Enforce readonly repository boundaries

[egavrin]

Summary

• enforce readonly repository fingerprints for all executors, including devagent
• allow mixed writable/readonly multi-repo runs without false failures
• add adapter and local-runner regression coverage for continuation metadata and readonly enforcement

Testing

• bun test ./packages/local-runner/src/index.test.ts
• bunx tsc -p packages/local-runner/tsconfig.json --noEmit
• bunx tsc -b packages/core packages/local-runner packages/adapters packages/cli
• bun run build

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4044ffbbe5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Handle deleted read-only repos before hashing

If an executor removes an entire read-only repo directory (for example via rm -rf), fingerprintWorkspace(repositoryPath) throws ENOENT here and the error escapes the result-finalization path, so awaitResult rejects instead of returning a structured failed result with the read-only violation message. This regresses behavior from the previous workspace-level fingerprint check, which would mark the run as an EXECUTION_FAILED policy violation rather than surfacing an internal exception.

Useful? React with 👍 / 👎.