -46,6 +46,15 @@ How to run Gambit, the agent harness framework, locally and observe runs.
 - `GAMBIT_RESPONSES_MODE=1`: env alternative to `--responses` for runtime/state.
 - `GAMBIT_OPENROUTER_RESPONSES=1`: route OpenRouter calls through the Responses
   API (experimental; chat remains the default path).
+- Worker execution defaults on for deck-executing surfaces. Use
+  `--no-worker-sandbox` (or `--legacy-exec`) to roll back to legacy in-process
+  execution. `--sandbox/--no-sandbox` still work as deprecated aliases.
+- `gambit.toml` config equivalent:
+  ```toml
+  [execution]
+  worker_sandbox = false # same as --no-worker-sandbox
+  # legacy_exec = true    # equivalent rollback toggle
+  ```
 
 ## State and tracing
 

docs/external/reference/cli/commands/bot.md

@@ -1,12 +1,17 @@
 +++
 command = "bot"
 summary = "Run the Gambit bot assistant"
-usage = "gambit bot [<dir>] [--bot-root <dir>] [--model <id>] [--model-force <id>] [--responses] [--verbose]"
+usage = "gambit bot [<dir>] [--bot-root <dir>] [--model <id>] [--model-force <id>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--bot-root <dir>        Allowed folder for bot file writes (defaults to workspace.decks if set; overrides <dir>)",
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
   "--responses             Run runtime/state in Responses mode",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

docs/external/reference/cli/commands/grade.md

@@ -1,14 +1,19 @@
 +++
 command = "grade"
 summary = "Grade a saved state file"
-usage = "gambit grade <grader-deck.(ts|md)> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose]"
+usage = "gambit grade <grader-deck.(ts|md)> --state <file> [--model <id>] [--model-force <id>] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--grader <path>         Grader deck path (overrides positional)",
   "--state <file>          Load/persist state",
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
   "--trace <file>          Write trace events to file (JSONL)",
   "--responses             Run runtime/state in Responses mode",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

docs/external/reference/cli/commands/repl.md

@@ -1,14 +1,25 @@
 +++
 command = "repl"
 summary = "Start an interactive REPL"
-usage = "gambit repl <deck.(ts|md)> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--responses] [--verbose]"
+usage = "gambit repl <deck.(ts|md)> [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--responses] [--verbose] [-A|--allow-all|--allow-<kind>] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--context <json|string> Context payload (seeds gambit_context; legacy --init still works)",
   "--message <json|string> Initial user message (sent before assistant speaks)",
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
   "--responses             Run runtime/state in Responses mode",
   "--verbose               Print trace events to console",
+  "-A, --allow-all         Allow all session permissions (read/write/run/net/env)",
+  "--allow-read[=<paths>]  Session read override (all when value omitted)",
+  "--allow-write[=<paths>] Session write override (all when value omitted)",
+  "--allow-run[=<entries>] Session run override (all when value omitted)",
+  "--allow-net[=<hosts>]   Session net override (all when value omitted)",
+  "--allow-env[=<names>]   Session env override (all when value omitted)",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
 ]
 +++
 

docs/external/reference/cli/commands/run.md

@@ -1,7 +1,7 @@
 +++
 command = "run"
 summary = "Run a deck once"
-usage = "gambit run [<deck.(ts|md)>] [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose]"
+usage = "gambit run [<deck.(ts|md)>] [--context <json|string>] [--message <json|string>] [--model <id>] [--model-force <id>] [--trace <file>] [--state <file>] [--stream] [--responses] [--verbose] [-A|--allow-all|--allow-<kind>] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--context <json|string> Context payload (seeds gambit_context; legacy --init still works)",
   "--message <json|string> Initial user message (sent before assistant speaks)",
@@ -12,6 +12,17 @@ flags = [
   "--stream                Enable streaming responses",
   "--responses             Run runtime/state in Responses mode",
   "--verbose               Print trace events to console",
+  "-A, --allow-all         Allow all session permissions (read/write/run/net/env)",
+  "--allow-read[=<paths>]  Session read override (all when value omitted)",
+  "--allow-write[=<paths>] Session write override (all when value omitted)",
+  "--allow-run[=<entries>] Session run override (all when value omitted)",
+  "--allow-net[=<hosts>]   Session net override (all when value omitted)",
+  "--allow-env[=<names>]   Session env override (all when value omitted)",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
 ]
 +++
 

docs/external/reference/cli/commands/serve.md

@@ -1,7 +1,7 @@
 +++
 command = "serve"
 summary = "Run the debug UI server"
-usage = "gambit serve [<deck.(ts|md)>] [--model <id>] [--model-force <id>] [--port <n>] [--responses] [--verbose] [--watch] [--no-bundle] [--no-sourcemap]"
+usage = "gambit serve [<deck.(ts|md)>] [--model <id>] [--model-force <id>] [--port <n>] [--responses] [--verbose] [--watch] [--no-bundle] [--no-sourcemap] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--model <id>            Default model id",
   "--model-force <id>      Override model id",
@@ -13,6 +13,11 @@ flags = [
   "--sourcemap             Generate external source maps (serve; default in dev)",
   "--no-sourcemap          Disable source map generation (serve)",
   "--platform <platform>   Bundle target platform: deno (default) or web (browser)",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

docs/external/reference/cli/commands/test-bot.md

@@ -1,7 +1,7 @@
 +++
 command = "test-bot"
 summary = "Run a persona/test-bot loop"
-usage = "gambit test-bot <root-deck.(ts|md)> --test-deck <persona-deck.(ts|md)> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck.(ts|md)> ...] [--trace <file>] [--responses] [--verbose]"
+usage = "gambit test-bot <root-deck.(ts|md)> --test-deck <persona-deck.(ts|md)> [--context <json|string>] [--bot-input <json|string>] [--message <json|string>] [--max-turns <n>] [--state <file>] [--grade <grader-deck.(ts|md)> ...] [--trace <file>] [--responses] [--verbose] [--worker-sandbox|--no-worker-sandbox|--legacy-exec]"
 flags = [
   "--test-deck <path>      Persona/test deck path",
   "--grade <path>          Grader deck path (repeatable)",
@@ -14,6 +14,11 @@ flags = [
   "--model-force <id>      Override model id",
   "--trace <file>          Write trace events to file (JSONL)",
   "--responses             Run runtime/state in Responses mode",
+  "--worker-sandbox        Force worker execution on",
+  "--no-worker-sandbox     Force worker execution off",
+  "--legacy-exec           Alias for --no-worker-sandbox",
+  "--sandbox               Deprecated alias for --worker-sandbox",
+  "--no-sandbox            Deprecated alias for --no-worker-sandbox",
   "--verbose               Print trace events to console",
 ]
 +++

packages/gambit-core/README.md

@@ -112,6 +112,14 @@ export default defineCard({
 });
 ```
 
+For built-in Gambit schemas in TypeScript/compute decks, use canonical module
+subpaths:
+
+```
+import contextSchema from "@bolt-foundry/gambit-core/schemas/scenarios/plain_chat_input_optional.zod.ts";
+import responseSchema from "@bolt-foundry/gambit-core/schemas/scenarios/plain_chat_output.zod.ts";
+```
+
 ## Running decks programmatically
 
 The runtime loads the deck (Markdown or TS) and steps through each pass. Provide
@@ -153,6 +161,19 @@ When the deck defines `run`/`execute`, the runtime hands you an
 Pass `guardrails`, `initialUserMessage`, `modelOverride`, and
 `allowRootStringInput` to `runDeck` when scripting custom runtimes.
 
+### Worker sandbox behavior in `runDeck`
+
+`gambit-core` keeps worker sandboxing opt-in:
+
+- `runDeck` enables worker sandboxing only when `workerSandbox: true` is passed.
+- You can also opt in via `GAMBIT_DECK_WORKER_SANDBOX=1` (or `true` / `yes`).
+- If neither is set, `runDeck` executes without worker sandboxing by default.
+
+Why this is opt-in: `@bolt-foundry/gambit-core` is intended to run in multiple
+hosts (Node, Bun, Deno). Worker sandboxing relies on Deno-specific worker
+permission controls, so host apps must opt in when they run in an environment
+that supports it.
+
 ## Loading Markdown decks and cards
 
 Markdown files use front matter for metadata, with the body becoming the prompt.

packages/gambit-core/deno.json

@@ -8,7 +8,39 @@
     "url": "git+https://github.com/bolt-foundry/gambit.git"
   },
   "exports": {
-    ".": "./mod.ts"
+    ".": "./mod.ts",
+    "./schemas/graders/respond.ts": "./schemas/graders/respond.ts",
+    "./schemas/graders/respond.zod.ts": "./schemas/graders/respond.zod.ts",
+    "./schemas/graders/grader_output.ts": "./schemas/graders/grader_output.ts",
+    "./schemas/graders/grader_output.zod.ts":
+      "./schemas/graders/grader_output.zod.ts",
+    "./schemas/graders/contexts/turn.ts": "./schemas/graders/contexts/turn.ts",
+    "./schemas/graders/contexts/turn.zod.ts":
+      "./schemas/graders/contexts/turn.zod.ts",
+    "./schemas/graders/contexts/turn_tools.ts":
+      "./schemas/graders/contexts/turn_tools.ts",
+    "./schemas/graders/contexts/turn_tools.zod.ts":
+      "./schemas/graders/contexts/turn_tools.zod.ts",
+    "./schemas/graders/contexts/conversation.ts":
+      "./schemas/graders/contexts/conversation.ts",
+    "./schemas/graders/contexts/conversation.zod.ts":
+      "./schemas/graders/contexts/conversation.zod.ts",
+    "./schemas/graders/contexts/conversation_tools.ts":
+      "./schemas/graders/contexts/conversation_tools.ts",
+    "./schemas/graders/contexts/conversation_tools.zod.ts":
+      "./schemas/graders/contexts/conversation_tools.zod.ts",
+    "./schemas/graders/contexts/tools.ts":
+      "./schemas/graders/contexts/tools.ts",
+    "./schemas/graders/contexts/tools.zod.ts":
+      "./schemas/graders/contexts/tools.zod.ts",
+    "./schemas/scenarios/plain_chat_input_optional.ts":
+      "./schemas/scenarios/plain_chat_input_optional.ts",
+    "./schemas/scenarios/plain_chat_input_optional.zod.ts":
+      "./schemas/scenarios/plain_chat_input_optional.zod.ts",
+    "./schemas/scenarios/plain_chat_output.ts":
+      "./schemas/scenarios/plain_chat_output.ts",
+    "./schemas/scenarios/plain_chat_output.zod.ts":
+      "./schemas/scenarios/plain_chat_output.zod.ts"
   },
   "tasks": {
     "fmt": "deno fmt",